add agent prompt history sqlite table

[evelyn-with-warp]

Description

Created agent_prompt table, to track submitted prompt, with write cap as 2k (for read/fuzzy match latency concern), and apply NLD history match on both agent_prompt & cmd history, whichever match comes later.

Did not reuse ai_queries table, as it didn't have a write cap for its purpose and subjective to session restoration setting.

Linked Issue

• The linked issue is labeled ready-to-spec or ready-to-implement.
• Where appropriate, screenshots or a short video of the implementation are included below (especially for user-visible or UI changes).

Testing

• I have manually tested my changes locally with ./script/run

Screenshots / Videos

https://www.loom.com/share/38649a38140d4ef18aac09216d87a575

We tested two queries, after deleting current sqlite DB tables and zsh history

• hello: it failed by command not found, so it will not write to command history, so it always lands on the whitelist of AI mode
• make a pr: it firstly lands on inputclassifier, and if we manually toggle it to be shell, it will run an invalid make command. It will be written to command history as it doesn't return command not found. The next time running it, it will be lock to shell by history match. If we manual toggle (or /agent) again, the next run will lock to AI by history match too.

Agent Mode

• Warp Agent Mode - This PR was created via Warp's AI Agent Mode

[oz-for-oss]

@evelyn-with-warp

I'm starting a first review of this pull request.

You can view the conversation on Warp.

I completed the review and no human review was requested for this pull request.

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

[oz-for-oss]

Overview

This PR adds a SQLite-backed agent prompt history store, loads it into an in-memory prompt-history model, captures submitted agent prompts, and uses those prompts for NLD history matching behind the new nld_prompt_history_match feature. No approved spec context was available for implementation-vs-spec validation.

Concerns

• The new prompt-history persistence path stores full agent prompt text even when session restoration is disabled, putting sensitive prompt contents outside the existing AI-history retention control.

Security

• Agent prompts can contain secrets, source snippets, credentials, or other sensitive user text. Persisting them independently of the session-restoration setting creates a local retention path users may reasonably expect to be disabled.

Verdict

Found: 0 critical, 1 important, 0 suggestions

Request changes

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

[oz-for-oss]

⚠️ [IMPORTANT] [SECURITY] This writes the full prompt to SQLite even when restore_session_enabled is false, so users who disabled session restoration still retain agent prompts locally. Gate InsertAgentPrompt on the same retention/privacy setting or add an explicit prompt-history opt-in before persisting.

[evelyn-with-warp]

Any process to resolve data compliance called out by Oz?
nld history may not suit for only storing agent prompt with restore_session , but we might gate it with if is nld on?