Regeneration-Prompt: |
A new PR review comment on #50005 pointed out that replay sanitization still left orphaned Anthropic user content toolResult blocks when the sanitizer removed the preceding assistant turn entirely. The replay wrapper already cleaned user.content toolResult blocks when the rewritten user turn still followed an assistant turn, but it returned early when the assistant was gone, and validateAnthropicTurns only merges consecutive user turns without removing embedded tool results. Update the Anthropic replay cleanup to treat a missing preceding assistant as having no valid toolUse ids, so stale user.content toolResult blocks are dropped before turn revalidation and merge. Preserve non-toolResult user text, and add a focused regression for user -> assistant(error malformed toolUse only) -> user(toolResult + text) so the wrapped provider sees a single merged user turn with only the text blocks.
Regeneration-Prompt: |
Close the remaining PR review gaps around replayed tool-name handling by making the replay sanitizer use the same normalizeToolCallNameForDispatch helper as the live dispatch path. Preserve the earlier replay-only safety checks, but recover provider-prefixed names, mixed-case allowlisted names, blank names inferred from ids, and mangled names that the live path already supports. Add focused regression tests for those replay cases so strict replayers keep the assistant tool-call block instead of dropping it and orphaning tool results.
Regeneration-Prompt: |
Address the PR review findings that the replay-only tool-call validator is stricter than the normal dispatch path: it incorrectly rejects allowlisted tool names with punctuation and strips mixed-case allowlisted names on replay. Keep the replay sanitizer scoped to live provider replays, but resolve replayed tool names through the same canonical exact/structured/case-insensitive allowlist helpers used elsewhere in attempt.ts. Add regression tests for a dotted allowlisted tool name and a mixed-case allowlisted tool name so those tool calls survive replay and keep their canonical names.
Regeneration-Prompt: |
Address the PR review finding that replay sanitization can drop an assistant tool-call turn and leave downstream toolResult messages orphaned in the outbound provider context. Keep the replay-only sanitizer from the previous review fix, but when it changes the message list, immediately run sanitizeToolUseResultPairing before handing the context to the provider. Add a regression test that starts with a dropped malformed assistant tool-call turn followed by a toolResult and verifies the orphaned result is removed.
Regeneration-Prompt: |
Address the PR review finding that the outbound replay sanitizer reused transcript-persistence logic and accidentally redacted valid sessions_spawn attachment payloads on later provider replays. Keep the original crash fix, but narrow the live replay sanitizer so it only drops malformed tool-call blocks and trims valid names without applying persistence-time attachment redaction. Add a regression test showing sessions_spawn attachment contents survive replay sanitization while malformed tool calls are still removed.
Regeneration-Prompt: |
Investigate the embedded Anthropic replay crash where provider replay can fail with "Cannot read properties of undefined (reading replace)" after an errored assistant turn leaves a malformed tool-call block in the live transcript. Keep the fix narrow and additive: do not change provider dependencies or broader transcript repair behavior. Harden the outbound embedded runner so each provider call sanitizes assistant tool-call blocks missing required fields, especially missing ids, before replay. Add regression coverage for the broken missing-id tool-call shape and confirm valid tool calls still pass through unchanged.
When a non-default accountId is specified but not found in the accounts
config, resolveTelegramToken() falls through to channel-level defaults
(botToken, tokenFile, env) — silently routing messages via the wrong
bot's token. This is a cross-bot message leak with no error or warning.
Root cause: extensions/telegram/src/token.ts:44-46, resolveAccountCfg()
returns undefined for unknown accountIds but code continues to fallbacks.
Introduced in e5bca0832f when Telegram moved to extensions/.
Fix: return { token: "", source: "none" } with a diagnostic log when
a non-default accountId is not found. Existing behavior for known
accounts (with or without per-account tokens) preserved.
Test: added "does not fall through when non-default accountId not in
config" — 1/1 new, 10/10 existing unaffected.
Closes#49383
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: HCL <chenglunhu@gmail.com>
