available commands / skills leak into agent_message_chunk after available_commands_update

[wyx1818]

Summary

claude-agent-acp sends available_commands_update correctly, but then appears to stream the same commands/skills catalog as user-visible agent_message_chunk content.

This causes ACP clients to display internal command/skill descriptions as assistant chat output.

Environment

• Package: @agentclientprotocol/claude-agent-acp
• Version: 0.46.0
• ACP SDK: @agentclientprotocol/sdk@0.23.0
• OS: Linux
• Node: v24.15.0

Reproduction

Run a minimal ACP client against claude-agent-acp, create a session, then prompt with a simple greeting:

const result = await conn.prompt({
  sessionId: session.sessionId,
  prompt: [{ type: "text", text: "你好呀" }],
});

The client logs every session/update tag.

Actual Behavior

First, the agent sends a correct control-plane update:

sessionUpdate: available_commands_update
availableCommands: [...]

But after that, it streams command/skill catalog text as assistant message chunks:

sessionUpdate: agent_message_chunk
content: "- pr"

sessionUpdate: agent_message_chunk
content: "git"

sessionUpdate: agent_message_chunk
content: "Use when the user asks..."

In my run, it continued streaming internal skill/command descriptions such as git helpers, trace/debug helpers, workspace switching, task/todo skills, and internal instructions.

Expected Behavior

Command/skill catalog data should only be sent as available_commands_update or another non-transcript/control-plane update.

agent_message_chunk should contain only user-visible assistant response text.

Impact

Clients that correctly append agent_message_chunk into the chat transcript show internal command/skill catalog content to users.

Notes

This does not look like a client-side mapping issue. The raw ACP update tag received by the client is already agent_message_chunk.

session: a302aa79-f3b1-4f77-9c0b-d9299e5bf3fd

=== available_commands_update ===
commands: [
  'lark-approval',
  'lark-apps',
  'lark-attendance',
  'lark-base',
  'lark-calendar',
  'lark-contact',
  'lark-doc',
  'lark-drive',
  'lark-event',
  'lark-im'
]
total: 49
[usage_update] {"size":200000,"used":0,"sessionUpdate":"usage_update"}
[agent_message_chunk] ""
[agent_message_chunk] ":"
[agent_message_chunk] " Security"
[agent_message_chunk] "-focused"
[agent_message_chunk] " code"
[agent_message_chunk] " review"
[agent_message_chunk] " —"
[agent_message_chunk] " find"
[agent_message_chunk] " known"
[agent_message_chunk] " vulnerability"
[agent_message_chunk] " classes"
[agent_message_chunk] " ("
[agent_message_chunk] "OW"
[agent_message_chunk] "ASP"
[agent_message_chunk] " Top"
[agent_message_chunk] " "
[agent_message_chunk] "10"
[agent_message_chunk] ","
[agent_message_chunk] " injection"
[agent_message_chunk] ","
[agent_message_chunk] " auth"
[agent_message_chunk] ","
[agent_message_chunk] " crypto"
[agent_message_chunk] ","
[agent_message_chunk] " exposure"

[benbrandt]

What model/provider are you using? I am not able to reproduce, so I want to check

[wyx1818]

What model/provider are you using? I am not able to reproduce, so I want to check

deepseek-v4-pro