🦋 Changeset detected

Latest commit: 10e0d12

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
agents-api	Ready	Preview, Comment	Apr 15, 2026 2:09pm
agents-manage-ui	Ready	Preview, Comment	Apr 15, 2026 2:09pm

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
agents-docs	Skipped		Apr 15, 2026 2:09pm

I could not sync this public PR into agents-private automatically.

Patch application failed. The diff could not be applied cleanly. Please rebase your PR on the latest main.

Summary

This PR fundamentally changes how mid-generation context compression is triggered: instead of proactively compressing based on token-budget predictions (which often fire unnecessarily), compression now only happens reactively when the LLM provider actually returns a context-overflow error. It also adds a new seam to exclude oversized tool outputs from reaching the LLM context at all, replacing them with structured error stubs.

Key changes

• New compressionRetryMiddleware wraps the language model via AI SDK's wrapLanguageModel, intercepting overflow errors and retrying with compressed prompts
• New detectContextOverflow module identifies provider-specific overflow errors (OpenAI context_length_exceeded code, Anthropic regex patterns)
• Gutted the token-budget prediction branch from handlePrepareStepCompression — it now always returns {}
• Moved compression logic from the prepareStep callback into a standalone buildCompressPrompt function reused by the middleware
• tool-wrapper.ts's toModelOutput hook now checks for oversized tool outputs before they reach the LLM, substituting a structured error stub
• Removed _oversizedWarning field injection from BaseCompressor and ArtifactService (metadata isOversized flag remains)

Reactive compression middleware

Before: The prepareStep AI SDK callback checked token counts after each step — using actual usage from the previous step or falling back to estimates — and preemptively compressed if the context appeared to exceed a per-model threshold (75-91%). This fired on many calls that would have succeeded, causing unnecessary LLM summarization calls, context detail loss, and injected synthetic messages.

After: A new compressionRetryMiddleware.ts implements LanguageModelMiddleware with wrapGenerate and wrapStream hooks. For non-streaming: it catches overflow errors from doGenerate(), compresses the prompt via buildCompressPrompt, and retries once. For streaming: it peeks the first chunk using async-iterator .next() — if it's an overflow error ("pre-commit"), it compresses and retries; if it's real data, it prepends the buffered chunk and pipes the rest through. A second overflow propagates without further retry. The middleware is constructed per-request, closing over the run-scoped compressor. The middleware includes a version comment noting verification against @ai-sdk/[email protected] and 3.0.4 — a reminder to re-verify if the SDK bumps to v4.

Context overflow detection

New detectContextOverflow.ts provides isContextOverflowError(err) which discriminates between real context overflow and other 400 errors. It checks for OpenAI's stable context_length_exceeded error code via data.error.code, and falls back to regex patterns for Anthropic messages (prompt is too long, input length and max_tokens exceed context limit). Explicitly excludes 413 (byte-limit) and non-400 status codes. Includes OTEL span attributes for monitoring regex-based detections.

Oversized tool output exclusion at the source

Before: tool-wrapper.ts's toModelOutput unconditionally called buildToolResultForModelInput(output), sending raw tool results — even gigantic ones — into the LLM context. Oversized detection only affected downstream compression/artifact storage.

After: toModelOutput now calls detectOversizedArtifact against the model's context window size. If the output exceeds the threshold, it returns a structured JSON stub with status: 'oversized', the tool name, args, structure info, and a recommendation to narrow queries. This matches the existing retrieval_blocked shape from default-tools.ts so the LLM interprets it as a tool-level failure. OTEL attributes are set for observability. The context window is now resolved lazily using ctx.currentModelSettings (stashed after configureModelSettings runs), fixing a bug where getModelContextWindow() was called without args and always returned the 120K default — making the 30% oversized threshold hardcoded at ~36K regardless of the actual model.

Compression logic extraction

The summary-building logic (artifact references, stop instructions, compression cycle tracking) that previously lived inline in handlePrepareStepCompression was extracted into buildCompressPrompt() in compression.ts. This function now accepts an originalMessageCount parameter and preserves the original message prefix (system + user message + pre-generation conversation history) when compressing — only the generated tail (tool calls + assistant responses accumulated during the current run) is summarized. This matches the pre-middleware behavior where originalMessages = stepMessages.slice(0, originalMessageCount) and the summary was appended after the preserved prefix.

