Merge pull request #809 from latitudeki5223/fix/minimax-tool-xml-leak

fix(minimax): strip tool invocation XML from assistant text
2026-01-13 00:37:29 +00:00
parent 1f3ae2346e e2ea20f862
commit e5708d443a
3 changed files with 219 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -23,8 +23,9 @@
 - Sandbox: support tool-policy groups in `tools.sandbox.tools` (e.g. `group:memory`, `group:fs`) to reduce config churn.

 ### Fixes
+- Models/MiniMax: strip malformed tool invocation XML (`<invoke>...</invoke>` and `</minimax:tool_call>`) from assistant text to prevent tool call leaks into user messages. (#809 — thanks @latitudeki5223)
 - Tools/Models: MiniMax vision now uses the Coding Plan VLM endpoint (`/v1/coding_plan/vlm`) so the `image` tool works with MiniMax keys (also accepts `@/path/to/file.png`-style inputs).
- Gateway/macOS: reduce noisy loopback WS “closed before connect” logs during tests.
+- Gateway/macOS: reduce noisy loopback WS "closed before connect" logs during tests.
 - Auto-reply: resolve ambiguous `/model` fuzzy matches by picking the best candidate instead of erroring.

 ## 2026.1.12-1
--- a/src/agents/pi-embedded-utils.test.ts
+++ b/src/agents/pi-embedded-utils.test.ts
@@ -0,0 +1,196 @@
+import type { AssistantMessage } from "@mariozechner/pi-ai";
+import { describe, expect, it } from "vitest";
+import { extractAssistantText } from "./pi-embedded-utils.js";
+
+describe("extractAssistantText", () => {
+  it("strips Minimax tool invocation XML from text", () => {
+    const msg: AssistantMessage = {
+      role: "assistant",
+      content: [
+        {
+          type: "text",
+          text: `<invoke name="Bash">
+<parameter name="command">netstat -tlnp | grep 18789</parameter>
+</invoke>
+</minimax:tool_call>`,
+        },
+      ],
+      timestamp: Date.now(),
+    };
+
+    const result = extractAssistantText(msg);
+    expect(result).toBe("");
+  });
+
+  it("strips multiple tool invocations", () => {
+    const msg: AssistantMessage = {
+      role: "assistant",
+      content: [
+        {
+          type: "text",
+          text: `Let me check that.<invoke name="Read">
+<parameter name="path">/home/admin/test.txt</parameter>
+</invoke>
+</minimax:tool_call>`,
+        },
+      ],
+      timestamp: Date.now(),
+    };
+
+    const result = extractAssistantText(msg);
+    expect(result).toBe("Let me check that.");
+  });
+
+  it("keeps invoke snippets without Minimax markers", () => {
+    const msg: AssistantMessage = {
+      role: "assistant",
+      content: [
+        {
+          type: "text",
+          text: `Example:\n<invoke name="Bash">\n<parameter name="command">ls</parameter>\n</invoke>`,
+        },
+      ],
+      timestamp: Date.now(),
+    };
+
+    const result = extractAssistantText(msg);
+    expect(result).toBe(
+      `Example:\n<invoke name="Bash">\n<parameter name="command">ls</parameter>\n</invoke>`,
+    );
+  });
+
+  it("preserves normal text without tool invocations", () => {
+    const msg: AssistantMessage = {
+      role: "assistant",
+      content: [
+        {
+          type: "text",
+          text: "This is a normal response without any tool calls.",
+        },
+      ],
+      timestamp: Date.now(),
+    };
+
+    const result = extractAssistantText(msg);
+    expect(result).toBe("This is a normal response without any tool calls.");
+  });
+
+  it("strips Minimax tool invocations with extra attributes", () => {
+    const msg: AssistantMessage = {
+      role: "assistant",
+      content: [
+        {
+          type: "text",
+          text: `Before<invoke name='Bash' data-foo="bar">\n<parameter name="command">ls</parameter>\n</invoke>\n</minimax:tool_call>After`,
+        },
+      ],
+      timestamp: Date.now(),
+    };
+
+    const result = extractAssistantText(msg);
+    expect(result).toBe("Before\nAfter");
+  });
+
+  it("strips tool XML mixed with regular content", () => {
+    const msg: AssistantMessage = {
+      role: "assistant",
+      content: [
+        {
+          type: "text",
+          text: `I'll help you with that.<invoke name="Bash">
+<parameter name="command">ls -la</parameter>
+</invoke>
+</minimax:tool_call>Here are the results.`,
+        },
+      ],
+      timestamp: Date.now(),
+    };
+
+    const result = extractAssistantText(msg);
+    expect(result).toBe("I'll help you with that.\nHere are the results.");
+  });
+
+  it("handles multiple invoke blocks in one message", () => {
+    const msg: AssistantMessage = {
+      role: "assistant",
+      content: [
+        {
+          type: "text",
+          text: `First check.<invoke name="Read">
+<parameter name="path">file1.txt</parameter>
+</invoke>
+</minimax:tool_call>Second check.<invoke name="Bash">
+<parameter name="command">pwd</parameter>
+</invoke>
+</minimax:tool_call>Done.`,
+        },
+      ],
+      timestamp: Date.now(),
+    };
+
+    const result = extractAssistantText(msg);
+    expect(result).toBe("First check.\nSecond check.\nDone.");
+  });
+
+  it("handles stray closing tags without opening tags", () => {
+    const msg: AssistantMessage = {
+      role: "assistant",
+      content: [
+        {
+          type: "text",
+          text: "Some text here.</minimax:tool_call>More text.",
+        },
+      ],
+      timestamp: Date.now(),
+    };
+
+    const result = extractAssistantText(msg);
+    expect(result).toBe("Some text here.More text.");
+  });
+
+  it("returns empty string when message is only tool invocations", () => {
+    const msg: AssistantMessage = {
+      role: "assistant",
+      content: [
+        {
+          type: "text",
+          text: `<invoke name="Bash">
+<parameter name="command">test</parameter>
+</invoke>
+</minimax:tool_call>`,
+        },
+      ],
+      timestamp: Date.now(),
+    };
+
+    const result = extractAssistantText(msg);
+    expect(result).toBe("");
+  });
+
+  it("handles multiple text blocks", () => {
+    const msg: AssistantMessage = {
+      role: "assistant",
+      content: [
+        {
+          type: "text",
+          text: "First block.",
+        },
+        {
+          type: "text",
+          text: `<invoke name="Bash">
+<parameter name="command">ls</parameter>
+</invoke>
+</minimax:tool_call>`,
+        },
+        {
+          type: "text",
+          text: "Third block.",
+        },
+      ],
+      timestamp: Date.now(),
+    };
+
+    const result = extractAssistantText(msg);
+    expect(result).toBe("First block.\nThird block.");
+  });
+});
--- a/src/agents/pi-embedded-utils.ts
+++ b/src/agents/pi-embedded-utils.ts
@@ -1,6 +1,26 @@
 import type { AssistantMessage } from "@mariozechner/pi-ai";
 import { formatToolDetail, resolveToolDisplay } from "./tool-display.js";

