#3647: fix: sanitize tool arguments in session history

# Pull Request: fix: sanitize tool arguments in session history ## 📋 Summary This PR implements robust sanitization for tool arguments in session history messages. It specifically targets potential corruption where tool input arguments contain invalid JSON. The fix detects these malformed inputs and replaces them with an empty object `{}` during message loading, preventing the entire session from crashing due to `InternalError.Algo.InvalidParameter`. ## 🎯 Related Issues Closes # (Session Crash Bugs) ## 🚀 What's New ### Core Changes #### 1. Session Transcript Repair **Purpose**: To make the agent resilient to malformed session data ("dirty memory") caused by previous model errors or hallucinations. **Implementation**: - Added `sanitizeToolUseArgs` function in `src/agents/session-transcript-repair.ts`. - Integrated this sanitization step into the `sanitizeToolUseResultPairing` pipeline. - It parses every `toolUse` input block; if `JSON.parse` fails, it catches the error and repairs the block. **Key Code**: ```typescript // src/agents/session-transcript-repair.ts if (typeof (block as any).input === "string") { try { JSON.parse((block as any).input); nextContent.push(block); } catch { // Invalid JSON found in tool args. // Replace with empty object to prevent downstream crashes. nextContent.push({ ...block, input: {}, // Fixed _sanitized: true, _originalInput: (block as any).input, }); msgChanged = true; } } ``` ## 📊 Type of Change - [x] 🐛 Bug fix (non-breaking change that fixes an issue) - [ ] ✨ New feature (non-breaking change that adds functionality) - [ ] 💥 Breaking change (fix or feature that would cause existing functionality to change) - [ ] 📝 Documentation update - [ ] 🔧 Configuration change - [ ] ♻️ Code refactoring (no functional changes) - [ ] ⚡ Performance improvement - [ ] 🎨 UI/UX change - [ ] 🧪 Test coverage improvement - [ ] 🔒 Security fix ## 🧪 Testing ### Automated Tests - [ ] Unit tests added/updated - [x] Integration tests added/updated - [x] All existing tests pass **Test Results**: Verified with a reproduction script (`verify-sanitization.js`) that constructed a message with a malformed input string `"{ bad: json }"`. - Before fix: Crash. - After fix: Input replaced with `{}` and script succeeded. ### Manual Testing **Testing Checklist**: - [x] Tested in development environment - [x] Tested with real data/production-like scenarios - [x] Tested error scenarios - [x] Verified no console errors/warnings **Environments Tested**: - [x] Development ## 🚀 Deployment Strategy ### Deployment Steps 1. Merge PR. 2. Rebuild agent (`npm run build`). 3. Restart Moltbot services. ### Configuration Changes None. ## 🔍 Code Quality - [x] ESLint passed (auto-checked by pre-commit hooks) - [x] Prettier formatting applied (auto-checked by pre-commit hooks) - [x] Commit messages follow conventional commits - [x] Code reviewed by AI agent or peer - [x] Error handling implemented for edge cases ## 🔐 Security Considerations - [x] Input validation added for user input (Sanitization protects against crashes) ## 🚦 Status - [ ] 🔴 Draft - Work in progress - [x] 🟡 Ready for Review - Code complete, needs review - [ ] 🟢 Approved - Ready to merge - [ ] 🔵 Merged - Deployed to staging - [ ] ✅ Complete - Deployed to production <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR adds a transcript-repair step (`sanitizeToolUseArgs`) that scans assistant tool-call blocks in session history and normalizes tool arguments: valid JSON strings in `input`/`arguments` are parsed into objects, and malformed JSON strings are replaced with `{}` while tagging the block as sanitized. The sanitization is then run as part of `sanitizeToolUseResultPairing` before repairing toolResult ordering/duplication. Overall this strengthens resilience against “dirty” session files that would otherwise crash or be rejected by strict providers when tool-call arguments are not valid JSON. <h3>Confidence Score: 4/5</h3> - This PR is mostly safe to merge; main behavior change is limited to session-history repair logic. - The change is localized and has added tests, but the current parsing accepts non-object JSON (e.g., null/arrays) which can still violate downstream tool schema expectations, and the new warning log may inadvertently leak sensitive tool inputs. - src/agents/session-transcript-repair.ts <!-- greptile_other_comments_section --> _{(4/5) You can add custom instructions or style guidelines for the agent [here](https://app.greptile.com/review/github)!} <!-- /greptile_comment -->