Port from openclaw/openclaw#67801. The context compressor's summarizer
prompt instructs the model to preserve specific values (file paths,
commands, error messages, etc.) so it can produce concrete handoffs.
That instruction also caused API keys, bearer tokens, and env-var
assignments surfaced through tool output (terminal, read_file, curl -v)
to be copied verbatim into the persistent summary and re-injected on
every subsequent compaction.
Apply agent.redact.redact_sensitive_text at three points:
- serializer output (primary defense)
- previous-summary re-injection on iterative compaction
- LLM-returned summary before storage in _previous_summary
agent/redact.py already had the full pattern set; it was wired only to
log formatters and cron scrubbing, never to compression.
Tests: 6 regression cases covering API-key prefixes, env assignments,
authorization headers, JSON token fields, non-secret content
preservation, and summarizer-echo defense.
Refs: openclaw/openclaw#67801
72d53e14ae