diff --git a/docs/agent-handoff.md b/docs/agent-handoff.md index bfd52c4..da572f6 100644 --- a/docs/agent-handoff.md +++ b/docs/agent-handoff.md @@ -30,6 +30,9 @@ Last updated: 2026-07-05 - PR validation runs 883-886 passed. Production merge commit `c0afc6d2e88b7602148d786dd249351323885ac2` passed build/publish run 887, release dry-run 888, and template compliance 889. - Registry tags `latest`, `20260705`, and `c0afc6d2e88b7602148d786dd249351323885ac2` were verified through the Gitea Package API on 2026-07-05. - The Dockge stack at `C:\docker\intelligence-terminal` was updated from the registry image. A cryptographically random `SECURITY_PROFILE_ENCRYPTION_KEY` was added without printing it. Live health reported the container healthy, LiteLLM configured, Telegram AI and the 14-tool agent enabled, and the encrypted profile store configured/available with no profile yet. +- Issue #64 fixed a local-model protocol leak where an exhausted tool loop could expose a raw `tool_call` JSON object as the Telegram answer. PR #65 merged as `e47c23e685d833d5f7433dc27b0834854c8c6152`. +- Exhausted loops now switch to a separate tool-free finalization prompt, allow one bounded repair attempt, and fail closed with a localized user-facing message if the model still requests tools. Internal protocol JSON is never returned as the answer. +- PR runs 895-896 and production runs 897-899 passed. The registry `latest` image was deployed to Dockge; live health reported `running/healthy`, 14 tools enabled, no sweep error, and the encrypted Security Manager profile preserved (`profileExists=true`). ## Repository State @@ -468,6 +471,8 @@ e933586 merge: reconcile main with production branch 53470cc fix: load live dashboard data and add terminal actions d13652a merge: controlled Telegram terminal agent (PR #60) 0c7ddc5 feat: add privacy-aware security manager onboarding +b42b393 fix: prevent agent tool protocol leakage +e47c23e merge: prevent Telegram agent protocol leakage (PR #65) ``` The large implementation commit `85f97bb` and the dashboard/action fix `53470cc` are contained in both: @@ -537,6 +542,7 @@ docker pull git.wilkensxl.de/code-inc/intelligence-terminal:latest - If a new Codex environment sees non-fast-forward branch pushes, fetch first and preserve remote commits. Do not force-push without explicit approval. - A production deployment must add `SECURITY_PROFILE_ENCRYPTION_KEY` before expecting first-start onboarding. A changed or lost key intentionally fails closed and does not overwrite existing ciphertext. - Security Manager first-start onboarding remains intentionally incomplete until the operator answers the language and consent prompts in Telegram; no personal profile is created automatically. +- The operator completed Security Manager onboarding before the #64 live deployment; the encrypted profile survived the container recreation. Never log or copy its contents into issues or handoff files. ## Operator Pull Command