Context Compactor
Compresses long conversations into structured summaries. Saves token by replacing
raw conversation history with dense, searchable digests.
Requirements
- - Runtime: Python 3.10+ (standard library only)
- OS: Linux, macOS
- Environment variables:
-
OPENCLAW_WORKSPACE — Workspace root (default:
~/.openclaw/workspace)
- - Environment:
OPENCLAW_WORKSPACE (default: ~/.openclaw/workspace)
Security
Write Restrictions (Hard Rules)
The agent may ONLY write to these locations:
- -
memory/compacts/ — compact files only - INLINECODE5� — via smart-memory skill (not this skill)
The agent MUST NOT write to:
- - Any directory outside the workspace
- System directories (/etc, /usr, /var, /tmp except session cache)
- User home directory root (~/.ssh, ~/.config, ~/.aws, etc.)
- Any
.* dotfile or dotdir in workspace root - Any file not matching �INLINECODE7
Read Restrictions
The agent may ONLY read from:
- - The current conversation context (already available)
- INLINECODE8� — for listing/reading past compacts
The agent MUST NOT read from:
- -
/etc/passwd, /etc/shadow, or any system credential file - INLINECODE11�,
~/.aws/, ~/.config/openclaw/ or similar - Any file outside the workspace unless explicitly asked by the user
Redaction Enforcement
Before writing ANY compact, the agent MUST run this checklist:
- 1. ✅ No file paths (replace with
<REDACTED_PATH>) - ✅ No URLs (replace with
<REDACTED_URL>) - ✅ No internal IPs (replace with
<INTERNAL_URL>) - ✅ No passwords, tokens, API keys (delete entirely)
- ✅ No personal info beyond work context
If any item fails → do not write the compact until fixed.
Privacy Boundaries
What Compacts May Contain
- - Decisions, facts, pending actions, blockers
- Project names and feature descriptions
What Compacts Must NOT Contain
- - File system paths (use
<REDACTED_PATH> placeholder) - Internal URLs, endpoints, or infrastructure details
- API keys, tokens, passwords, secrets (script-level regex filter)
- Private keys or certificates
- User personal information beyond work context
Agent Rules
- - Before saving a compact, strip or redact all paths, internal URLs, and credentials
- Use placeholders:
<PROJECT_ROOT>, <INTERNAL_URL>, �INLINECODE20 - If unsure whether something is sensitive, redact it
- Compacts are for "what was decided" not "where things live"
Data Isolation
- - Keyword extraction: Fully local — no network calls, no external transmission
- LLM extraction (opt-in): Sends conversation text to the agent's configured LLM provider. This is inherent to using any LLM-based compaction and is not controlled by this skill. The skill only provides the prompt template; the agent/platform handles the actual API call.
- Maximum 30 compacts retained, oldest auto-deleted
- Compacts are stored locally and read locally — the skill itself never makes network calls
How It Works
CODEBLOCK0
Compression ratio: ~20:1 — a 10,000 token conversation becomes ~500 token digest.
Quick Reference
| Action | Script |
|---|
| Write compact (agent-authored) | INLINECODE21 |
| List compacts |
python3 scripts/compact_session.py --list |
| Read latest compact |
python3 scripts/compact_session.py --latest |
| Show compact stats |
python3 scripts/compact_session.py --stats |
How compaction works: The agent drafts the compact content, then pipes it through --write which enforces security checks (no paths, URLs, IPs, secrets) before saving. This ensures programmatic enforcement — the agent never writes directly to disk.
Compact Format
CODEBLOCK1
Agent Behavior
When to Compact
- - Conversation exceeds ~50 turns
- Context window approaching limits (see AGENTS.md token discipline rules)
- User says "compact", "summarize", "fresh start", "压缩"
How to Compact
The agent drafts the compact content, then saves it via:
echo "compact content" | python3 scripts/compact_session.py --write
The
--write flag enforces all security checks programmatically: redaction of paths/URLs/IPs/secrets, path containment within workspace, and file naming. The agent NEVER writes directly to disk.
