Gitpulse
Merged
Size
M
Change Breakdown
Bug Fix75%
Security25%
#61463fix(agents,gateway): phase-aware assistant text extraction — suppress OpenAI commentary leaks in sessions-helpers, TUI, and REST history

AI commentary now suppressed in TUI and history

10
100yenadmin
·Apr 6, 2026

Phase-aware text extraction patches the remaining surfaces where OpenClaw's AI could leak internal reasoning to users — the TUI and REST history endpoints now prefer final answers over commentary.

When OpenClaw's AI assistant generates replies, it separates internal "thinking out loud" commentary from the final answer using a phase system. After earlier work fixed the core WebSocket delivery path, an audit found adjacent surfaces still displaying all assistant text — including commentary that was never meant for users.

The TUI (terminal user interface) and REST history endpoints now route assistant messages through phase-aware text extraction. The function prefers final_answer phase blocks over commentary, so users see only the polished response. Heartbeat session resolution was also hardened to reject subagent session keys, preventing forced runs from targeting the wrong session scope.

Internal chain-of-thought stays internal.

View Original GitHub Description

What this fixes (plain English)

Several places in the codebase that display assistant text were not aware of the phase system (commentary vs. final answer). This meant internal "thinking out loud" commentary could leak into user-visible surfaces like the TUI and HTTP/SSE session history endpoints. This PR makes those surfaces phase-aware, and hardens heartbeat session resolution against subagent key leaks.

Technical details

Follow-up to #59643 and #59150, which fixed phase separation in the core WS path. Post-merge audit found adjacent surfaces still using phase-blind extraction.

Surfaces fixed:

  • src/tui/tui-formatters.ts — assistant text extraction now uses extractAssistantVisibleText() to prefer final_answer over commentary phase blocks
  • src/infra/heartbeat-runner.ts — heartbeat session resolution now rejects subagent session keys, falling back to the main session key instead of leaking into subagent scopes
  • src/gateway/sessions-history-http.test.ts — regression test: REST history applies chat.history sanitization (strips NO_REPLY messages, preserves phase blocks)
  • src/tui/tui-formatters.test.ts — regression test: mixed commentary + final_answer blocks extract only the visible final answer

Explicitly deferred: extractAssistantTextForSilentCheck and buffered delta/final rendering — lower-confidence, more behaviorally sensitive.

Related

  • Follow-up to #59643 and #59150
  • Follow-up issues: #61474, #61475, #61476, #61477, #61478
  • Companion PRs: #61529, #61528, #61527
  • Related PRs: #61855, #61816

Test plan

  • 27/27 TUI formatter tests pass
  • Regression test for mixed commentary + final_answer in TUI extraction
  • HTTP history regression test (REST path shares chat.history sanitization, strips NO_REPLY messages)
  • SSE seq validation for NO_REPLY message stripping
  • sessions-history-http gateway integration tests have 2 pre-existing infra failures (also fail on upstream/main)
© 2026 · via Gitpulse