npm - @miller-tech/uap - Versions diffs - 1.20.19 → 1.20.21 - Mend

@miller-tech/uap 1.20.19 → 1.20.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +1 -1
package/tools/agents/scripts/anthropic_proxy.py +72 -2
package/tools/agents/tests/test_anthropic_proxy_streaming.py +172 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@miller-tech/uap",
-  "version": "1.20.19",
+  "version": "1.20.21",
   "description": "Autonomous AI agent memory system with CLAUDE.md protocol enforcement",
   "type": "module",
   "main": "dist/index.js",

package/tools/agents/scripts/anthropic_proxy.py CHANGED Viewed

@@ -3044,6 +3044,21 @@ _SYSTEM_PROMPT_LEAK_MARKERS = (
     "valid tool call with strict json",
     "return exactly one valid tool call",
     "invalid tool call format",
+    # Option 1: Spec mode system-reminder phrases
+    "spec mode is active",
+    "spec mode active",
+    "executed askuser tool to gather requirements",
+    "gather requirements and clarify decisions",
+    "before finalizing your spec",
+    "you must not make any edits",
+    # Option 2: Broader Claude Code system-reminder phrases
+    "the user indicated that they do not want you to execute",
+    "run any non-readonly tools",
+    "making communications or interacting with external services",
+    "this is encouraged in spec mode",
+    "user has executed askuser tool",
+    "<system-reminder>",
+    "</system-reminder>",
 )
@@ -4103,6 +4118,8 @@ def _build_malformed_retry_body(
     tool_choice: str = "required",
     attempt: int = 1,
     total_attempts: int = 1,
+    is_garbled: bool = False,
+    exclude_tools: list[str] | None = None,
 ) -> dict:
     retry_body = dict(openai_body)
     retry_body["stream"] = False
@@ -4137,7 +4154,16 @@ def _build_malformed_retry_body(
         sanitized = _sanitize_assistant_messages_for_retry(existing_messages)
         retry_body["messages"] = [*sanitized, malformed_retry_instruction]
-    if PROXY_MALFORMED_TOOL_RETRY_MAX_TOKENS > 0:
+    # Option 1: Progressive garbled-cap within retries — use smaller max_tokens
+    # when the issue involves garbled/degenerate args to limit degeneration room.
+    if is_garbled and PROXY_TOOL_TURN_MAX_TOKENS_GARBLED > 0:
+        retry_body["max_tokens"] = PROXY_TOOL_TURN_MAX_TOKENS_GARBLED
+        logger.info(
+            "RETRY GARBLED CAP: max_tokens=%d for garbled retry attempt=%d",
+            PROXY_TOOL_TURN_MAX_TOKENS_GARBLED,
+            attempt,
+        )
+    elif PROXY_MALFORMED_TOOL_RETRY_MAX_TOKENS > 0:
         current_max = int(
             retry_body.get("max_tokens", PROXY_MALFORMED_TOOL_RETRY_MAX_TOKENS)
         )
@@ -4151,6 +4177,23 @@ def _build_malformed_retry_body(
             anthropic_body.get("tools", [])
         )
+    # Option 3: Exclude specific failing tools from retry to let the model
+    # pick an alternative when a tool consistently produces garbled args.
+    if exclude_tools and retry_body.get("tools"):
+        exclude_lower = {t.lower() for t in exclude_tools}
+        original_count = len(retry_body["tools"])
+        retry_body["tools"] = [
+            t for t in retry_body["tools"]
+            if t.get("function", {}).get("name", "").lower() not in exclude_lower
+        ]
+        if len(retry_body["tools"]) < original_count:
+            logger.info(
+                "RETRY TOOL NARROWING: excluded %s, tools %d -> %d",
+                exclude_tools,
+                original_count,
+                len(retry_body["tools"]),
+            )
     if PROXY_DISABLE_THINKING_ON_TOOL_TURNS:
         retry_body["enable_thinking"] = False
@@ -4373,8 +4416,16 @@ async def _apply_malformed_tool_guardrail(
     monitor.maybe_activate_forced_tool_dampener(issue.kind)
     excerpt = _openai_message_text(working_resp)[:220].replace("\n", " ")
+    # Option 2: Log garbled argument content for diagnostics
+    arg_excerpt = ""
+    if issue.kind == "invalid_tool_args":
+        for tc in (working_resp.get("choices", [{}])[0].get("message", {}).get("tool_calls", [])):
+            raw_args = tc.get("function", {}).get("arguments", "")
+            if raw_args and _is_garbled_tool_arguments(raw_args):
+                arg_excerpt = raw_args[:200].replace("\n", " ")
+                break
     logger.warning(
-        "TOOL RESPONSE ISSUE: session=%s kind=%s reason=%s malformed=%d invalid=%d required_miss=%d excerpt=%.220s",
+        "TOOL RESPONSE ISSUE: session=%s kind=%s reason=%s malformed=%d invalid=%d required_miss=%d excerpt=%.220s args=%.200s",
         session_id,
         issue.kind,
         issue.reason,
@@ -4382,16 +4433,27 @@ async def _apply_malformed_tool_guardrail(
         monitor.invalid_tool_call_streak,
         monitor.required_tool_miss_streak,
         excerpt,
+        arg_excerpt,
     )
     attempts = max(0, PROXY_MALFORMED_TOOL_RETRY_MAX)
     current_issue = issue
+    # Track failing tool names for Option 3 (tool narrowing on retry)
+    failing_tools: set[str] = set()
+    if issue.kind == "invalid_tool_args":
+        for tc in (working_resp.get("choices", [{}])[0].get("message", {}).get("tool_calls", [])):
+            fn_name = tc.get("function", {}).get("name", "")
+            raw_args = tc.get("function", {}).get("arguments", "")
+            if fn_name and raw_args and _is_garbled_tool_arguments(raw_args):
+                failing_tools.add(fn_name)
     for attempt in range(attempts):
         attempt_tool_choice = _retry_tool_choice_for_attempt(
             required_tool_choice,
             attempt,
             attempts,
         )
+        # Option 3: On attempt >= 2, exclude consistently failing tools
+        exclude = list(failing_tools) if attempt >= 1 and failing_tools else None
         retry_body = _build_malformed_retry_body(
             openai_body,
             anthropic_body,
@@ -4399,6 +4461,8 @@ async def _apply_malformed_tool_guardrail(
             tool_choice=attempt_tool_choice,
             attempt=attempt + 1,
             total_attempts=attempts,
+            is_garbled=current_issue.kind == "invalid_tool_args",
+            exclude_tools=exclude,
         )
         retry_resp = await client.post(
             f"{LLAMA_CPP_BASE}/chat/completions",
@@ -4471,6 +4535,12 @@ async def _apply_malformed_tool_guardrail(
         elif retry_issue.kind == "invalid_tool_args":
             monitor.invalid_tool_call_streak += 1
             monitor.arg_preflight_rejections += 1
+            # Track failing tools from retries for progressive narrowing
+            for tc in (retry_working.get("choices", [{}])[0].get("message", {}).get("tool_calls", [])):
+                fn_name = tc.get("function", {}).get("name", "")
+                raw_args = tc.get("function", {}).get("arguments", "")
+                if fn_name and raw_args and _is_garbled_tool_arguments(raw_args):
+                    failing_tools.add(fn_name)
         monitor.maybe_activate_forced_tool_dampener(retry_issue.kind)
         logger.warning(

