From 084f6210255da3ad3f2129ccfcfc84a094e10094 Mon Sep 17 00:00:00 2001
From: Aether AI Agent <github@tryaether.ai>
Date: Wed, 18 Feb 2026 15:27:57 +1100
Subject: [PATCH] =?UTF-8?q?fix(security):=20OC-65=20prevent=20compaction?=
 =?UTF-8?q?=20counter=20reset=20to=20enforce=20context=20exhaustion=20limi?=
 =?UTF-8?q?t=20=E2=80=94=20Aether=20AI=20Agent?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Remove the `overflowCompactionAttempts = 0` reset inside the inner loop's
tool-result-truncation branch. The counter was being zeroed on each truncation
cycle, allowing prompt-injection attacks to bypass the MAX_OVERFLOW_COMPACTION_ATTEMPTS
guard and trigger unbounded auto-compaction, exhausting context window resources (DoS).

CWE-400 / GHSA-x2g4-7mj7-2hhj
---
 src/agents/pi-embedded-runner/run.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/agents/pi-embedded-runner/run.ts b/src/agents/pi-embedded-runner/run.ts
index af4fa2886f3..81f26a47902 100644
--- a/src/agents/pi-embedded-runner/run.ts
+++ b/src/agents/pi-embedded-runner/run.ts
@@ -714,8 +714,8 @@ export async function runEmbeddedPiAgent(
                   log.info(
                     `[context-overflow-recovery] Truncated ${truncResult.truncatedCount} tool result(s); retrying prompt`,
                   );
-                  // Session is now smaller; allow compaction retries again.
-                  overflowCompactionAttempts = 0;
+                  // Do NOT reset overflowCompactionAttempts here — the global cap must remain
+                  // enforced across all iterations to prevent unbounded compaction cycles (OC-65).
                   continue;
                 }
                 log.warn(