@miller-tech/uap 1.20.26 → 1.20.29

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@miller-tech/uap",
-  "version": "1.20.26",
+  "version": "1.20.29",
   "description": "Autonomous AI agent memory system with CLAUDE.md protocol enforcement",
   "type": "module",
   "main": "dist/index.js",

package/tools/agents/scripts/anthropic_proxy.py

@@ -656,6 +656,8 @@ class SessionMonitor:
     tool_state_review_cycles: int = 0
     last_tool_fingerprint: str = ""
     cycling_tool_names: list = field(default_factory=list)
+    session_banned_tools: set = field(default_factory=set)  # tools banned for entire session after repeated cycling
+    tool_cycle_counts: dict = field(default_factory=dict)  # {tool_name: cycle_count} across resets
     last_response_garbled: bool = False  # previous turn had garbled/malformed output
     finalize_turn_active: bool = False
     finalize_continuation_count: int = 0
@@ -2240,6 +2242,16 @@ def _resolve_state_machine_tool_choice(
                 for part in fp.split("|"):
                     raw_names.append(part.split(":")[0])
             monitor.cycling_tool_names = list(dict.fromkeys(raw_names))
+            # Cycle 18 Option 2: track per-tool cycle counts and ban after 3 cycles
+            for name in monitor.cycling_tool_names:
+                monitor.tool_cycle_counts[name] = monitor.tool_cycle_counts.get(name, 0) + 1
+                if monitor.tool_cycle_counts[name] >= 3 and name not in monitor.session_banned_tools:
+                    monitor.session_banned_tools.add(name)
+                    logger.warning(
+                        "TOOL BAN: '%s' banned for session after %d cycle detections",
+                        name,
+                        monitor.tool_cycle_counts[name],
+                    )
             logger.warning(
                 "TOOL STATE MACHINE: entering review (cycle=%s repeat=%d stagnation=%d cycles=%d cycling_tools=%s)",
                 cycle_looping,
@@ -2465,14 +2477,22 @@ def build_openai_request(
         openai_body["stop"] = anthropic_body["stop_sequences"]
 
     # Force controlled temperature for tool-call turns to reduce garbled output
+    # Cycle 15 Option 2: use lower temperature after contamination resets
     if has_tools:
         client_temp = openai_body.get("temperature")
-        if client_temp is None or client_temp > PROXY_TOOL_TURN_TEMPERATURE:
-            openai_body["temperature"] = PROXY_TOOL_TURN_TEMPERATURE
+        target_temp = PROXY_TOOL_TURN_TEMPERATURE
+        if monitor.contamination_resets > 0:
+            target_temp = min(target_temp, 0.1)
+        if client_temp is None or client_temp > target_temp:
+            openai_body["temperature"] = target_temp
+            extra = ""
+            if monitor.contamination_resets > 0:
+                extra = f" (post-contamination reset, resets={monitor.contamination_resets})"
             logger.info(
-                "TOOL TURN TEMP: forcing temperature=%.2f (was %s) for tool-enabled request",
-                PROXY_TOOL_TURN_TEMPERATURE,
+                "TOOL TURN TEMP: forcing temperature=%.2f (was %s) for tool-enabled request%s",
+                target_temp,
                 client_temp,
+                extra,
             )
 
