feat(core): Guard Instance AI prompts against asking for plaintext secrets

[aalises]

Summary

Tightens Instance AI prompts so the orchestrator, every sub-agent, the builder, and the browser-credential-setup agent instruct themselves not to ask the user to paste plaintext secrets into chat or ask-user answers. Secret entry is routed through credential setup, browser handoff, or existing credential selection instead.

• SECRET_ASK_GUARDRAIL constant extracted so the main agent prompt (system-prompt.ts) and sub-agent protocol (sub-agent-factory.ts) stay in sync.
• Browser-credential-setup prompt lifted into its own module (browser-credential-setup.prompt.ts) so its wording is testable, and its "copy values into chat" phrasing replaced with "enter values privately in the n8n credential form".
• build-workflow-agent.prompt.ts drops "API key" from its ask-user examples so the builder doesn't frame secrets as acceptable ask-user answers.
• ask-user tool description now explicitly says never to ask for passwords, API keys, tokens, cookies, connection strings, or private keys.
• Tests assert the guardrail wording is present in the orchestrator prompt, the builder prompt, and the browser-credential-setup prompt.

Prompt-only change — no runtime redaction, blocking, or FE preflight. Those may follow in a separate PR.

Related Linear tickets, Github issues, and Community forum posts

Review / Merge checklist

• I have seen this code, I have run this code, and I take responsibility for this code.
• PR title and summary are descriptive.
• Docs updated or follow-up ticket created.
• Tests included.
• PR Labeled with `Backport to Beta`, `Backport to Stable`, or `Backport to v1` (if the PR is an urgent fix that needs to be backported)

[cubic-dev-ai]

2 issues found across 35 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="packages/cli/src/modules/instance-ai/eval/request-sanitizer.ts">

<violation number="1" location="packages/cli/src/modules/instance-ai/eval/request-sanitizer.ts:62">
P2: Delegating `isSecretKey()` to `isSensitiveInputKey()` drops `ssn` key matching, so fields like `ssn` are no longer redacted in eval request sanitization.</violation>
</file>

<file name="packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts">

<violation number="1" location="packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:367">
P1: Redaction is now executed with unbounded recursion on arbitrary trace values, which can crash on cyclic inputs before depth-limited sanitization runs.</violation>
</file>

Architecture diagram

sequenceDiagram
    participant User as User (Browser)
    participant UI as Instance AI UI
    participant API as AI Controller (CLI)
    participant Redact as Redaction Engine
    participant Agent as Instance AI Agent
    participant Storage as Persistence (TypeORM)
    participant Tracing as LangSmith Tracing

    Note over User,Tracing: Message Submission Flow

    User->>UI: Enter chat message / confirmation text
    UI->>Redact: NEW: scanConversationTextForPreflight()
    alt NEW: Secret shape detected in UI
        UI-->>User: Show SensitiveInputWarning (Block Request)
        UI->>UI: Track "Sensitive input blocked" Telemetry
    else No secrets detected (Preflight)
        UI->>API: POST /chat or /confirm
        
        API->>Redact: CHANGED: assertNoSensitiveConversationInput()
        alt NEW: Server-side validation fails
            Redact-->>API: matches found
            API-->>UI: 422 SensitiveInputBlockedError
            UI-->>User: Show Blocked Message
        else Validation Success
            API->>Agent: Process message
            
            Note over Agent,Redact: Agent Execution Guardrails
            
            Agent->>Agent: CHANGED: Check system prompt (SECRET_ASK_GUARDRAIL)
            opt NEW: ask-user tool called
                Agent->>Redact: validateAskUserInput()
                alt Question attempts to elicit secrets
                    Redact-->>Agent: Throw Error
                end
            end

            Agent->>Storage: NEW: Save tool-call / resource data
            Storage->>Redact: CHANGED: scanAndRedactSensitiveInput()
            Redact-->>Storage: return <redacted> values
            Storage->>Storage: Persist sanitized JSON to DB
            
            Agent->>Tracing: Log Execution
            Tracing->>Redact: NEW: sanitizeTracePayload()
            Redact-->>Tracing: Redacted trace data
            Tracing->>LangSmith: POST Trace (Sanitized)
            
