docs: add previousAssistantMessages handoff mode to PCI docs#1026
Merged
docs: add previousAssistantMessages handoff mode to PCI docs#1026
Conversation
Add a new "Securing Handoffs with Sensitive Data" section to the PCI compliance documentation explaining the security concern with forwarding full conversation context (including sensitive tool call data) during assistant handoffs, the server-side fix Vapi deployed, and the customer-side steps to configure contextEngineeringPlan appropriately. Also document the previousAssistantMessages context engineering plan type in the handoff tool documentation, which was the only type not yet covered there. Update the existing Payment Collection Squad example to use previousAssistantMessages instead of none for a more practical default. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove incident-response framing ("What happened", "What we've fixed",
"What you need to do") from PCI.mdx and present previousAssistantMessages
as a standard feature for controlling handoff context in sensitive flows.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
|
🌿 Preview your docs: https://vapi-preview-b0b22a10-1a0f-4d2d-9052-4719dc461aae.docs.buildwithfern.com |
Contributor
|
🌿 Preview your docs: https://vapi-preview-2340ee5c-2424-45fc-9cfb-0411c1e6b322.docs.buildwithfern.com |
stevenbdf
requested changes
Apr 22, 2026
cellog
approved these changes
Apr 22, 2026
…type The table previously described userAndAssistantMessages as a "good alternative" for PCI flows. This is incorrect — if a user speaks sensitive data (e.g., card numbers) aloud, those appear in user messages and would be forwarded to the next assistant. Updated the table to mark it as not recommended for PCI flows, reordered rows to list safe options first, and renamed the column header from "When to use" to "PCI Recommendation" for clarity. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
|
🌿 Preview your docs: https://vapi-preview-82021a8c-aa68-4282-83ca-a1c234c3cc5d.docs.buildwithfern.com |
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
|
🌿 Preview your docs: https://vapi-preview-0a79426d-92b7-471c-83f1-82c472e38ac0.docs.buildwithfern.com |
stevenbdf
approved these changes
Apr 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
userAndAssistantMessagescontext type in the handoff context configuration tablepreviousAssistantMessages,none) firstTest plan
fern/security-and-privacy/PCI.mdxrenders correctlypreviousAssistantMessagesis labeled as Recommendednoneis labeled as SafeuserAndAssistantMessagesis labeled as Not recommended for PCI flows with explanationLinear: VAPICS-866
Generated with Claude Code