Removal of _oversizedWarning field

The _oversizedWarning string field was removed from summaryData injection in both BaseCompressor.ts and ArtifactService.ts. Since oversized tool outputs are now excluded at the tool-wrapper seam before reaching the LLM, the warning in compression/artifact metadata is redundant. The metadata.isOversized boolean and _structureInfo field remain as the durable signals.

Async-iterator fallback fix

The toAsyncIterator helper in compressionRetryMiddleware.ts previously used an unsound as unknown as AsyncIterator cast on ReadableStream. This has been replaced with a proper Reader-to-iterator adapter that wraps reader.read() into .next() calls — safe if the fallback branch is ever triggered on a runtime without Symbol.asyncIterator on ReadableStream.

Testing

• New compressionRetryMiddleware.test.ts (299 lines): Tests wrapGenerate passthrough, overflow retry success, double-overflow propagation, non-overflow error passthrough. Tests wrapStream with data passthrough, pre-commit overflow retry, pre-commit non-overflow error throw, and post-commit mid-stream error propagation. Includes a code-review constraint test verifying no .tee() or Array.from usage on streams.
• New detectContextOverflow.test.ts (114 lines): Comprehensive coverage of OpenAI code-based detection, both Anthropic regex patterns, 413 exclusion, generic 400 without overflow indicators, non-API errors, null/undefined/string inputs, 500 status with overflow message, and wrong data shapes.
• New tool-wrapper-oversized.test.ts (152 lines): Tests oversized exclusion stub structure for large outputs, passthrough for normal-sized outputs, and stub payload contents.
• Updated ai-sdk-callbacks.test.ts: Gutted ~220 lines of token-budget prediction tests, replaced with 2 tests confirming the function is now a no-op.
• Updated BaseCompressor.test.ts and OversizedArtifacts.test.ts: Assertions changed from expecting _oversizedWarning to be undefined.

Spec & documentation

The PR includes a full spec at specs/2026-04-14-reactive-compression/SPEC.md covering the problem statement (SCR format), goals/non-goals, personas, current vs target state, architecture diagram, and detailed design. Supporting evidence documents cover current compression triggers, middleware approach rationale, oversized artifact handling investigation, and provider overflow signal formats. Meta documents include a changelog, audit findings, and design challenge writeup.

  ^{｜ View workflow run ｜ Triggered by Pullfrog ｜ Using Claude Opus ｜ 𝕏}

Ito Test Report ✅

16 test cases ran. 1 additional finding, 15 passed.

Across 16 test cases, 15 passed and 1 failed, showing generally stable local non-production behavior for baseline and edge chat flows (streaming/non-streaming completions, rapid same-conversation requests, mid-stream reload resume, and mobile 390x844), overflow handling (bounded recovery with a one-retry cap and no retries for non-overflow errors), oversized tool-output safeguards, and authorization/injection probes. The key finding was one High-severity validation gap in /run/api/chat where malformed approval-response-shaped payloads in messages[].content can bypass the approval guard when conversationId is omitted and proceed through normal execution instead of returning the intended HTTP 400, while no cross-tenant access bypass was observed.

✅ Passed (15)

Category	Summary	Screenshot
Adversarial	Oversized repeated-token streaming payload completed in bounded time with clean stream termination.
Adversarial	Forged x-target-* headers did not grant cross-tenant scope; requests were denied under local dev/test auth behavior.
Adversarial	Injection-shaped strings remain inert literal text through the oversized stub serialization path.
Edge	Using one shared conversationId, 4 rapid requests all completed quickly with deterministic terminal responses and no deadlock/hung stream.
Edge	A streaming request produced partial output, page reload occurred mid-stream, and a follow-up with the same conversationId completed (HTTP 200), showing no stuck pending stream blocker.
Edge	Out-of-order and missing-turn history payloads completed safely without crashes or stack-trace leakage.
Edge	Original BLOCKED result was not a product bug: prior run hung on a restart-server tooling step. After proper setup and non-production playground-token bypass for missing temp signing keys, the test was re-executed at 390x844 and mobile chat flow could be initiated and completed.
Logic	Non-streaming overflow-retry request completed with HTTP 200 and assistant output in bounded time.
Logic	Retry budget behavior is capped at one retry and a second overflow is propagated (verified via source and deterministic tests).
Logic	Invalid model/agent request returned an immediate terminal error with no retry side effects.
Logic	Streaming recoverable overflow path returned normal first chunks and completed cleanly.
Logic	Oversized tool output is replaced by a structured status=oversized stub and raw payload is excluded.
Logic	Normal-size tool output follows the standard pass-through path without oversized stubbing.
Logic	Oversized artifact metadata keeps isOversized and _structureInfo while _oversizedWarning remains absent.
Happy-path	Baseline streaming request returned HTTP 200 with SSE chunks and clean stream completion after local setup alignment.