            Agent-->>API: Agent Response
            API-->>UI: Return message (Streaming/Final)
            UI-->>User: Display Response
        end
    end

    Note over Storage,Redact: Background/Event Persistence
    API->>Storage: publishEvent(threadId, event)
    Storage->>Redact: NEW: Redact non-streaming events
    Redact-->>Storage: Redacted payload
    Storage->>Storage: Save to StoredEvent table

Loading

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.}

[cubic-dev-ai]

P1: Redaction is now executed with unbounded recursion on arbitrary trace values, which can crash on cyclic inputs before depth-limited sanitization runs.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts, line 367:

<comment>Redaction is now executed with unbounded recursion on arbitrary trace values, which can crash on cyclic inputs before depth-limited sanitization runs.</comment>

<file context>
@@ -362,20 +363,26 @@ function sanitizeTraceValue(value: unknown, depth = 0): unknown {
 }
 
+function sanitizeTraceValue(value: unknown, depth = 0): unknown {
+	return sanitizeTraceStructureValue(scanAndRedactSensitiveInput(value).sanitizedValue, depth);
+}
+
</file context>

[cubic-dev-ai]

P2: Delegating isSecretKey() to isSensitiveInputKey() drops ssn key matching, so fields like ssn are no longer redacted in eval request sanitization.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At packages/cli/src/modules/instance-ai/eval/request-sanitizer.ts, line 62:

<comment>Delegating `isSecretKey()` to `isSensitiveInputKey()` drops `ssn` key matching, so fields like `ssn` are no longer redacted in eval request sanitization.</comment>

<file context>
@@ -96,8 +59,5 @@ export function truncateForLlm(serialized: string, maxLength = MAX_BODY_LENGTH):
-	if (SAFE_KEY_PATTERN.test(key)) return false;
-	if (SECRET_KEY_PATTERN.test(key)) return true;
-	return false;
+	return isSensitiveInputKey(key);
 }
</file context>

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[github-actions]

Instance AI Workflow Eval Results

8/8 built | 5 run(s) | pass@5: 70% | pass^5: 28%

Workflow	Build	pass@5	pass^5
Create a workflow that handles contact form submissions via a webhook.	5/5	60%	60%
Get all the Linear issues created in the last 2 weeks. Filter them for	5/5	80%	8%
Every day, get the posts made in the past day on 3 different Slack cha	5/5	60%	40%
Create a form that collects: name, email, company, and interest level	5/5	100%	100%
Every day, fetch all open GitHub issues from repository 'acme-corp/bac	5/5	50%	0%
Create a workflow that receives webhook notifications with a JSON body	5/5	100%	1%
Fetch the latest posts from the JSONPlaceholder API (GET https://jsonp	5/5	66%	11%
Every hour, check the current weather for London, New York, and Tokyo	5/5	50%	0%

Failure details

Create a workflow that handles contact form submissions via a webhook. / partial-action-failure — 0/5 passed

Run [builder_issue]: The workflow crashed when the Telegram node received a 400 'Bad Request: chat not found' error. Because all three parallel actions (Send Auto-Reply Email, Send Telegram Notification, Log to Google She
Run [builder_issue]: The workflow crashed due to the Telegram node error ('Bad request - please check your parameters'), and the Log to Google Sheets node never executed. The three parallel branches (Auto-Reply Email, Tel
Run [builder_issue]: The workflow crashed entirely when the Telegram node failed. The connections show that Normalize Fields fans out to three parallel nodes (Send Auto-Reply Email, Notify Team via Telegram, Log to Google
Run [builder_issue]: The workflow crashed entirely when the Telegram node returned a 400 error ('Bad Request: chat not found'). Because all three action nodes (Send Auto-Reply Email, Send Telegram Notification, Log to Goo
Run [builder_issue]: The workflow crashed entirely when the Telegram node returned a 400 error ('Bad Request: chat not found'). The three parallel actions (Auto-reply Email, Telegram Team Notification, Log to Google Sheet

Create a workflow that handles contact form submissions via a webhook. / invalid-email — 0/5 passed

