feat: MistakeTracker + file-provenance ledger (v2.7.4)

Two native-inference hardening features from boocode_code_review_v2 §1 #12. MistakeTracker: new pure mistake-tracker.ts tracks consecutive heterogeneous tool failures (kinds surfaced per tool from tool-phase.ts). On 3 in a row the turn loop soft-nudges (model-facing recovery guidance + mistake_recovery sentinel + reset), then escalates to stopping the turn (cap-hit-style, Continue affordance) on a re-trip. Complements doom-loop (identical repeats) + cap-hit. File-provenance ledger: compaction.ts derives a deterministic ## Files Read list from the head messages' read-tool calls and injects it into the rolling-summary prompt so provenance survives compaction (no new table; read-only). mistake_recovery sentinel: MessageMetadata arm (server + web) + MessageBubble render branch. Built by 2 parallel agents. Server 545 tests passing (23 new); build + web tsc clean. Native-inference only. Builds on v2.7.3. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-01 13:05:03 +00:00
parent f53d6a8afd
commit bcc89d8adc
15 changed files with 816 additions and 20 deletions
--- a/apps/server/src/services/inference/index.ts
+++ b/apps/server/src/services/inference/index.ts
@@ -19,6 +19,14 @@ export type {
 } from './turn.js';
 export type { ToolPhaseResult } from './tool-phase.js';
 export { detectDoomLoop, DOOM_LOOP_THRESHOLD } from './sentinels.js';
+export {
+  detectMistakePattern,
+  freshMistakeState,
+  recordStep,
+  MISTAKE_THRESHOLD,
+  MISTAKE_RECOVERY_NOTE,
+} from './mistake-tracker.js';
+export type { FailureKind, MistakeState } from './mistake-tracker.js';
 export { buildMessagesPayload } from './payload.js';
 export { generateToolUseSummary } from './tool-summaries.js';
 export type { ToolInfo } from './tool-summaries.js';
--- a/apps/server/src/services/inference/mistake-tracker.ts
+++ b/apps/server/src/services/inference/mistake-tracker.ts
@@ -0,0 +1,69 @@
+// v#12 MistakeTracker: heterogeneous-failure recovery. Complements the
+// doom-loop guard (sentinels.ts:detectDoomLoop, which only catches *identical*
+// repeats) by catching a run of consecutive tool FAILURES the model isn't
+// recovering from — even when each failure is a *different* error. Algorithm
+// reimplemented from cline's mistake-counting pattern (NOT vendored).
+//
+// Pure module — mirrors sentinels.ts:detectDoomLoop. No DB, no I/O. The state
+// lives loop-local in TurnArgs (reset per runInference, like recentToolCalls).
+
+// The failure taxonomy already distinguished in tool-phase.ts:executeToolCall.
+// 'api_error' is reserved for upstream-model failures surfaced as tool outcomes
+// (no current emit site on apps/server, but the union mirrors the design doc
+// so a future caller can record it without a type change).
+export type FailureKind =
+  | 'zod_reject'
+  | 'tool_not_found'
+  | 'exec_error'
+  | 'api_error'
+  | 'permission_denied';
+
+// Smallest streak that doesn't false-positive on a model that retries once
+// after a transient error. Matches DOOM_LOOP_THRESHOLD's rationale.
+export const MISTAKE_THRESHOLD = 3;
+
+export interface MistakeState {
+  // The current consecutive-failure streak (any successful tool step clears it).
+  run: FailureKind[];
+  // How many recovery nudges have fired without an intervening success. Used to
+  // escalate (stop the turn) on the second trip rather than nudging forever.
+  nudges: number;
+}
+
+export function freshMistakeState(): MistakeState {
+  return { run: [], nudges: 0 };
+}
+
+// Record one tool step's outcome. A 'success' clears BOTH the streak and the
+// nudge counter (the model recovered). A FailureKind pushes onto the streak.
+export function recordStep(
+  state: MistakeState,
+  outcome: FailureKind | 'success',
+): void {
+  if (outcome === 'success') {
+    state.run = [];
+    state.nudges = 0;
+    return;
+  }
+  state.run.push(outcome);
+}
+
+// Decide whether to intervene given the current streak. When the streak has
+// reached MISTAKE_THRESHOLD: 'nudge' the first time (no nudge fired yet),
+// 'escalate' if it trips again while a nudge is already outstanding (no
+// intervening success cleared `nudges`). Below threshold → null.