     # Convert Anthropic tools to OpenAI function-calling tools
@@ -2621,14 +2641,15 @@ def build_openai_request(
                     cycling_names,
                     cycles,
                 )
-            # Narrow tools to exclude cycling tools
+            # Narrow tools to exclude cycling tools + session-banned tools
             # Option 1 (Cycle 13): if any cycling tool is read-only, exclude entire class
             # Option 1 (Cycle 14): persist exclusion during act phase too, not just review
+            # Option 2 (Cycle 18): always exclude session-banned tools
             if (
-                monitor.cycling_tool_names
+                (monitor.cycling_tool_names or monitor.session_banned_tools)
                 and "tools" in openai_body
             ):
-                exclude_set = set(monitor.cycling_tool_names)
+                exclude_set = set(monitor.cycling_tool_names) | monitor.session_banned_tools
                 # Expand to full read-only class if any cycling tool is read-only
                 if any(n.lower() in {c.lower() for c in _READ_ONLY_TOOL_CLASS} for n in exclude_set):
                     exclude_set |= _READ_ONLY_TOOL_CLASS
@@ -2640,13 +2661,15 @@ def build_openai_request(
                 ]
                 if narrowed:
                     openai_body["tools"] = narrowed
-                    logger.warning(
-                        "CYCLE BREAK: narrowed tools from %d to %d (excluded %s, read_only_class=%s)",
-                        original_count,
-                        len(narrowed),
-                        monitor.cycling_tool_names,
-                        any(n.lower() in {c.lower() for c in _READ_ONLY_TOOL_CLASS} for n in monitor.cycling_tool_names),
-                    )
+                    # Only log on first activation or phase transitions to reduce noise
+                    if state_reason in {"cycle_detected", "stagnation"}:
+                        logger.warning(
+                            "CYCLE BREAK: narrowed tools from %d to %d (excluded %s, read_only_class=%s)",
+                            original_count,
+                            len(narrowed),
+                            monitor.cycling_tool_names,
+                            any(n.lower() in {c.lower() for c in _READ_ONLY_TOOL_CLASS} for n in monitor.cycling_tool_names),
+                        )
                 else:
                     logger.warning(
                         "CYCLE BREAK: cannot narrow tools — all tools are cycling, keeping original set",
@@ -3084,6 +3107,47 @@ _TOOL_CALL_XML_RE = re.compile(
 )
 
 
+def _repair_tool_call_json(raw: str) -> str | None:
+    """Attempt to repair common garbled JSON in tool call payloads.
+
+    Returns repaired JSON string, or None if repair is not possible.
+    Handles: trailing braces, unbalanced brackets, truncated strings.
+    """
+    s = raw.strip()
+    if not s.startswith("{"):
+        return None
+    # Strip trailing garbage (runaway braces/brackets)
+    while s.endswith("}}") and s.count("{") < s.count("}"):
+        s = s[:-1]
+    while s.endswith("]]") and s.count("[") < s.count("]"):
+        s = s[:-1]
+    # Balance braces
+    open_b = s.count("{") - s.count("}")
+    if open_b > 0:
+        s += "}" * open_b
+    elif open_b < 0:
+        # Too many closing braces — trim from end
+        for _ in range(-open_b):
+            idx = s.rfind("}")
+            if idx > 0:
+                s = s[:idx] + s[idx + 1:]
+    # Try to parse
+    try:
+        json.loads(s)
+        return s
+    except json.JSONDecodeError:
+        pass
+    # Try truncating at last valid comma + closing
+    for end in range(len(s) - 1, max(0, len(s) - 200), -1):
+        candidate = s[:end].rstrip().rstrip(",") + "}" * max(0, s[:end].count("{") - s[:end].count("}"))
+        try:
+            json.loads(candidate)
+            return candidate
+        except json.JSONDecodeError:
+            continue
+    return None
+
+
 def _extract_tool_calls_from_text(text: str) -> tuple[list[dict], str]:
     """Parse ``<tool_call>{...}</tool_call>`` blocks out of *text*.
 
@@ -3104,7 +3168,18 @@ def _extract_tool_calls_from_text(text: str) -> tuple[list[dict], str]:
         try:
             payload = json.loads(raw_json)
         except json.JSONDecodeError:
-            continue
+            # Cycle 15 Option 1: attempt JSON repair before giving up
+            repaired = _repair_tool_call_json(raw_json)
+            if repaired:
+                try:
+                    payload = json.loads(repaired)
+                    logger.info(
+                        "TOOL CALL EXTRACTION: repaired garbled JSON in <tool_call> block"
+                    )
+                except json.JSONDecodeError:
+                    continue
+            else:
+                continue
         if not isinstance(payload, dict):
             continue
 
@@ -4372,9 +4447,11 @@ def _build_malformed_retry_body(
     retry_body = dict(openai_body)
     retry_body["stream"] = False
     retry_body["tool_choice"] = tool_choice
-    # Escalate temperature down on successive retries for more deterministic output
+    # Cycle 15 Option 3: vary temperature across retries to break degenerate patterns.
+    # Attempt 1: use configured retry temp (default 0.0) for deterministic first try.
+    # Attempt 2+: increase to 0.5 to escape the degenerate local minimum.
     if total_attempts > 1 and attempt > 1:
-        retry_body["temperature"] = 0.0
+        retry_body["temperature"] = 0.5
     else:
         retry_body["temperature"] = PROXY_MALFORMED_TOOL_RETRY_TEMPERATURE
 
