fix: preserve swarm MCP collision prefixes

Preserve full-config MCP server-name resolution when pruning SWARM worker registries so collision hash suffixes remain stable after narrowing discovery.

Also redact nested sensitive values from tool event previews, including remote MCP result previews.

Co-Authored-By: Claude Code <noreply@anthropic.com>

AI-Model: GitHub Copilot
Co-Authored-By: github-copilot <noreply@ai-tool.com>
AI-Contributed/Feature: 71/71
AI-Contributed/UT: 53/53

Author: shadowinlife

agent/src/swarm/worker.py

@@ -12,7 +12,7 @@
 import time
 from datetime import datetime, timezone
 from pathlib import Path
-from typing import Callable
+from typing import Any, Callable
 
 from src.agent.context import ContextBuilder
 from src.agent.progress import HeartbeatTimer
@@ -576,7 +576,7 @@ def _on_heartbeat(payload: dict) -> None:
                 event_callback, "tool_result", agent_id, task_id,
                 {"tool": tc.name, "elapsed_ms": int(tc_elapsed * 1000),
                  "status": "ok", "iteration": iteration,
-                 "result_preview": str(result)[:200],
+                  "result_preview": _preview_tool_result(result),
                  **mcp_meta},
             )
             messages.append(
@@ -657,11 +657,40 @@ def _preview_tool_arguments(arguments: dict) -> dict[str, str]:
         if _is_sensitive_tool_argument(key):
             preview[key] = "[redacted]"
             continue
-        text = str(value)
-        preview[key] = text if len(text) <= 200 else text[:200] + "..."
+        preview[key] = _truncate_preview(_redact_preview_payload(value))
     return preview
 
 
+def _preview_tool_result(result: str) -> str:
+    """Return a short, redacted result preview for streamed events."""
+    try:
+        parsed = json.loads(result)
+    except (TypeError, ValueError):
+        return _truncate_preview(result)
+    return _truncate_preview(_redact_preview_payload(parsed))
+
+
+def _redact_preview_payload(value: Any) -> Any:
+    """Recursively redact sensitive keys before event preview stringification."""
+    if isinstance(value, dict):
+        return {
+            key: "[redacted]" if _is_sensitive_tool_argument(str(key)) else _redact_preview_payload(item)
+            for key, item in value.items()
+        }
+    if isinstance(value, list):
+        return [_redact_preview_payload(item) for item in value]
+    return value
+
+
+def _truncate_preview(value: Any, *, limit: int = 200) -> str:
+    """Stringify and truncate an event preview payload."""
+    if isinstance(value, (dict, list)):
+        text = json.dumps(value, ensure_ascii=False, default=str)
+    else:
+        text = str(value)
+    return text if len(text) <= limit else text[:limit] + "..."
+
+
 def _is_sensitive_tool_argument(key: str) -> bool:
     """Return whether a tool argument name should be redacted in events."""
     normalized = key.strip().lower()

agent/src/tools/__init__.py

@@ -13,6 +13,7 @@
 import importlib
 import logging
 import pkgutil
+from collections.abc import Mapping
 from collections import deque
 from pathlib import Path
 from typing import TYPE_CHECKING, Callable
@@ -70,6 +71,7 @@ def build_registry(
     session_id: str | None = None,
     event_callback: Callable[[str, dict], None] | None = None,
     warn_callback: Callable[[str], None] | None = None,
+    _mcp_server_tool_name_segments: Mapping[str, str] | None = None,
 ) -> ToolRegistry:
     """Build the tool registry via auto-discovery, optionally enriched with MCP tools.
 
@@ -132,10 +134,16 @@ def build_registry(
     if agent_config and agent_config.mcp_servers:
         from src.tools.mcp import build_mcp_tool_wrappers, resolve_mcp_server_tool_name_segments
 
-        local_server_names = resolve_mcp_server_tool_name_segments(
-            agent_config.mcp_servers.keys(),
-            warn_callback=warn_callback,
-        )
+        if _mcp_server_tool_name_segments is None:
+            local_server_names = resolve_mcp_server_tool_name_segments(
+                agent_config.mcp_servers.keys(),
+                warn_callback=warn_callback,
+            )
+        else:
+            local_server_names = {
+                server_name: _mcp_server_tool_name_segments[server_name]
+                for server_name in agent_config.mcp_servers
+            }
 
         for server_name, server_config in agent_config.mcp_servers.items():
             try:
@@ -212,25 +220,29 @@ def build_swarm_registry(
         ToolRegistry containing the whitelist intersection of local tools
         and any operator-surfaced MCP tools.
     """
-    swarm_agent_config = _prune_agent_config_for_swarm_tools(agent_config, tool_names)
+    swarm_agent_config, swarm_local_server_names = _prune_agent_config_for_swarm_tools(
+        agent_config,
+        tool_names,
+    )
     full = build_registry(
         agent_config=swarm_agent_config,
         include_shell_tools=include_shell_tools,
+        _mcp_server_tool_name_segments=swarm_local_server_names,
     )
     return _filter_registry(full, tool_names, include_shell_tools=include_shell_tools)
 
 
 def _prune_agent_config_for_swarm_tools(
     agent_config: "AgentConfig | None",
     tool_names: list[str],
-) -> "AgentConfig | None":
+) -> tuple["AgentConfig | None", dict[str, str] | None]:
     """Keep only MCP servers whose local tool prefix appears in ``tool_names``."""
     if not agent_config or not agent_config.mcp_servers:
-        return agent_config
+        return agent_config, None
 