+//
+// Pure — the caller is responsible for mutating `nudges`/`run` after acting on
+// the decision (mirrors how turn.ts consumes detectDoomLoop's result).
+export function detectMistakePattern(
+  state: MistakeState,
+): 'nudge' | 'escalate' | null {
+  if (state.run.length < MISTAKE_THRESHOLD) return null;
+  return state.nudges === 0 ? 'nudge' : 'escalate';
+}
+
+// Model-facing guidance injected (transiently, for the next step only) when a
+// nudge fires. Short + declarative for the same reliability reason as the
+// cap-hit / doom-loop notes.
+export const MISTAKE_RECOVERY_NOTE =
+  "You've hit several different errors in a row. Stop retrying variations — re-read the tool schemas, verify file paths and arguments exist before calling, and try a fundamentally different approach.";
--- a/apps/server/src/services/inference/sentinel-summaries.ts
+++ b/apps/server/src/services/inference/sentinel-summaries.ts
@@ -717,3 +717,57 @@ async function insertDoomLoopSentinel(
    metadata,
  });
 }
+
+// #12 MistakeTracker: heterogeneous-failure recovery sentinel. Mirrors
+// insertDoomLoopSentinel structurally — a role='system', status='complete' row
+// firing the standard message_started → delta → message_complete frame
+// sequence. Two variants distinguished by `escalated`:
+//   - escalated:false → a nudge fired; recovery guidance was injected into the
+//     model's next step and the loop continued. can_continue is true (the turn
+//     is still live).
+//   - escalated:true  → the nudge didn't break the failure run; the turn was
+//     stopped (cap-hit-style). can_continue is true so the UI can still offer a
+//     Continue affordance — a fresh user turn resets the tracker.
+export async function insertMistakeRecoverySentinel(
+  ctx: InferenceContext,
+  sessionId: string,
+  chatId: string,
+  opts: { failureKinds: string[]; count: number; escalated: boolean; canContinue: boolean },
+): Promise<void> {
+  const metadata: MessageMetadata = {
+    kind: 'mistake_recovery',
+    failure_kinds: opts.failureKinds,
+    count: opts.count,
+    escalated: opts.escalated,
+    can_continue: opts.canContinue,
+  };
+  const content = opts.escalated
+    ? `Repeated different errors persisted after a recovery nudge (${opts.count} in a row). Stopping the tool-call loop.`
+    : `Hit ${opts.count} different errors in a row. Injected recovery guidance and continuing.`;
+
+  const [row] = await ctx.sql<{ id: string }[]>`
+    INSERT INTO messages (session_id, chat_id, role, content, status, created_at, metadata)
+    VALUES (${sessionId}, ${chatId}, 'system', ${content}, 'complete', clock_timestamp(), ${ctx.sql.json(metadata as never)})
+    RETURNING id
+  `;
+
+  // Standard frame sequence — same as cap-hit / doom-loop sentinels.
+  ctx.publish(sessionId, {
+    type: 'message_started',
+    message_id: row!.id,
+    chat_id: chatId,
+    role: 'system',
+  });
+  ctx.publish(sessionId, {
+    type: 'delta',
+    message_id: row!.id,
+    chat_id: chatId,
+    content,
+  });
+  ctx.publish(sessionId, {
+    type: 'message_complete',
+    message_id: row!.id,
+    chat_id: chatId,
+    metadata,
+  });
+}
--- a/apps/server/src/services/inference/sentinels.ts
+++ b/apps/server/src/services/inference/sentinels.ts
@@ -48,6 +48,18 @@ export function isDoomLoopSentinel(m: Message): boolean {
  );
 }

-export function isAnySentinel(m: Message): boolean {
-  return isCapHitSentinel(m) || isDoomLoopSentinel(m);
+// #12: mistake-recovery sentinel. Same UI-only semantics as cap-hit /
+// doom-loop — never sent to the LLM (filtered via the isAnySentinel check
+// below, which buildMessagesPayload + buildHeadPayload both consult).
