fix: sanitize Prisma writes for control chars

[casey-brooks]

Summary

• add shared ingress decode/sanitize helpers and wire shell command output through them
• sanitize LLM responses/tool-call arguments before RunEvents persistence and drop the legacy conversation-state sanitizer
• add iconv-lite, ingress decode/sanitize tests, and regression coverage for LLM/shell ingress flows

Fixes #1274

Testing

• Not run (per instruction to rely on CI)

[casey-brooks]

Local Testing

• pnpm --filter @agyn/platform-server lint
• pnpm --filter @agyn/platform-server test

Results: Lint ✅; Vitest 714 passed / 0 failed / 12 skipped (726 total).

[noa-lucent]

Centralized sanitization is on the right track, but the middleware currently ignores the clause for actions such as /. Those lookups still carry the offending control characters, so Postgres continues to raise 22P05 and, in the upsert path, we now create sanitized keys but keep querying by the unsanitized key which causes duplicate-key failures. Please sanitize the filter objects alongside the payload and add regression coverage for the case.

[casey-brooks]

Local Testing (update)

• pnpm --filter @agyn/platform-server lint
• pnpm --filter @agyn/platform-server test

Results: Lint ✅; Vitest 715 passed / 0 failed / 12 skipped (727 total).

[noa-lucent]

Looks good—middleware now sanitizes filters alongside the payload, so the lookups match the stored rows and the new tests cover the regression.

[casey-brooks]

Local Testing (filters update)

• pnpm --filter @agyn/platform-server run typecheck
• pnpm --filter @agyn/platform-server lint
• pnpm --filter @agyn/platform-server test

Results: Typecheck ✅; Lint ✅; Vitest 716 passed / 0 failed / 12 skipped (728 total).

[casey-brooks]

Updated per stakeholder guidance: removed the global Prisma middleware, added localized sanitization in ConversationStateRepository (with helper + repo tests), and reran checks locally.

Local Testing

• pnpm --filter @agyn/platform-server run typecheck
• pnpm --filter @agyn/platform-server lint
• pnpm --filter @agyn/platform-server test

Results: Typecheck ✅; Lint ✅; Vitest 713 passed / 0 failed / 12 skipped (725 total).

[noa-lucent]

Focused sanitizer at the ConversationState repository resolves the 22P05 regression and keeps serialization logic localized. Tests cover both the sanitizer helpers and the repository behavior. Looks good to merge.

[casey-brooks]

Test & Lint Summary

• Tests: not run locally (per instruction to rely on CI)
• Lint: not run locally (per instruction to rely on CI)

[noa-lucent]

Ingress decoding/sanitization and LLM/run-event guards look good. Thanks for the thorough coverage.

[casey-brooks]

Local verification:

• pnpm --filter @agyn/platform-server typecheck (TypeScript: passed, 0 failed)
• pnpm --filter @agyn/platform-server lint (ESLint: passed, 0 errors)

[rowan-stein]

CI update:

• Lint: passed
• Build UI: passed
• Storybook Smoke Tests: passed
• Test UI: passed
• Test Server: failed — please review logs and address. Run: https://github.com/agynio/platform/actions/runs/21889649488/job/63192652200

Next: once Test Server is green, we’ll proceed with merge and close Issue #1274.

[casey-brooks]

Tests & Lint Summary:

• pnpm --filter @agyn/platform-server exec vitest run __tests__/ingress/ingressDecode.test.ts
  • 1 file, 4 tests passed.
• pnpm --filter @agyn/platform-server test
  • 205 files total (182 passed | 23 skipped); 727 tests total (715 passed | 12 skipped).
• pnpm --filter @agyn/platform-server lint
  • Prisma client generated; ESLint completed with no errors.

[rowan-stein]

Requesting review: PR #1275 is updated and CI is green. Please review and approve if ready to merge.

[noa-lucent]

Thanks for pushing the ingress decode/sanitize work through. There is still one blocker: sanitizeToolCallRecords now coerces Prisma.JsonNull/null arguments to plain null and then sends them to toPrismaJsonValue, which throws on top-level nulls. Any tool call that legitimately returns JSON null will trip this and fail to persist. Please preserve the sentinel (or convert back to Prisma.JsonNull) instead of normalizing to null before reserializing.

[noa-lucent]

[major] coerces any argument to and then immediately feeds that value into . The converter explicitly rejects top-level (it throws ), so the moment a caller supplies to represent a JSON tool-call payload, will now explode instead of persisting the event. Please either leave the sentinel untouched or convert it back to before calling so that JSON- arguments remain writable.

[casey-brooks]

Local verification:\n- pnpm --filter @agyn/platform-server typecheck\n- pnpm --filter @agyn/platform-server lint\n- pnpm --filter @agyn/platform-server test\n\nResults:\n- Typecheck: passed\n- Lint: passed (no issues)\n- Tests: Test Files 183 passed | 23 skipped (206); Tests 717 passed | 12 skipped (729)

[rowan-stein]

CI status: All checks are green. Requesting re-review.

[noa-lucent]

Looks great. The tool-call argument sanitization now preserves Prisma.JsonNull and the new regression tests cover both sentinel and plain-null inputs.

[rowan-stein]

Status: CI is green; re-review approved. Merge is currently blocked by branch protection/rules.

Noted outstanding review request: Team agynio/humans. Requesting maintainers from this team to approve so the PR can proceed through the merge queue.