Run [builder_issue]: The workflow crashed entirely when the Gmail node encountered the invalid email address 'not-an-email'. The error 'Invalid email address (item 0)' caused the entire workflow execution to fail, prevent
Run [builder_issue]: The workflow crashed at the Auto-Reply Email node with 'Invalid email address (item 0)' because the Gmail node attempted to send to 'not-an-email' without any prior validation or error handling. Since
Run [builder_issue]: The workflow crashed entirely when 'Send Auto-Reply Email' threw 'Invalid email address (item 0)' because 'not-an-email' is not a valid email. The error was unhandled and propagated as a workflow-leve
Run [builder_issue]: The workflow crashed at 'Send Auto-Reply Email' with the error 'Invalid email address (item 0)'. This caused the entire workflow execution to fail, meaning 'Send Telegram Notification' and 'Log to Goo
Run [builder_issue]: The workflow crashed at the Auto-reply Email node with 'Invalid email address (item 0)' because the Gmail node validates the recipient address before making an HTTP request, and 'not-an-email' fails t

Get all the Linear issues created in the last 2 weeks. Filter them for / happy-path — 1/5 passed

Run [mock_issue]: The workflow did not execute without errors — it stopped after the Extract Issues node, which produced no output. The Build GraphQL Query node generated a date filter of '2026-04-08T12:23:27.176Z' (tw
Run [mock_issue]: The workflow executed without errors and the cross-team filtering, counting, sorting, and Slack posting all worked correctly. However, the checklist requires that only issues from the last 2 weeks are
Run [builder_issue]: The workflow executed without errors and posted to Slack, but the cross-team filtering produced zero results instead of the expected 4 cross-team issues. The root cause is in the Filter Cross-Team Iss
Run [builder_issue]: The workflow crashed at the 'Format Slack Message' node with 'Invalid or unexpected token'. The error is caused by a syntax issue in the JavaScript string literal inside the jsCode. Specifically, the

Get all the Linear issues created in the last 2 weeks. Filter them for / multi-team-creator — 0/5 passed

Run [mock_issue]: The workflow execution stopped at the Extract Issues node, which produced no output (empty result). The reason is that all 4 issues in the mock response have createdAt dates in January 2024 (e.g., '20
Run [builder_issue]: The scenario requires that Alice belongs to teams ['Frontend', 'AI'], meaning her AI issue (LIN-103, team 'AI') should NOT be cross-team. However, the mock returned LIN-103 as a Frontend issue (teamNa
Run [builder_issue]: The Filter Cross-Team Issues node uses a single-team mapping where Alice is mapped to only 'Frontend' ('alice@company.com': 'Frontend'). The scenario requires Alice to be mapped to multiple teams ['
Run [builder_issue]: The Filter Cross-Team Issues code node produced {isEmpty: true} instead of identifying Alice's 2 Backend issues and Bob's Frontend issue as cross-team. The root cause is a builder issue: the filter co
Run [builder_issue]: The workflow failed with 'Invalid or unexpected token' in the Format Slack Message node. The root cause is in the jsCode of Format Slack Message: the string literal `'*Cross-Team Issues Report - Last

Get all the Linear issues created in the last 2 weeks. Filter them for / no-cross-team-issues — 4/5 passed

Run [builder_issue]: The workflow does not complete without errors or gracefully handle the empty result. The Extract Issues node filtered out all 4 issues because their createdAt dates (2024-01-11 through 2024-01-14) are

Get all the Linear issues created in the last 2 weeks. Filter them for / unknown-creator — 3/5 passed

Run [mock_issue]: The workflow did not complete execution. The Extract Issues node filtered out ALL 4 issues because the mock response contains issues with createdAt dates in January 2024, which are far older than 2 we
Run [builder_issue]: The workflow crashed at the Format Slack Message node with 'Invalid or unexpected token'. The node's jsCode contains a multi-line template string written using single quotes with embedded newlines (e.