+export function isMistakeRecoverySentinel(m: Message): boolean {
+  return (
+    m.role === 'system' &&
+    m.metadata !== null &&
+    typeof m.metadata === 'object' &&
+    (m.metadata as { kind?: unknown }).kind === 'mistake_recovery'
+  );
+}
+
+export function isAnySentinel(m: Message): boolean {
+  return isCapHitSentinel(m) || isDoomLoopSentinel(m) || isMistakeRecoverySentinel(m);
 }
--- a/apps/server/src/services/inference/tool-phase.ts
+++ b/apps/server/src/services/inference/tool-phase.ts
@@ -17,6 +17,7 @@ import { formatUnknownToolError } from './tool-suggestions.js';
 // prompted about paths we couldn't grant anyway (e.g. /etc/passwd).
 import { resolveGrantRoot } from '../grant_resolver.js';
 import { stripToolMarkup } from './tool-call-parser.js';
+import type { FailureKind } from './mistake-tracker.js';
 import type {
  InferenceContext,
  StreamResult,
@@ -33,13 +34,18 @@ async function executeToolCall(
  toolCall: ToolCall,
  extraRoots: readonly string[],
  toolCtx?: ToolExecCtx,
-): Promise<{ output: unknown; truncated: boolean; error?: string }> {
+): Promise<{ output: unknown; truncated: boolean; error?: string; outcome: FailureKind | 'success' }> {
+  // v#12 MistakeTracker: every return path carries an `outcome` so the turn
+  // loop can detect a run of heterogeneous failures. The failure taxonomy
+  // mirrors mistake-tracker.ts:FailureKind. Does NOT alter the existing
+  // output/truncated/error shape — outcome is purely additive.
  const tool = TOOLS_BY_NAME[toolCall.name];
  if (!tool) {
    return {
      output: null,
      truncated: false,
      error: formatUnknownToolError(toolCall.name, Object.keys(TOOLS_BY_NAME)),
+      outcome: 'tool_not_found',
    };
  }
  const parsed = tool.inputSchema.safeParse(toolCall.args);
@@ -64,6 +70,7 @@ async function executeToolCall(
      output: null,
      truncated: false,
      error: `tool '${toolCall.name}' rejected — ${hint}`,
+      outcome: 'zod_reject',
    };
  }
  try {
@@ -72,15 +79,16 @@ async function executeToolCall(
      typeof output === 'object' && output !== null && 'truncated' in output
        ? Boolean((output as { truncated: unknown }).truncated)
        : false;
-    return { output, truncated };
+    return { output, truncated, outcome: 'success' };
  } catch (err) {
    if (err instanceof PathScopeError) {
-      return { output: null, truncated: false, error: err.message };
+      return { output: null, truncated: false, error: err.message, outcome: 'permission_denied' };
    }
    return {
      output: null,
      truncated: false,
      error: err instanceof Error ? err.message : String(err),
+      outcome: 'exec_error',
    };
  }
 }
@@ -93,6 +101,12 @@ export interface ToolPhaseResult {
  toolCallCount: number;
  toolCalls: ToolCall[];
  nextAssistantId: string | null;
+  // v#12 MistakeTracker: one outcome per executed tool call, in no particular
+  // order (filled inside the Promise.all callbacks). The turn loop folds these
+  // into TurnArgs.mistakeTracker via recordStep. Pause/auto-grant control-flow
+  // tools record 'success' (they aren't model mistakes); the genuine error
+  // paths record their FailureKind.
+  outcomes: (FailureKind | 'success')[];
 }

 export async function executeToolPhase(
@@ -187,6 +201,10 @@ export async function executeToolPhase(
  // for the synthesis input. Race-free under Promise.all because each
  // callback pushes its own captured value.
  const synthEntries: Array<{ tc: ToolCall; output: unknown; error?: string }> = [];
+  // v#12 MistakeTracker: collect each tool's outcome. Concurrent pushes under
+  // Promise.all are safe (each callback appends its own value; order is not
+  // significant to recordStep which folds them sequentially).
