fix(ai-chat): preserve Anthropic replay tokens during persistence

[whoiskatrin]

Summary

• stop truncating provider-executed web_search and web_fetch payloads when persisting chat history, because Anthropic replays those results verbatim on later turns
• preserve nested opaque encrypted* fields in other provider tool payloads so replay tokens survive while large consumable strings can still be truncated
• add regression tests for web_search.encryptedContent, nested web_fetch citation encryptedIndex, and mixed payloads that should still truncate non-opaque content

Problem

Issue #1185 reported that the persistence truncation added in #1150 corrupts Anthropic web-tool replay tokens. After a successful web search, the SDK persisted encrypted_content with the truncation marker appended, and the next turn replayed that damaged value back to Anthropic. Anthropic then rejected the conversation with a 400 and the thread became permanently stuck.

The core bug is that the current sanitizer treats all long strings in provider-executed tool payloads as consumable content, but some of them are opaque provider-owned replay artifacts.

What changed

• AIChatAgent._truncateProviderExecutedToolPayloads() now skips truncation entirely for provider-executed web_search and web_fetch tool payloads
• _truncateLargeStrings() now preserves strings under encrypted* keys verbatim, even when neighboring large fields are still compacted
• regression coverage now proves we preserve:
  • web_search encryptedContent
  • web_fetch citation encryptedIndex
  • encryptedStdout while still truncating a sibling preview field

Reviewer Notes

• this is intentionally a narrow hotfix, not a full persistence-policy redesign
• I chose to preserve whole web_search / web_fetch payloads because these payloads are relatively small and Anthropic expects them to round-trip exactly; the storage savings from truncating them are low while the replay risk is high
• I also added a generic encrypted* field escape hatch so newer Anthropic replay fields in other provider-executed tool payloads do not get truncated by default
• if we want a longer-term cleanup, I think the right direction is separating replay-safe persistence from debug/storage compaction instead of relying on string-size heuristics in one sanitizer path

Testing

• npm run test:workers -- --run src/tests/sanitize-messages.test.ts
• npm run check

Related

• Closes Provider tool payload truncation (#1150) inadvertently breaks Anthropic web search multi-turn #1185
• Follow-up context: feat(ai-chat): add sanitizeMessageForPersistence hook and Anthropic tool payload truncation #1150

---

[changeset-bot]

🦋 Changeset detected

Latest commit: 6133d6f

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@cloudflare/ai-chat	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[pkg-pr-new]

Open in StackBlitz

agents

npm i https://pkg.pr.new/agents@1188

@cloudflare/ai-chat

npm i https://pkg.pr.new/@cloudflare/ai-chat@1188

@cloudflare/codemode

npm i https://pkg.pr.new/@cloudflare/codemode@1188

hono-agents

npm i https://pkg.pr.new/hono-agents@1188

@cloudflare/shell

npm i https://pkg.pr.new/@cloudflare/shell@1188

@cloudflare/think

npm i https://pkg.pr.new/@cloudflare/think@1188

@cloudflare/voice

npm i https://pkg.pr.new/@cloudflare/voice@1188

@cloudflare/worker-bundler

npm i https://pkg.pr.new/@cloudflare/worker-bundler@1188

commit: 6133d6f

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 4 additional findings.

[threepointone]

very nice, thanks for this