package/tools/agents/tests/test_anthropic_proxy_streaming.py CHANGED Viewed

@@ -3872,3 +3872,175 @@ class TestFinalizeTurnToolCallLeak(unittest.TestCase):
         for block in text_blocks:
             self.assertNotIn("<tool_call>", block["text"])
             self.assertNotIn("</tool_call>", block["text"])
+class TestRetryGarbledImprovements(unittest.TestCase):
+    """Tests for progressive garbled cap, arg logging, and tool narrowing on retries."""
+    def test_garbled_cap_applied_in_retry_body(self):
+        """When is_garbled=True, retry body uses PROXY_TOOL_TURN_MAX_TOKENS_GARBLED."""
+        openai_body = {
+            "model": "test-model",
+            "max_tokens": 8192,
+            "messages": [{"role": "user", "content": "test"}],
+            "tools": [],
+        }
+        anthropic_body = {"messages": [{"role": "user", "content": "test"}]}
+        retry_body = proxy._build_malformed_retry_body(
+            openai_body,
+            anthropic_body,
+            retry_hint="fix it",
+            tool_choice="required",
+            attempt=1,
+            total_attempts=3,
+            is_garbled=True,
+        )
+        self.assertEqual(retry_body["max_tokens"], proxy.PROXY_TOOL_TURN_MAX_TOKENS_GARBLED)
+    def test_non_garbled_uses_standard_retry_max(self):
+        """When is_garbled=False, retry body uses PROXY_MALFORMED_TOOL_RETRY_MAX_TOKENS."""
+        openai_body = {
+            "model": "test-model",
+            "max_tokens": 8192,
+            "messages": [{"role": "user", "content": "test"}],
+            "tools": [],
+        }
+        anthropic_body = {"messages": [{"role": "user", "content": "test"}]}
+        retry_body = proxy._build_malformed_retry_body(
+            openai_body,
+            anthropic_body,
+            retry_hint="fix it",
+            tool_choice="required",
+            attempt=1,
+            total_attempts=3,
+            is_garbled=False,
+        )
+        if proxy.PROXY_MALFORMED_TOOL_RETRY_MAX_TOKENS > 0:
+            self.assertLessEqual(retry_body["max_tokens"], proxy.PROXY_MALFORMED_TOOL_RETRY_MAX_TOKENS)
+    def test_exclude_tools_removes_from_retry(self):
+        """exclude_tools parameter removes specified tools from retry body."""
+        openai_body = {
+            "model": "test-model",
+            "max_tokens": 8192,
+            "messages": [{"role": "user", "content": "test"}],
+            "tools": [
+                {"type": "function", "function": {"name": "Grep", "description": "search", "parameters": {"type": "object"}}},
+                {"type": "function", "function": {"name": "Read", "description": "read", "parameters": {"type": "object"}}},
+                {"type": "function", "function": {"name": "Bash", "description": "run", "parameters": {"type": "object"}}},
+            ],
+        }
+        anthropic_body = {
+            "messages": [{"role": "user", "content": "test"}],
+            "tools": [
+                {"name": "Grep", "description": "search", "input_schema": {"type": "object"}},
+                {"name": "Read", "description": "read", "input_schema": {"type": "object"}},
+                {"name": "Bash", "description": "run", "input_schema": {"type": "object"}},
+            ],
+        }
+        retry_body = proxy._build_malformed_retry_body(
+            openai_body,
+            anthropic_body,
+            retry_hint="fix it",
+            tool_choice="required",
+            attempt=2,
+            total_attempts=3,
+            exclude_tools=["Grep"],
+        )
+        tool_names = [t["function"]["name"] for t in retry_body.get("tools", [])]
+        self.assertNotIn("Grep", tool_names)
+        self.assertIn("Read", tool_names)
+        self.assertIn("Bash", tool_names)
+    def test_exclude_tools_none_keeps_all(self):
+        """When exclude_tools is None, all tools are retained."""
+        openai_body = {
+            "model": "test-model",
+            "max_tokens": 8192,
+            "messages": [{"role": "user", "content": "test"}],