+  const outcomes: (FailureKind | 'success')[] = [];
  await Promise.all(
    toolCalls.map(async (tc) => {
      const [toolRow] = await ctx.sql<{ id: string }[]>`
@@ -197,6 +215,7 @@ export async function executeToolPhase(
      const toolMessageId = toolRow!.id;
      if (tc.name === 'ask_user_input') {
        pausingForUserInput = true;
+        outcomes.push('success');
        const sentinel = { tool_call_id: tc.id, output: null, truncated: false };
        // v1.13.20: parts-only. The answer-endpoint UPDATE later
        // (messages.ts) will delete and re-insert this part when the user
@@ -227,7 +246,10 @@ export async function executeToolPhase(
        );
        if (!resolution.ok) {
          // Auto-deny without pausing. The model sees the reason on its
-          // next turn and decides what to do.
+          // next turn and decides what to do. Counts as a permission_denied
+          // failure for the mistake tracker (the model asked for a path it
+          // can't have — a recoverable mistake it should learn from).
+          outcomes.push('permission_denied');
          const stored = {
            tool_call_id: tc.id,
            output: `denied: ${resolution.reason}`,
@@ -255,6 +277,7 @@ export async function executeToolPhase(
        // pause. The grant endpoint re-derives the root at decision time
        // (state may have changed in the meantime) so we don't stash it here.
        pausingForUserInput = true;
+        outcomes.push('success');
        const sentinel = { tool_call_id: tc.id, output: null, truncated: false };
        // v1.13.20: parts-only write.
        await insertParts(
@@ -267,6 +290,10 @@ export async function executeToolPhase(
        return;
      }
      if (agent && !matchToolGlob(tc.name, agent.tools)) {
+        // Agent-scope denial — the model called a tool outside its whitelist.
+        // permission_denied for the mistake tracker (the model should pick a
+        // tool it's actually allowed to use).
+        outcomes.push('permission_denied');
        const stored = {
          tool_call_id: tc.id,
          output: null,
@@ -295,6 +322,10 @@ export async function executeToolPhase(
        sql: ctx.sql,
        sessionId,
      });
+      // v#12 MistakeTracker: record the real execution outcome (success or a
+      // FailureKind). This is the primary signal for heterogeneous-failure
+      // detection.
+      outcomes.push(tres.outcome);
      if (SYNTHESIS_TOOLS.has(tc.name)) {
        synthEntries.push({ tc, output: tres.output, ...(tres.error ? { error: tres.error } : {}) });
      }
@@ -340,6 +371,7 @@ export async function executeToolPhase(
      toolCallCount: toolCalls.length,
      toolCalls,
      nextAssistantId: null,
+      outcomes,
    };
  }

@@ -378,6 +410,7 @@ export async function executeToolPhase(
        toolCallCount: toolCalls.length,
        toolCalls,
        nextAssistantId: null,
+        outcomes,
      };
    }
    // ran === false → synthesis failed (timeout / model error) → fall through
@@ -397,5 +430,6 @@ export async function executeToolPhase(
    toolCallCount: toolCalls.length,
    toolCalls,
    nextAssistantId: nextAssistant!.id,
+    outcomes,
  };
 }
--- a/apps/server/src/services/inference/turn.ts
+++ b/apps/server/src/services/inference/turn.ts
@@ -22,6 +22,13 @@ import { resolveToolBudget } from './budget.js';
 import {
  detectDoomLoop,
 } from './sentinels.js';
+import {
+  detectMistakePattern,
+  freshMistakeState,
+  recordStep,
+  MISTAKE_RECOVERY_NOTE,
+  type MistakeState,
+} from './mistake-tracker.js';
 import {
  buildMessagesPayload,
  loadContext,
@@ -39,6 +46,7 @@ import {
  runCapHitSummary,
  runDoomLoopSummary,
  runStepCapSummary,
+  insertMistakeRecoverySentinel,
 } from './sentinel-summaries.js';

 // v1.14.0: hard ceiling on the number of stream-and-tool iterations per
@@ -144,6 +152,16 @@ export interface TurnArgs {
  // boundaries by runInference, same as toolsUsed. Doom-loop check at the
  // top of runAssistantTurn slices the last DOOM_LOOP_THRESHOLD entries.
  recentToolCalls: ToolCall[];
+  // v#12 MistakeTracker: heterogeneous-failure recovery state. Loop-local,
+  // reset per runInference (user-message boundary) like recentToolCalls. Folds
+  // tool-phase outcomes via recordStep each iteration; detectMistakePattern
+  // gates the nudge/escalate decision.