Get all the Linear issues created in the last 2 weeks. Filter them for / api-error — 1/5 passed

Run [builder_issue]: The workflow does not handle the API authentication error gracefully. When the Linear API returned an error response ({errors: [...], data: null}), the HTTP request node (Fetch Linear Issues) did no
Run [builder_issue]: The workflow does not handle the API authentication error gracefully. When the Linear API returns an error response with {errors: [...], data: null}, the HTTP request node still returns a 200-level
Run [builder_issue]: The workflow has no error handling configured. When the Fetch Linear Issues node received an authentication error response, the workflow crashed with 'Authentication required: invalid or expired API k
Run [builder_issue]: The workflow does not handle the API error gracefully. When the Linear API returns an authentication error (HTTP 401/auth failure), the 'Fetch Linear Issues' node throws 'Authorization failed - please

Every day, get the posts made in the past day on 3 different Slack cha / high-volume — 2/5 passed

Run: Error: The operation was aborted due to timeout
Run: Error: The operation was aborted due to timeout
Run: Error: The operation was aborted due to timeout

Every day, get the posts made in the past day on 3 different Slack cha / channel-not-found — 0/5 passed

Run [builder_issue]: The workflow crashed entirely when 'Get #product Messages' received a 404/channel_not_found error. There is no error handling in the workflow — no try/catch node, no IF node to check for errors, no Co
Run [builder_issue]: The workflow does not handle the channel_not_found error gracefully. When 'Get #product Messages' receives a channel_not_found error response, n8n throws an exception ('Slack error response: channel_n
Run [builder_issue]: The workflow does not handle the channel_not_found error gracefully. When 'Get #product Messages' receives a channel_not_found error response from Slack, n8n throws an uncaught exception ('Slack error
Run [builder_issue]: The workflow crashes entirely when 'Get #product Messages' returns a channel_not_found error. The workflow has no error handling (e.g., no 'Continue on Error' setting on the Slack node, no try/catch,
Run [builder_issue]: The workflow crashed entirely when Fetch #product returned a channel_not_found error. The error propagated as an unhandled exception ('Slack error response: channel_not_found'), causing the entire wor

Every day, get the posts made in the past day on 3 different Slack cha / insufficient-permissions — 0/5 passed

Run [builder_issue]: The workflow crashed when 'Get #product Messages' returned a 403 error (the mock correctly simulated a 'not_in_channel' permission error). The workflow has no error handling — no try/catch, no error b
Run [builder_issue]: The workflow crashed when 'Get #product Messages' returned a 'not_in_channel' error. There is no error handling (e.g., a try/catch, continueOnFail setting, or error branch) built into the workflow. Th
Run [builder_issue]: The workflow crashed when 'Get #product Messages' returned a 403 error. The workflow has no error handling (no try/catch, no 'Continue on Error' setting on the Slack node, no error branch). As a resul
Run [builder_issue]: The workflow crashes when 'Get #product Messages' returns a 'not_in_channel' error. The error propagates and halts the entire workflow — 'Merge Channels', 'Merge & Format Messages', 'Post to #daily-di
Run [builder_issue]: The workflow crashed entirely when 'Fetch #product' returned a 'not_in_channel' error. Because the three Fetch nodes all connect directly to a single 'Merge All Messages' node with no error handling (

Every day, fetch all open GitHub issues from repository 'acme-corp/bac / happy-path — 0/5 passed

Run [builder_issue]: The workflow failed to execute. The 'Split Issues' node has a misconfigured 'fieldToSplitOut' parameter — it is set to an empty string, but this field is required. Because of this, the execution faile
Run [builder_issue]: The workflow did not execute without errors, and the Create Notion Page node never ran. The Fetch GitHub Bug Issues node returned the response as a Buffer (raw byte array) instead of parsed JSON objec
Run [builder_issue]: The workflow failed to execute. The 'Split Issues' node has an empty 'fieldToSplitOut' parameter, which is a required field. This caused the execution to fail with 'The workflow has issues and cannot
Run [builder_issue]: The workflow failed to execute due to a builder misconfiguration. The 'Split Issues' node (n8n-nodes-base.splitOut) has its 'fieldToSplitOut' parameter set to an empty string, but this field is requir
Run [builder_issue]: The workflow failed to execute because the 'Split Issues' node (n8n-nodes-base.splitOut) has an empty 'fieldToSplitOut' parameter. The pre-analysis flags this as a builder issue: 'Parameter Fields To

Every day, fetch all open GitHub issues from repository 'acme-corp/bac / no-bugs — 1/5 passed

Run [builder_issue]: The workflow failed to execute cleanly. The Split Issues node has a misconfigured 'Fields To Split Out' parameter (empty string), which caused an execution failure: 'The workflow has issues and cannot
Run [builder_issue]: The workflow failed to execute cleanly. The 'Split Issues' node has a misconfigured 'fieldToSplitOut' parameter — it is empty string when a field name is required. This caused the execution to fail wi
Run [builder_issue]: The workflow failed to execute cleanly. The 'Split Issues' node has a misconfigured 'fieldToSplitOut' parameter (empty string), which is a required field. This caused the execution to fail with 'The w
Run [builder_issue]: The workflow failed to execute cleanly. The 'Split Issues' node has a missing required configuration parameter 'Fields To Split Out' (fieldToSplitOut is an empty string), which caused the execution to

Create a workflow that receives webhook notifications with a JSON body / high-priority — 2/5 passed

Run [builder_issue]: The Route by Level switch node correctly identified the 'high' priority and routed the item to its first output (index 0, labeled 'high'). However, the connections JSON shows that 'Route by Level' has
Run [builder_issue]: The Route by Level switch node correctly matched 'high' and routed output to its first (high) output. However, the connections JSON shows that 'Route by Level' has "main": [] — meaning none of its o
Run [builder_issue]: The Switch node (Route by Level) correctly identified the 'high' level and routed output to its first (high) output. However, the connections JSON shows 'Route by Level' has 'main': [] — meaning none

Create a workflow that receives webhook notifications with a JSON body / medium-priority — 2/5 passed

Run [builder_issue]: The Switch node (Route by Level) correctly identified the 'medium' level and routed to its second output (index 1, labeled 'medium'). However, the connections JSON shows that 'Route by Level' has an e
Run [builder_issue]: The Switch node ('Route by Level') correctly identified the 'medium' level and routed output to its second output port (index 1, labeled 'medium'). However, the connections JSON shows 'Route by Level'
Run [builder_issue]: The Switch node correctly routed the 'medium' level input to its second output (index 1), but the connections JSON shows 'Route by Level' has an empty 'main' array — meaning none of the Switch outputs

Create a workflow that receives webhook notifications with a JSON body / low-priority — 2/5 passed

Run [builder_issue]: The Switch node correctly routed the 'low' level notification to its third output (index 2, labeled 'low'). However, the connections JSON shows 'Route by Level' has "main": [] — meaning none of its
Run [builder_issue]: The Switch node correctly routed the low-priority notification to its 'low' output (output index 2), but the Send Gmail node never ran. Looking at the connections JSON, 'Route by Level' has an empty '
Run [builder_issue]: The Switch node 'Route by Level' correctly identified the 'low' level and produced output on its third output (index 2, the 'low' branch). However, the connections JSON shows that 'Route by Level' has

Fetch the latest posts from the JSONPlaceholder API (GET https://jsonp / happy-path — 2/5 passed

Run [builder_issue]: The workflow did not complete successfully. The execution stopped at the Split Posts node, which produced no output because it tried to split out a field named 'data' from the Fetch Posts response, bu
Run [builder_issue]: The workflow did not execute completely. After Split Posts ran, it produced no output (empty output) because it tried to split on a field named 'data', but the upstream Fetch Posts node returned items
Run [builder_issue]: The workflow failed to execute. Two issues prevented completion: (1) A framework issue caused the trigger node to have no input data, and (2) a builder issue caused the 'Split Posts' node to be miscon

Fetch the latest posts from the JSONPlaceholder API (GET https://jsonp / empty-response — 4/5 passed

Run [builder_issue]: The workflow crashed before it could process any data. The 'Split Posts' node has a misconfigured 'fieldToSplitOut' parameter (empty string), which is a required field. The execution failed with 'The

Fetch the latest posts from the JSONPlaceholder API (GET https://jsonp / all-filtered — 0/5 passed

Run [builder_issue]: The Filter Out qui Titles node is supposed to filter OUT posts containing 'qui' in their titles (keeping only posts that do NOT contain 'qui'). All three mock posts contain 'qui', so the expected outp
Run [builder_issue]: The Filter Out qui Titles node was supposed to filter OUT items whose titles contain 'qui', leaving zero items to pass through. However, the node's actual output contains all 3 items — all of which ha
Run [builder_issue]: The Filter Out qui Titles node was supposed to filter OUT posts containing 'qui' in the title, leaving zero items when all posts contain 'qui'. However, the node's output shows all 3 posts passed thro
Run [builder_issue]: The Filter Out qui Titles node was supposed to filter OUT all items containing 'qui' in their titles, leaving zero items. However, the node's output shows all 3 items still passing through — including
Run [builder_issue]: The workflow crashed before it could process any data. The 'Split Posts' node has a required parameter 'Fields To Split Out' left empty, causing the execution to fail with 'The workflow has issues and

