From 2f68334cff6a144703c2b2be80db343f0efe2c1a Mon Sep 17 00:00:00 2001
From: Sahil Satralkar <62758655+sahilsatralkar@users.noreply.github.com>
Date: Mon, 16 Mar 2026 23:31:21 +0530
Subject: [PATCH] fix(auto-reply): scope rebased error-message refresh

---
 CHANGELOG.md                                   | 1 -
 src/auto-reply/reply/agent-runner-execution.ts | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 78ee8ec31fb..5673d2dd5f5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2192,7 +2192,6 @@ Docs: https://docs.openclaw.ai
 - Security/Exec: block grep safe-bin positional operand bypass by setting grep positional budget to zero, so `-e/--regexp` cannot smuggle bare filename reads (for example `.env`) via ambiguous positionals; safe-bin grep patterns must come from `-e/--regexp`. Thanks @athuljayaram for reporting.
 - Security/Gateway/Agents: remove implicit admin scopes from agent tool gateway calls by classifying methods to least-privilege operator scopes, and enforce owner-only tooling (`cron`, `gateway`, `whatsapp_login`) through centralized tool-policy wrappers plus tool metadata to prevent non-owner DM privilege escalation. Ships in the next npm release. Thanks @Adam55A-code for reporting.
 - Security/Gateway: centralize gateway method-scope authorization and default non-CLI gateway callers to least-privilege method scopes, with explicit CLI scope handling, full core-handler scope classification coverage, and regression guards to prevent scope drift.
-- Auto-reply: show user-friendly error messages based on error type (rate limit, auth, billing, timeout) instead of exposing technical details.
 - Security/Net: block SSRF bypass via NAT64 (`64:ff9b::/96`, `64:ff9b:1::/48`), 6to4 (`2002::/16`), and Teredo (`2001:0000::/32`) IPv6 transition addresses, and fail closed on IPv6 parse errors. Thanks @jackhax.
 - Security/OTEL: sanitize OTLP endpoint URL resolution. (#13791) Thanks @vincentkoc.
 - Security: patch Dependabot security issues in pnpm lock. (#20832) Thanks @vincentkoc.
diff --git a/src/auto-reply/reply/agent-runner-execution.ts b/src/auto-reply/reply/agent-runner-execution.ts
index 7ca57369e50..c1e5ed90e4e 100644
--- a/src/auto-reply/reply/agent-runner-execution.ts
+++ b/src/auto-reply/reply/agent-runner-execution.ts
@@ -13,6 +13,7 @@ import {
   isLikelyContextOverflowError,
   isOverloadedErrorMessage,
   isRateLimitErrorMessage,
+  sanitizeUserFacingText,
   isTimeoutErrorMessage,
   isTransientHttpError,
 } from "../../agents/pi-embedded-helpers.js";