+            "tools": [
+                {"type": "function", "function": {"name": "Grep", "description": "search", "parameters": {"type": "object"}}},
+            ],
+        }
+        anthropic_body = {
+            "messages": [{"role": "user", "content": "test"}],
+            "tools": [
+                {"name": "Grep", "description": "search", "input_schema": {"type": "object"}},
+            ],
+        }
+        retry_body = proxy._build_malformed_retry_body(
+            openai_body,
+            anthropic_body,
+            retry_hint="fix it",
+            tool_choice="required",
+            attempt=2,
+            total_attempts=3,
+            exclude_tools=None,
+        )
+        tool_names = [t["function"]["name"] for t in retry_body.get("tools", [])]
+        self.assertIn("Grep", tool_names)
+    def test_garbled_args_excerpt_in_issue(self):
+        """_is_garbled_tool_arguments detects garbled content for logging."""
+        # Garbled pattern: runaway braces
+        garbled = '{"pattern": "test}}}}}}}}}}}}}}"}'
+        self.assertTrue(proxy._is_garbled_tool_arguments(garbled))
+        # Clean pattern
+        clean = '{"pattern": "hello", "path": "/src"}'
+        self.assertFalse(proxy._is_garbled_tool_arguments(clean))
+class TestSpecModeLeakMarkers(unittest.TestCase):
+    """Tests for spec mode and system-reminder leak detection markers."""
+    def test_spec_mode_active_detected(self):
+        """Spec mode system prompt text is detected as a leak."""
+        value = {"patterns": ["**Spec mode is active. The user indicated that they do not want you to execute"]}
+        self.assertTrue(proxy._contains_system_prompt_leak(value))
+    def test_system_reminder_tags_detected(self):
+        """Raw <system-reminder> tags in args are detected as a leak."""
+        value = {"content": "<system-reminder>\nSpec mode active\n</system-reminder>"}
+        self.assertTrue(proxy._contains_system_prompt_leak(value))
+    def test_gather_requirements_detected(self):
+        """'gather requirements and clarify decisions' phrase is detected."""
+        value = {"text": "executed AskUser tool to gather requirements and clarify decisions before finalizing your spec"}
+        self.assertTrue(proxy._contains_system_prompt_leak(value))
+    def test_clean_args_not_flagged(self):
+        """Normal tool arguments are not flagged as leaks."""
+        value = {"pattern": "*.ts", "path": "/home/user/project/src"}
+        self.assertFalse(proxy._contains_system_prompt_leak(value))
+    def test_repair_truncates_string_arg_at_spec_mode_leak(self):
+        """_repair_system_prompt_leak truncates string args at spec mode leak point."""
+        openai_resp = {
+            "choices": [{
+                "index": 0,
+                "message": {
+                    "role": "assistant",
+                    "tool_calls": [{
+                        "id": "call_test",
+                        "type": "function",
+                        "function": {
+                            "name": "Grep",
+                            "arguments": '{"pattern":"TODO Spec mode is active. The user indicated"}'
+                        }
+                    }]
+                },
+                "finish_reason": "tool_calls",
+            }],
+        }
+        repaired, count = proxy._repair_system_prompt_leak(openai_resp)
+        self.assertGreater(count, 0)
+        args_str = repaired["choices"][0]["message"]["tool_calls"][0]["function"]["arguments"]
+        self.assertNotIn("spec mode is active", args_str.lower())
+        # The valid prefix should be preserved
+        parsed = json.loads(args_str)
+        self.assertTrue(parsed["pattern"].startswith("TODO"))
+    def test_detection_works_on_list_values(self):
+        """_contains_system_prompt_leak detects leaks inside list values."""
+        value = {"patterns": ["**Spec mode is active. The user indicated"]}
+        self.assertTrue(proxy._contains_system_prompt_leak(value))