990e594a1d
Summary hardening: - SHA256 fingerprint of events content for deduplication (skips LLM call when events unchanged since last summary) - Versioned summary storage: summary:agent:channel:vN keys - Latest pointer: summary_latest:agent:channel for fast retrieval - Prompt injection defense: sanitize event content before LLM, strip [SYSTEM]/[INTERNAL] markers, block "ignore instructions" patterns - Anti-injection clause in SUMMARY_SYSTEM_PROMPT Database fix: - list_facts_by_agent: SQL filter by fact_prefix to only return chat_events (prevents summary/version facts from consuming LIMIT quota) - Fixed NULL team_id issue in UNIQUE constraint (PostgreSQL NULL != NULL) using "__system__" sentinel for team_id in summary operations Tested on NODE1: dedup works (same events → skipped), force=true bypasses. Co-authored-by: Cursor <cursoragent@cursor.com>