Every hour, check the current weather for London, New York, and Tokyo / happy-path — 0/5 passed

Run [mock_issue]: The workflow failed with 'Cannot read properties of undefined (reading 'temp')' in the Process Weather Data node. The root cause is that the Weather - New York mock generation failed (returned {_evalM
Run [builder_issue]: The workflow failed with 'Could not get parameter' error on the Log to Airtable node. The Airtable node's 'columns' parameter is misconfigured: the builder set it as a string expression `={{ JSON.stri
Run [mock_issue]: Multiple sub-criteria fail:

1. Weather - New York API call did not succeed: The mock for 'Weather - New York' returned {_evalMockError: true, message: 'Mock generation failed...'} instead of re

Run [builder_issue]: The workflow failed to execute. The pre-analysis flagged a builder issue: the 'Log to Airtable' node has an invalid Airtable Table ID ('Weather Logs' is a plain text name, not a valid Airtable Table I
Run [builder_issue]: The workflow failed to execute. The pre-analysis flagged a builder issue: the 'Log to Airtable' node has an invalid Airtable Table ID — the value 'Weather Logs' is a table name string, not a valid Air

Every hour, check the current weather for London, New York, and Tokyo / no-alerts — 1/5 passed

Run [builder_issue]: The workflow errored at the 'Log to Airtable' node with 'Could not get parameter'. The Any Hot Cities? IF node correctly routed to the false branch (no hot cities), Split Readings correctly produced 3
Run [mock_issue]: The workflow failed with 'Could not get parameter' error on the Log to Airtable node. The root cause is twofold: (1) The Weather - New York mock generation failed (returned _evalMockError), causing th
Run [builder_issue]: The workflow failed to execute. The pre-analysis flag and execution trace confirm that the 'Log to Airtable' node has a misconfigured Table ID — 'Weather Logs' is a plain string name, not a valid Airt
Run [builder_issue]: The workflow failed to execute. The pre-analysis flags a builder issue: the 'Log to Airtable' node has an invalid Table ID ('Weather Logs' is a plain text name, not a valid Airtable Table ID which mus

[github-actions]

Performance Comparison

Comparing current → latest master → 14-day baseline

Memory consumption baseline with starter plan resources

Metric	Current	Latest Master	Baseline (avg)	vs Master	vs Baseline	Status
memory-rss-baseline	225.82 MB	348.40 MB	289.80 MB (σ 40.90)	-35.2%	-22.1%	⚠️
memory-heap-used-baseline	115.12 MB	114.27 MB	114.47 MB (σ 0.24)	+0.7%	+0.6%	🔴

Idle baseline with Instance AI module loaded

Metric	Current	Latest Master	Baseline (avg)	vs Master	vs Baseline	Status
instance-ai-rss-baseline	388.93 MB	392.12 MB	368.35 MB (σ 22.82)	-0.8%	+5.6%	✅
instance-ai-heap-used-baseline	187.07 MB	186.50 MB	186.43 MB (σ 0.25)	+0.3%	+0.3%	🔴

docker-stats

Metric	Current	Latest Master	Baseline (avg)	vs Master	vs Baseline	Status
docker-image-size-runners	388.00 MB	386.00 MB	392.13 MB (σ 11.18)	+0.5%	-1.1%	✅
docker-image-size-n8n	1269.76 MB	1269.76 MB	1273.60 MB (σ 10.49)	+0.0%	-0.3%	✅

How to read this table

• Current: This PR's value (or latest master if PR perf tests haven't run)
• Latest Master: Most recent nightly master measurement
• Baseline: Rolling 14-day average from master
• vs Master: PR impact (current vs latest master)
• vs Baseline: Drift from baseline (current vs rolling avg)
• Status: ✅ within 1σ | ⚠️ 1-2σ | 🔴 >2σ regression