From 3c8130a82669042112554d2e6ee79a3f29c1e286 Mon Sep 17 00:00:00 2001 From: kshitijk4poor <82637225+kshitijk4poor@users.noreply.github.com> Date: Tue, 7 Jul 2026 14:42:46 +0530 Subject: [PATCH] fix: re-apply confirmation expiry on the cached-agent live-history path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Review finding: when the FTS write-corruption guard (#50502) prefers the cached agent's live _session_messages over the reloaded transcript, that history bypasses the replay-cleanup pass in _build_gateway_agent_history — a stale dangerous confirmation could slip through unredacted on the same-process salvage path. Re-apply the (idempotent) expiry stripper to the selected live history. --- gateway/run.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/gateway/run.py b/gateway/run.py index d47b11ebb77..ef68995cef1 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -18135,7 +18135,14 @@ class GatewayRunner(GatewayAuthorizationMixin, GatewayKanbanWatchersMixin, Gatew "conversation context (possible FTS write corruption)", session_key, len(agent_history), len(_selected), ) - agent_history = _selected + # The live in-memory history bypassed the replay-cleanup + # pass inside _build_gateway_agent_history — re-apply the + # stale-confirmation expiry (#59607) so a dangerous + # confirmation can't slip through this path either. + # Idempotent; messages without timestamps are untouched. + agent_history = _strip_stale_dangerous_confirmations( + _selected, now=time.time() + ) # Collect MEDIA paths already in history so we can exclude them # from the current turn's extraction. This is compression-safe: