temporal-spring-ai: drop user prompt from chat activity Summary

The Summary now carries only the model label ("chat: <model>") instead
of "chat: <model> · <first 60 chars of user prompt>". Including even a
truncated prompt leaks whatever the prompt contains — PII, secrets,
internal identifiers — into workflow history, server logs, and the
Temporal UI, which is a surprising default for an observability label.

An opt-in API for callers who explicitly want the prompt in the
Summary can be added later if there's demand.

ActivitySummaryTest.chatActivity_carriesModelOnlySummary_neverLeaksUserPrompt
asserts the Summary equals "chat: default" exactly and defensively
checks that no part of the prompt leaked in.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: donald-pinckney

temporal-spring-ai/src/main/java/io/temporal/springai/model/ActivityChatModel.java

@@ -236,29 +236,19 @@ private ChatModelActivity stubForCall(Prompt prompt) {
       return chatModelActivity;
     }
     ActivityOptions withSummary =
-        ActivityOptions.newBuilder(baseOptions).setSummary(buildSummary(prompt)).build();
+        ActivityOptions.newBuilder(baseOptions).setSummary(buildSummary()).build();
     return Workflow.newActivityStub(ChatModelActivity.class, withSummary);
   }
 
-  private String buildSummary(Prompt prompt) {
+  /**
+   * Builds the activity Summary. Intentionally omits the user prompt — including even a truncated
+   * slice would leak whatever the prompt contains (PII, secrets, internal identifiers) into
+   * workflow history, server logs, and the Temporal UI, which is a surprising default for a plain
+   * observability label.
+   */
+  private String buildSummary() {
     String label = modelName != null ? modelName : "default";
-    String userText = lastUserText(prompt);
-    if (userText == null || userText.isEmpty()) {
-      return "chat: " + label;
-    }
-    String truncated = userText.length() > 60 ? userText.substring(0, 60) + "…" : userText;
-    return "chat: " + label + " · " + truncated.replace('\n', ' ');
-  }
-
-  private String lastUserText(Prompt prompt) {
-    List<Message> instructions = prompt.getInstructions();
-    for (int i = instructions.size() - 1; i >= 0; i--) {
-      Message m = instructions.get(i);
-      if (m.getMessageType() == MessageType.USER) {
-        return m.getText();
-      }
-    }
-    return null;
+    return "chat: " + label;
   }
 
   private ChatModelTypes.ChatModelActivityInput createActivityInput(Prompt prompt) {

temporal-spring-ai/src/test/java/io/temporal/springai/ActivitySummaryTest.java

@@ -1,5 +1,6 @@
 package io.temporal.springai;
 
+import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
@@ -49,7 +50,7 @@ void tearDown() {
   }
 
   @Test
-  void chatActivity_carriesSummaryWithModelAndUserPrompt() {
+  void chatActivity_carriesModelOnlySummary_neverLeaksUserPrompt() {
     Worker worker = testEnv.newWorker(TASK_QUEUE);
     worker.registerWorkflowImplementationTypes(ChatWorkflowImpl.class);
     worker.registerActivitiesImplementations(
@@ -60,19 +61,23 @@ void chatActivity_carriesSummaryWithModelAndUserPrompt() {
         client.newWorkflowStub(
             SummaryTestWorkflow.class,
             WorkflowOptions.newBuilder().setTaskQueue(TASK_QUEUE).build());
-    workflow.chat("What is the capital of France?");
+    String prompt = "What is the capital of France?";
+    workflow.chat(prompt);
 
     String workflowId = WorkflowStub.fromTyped(workflow).getExecution().getWorkflowId();
     List<HistoryEvent> events = client.fetchHistory(workflowId).getHistory().getEventsList();
 
     String summary = findChatActivitySummary(events);
     assertNotNull(summary, "ActivityTaskScheduled event for callChatModel should have a Summary");
+    assertEquals(
+        "chat: default",
+        summary,
+        "Summary must be just the model label — user prompts can contain PII and must not"
+            + " appear in history/logs/UI by default.");
+    // Defense in depth: explicitly confirm no part of the prompt leaked into the summary.
     assertTrue(
-        summary.startsWith("chat: default"),
-        "Summary should start with 'chat: default' but was: " + summary);
-    assertTrue(
-        summary.contains("What is the capital of France?"),
-        "Summary should contain the user prompt but was: " + summary);
+        !summary.contains(prompt) && !summary.contains("France"),
+        "Summary must not include user prompt content, got: " + summary);
   }
 
   private static String findChatActivitySummary(List<HistoryEvent> events) {