ℹ️ Additional Findings (1)

These findings are unrelated to the current changes but were observed during testing.

Category	Summary	Screenshot
Adversarial	⚠️ Malformed approval-response content can bypass validation and proceed down normal chat execution flow.

const approvalParts = (body.messages || [])
  .flatMap((m: any) => m?.parts || [])
  .filter((p: any) => p?.state === 'approval-responded' && typeof p?.toolCallId === 'string');

const isApprovalResponse = approvalParts.length > 0;

if (isApprovalResponse) {
  const conversationId = body.conversationId;
  if (!conversationId) {
    return c.json(
      {
        success: false,
        error: 'conversationId is required for approval response',
      },
      400
    );
  }
}

const conversationId = body.conversationId ?? getConversationId();

return await otelContext.with(ctxWithBaggage, async () => {
  const agent = executionContext.project.agents[agentId];
  if (!agent) {
    throw createApiError({
      code: 'not_found',
      message: 'Agent not found',
    });
  }

  const activeAgent = await getActiveAgentForConversation(runDbClient)({
    scopes: { tenantId, projectId },
    conversationId,
  });
  if (!activeAgent) {
    await setActiveAgentForConversation(runDbClient)({
      scopes: { tenantId, projectId },
      conversationId,
      subAgentId: defaultSubAgentId,
      ref: executionContext.resolvedRef,
      agentId: agentId,
    });
  }
});

export const VercelMessageSchema = z.object({
  role: z.enum(['system', 'user', 'assistant', 'function', 'tool']),
  content: z.any(),
  parts: z.array(VercelMessagePartSchema).optional(),
});

Commit: 0b0d51f

View Full Run

Tell us how we did: Give Ito Feedback

Preview URLs

Use these stable preview aliases for testing this PR:

• UI: https://pr-3133-ui.preview.inkeep.com
• API: https://pr-3133-api.preview.inkeep.com
• API health: https://pr-3133-api.preview.inkeep.com/health

These point to the same Vercel preview deployment as the bot comment, but they stay stable and easier to find.

Ito Test Report ✅

12 test cases ran. 12 passed.

Unified QA results were fully green: 12 executed test cases passed with 0 failures (plus one verified-empty segment with no remaining cases), indicating stable behavior across the covered run and chat endpoints in the local non-production setup. The key findings were that earlier blockers were confirmed as harness/environment issues rather than product defects, while critical behaviors worked as designed—including SSE streaming completion and clean termination, interruption recovery on the same conversation, mobile and burst-submit transport stability, correct reactive overflow retry semantics (with 413 excluded), and correct tool-output threshold handling for below-threshold pass-through versus above-threshold structured oversized exclusion.

✅ Passed (12)

Category	Summary	Screenshot
Adversarial	Five rapid parallel submissions plus a same-conversation follow-up all returned HTTP 200 with no crash/500.
Edge	HTTP 413-style size errors remain excluded from overflow retry classification.
Edge	Not a real app bug. Boundary below 30% is intentionally treated as non-oversized and remains pass-through.
Edge	Not a real app bug. Above-threshold payloads are correctly excluded as oversized per detector and serialization logic.
Edge	Interrupted stream resumed on the same conversationId with HTTP 200 and a clean single-start [DONE] completion.
Edge	Mobile 390x844 chat submissions reached /run/api/chat with HTTP 200 and v2 stream headers.
Logic	Non-stream overflow retry succeeds once compression retry path is exercised.
Logic	Streaming pre-commit overflow retry resumes and completes via single retry path.
Logic	Not a real app bug. Oversized tool output exclusion and structured replacement are implemented and verified.
Logic	Near-limit non-overflow requests proceed without proactive compression injection.
Happy-path	/run/v1/chat/completions streamed successfully with HTTP 200 SSE, assistant chunks, and a clean finish marker after local project setup.
Happy-path	Not a real app bug. Prior blocked result was harness/infrastructure-related. Re-validation confirms under-threshold tool results are passed through normally via non-oversized path.

Commit: 10e0d12

View Full Run

Tell us how we did: Give Ito Feedback

This pull request has been automatically marked as stale because it has not had recent activity.
It will be closed in 7 days if no further activity occurs.

If this PR is still relevant:

• Rebase it on the latest main branch
• Add a comment explaining its current status
• Request a review if it's ready

Thank you for your contributions!