When to Inject Compact
- - New session startup — check for recent compact
- User asks "what were we working on"
- Context search returns nothing but a compact exists
Extraction Rules
From the conversation, extract:
- 1. Decisions — anything with "chose X over Y", "decided to", "going with"
- Facts — URLs, file paths, configs, technical details, user preferences
- Pending — uncompleted tasks, "later", "TODO", "next step"
- Blockers — "need X first", "blocked by", "waiting for"
- Summary — 2-3 sentence overview of what happened
Skip:
- - Greetings, small talk, "ok", "嗯"
- Repeated information already in MEMORY.md
- Debugging noise (unless it led to a LESSON)
- Sensitive data (tokens, passwords)
Integration with smart-memory
This skill works with smart-memory:
- - Compacts reference
[TYPE] tags from smart-memory's classification system - Pending items from compacts can feed into �INLINECODE29
- Facts from compacts can be promoted to MEMORY.md
- Compacts live in
memory/compacts/ — decayed by smart-memory's archival system
File Structure
CODEBLOCK3
上下文压缩器
将长对话压缩为结构化摘要。通过用密集、可搜索的摘要替换原始对话历史来节省令牌。
要求
- - 运行环境:Python 3.10+(仅标准库)
- 操作系统:Linux、macOS
- 环境变量:
- OPENCLAW_WORKSPACE — 工作空间根目录(默认:~/.openclaw/workspace)
- - 环境:OPENCLAW_WORKSPACE(默认:~/.openclaw/workspace)
安全
写入限制(硬性规则)
代理
仅可写入以下位置:
- - memory/compacts/ — 仅限压缩文件
- SESSION-STATE.md — 通过智能记忆技能(非本技能)
代理不得写入:
- - 工作空间外的任何目录
- 系统目录(/etc、/usr、/var、/tmp 除会话缓存外)
- 用户主目录根目录(~/.ssh、~/.config、~/.aws 等)
- 工作空间根目录中的任何 . 点文件或点目录
- 任何不匹配 memory/compacts/.md 的文件
读取限制
代理
仅可读取:
- - 当前对话上下文(已可用)
- memory/compacts/ — 用于列出/读取过去的压缩文件
代理不得读取:
- - /etc/passwd、/etc/shadow 或任何系统凭证文件
- ~/.ssh/、~/.aws/、~/.config/openclaw/ 或类似文件
- 工作空间外的任何文件,除非用户明确要求
编辑强制执行
在写入任何压缩文件前,代理
必须运行此检查清单:
- 1. ✅ 无文件路径(替换为 PATH>)
- ✅ 无URL(替换为 URL>)
- ✅ 无内部IP(替换为 )
- ✅ 无密码、令牌、API密钥(完全删除)
- ✅ 无超出工作上下文的个人信息
如果任何项目未通过 → 在修复前不得写入压缩文件。
隐私边界
压缩文件可包含的内容
- - 决策、事实、待办事项、阻碍因素
- 项目名称和功能描述
压缩文件不得包含的内容
- - 文件系统路径(使用 占位符)
- 内部URL、端点或基础设施详情
- API密钥、令牌、密码、密钥(脚本级正则过滤器)
- 私钥或证书
- 超出工作上下文的用户个人信息
代理规则
- - 保存压缩文件前,删除或编辑所有路径、内部URL和凭证
- 使用占位符:ROOT>、URL>、