+  mistakeTracker: MistakeState;
+  // v#12: transient model-facing recovery note set when a nudge fires. Consumed
+  // (appended as a role:'system' message + cleared) on the NEXT payload build.
+  // Never persisted — mirrors how the cap-hit/doom-loop notes live only inside
+  // the summary call's messages array.
+  pendingRecoveryNote?: string;
  signal: AbortSignal | undefined;
 }

@@ -188,6 +206,12 @@ export async function runAssistantTurn(
  let toolsUsed = args.toolsUsed;
  let recentToolCalls = args.recentToolCalls;
  let assistantMessageId = args.assistantMessageId;
+  // v#12 MistakeTracker: the tracker state is carried on `args` (mutated in
+  // place by recordStep). pendingRecoveryNote is a loop-local because it is a
+  // single-step transient — set when a nudge fires, consumed (injected into the
+  // next payload) and cleared on the following iteration.
+  const mistakeTracker = args.mistakeTracker;
+  let pendingRecoveryNote: string | undefined = args.pendingRecoveryNote;

  while (stepNumber < effectiveCap) {
    // ---- doom-loop check (moved from top-of-function) ----
@@ -196,7 +220,7 @@ export async function runAssistantTurn(
      // Need fresh history for the summary.
      const loaded = await loadContext(ctx.sql, sessionId, chatId);
      if (loaded) {
-        const iterArgs: TurnArgs = { sessionId, chatId, assistantMessageId, toolsUsed, recentToolCalls, signal };
+        const iterArgs: TurnArgs = { sessionId, chatId, assistantMessageId, toolsUsed, recentToolCalls, mistakeTracker, signal };
        await runDoomLoopSummary(ctx, iterArgs, loaded.session, loaded.project, loaded.history, agent, loop);
      }
      break;
@@ -206,7 +230,7 @@ export async function runAssistantTurn(
    if (toolsUsed >= budget) {
      const loaded = await loadContext(ctx.sql, sessionId, chatId);
      if (loaded) {
-        const iterArgs: TurnArgs = { sessionId, chatId, assistantMessageId, toolsUsed, recentToolCalls, signal };
+        const iterArgs: TurnArgs = { sessionId, chatId, assistantMessageId, toolsUsed, recentToolCalls, mistakeTracker, signal };
        await runCapHitSummary(ctx, iterArgs, loaded.session, loaded.project, loaded.history, agent, budget);
      }
      break;
@@ -265,7 +289,16 @@ export async function runAssistantTurn(
      }
    }

-    const iterArgs: TurnArgs = { sessionId, chatId, assistantMessageId, toolsUsed, recentToolCalls, signal };
+    // v#12 MistakeTracker: if the prior iteration's nudge fired, append the
+    // transient recovery note to THIS payload (consumed exactly once, then
+    // cleared). Never persisted — same lifecycle as the cap-hit/doom-loop
+    // summary notes, which live only inside the in-memory messages array.
+    if (pendingRecoveryNote) {
+      messages.push({ role: 'system', content: pendingRecoveryNote });
+      pendingRecoveryNote = undefined;
+    }
+
+    const iterArgs: TurnArgs = { sessionId, chatId, assistantMessageId, toolsUsed, recentToolCalls, mistakeTracker, signal };
    const state: StreamPhaseState = { accumulated: '', startedAt: null };
    let result: StreamResult;
    try {
@@ -305,10 +338,78 @@ export async function runAssistantTurn(
    recentToolCalls = [...recentToolCalls, ...toolPhaseResult.toolCalls];
    stepNumber++;

+    // v#12 MistakeTracker: fold this iteration's tool outcomes into the
+    // tracker, in order. recordStep mutates `mistakeTracker` in place (it is
+    // the same object referenced by args). A 'success' clears the streak.
+    for (const o of toolPhaseResult.outcomes) {
+      recordStep(mistakeTracker, o);
+    }
+
    if (toolPhaseResult.action !== 'continue') {
-      // 'paused' (user input) or 'synthesis_done' — stop the loop.
