Regeneration-Prompt: |
Address the PR review findings that the replay-only tool-call validator is stricter than the normal dispatch path: it incorrectly rejects allowlisted tool names with punctuation and strips mixed-case allowlisted names on replay. Keep the replay sanitizer scoped to live provider replays, but resolve replayed tool names through the same canonical exact/structured/case-insensitive allowlist helpers used elsewhere in attempt.ts. Add regression tests for a dotted allowlisted tool name and a mixed-case allowlisted tool name so those tool calls survive replay and keep their canonical names.
Regeneration-Prompt: |
Address the PR review finding that replay sanitization can drop an assistant tool-call turn and leave downstream toolResult messages orphaned in the outbound provider context. Keep the replay-only sanitizer from the previous review fix, but when it changes the message list, immediately run sanitizeToolUseResultPairing before handing the context to the provider. Add a regression test that starts with a dropped malformed assistant tool-call turn followed by a toolResult and verifies the orphaned result is removed.
Regeneration-Prompt: |
Address the PR review finding that the outbound replay sanitizer reused transcript-persistence logic and accidentally redacted valid sessions_spawn attachment payloads on later provider replays. Keep the original crash fix, but narrow the live replay sanitizer so it only drops malformed tool-call blocks and trims valid names without applying persistence-time attachment redaction. Add a regression test showing sessions_spawn attachment contents survive replay sanitization while malformed tool calls are still removed.
Regeneration-Prompt: |
Investigate the embedded Anthropic replay crash where provider replay can fail with "Cannot read properties of undefined (reading replace)" after an errored assistant turn leaves a malformed tool-call block in the live transcript. Keep the fix narrow and additive: do not change provider dependencies or broader transcript repair behavior. Harden the outbound embedded runner so each provider call sanitizes assistant tool-call blocks missing required fields, especially missing ids, before replay. Add regression coverage for the broken missing-id tool-call shape and confirm valid tool calls still pass through unchanged.
When a non-default accountId is specified but not found in the accounts
config, resolveTelegramToken() falls through to channel-level defaults
(botToken, tokenFile, env) — silently routing messages via the wrong
bot's token. This is a cross-bot message leak with no error or warning.
Root cause: extensions/telegram/src/token.ts:44-46, resolveAccountCfg()
returns undefined for unknown accountIds but code continues to fallbacks.
Introduced in e5bca0832f when Telegram moved to extensions/.
Fix: return { token: "", source: "none" } with a diagnostic log when
a non-default accountId is not found. Existing behavior for known
accounts (with or without per-account tokens) preserved.
Test: added "does not fall through when non-default accountId not in
config" — 1/1 new, 10/10 existing unaffected.
Closes#49383
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: HCL <chenglunhu@gmail.com>