     requested_mcp_tool_names = [name for name in tool_names if name.startswith("mcp_")]
     if not requested_mcp_tool_names:
-        return None
+        return None, None
 
     from src.config.schema import AgentConfig
     from src.tools.mcp import resolve_mcp_server_tool_name_segments
@@ -244,7 +256,11 @@ def _prune_agent_config_for_swarm_tools(
             for tool_name in requested_mcp_tool_names
         )
     }
-    return AgentConfig(mcp_servers=selected_servers)
+    selected_local_server_names = {
+        server_name: local_server_names[server_name]
+        for server_name in selected_servers
+    }
+    return AgentConfig(mcp_servers=selected_servers), selected_local_server_names
 
 
 def _filter_registry(

agent/tests/test_swarm_m2_registry_assembly.py

@@ -32,7 +32,7 @@
 
 from src.config.schema import AgentConfig
 from src.tools import build_swarm_registry
-from src.tools.mcp import MCPRemoteTool
+from src.tools.mcp import MCPRemoteTool, resolve_mcp_server_tool_name_segments
 
 
 def _make_agent_config(servers: dict[str, dict[str, Any]]) -> AgentConfig:
@@ -218,6 +218,35 @@ def fake_build_mcp_tool_wrappers(server_name, *_args, **_kwargs):
     assert [call.args[0] for call in build_wrappers.call_args_list] == ["kb"]
 
 
+def test_build_swarm_registry_preserves_collision_hash_prefix_after_pruning() -> None:
+    """Pruning keeps full-config MCP collision disambiguation stable."""
+    cfg = _make_agent_config(
+        {
+            "foo-bar": {"command": "uvx", "args": ["foo-bar-server"]},
+            "foo_bar": {"command": "uvx", "args": ["foo-bar-alt-server"]},
+            "expensive": {"command": "uvx", "args": ["expensive-server"]},
+        }
+    )
+    resolved_names = resolve_mcp_server_tool_name_segments(cfg.mcp_servers.keys())
+    requested_tool = f"mcp_{resolved_names['foo-bar']}_ping"
+
+    def fake_build_mcp_tool_wrappers(_server_name, *_args, **kwargs):
+        return _make_fake_wrappers(kwargs["local_server_name"], ["ping"])
+
+    with patch(
+        "src.tools.mcp.build_mcp_tool_wrappers",
+        side_effect=fake_build_mcp_tool_wrappers,
+    ) as build_wrappers:
+        registry = build_swarm_registry(
+            [requested_tool],
+            agent_config=cfg,
+        )
+
+    assert registry.tool_names == [requested_tool]
+    assert [call.args[0] for call in build_wrappers.call_args_list] == ["foo-bar"]
+    assert build_wrappers.call_args.kwargs["local_server_name"] == resolved_names["foo-bar"]
+
+
 def test_build_swarm_registry_skips_mcp_discovery_for_local_only_whitelist() -> None:
     """A local-only agent whitelist must not discover any configured MCP server."""
     cfg = _make_agent_config({"kb": {"command": "uvx", "args": ["kb-server"]}})

agent/tests/test_swarm_m4_e2e.py

@@ -413,7 +413,15 @@ def test_tool_call_events_carry_mcp_metadata_and_redact_sensitive_arguments(
                 },
             )
         ]],
-        call_outcomes=[_ok_call_result({"hit": "ok"})],
+        call_outcomes=[
+            _ok_call_result(
+                {
+                    "hit": "ok",
+                    "token": "result-token-should-not-appear",
+                    "nested": {"authorization": "Bearer result-secret"},
+                }
+            )
+        ],
     )
     remote_tools = build_mcp_tool_wrappers(
         "kb", _make_server_config(), client_factory=_make_factory(state)
@@ -427,6 +435,10 @@ def test_tool_call_events_carry_mcp_metadata_and_redact_sensitive_arguments(
                 "query": "AAPL",
                 "api_key": "should-not-appear-in-events",
                 "token": "also-secret",
+                "request": {
+                    "headers": {"Authorization": "Bearer nested-secret"},
+                    "payload": {"password": "nested-password"},
+                },
             },
         ),
         _final_response("done"),
@@ -473,11 +485,19 @@ def test_tool_call_events_carry_mcp_metadata_and_redact_sensitive_arguments(
     assert call_data["arguments"]["api_key"] == "[redacted]"
     assert call_data["arguments"]["token"] == "[redacted]"
     assert call_data["arguments"]["query"] == "AAPL"
+    assert "nested-secret" not in call_data["arguments"]["request"]
+    assert "nested-password" not in call_data["arguments"]["request"]
+    assert "result-token-should-not-appear" not in result_data["result_preview"]
+    assert "result-secret" not in result_data["result_preview"]
     # Defense-in-depth: the secret values must never appear anywhere in
     # the event payload (including via str-coerced views).
     serialized = json.dumps([e.data for e in events], ensure_ascii=False)
     assert "should-not-appear-in-events" not in serialized
     assert "also-secret" not in serialized
+    assert "nested-secret" not in serialized
+    assert "nested-password" not in serialized
+    assert "result-token-should-not-appear" not in serialized
+    assert "result-secret" not in serialized
 
 
 # --------------------------------------------------------------------------- #