feat: MistakeTracker + file-provenance ledger (v2.7.4)
Two native-inference hardening features from boocode_code_review_v2 §1 #12. MistakeTracker: new pure mistake-tracker.ts tracks consecutive heterogeneous tool failures (kinds surfaced per tool from tool-phase.ts). On 3 in a row the turn loop soft-nudges (model-facing recovery guidance + mistake_recovery sentinel + reset), then escalates to stopping the turn (cap-hit-style, Continue affordance) on a re-trip. Complements doom-loop (identical repeats) + cap-hit. File-provenance ledger: compaction.ts derives a deterministic ## Files Read list from the head messages' read-tool calls and injects it into the rolling-summary prompt so provenance survives compaction (no new table; read-only). mistake_recovery sentinel: MessageMetadata arm (server + web) + MessageBubble render branch. Built by 2 parallel agents. Server 545 tests passing (23 new); build + web tsc clean. Native-inference only. Builds on v2.7.3. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -17,6 +17,7 @@ import { formatUnknownToolError } from './tool-suggestions.js';
|
||||
// prompted about paths we couldn't grant anyway (e.g. /etc/passwd).
|
||||
import { resolveGrantRoot } from '../grant_resolver.js';
|
||||
import { stripToolMarkup } from './tool-call-parser.js';
|
||||
import type { FailureKind } from './mistake-tracker.js';
|
||||
import type {
|
||||
InferenceContext,
|
||||
StreamResult,
|
||||
@@ -33,13 +34,18 @@ async function executeToolCall(
|
||||
toolCall: ToolCall,
|
||||
extraRoots: readonly string[],
|
||||
toolCtx?: ToolExecCtx,
|
||||
): Promise<{ output: unknown; truncated: boolean; error?: string }> {
|
||||
): Promise<{ output: unknown; truncated: boolean; error?: string; outcome: FailureKind | 'success' }> {
|
||||
// v#12 MistakeTracker: every return path carries an `outcome` so the turn
|
||||
// loop can detect a run of heterogeneous failures. The failure taxonomy
|
||||
// mirrors mistake-tracker.ts:FailureKind. Does NOT alter the existing
|
||||
// output/truncated/error shape — outcome is purely additive.
|
||||
const tool = TOOLS_BY_NAME[toolCall.name];
|
||||
if (!tool) {
|
||||
return {
|
||||
output: null,
|
||||
truncated: false,
|
||||
error: formatUnknownToolError(toolCall.name, Object.keys(TOOLS_BY_NAME)),
|
||||
outcome: 'tool_not_found',
|
||||
};
|
||||
}
|
||||
const parsed = tool.inputSchema.safeParse(toolCall.args);
|
||||
@@ -64,6 +70,7 @@ async function executeToolCall(
|
||||
output: null,
|
||||
truncated: false,
|
||||
error: `tool '${toolCall.name}' rejected — ${hint}`,
|
||||
outcome: 'zod_reject',
|
||||
};
|
||||
}
|
||||
try {
|
||||
@@ -72,15 +79,16 @@ async function executeToolCall(
|
||||
typeof output === 'object' && output !== null && 'truncated' in output
|
||||
? Boolean((output as { truncated: unknown }).truncated)
|
||||
: false;
|
||||
return { output, truncated };
|
||||
return { output, truncated, outcome: 'success' };
|
||||
} catch (err) {
|
||||
if (err instanceof PathScopeError) {
|
||||
return { output: null, truncated: false, error: err.message };
|
||||
return { output: null, truncated: false, error: err.message, outcome: 'permission_denied' };
|
||||
}
|
||||
return {
|
||||
output: null,
|
||||
truncated: false,
|
||||
error: err instanceof Error ? err.message : String(err),
|
||||
outcome: 'exec_error',
|
||||
};
|
||||
}
|
||||
}
|
||||
@@ -93,6 +101,12 @@ export interface ToolPhaseResult {
|
||||
toolCallCount: number;
|
||||
toolCalls: ToolCall[];
|
||||
nextAssistantId: string | null;
|
||||
// v#12 MistakeTracker: one outcome per executed tool call, in no particular
|
||||
// order (filled inside the Promise.all callbacks). The turn loop folds these
|
||||
// into TurnArgs.mistakeTracker via recordStep. Pause/auto-grant control-flow
|
||||
// tools record 'success' (they aren't model mistakes); the genuine error
|
||||
// paths record their FailureKind.