+/**
+ * Strip malformed Minimax tool invocations that leak into text content.
+ * Minimax sometimes embeds tool calls as XML in text blocks instead of
+ * proper structured tool calls. This removes:
+ * - <invoke name="...">...</invoke> blocks
+ * - </minimax:tool_call> closing tags
+ */
+function stripMinimaxToolCallXml(text: string): string {
+  if (!text) return text;
+  if (!/minimax:tool_call/i.test(text)) return text;
+
+  // Remove <invoke ...>...</invoke> blocks (non-greedy to handle multiple).
+  let cleaned = text.replace(/<invoke\b[^>]*>[\s\S]*?<\/invoke>/gi, "");
+
+  // Remove stray minimax tool tags.
+  cleaned = cleaned.replace(/<\/?minimax:tool_call>/gi, "");
+
+  return cleaned;
+}
+
 export function extractAssistantText(msg: AssistantMessage): string {
  const isTextBlock = (
    block: unknown,
@@ -13,7 +33,7 @@ export function extractAssistantText(msg: AssistantMessage): string {
  const blocks = Array.isArray(msg.content)
    ? msg.content
        .filter(isTextBlock)
-        .map((c) => c.text.trim())
+        .map((c) => stripMinimaxToolCallXml(c.text).trim())
        .filter(Boolean)
    : [];
  return blocks.join("\n").trim();