+      // 'paused' (user input) or 'synthesis_done' — stop the loop. The turn is
+      // already ending, so neither a nudge nor an escalate would change the
+      // control flow; we skip the mistake decision here.
      break;
    }
+
+    // v#12 MistakeTracker: heterogeneous-failure decision. Only evaluated on
+    // the 'continue' path (the only case where the loop would otherwise
+    // proceed to another step). Complements the doom-loop check above, which
+    // only catches *identical* repeats.
+    const mistake = detectMistakePattern(mistakeTracker);
+    if (mistake === 'nudge') {
+      // Soft intervention: inject model-facing recovery guidance into the NEXT
+      // step's payload, drop a UI sentinel, bump nudges, reset the streak, and
+      // continue. The note is consumed (and cleared) at the top of the next
+      // iteration's payload build.
+      pendingRecoveryNote = MISTAKE_RECOVERY_NOTE;
+      const failureKinds = [...mistakeTracker.run];
+      await insertMistakeRecoverySentinel(ctx, sessionId, chatId, {
+        failureKinds,
+        count: failureKinds.length,
+        escalated: false,
+        canContinue: true,
+      });
+      mistakeTracker.nudges += 1;
+      mistakeTracker.run = [];
+      ctx.log.info(
+        { sessionId, chatId, step: stepNumber, nudges: mistakeTracker.nudges, failureKinds },
+        'mistake_recovery nudge',
+      );
+      assistantMessageId = toolPhaseResult.nextAssistantId!;
+      continue;
+    }
+    if (mistake === 'escalate') {
+      // The nudge didn't break the failure run — stop the turn (cap-hit-style)
+      // to avoid burning the whole step budget on heterogeneous failures. The
+      // next assistant row is still 'streaming'; finalize it as a short note so
+      // the slot doesn't dangle, then drop the escalate sentinel.
+      const failureKinds = [...mistakeTracker.run];
+      assistantMessageId = toolPhaseResult.nextAssistantId!;
+      await ctx.sql`
+        UPDATE messages
+        SET content = '', status = 'complete', finished_at = clock_timestamp()
+        WHERE id = ${assistantMessageId}
+      `;
+      ctx.publish(sessionId, {
+        type: 'message_complete',
+        message_id: assistantMessageId,
+        chat_id: chatId,
+      });
+      await insertMistakeRecoverySentinel(ctx, sessionId, chatId, {
+        failureKinds,
+        count: failureKinds.length,
+        escalated: true,
+        canContinue: true,
+      });
+      ctx.publishUser({ type: 'chat_status', chat_id: chatId, status: 'idle', at: new Date().toISOString() });
+      ctx.log.info(
+        { sessionId, chatId, step: stepNumber, failureKinds },
+        'mistake_recovery escalate — stopping turn',
+      );
+      break;
+    }
+
    // 'continue' — advance to next assistant message.
    assistantMessageId = toolPhaseResult.nextAssistantId!;
  }
@@ -320,7 +421,7 @@ export async function runAssistantTurn(
  if (stepNumber >= effectiveCap && effectiveCap < Infinity) {
    const loaded = await loadContext(ctx.sql, sessionId, chatId);
    if (loaded) {
-      const capArgs: TurnArgs = { sessionId, chatId, assistantMessageId, toolsUsed, recentToolCalls, signal };
+      const capArgs: TurnArgs = { sessionId, chatId, assistantMessageId, toolsUsed, recentToolCalls, mistakeTracker, signal };
      await runStepCapSummary(ctx, capArgs, loaded.session, loaded.project, loaded.history, agent, stepNumber, effectiveCap);
    }
  }
@@ -378,12 +479,16 @@ export async function runInference(
  // per-call budget.
  // v1.11.6: recentToolCalls also resets — doom-loop detection is scoped
  // to a single user-message turn, so a Continue starts with no history.
+  // v#12 MistakeTracker: fresh per user-message turn, like recentToolCalls.
+  // Tracks consecutive heterogeneous tool failures across the loop's
+  // stream-and-tool iterations within this turn.
  return runAssistantTurn(ctx, {
    sessionId,
    chatId,
    assistantMessageId,
    toolsUsed: 0,
    recentToolCalls: [],
+    mistakeTracker: freshMistakeState(),
    signal,
  });
 }