|
||||
outcomes: (FailureKind | 'success')[];
|
||||
}
|
||||
|
||||
export async function executeToolPhase(
|
||||
@@ -187,6 +201,10 @@ export async function executeToolPhase(
|
||||
// for the synthesis input. Race-free under Promise.all because each
|
||||
// callback pushes its own captured value.
|
||||
const synthEntries: Array<{ tc: ToolCall; output: unknown; error?: string }> = [];
|
||||
// v#12 MistakeTracker: collect each tool's outcome. Concurrent pushes under
|
||||
// Promise.all are safe (each callback appends its own value; order is not
|
||||
// significant to recordStep which folds them sequentially).
|
||||
const outcomes: (FailureKind | 'success')[] = [];
|
||||
await Promise.all(
|
||||
toolCalls.map(async (tc) => {
|
||||
const [toolRow] = await ctx.sql<{ id: string }[]>`
|
||||
@@ -197,6 +215,7 @@ export async function executeToolPhase(
|
||||
const toolMessageId = toolRow!.id;
|
||||
if (tc.name === 'ask_user_input') {
|
||||
pausingForUserInput = true;
|
||||
outcomes.push('success');
|
||||
const sentinel = { tool_call_id: tc.id, output: null, truncated: false };
|
||||
// v1.13.20: parts-only. The answer-endpoint UPDATE later
|
||||
// (messages.ts) will delete and re-insert this part when the user
|
||||
@@ -227,7 +246,10 @@ export async function executeToolPhase(
|
||||
);
|
||||
if (!resolution.ok) {
|
||||
// Auto-deny without pausing. The model sees the reason on its
|
||||
// next turn and decides what to do.
|
||||
// next turn and decides what to do. Counts as a permission_denied
|
||||
// failure for the mistake tracker (the model asked for a path it
|
||||
// can't have — a recoverable mistake it should learn from).
|
||||
outcomes.push('permission_denied');
|
||||
const stored = {
|
||||
tool_call_id: tc.id,
|
||||
output: `denied: ${resolution.reason}`,
|
||||
@@ -255,6 +277,7 @@ export async function executeToolPhase(
|
||||
// pause. The grant endpoint re-derives the root at decision time
|
||||
// (state may have changed in the meantime) so we don't stash it here.
|
||||
pausingForUserInput = true;
|
||||
outcomes.push('success');
|
||||
const sentinel = { tool_call_id: tc.id, output: null, truncated: false };
|
||||
// v1.13.20: parts-only write.
|
||||
await insertParts(
|
||||
@@ -267,6 +290,10 @@ export async function executeToolPhase(
|
||||
return;
|
||||
}
|
||||
if (agent && !matchToolGlob(tc.name, agent.tools)) {
|
||||
// Agent-scope denial — the model called a tool outside its whitelist.
|
||||
// permission_denied for the mistake tracker (the model should pick a
|
||||
// tool it's actually allowed to use).
|
||||
outcomes.push('permission_denied');
|
||||
const stored = {
|
||||
tool_call_id: tc.id,
|
||||
output: null,
|
||||
@@ -295,6 +322,10 @@ export async function executeToolPhase(
|
||||
sql: ctx.sql,
|
||||
sessionId,
|
||||
});
|
||||
// v#12 MistakeTracker: record the real execution outcome (success or a
|
||||
// FailureKind). This is the primary signal for heterogeneous-failure
|
||||
// detection.
|
||||
outcomes.push(tres.outcome);
|
||||
if (SYNTHESIS_TOOLS.has(tc.name)) {
|
||||
synthEntries.push({ tc, output: tres.output, ...(tres.error ? { error: tres.error } : {}) });
|
||||
}
|
||||
@@ -340,6 +371,7 @@ export async function executeToolPhase(
|
||||
toolCallCount: toolCalls.length,
|
||||
toolCalls,
|
||||
nextAssistantId: null,
|
||||
outcomes,
|
||||
};
|
||||
}
|
||||
|
||||
@@ -378,6 +410,7 @@ export async function executeToolPhase(
|
||||
toolCallCount: toolCalls.length,
|
||||
toolCalls,
|
||||
nextAssistantId: null,
|
||||
outcomes,
|
||||
};
|
||||
}
|
||||
// ran === false → synthesis failed (timeout / model error) → fall through
|
||||
@@ -397,5 +430,6 @@ export async function executeToolPhase(
|
||||
toolCallCount: toolCalls.length,
|
||||
toolCalls,
|
||||
nextAssistantId: nextAssistant!.id,
|
||||
outcomes,
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user