#12260: fix: redact secrets in tool results before persisting to session transcript

## Summary - Apply `redactSensitiveText()` to tool result text blocks before writing to session JSONL files - The read path (`session-files.ts:108`) already redacts on load, but the write path persisted secrets in plain text - API keys, tokens, passwords, and PEM blocks from exec tool output were stored unredacted on disk ## Root Cause In `session-tool-result-guard.ts`, the `guardedAppend` function applies `capToolResultSize()` to truncate oversized results but never calls the existing `redactSensitiveText()` function before writing. The session transcript files on disk contain verbatim exec tool output including any secrets printed to stdout/stderr. While the read path redacts when loading transcripts for display, the raw JSONL files remain a security risk — they can be copied, backed up, or accessed by other processes without redaction. ## Fix Added `redactToolResultSecrets()` that walks text content blocks in `toolResult` messages and applies `redactSensitiveText(text, { mode: "tools" })` — the same function and mode used by the read path. Called immediately after `capToolResultSize()` in the persist path. ## Test plan - [x] `session-tool-result-guard.test.ts` — 10 tests pass - [x] `session-tool-result-guard.tool-result-persist-hook.test.ts` — 2 tests pass - [x] Existing redaction patterns cover: `sk-*`, `ghp_*`, `Bearer`, PEM blocks, `*_KEY=`, JSON `"token"`, CLI `--secret` Closes #12182 <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR updates `src/agents/session-tool-result-guard.ts` to redact sensitive data from `toolResult` message text blocks before those messages are persisted to session JSONL transcript files. It introduces a `redactToolResultSecrets()` transform that applies the existing `redactSensitiveText(..., { mode: "tools" })` logic (already used on the read/display path) and wires it into the persistence path after the existing `capToolResultSize()` truncation. Overall, this aligns the write path with the existing read-path redaction, reducing the chance that secrets printed by tools (stdout/stderr, env-style assignments, tokens, PEM private keys) are stored unredacted on disk. <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with minimal risk. - Change is narrowly scoped: it reuses the existing redaction utility already used elsewhere in the codebase and applies it only to `toolResult` text blocks on persistence. The import path matches existing usage (`../logging/redact.js`), and the transformation preserves non-text blocks and leaves messages unchanged when no redaction is needed. - src/agents/session-tool-result-guard.ts <!-- greptile_other_comments_section --> <!-- /greptile_comment -->