39a37331d7
_run_compression persists extracted substrings into ledger and sigil files on disk. Previously it ran on raw messages, so credentials matching decision/blocker patterns would be written to ~/.ra2/ in plaintext. Now redact.redact_messages() is applied first, ensuring only sanitised text reaches any disk-persisting path. The redundant redact.redact(prompt) on the final assembled prompt is removed since all inputs are already clean. The shrink loop correctly re-estimates tokens after each reassembly. https://claude.ai/code/session_01K7BWJY2gUoJi6dq91Yc7nx