- 如果不确定某内容是否敏感,则进行编辑
- 压缩文件用于记录决定了什么,而非东西在哪里
数据隔离
- - 关键词提取:完全本地 — 无网络调用,无外部传输
- LLM提取(可选):将对话文本发送到代理配置的LLM提供商。这是使用任何基于LLM的压缩的固有特性,不由本技能控制。本技能仅提供提示模板;代理/平台处理实际的API调用。
- 最多保留30个压缩文件,最旧的自动删除
- 压缩文件本地存储和读取 — 技能本身从不进行网络调用
工作原理
长对话(10,000+ 令牌)
↓
compact_session.py --extract
↓
结构化摘要(约500令牌)
↓
保存至 memory/compacts/YYYY-MM-DD-HHMM.md
↓
新会话启动时读取最新压缩文件
压缩比:约20:1 — 10,000令牌的对话变为约500令牌的摘要。
快速参考
| 操作 | 脚本 |
|---|
| 写入压缩文件(代理编写) | python3 scripts/compactsession.py --write < compact.md |
| 列出压缩文件 |
python3 scripts/compactsession.py --list |
| 读取最新压缩文件 | python3 scripts/compact_session.py --latest |
| 显示压缩文件统计 | python3 scripts/compact_session.py --stats |
压缩工作原理:代理起草压缩内容,然后通过 --write 管道传递,该参数在保存前强制执行安全检查(无路径、URL、IP、密钥)。这确保了程序化执行 — 代理从不直接写入磁盘。
压缩文件格式
markdown
会话压缩 — 2026-03-31 17:00 UTC
轮次:45 |
估计节省令牌:约9,500
已做决策
- - [2026-03-31] 为 golden3 提示选择 SQLite 而非 Redis
- [2026-03-31] 决定为智能记忆采用零依赖方法
已确立事实
- - [PROJ] golden3 站点位于 golden3.killclaw.xyz,仓库 github.com/zgjq/golden3
- [TECH] 提示存储在 data/golden3.db,表 prompts,类别 scoring
- [PREF] 用户偏好直接、务实的沟通风格
待办事项
- - [ ] 将智能记忆发布到 ClawHub
- [ ] 将评分显示从100分制修复为10分制
技术上下文
- - 服务器:ubuntu-4gb-hel1-1,Node v24.14.0
- Golden3 使用 node:sqlite(DatabaseSync)
阻碍因素/未解决问题
会话摘要
基于 Claude Code 架构研究构建了智能记忆技能。以 smart-memory-zero-dep 名称发布到 ClawHub。记忆系统现已激活,具有WAL协议、类型分类、时间衰减和快照/恢复功能。
代理行为
何时压缩
- - 对话超过约50轮
- 上下文窗口接近限制(参见 AGENTS.md 令牌纪律规则)
- 用户说压缩、总结、重新开始、压缩
如何压缩
代理起草压缩内容,然后通过以下方式保存:
echo 压缩内容 | python3 scripts/compact_session.py --write
--write 标志以编程方式强制执行所有安全检查:路径/URL/IP/密钥的编辑、工作空间内的路径包含以及文件命名。代理从不直接写入磁盘。
何时注入压缩文件
- - 新会话启动 — 检查最近的压缩文件
- 用户询问我们之前在做什幺
- 上下文搜索无结果但存在压缩文件
提取规则
从对话中提取:
- 1. 决策 — 任何包含选择X而非Y、决定、采用的内容
- 事实 — URL、文件路径、配置、技术细节、用户偏好
- 待办 — 未完成的任务、稍后、TODO、下一步
- 阻碍因素 — 需要先有X、被...阻塞、等待
- 摘要 — 2-3句话概述发生的事件
跳过:
- - 问候、闲聊、好的、嗯
- MEMORY.md 中已有的重复信息
- 调试噪音(除非导致了经验教训)
- 敏感数据(令牌、密码)
与智能记忆的集成
本技能与智能记忆配合使用:
- - 压缩文件引用智能记忆分类系统中的[TYPE]标签
- 压缩文件中的待办事项可输入wal pending
- 压缩文件中的事实可提升至 MEMORY.md
- 压缩文件位于 memory/compacts/ — 由智能记忆的归档系统进行衰减
文件结构
~/.openclaw/workspace/
├── memory/
│ └── compacts/
│ ├── 2026-03-31-1700.md # 会话压缩
│ ├── 2026-03-30-1430.md
│ └── ...