@@ -4691,7 +4768,7 @@ async def _apply_malformed_tool_guardrail(
 
     attempts = max(0, PROXY_MALFORMED_TOOL_RETRY_MAX)
     current_issue = issue
-    # Track failing tool names for Option 3 (tool narrowing on retry)
+    # Track failing tool names for tool narrowing on retry
     failing_tools: set[str] = set()
     if issue.kind == "invalid_tool_args":
         for tc in (working_resp.get("choices", [{}])[0].get("message", {}).get("tool_calls", [])):
@@ -4699,14 +4776,22 @@ async def _apply_malformed_tool_guardrail(
             raw_args = tc.get("function", {}).get("arguments", "")
             if fn_name and raw_args and _is_garbled_tool_arguments(raw_args):
                 failing_tools.add(fn_name)
+    # Cycle 15 Option 1: For malformed_payload retries, exclude complex
+    # multi-field tools (task, Agent) that are prone to garbled generation
+    # after the first retry fails.
+    _COMPLEX_TOOLS_TO_EXCLUDE_ON_MALFORMED = {"task", "Agent"}
+    malformed_exclude_active = False
     for attempt in range(attempts):
         attempt_tool_choice = _retry_tool_choice_for_attempt(
             required_tool_choice,
             attempt,
             attempts,
         )
-        # Option 3: On attempt >= 2, exclude consistently failing tools
-        exclude = list(failing_tools) if attempt >= 1 and failing_tools else None
+        # On attempt >= 1, exclude consistently failing tools OR complex tools for malformed
+        exclude_set = set(failing_tools) if failing_tools else set()
+        if malformed_exclude_active:
+            exclude_set |= _COMPLEX_TOOLS_TO_EXCLUDE_ON_MALFORMED
+        exclude = list(exclude_set) if (attempt >= 1 and exclude_set) else None
         retry_body = _build_malformed_retry_body(
             openai_body,
             anthropic_body,
@@ -4785,6 +4870,8 @@ async def _apply_malformed_tool_guardrail(
 
         if retry_issue.kind == "malformed_payload":
             monitor.malformed_tool_streak += 1
+            # Cycle 15 Option 1: activate complex tool exclusion for next retry
+            malformed_exclude_active = True
         elif retry_issue.kind == "invalid_tool_args":
             monitor.invalid_tool_call_streak += 1
             monitor.arg_preflight_rejections += 1
@@ -4898,6 +4985,35 @@ def _maybe_apply_session_contamination_breaker(
     if not should_reset:
         return anthropic_body
 
+    # Cycle 15 Option 3: if contamination has already reset N+ times in this
+    # session, the model is fundamentally unable to produce valid tool calls.
+    # Force finalize so the Droid framework can intervene.
+    max_contamination_resets = 3
+    if monitor.contamination_resets >= max_contamination_resets:
+        logger.error(
+            "SESSION CONTAMINATION LOOP: session=%s contamination_resets=%d >= %d, forcing finalize",
+            session_id,
+            monitor.contamination_resets,
+            max_contamination_resets,
+        )
+        monitor.set_tool_turn_phase("finalize", reason="contamination_loop")
+        monitor.contamination_resets += 1
+        monitor.malformed_tool_streak = 0
+        monitor.invalid_tool_call_streak = 0
+        # Remove tools to force text-only response
+        updated = dict(anthropic_body)
+        updated.pop("tools", None)
+        updated.pop("tool_choice", None)
+        msgs = updated.get("messages", [])
+        msgs.append({
+            "role": "user",
+            "content": (
+                "Tool-call generation has failed repeatedly. Respond with plain text only. "
+                "Summarize what you have accomplished and what remains to be done."
+            ),
+        })
+        return updated
+
     messages = anthropic_body.get("messages", [])
     keep_last = max(2, PROXY_SESSION_CONTAMINATION_KEEP_LAST)
     if len(messages) <= keep_last + 1:

package/tools/agents/tests/test_anthropic_proxy_streaming.py

@@ -4575,3 +4575,224 @@ class TestPersistentCycleExclusion(unittest.TestCase):
         finally:
             for k, v in old_vals.items():
                 setattr(proxy, k, v)
+
+
+class TestMalformedPayloadLoopFix(unittest.TestCase):
+    """Tests for Cycle 15: malformed payload loop breaking."""
+
+    def test_contamination_loop_forces_finalize(self):
+        """Option 3: after 3+ contamination resets, force finalize."""
+        monitor = proxy.SessionMonitor(context_window=262144)
+        monitor.contamination_resets = 3  # already hit 3 resets
+        monitor.malformed_tool_streak = 3  # triggers should_reset
+
+        body = {
+            "model": "test",
+            "messages": [
+                {"role": "user", "content": "do something"},
+                {"role": "assistant", "content": "ok"},
+                {"role": "user", "content": "continue"},
+            ],
+            "tools": [
+                {"name": "bash", "description": "Run", "input_schema": {"type": "object"}},
+            ],
+        }
+        result = proxy._maybe_apply_session_contamination_breaker(
+            body, monitor, "test-session"
+        )
+        # Should have removed tools and forced finalize
+        self.assertNotIn("tools", result)
+        self.assertNotIn("tool_choice", result)
+        self.assertEqual(monitor.tool_turn_phase, "finalize")
+        # Check finalize instruction was injected
+        last_msg = result["messages"][-1]
+        self.assertIn("plain text only", last_msg["content"])
+
+    def test_contamination_below_threshold_resets_normally(self):
+        """Below 3 contamination resets, normal reset behavior."""
+        monitor = proxy.SessionMonitor(context_window=262144)
+        monitor.contamination_resets = 1
+        monitor.malformed_tool_streak = 3
+
+        # Need enough messages (> keep_last + 1) for full reset path
+        msgs = [{"role": "user", "content": "start"}]
+        for i in range(20):
+            msgs.append({"role": "assistant", "content": f"resp {i}"})
+            msgs.append({"role": "user", "content": f"msg {i}"})
+        body = {
+            "model": "test",
+            "messages": msgs,
+            "tools": [
+                {"name": "bash", "description": "Run", "input_schema": {"type": "object"}},
+            ],
+        }
+        result = proxy._maybe_apply_session_contamination_breaker(
+            body, monitor, "test-session"
+        )
+        # Should have done normal reset (increment contamination_resets)
+        self.assertEqual(monitor.contamination_resets, 2)
+        self.assertEqual(monitor.tool_turn_phase, "bootstrap")
+
+    def test_post_contamination_temp_lowered(self):
+        """Option 2: temperature lowered to 0.1 after contamination reset."""
+        monitor = proxy.SessionMonitor(context_window=262144)
+        monitor.contamination_resets = 1  # has had a reset
+
+        body = {
+            "model": "test",
+            "messages": [{"role": "user", "content": "test"}],
+            "tools": [
+                {"name": "bash", "description": "Run", "input_schema": {"type": "object"}},
+            ],
+        }
+        openai = proxy.build_openai_request(body, monitor)
+        self.assertLessEqual(openai.get("temperature", 1.0), 0.1)
+
+    def test_normal_temp_without_contamination(self):
+        """Without contamination resets, normal tool temp (0.3) is used."""
+        monitor = proxy.SessionMonitor(context_window=262144)
+        monitor.contamination_resets = 0
+
+        body = {
+            "model": "test",
+            "messages": [{"role": "user", "content": "test"}],
+            "tools": [
+                {"name": "bash", "description": "Run", "input_schema": {"type": "object"}},
+            ],
+        }
+        openai = proxy.build_openai_request(body, monitor)
+        self.assertAlmostEqual(openai.get("temperature", 1.0), 0.3, places=1)
+
+
+class TestToolCallJsonRepair(unittest.TestCase):
+    """Tests for Cycle 15 Option 1: JSON repair in tool call extraction."""
+
+    def test_repairs_trailing_braces(self):
+        """Runaway closing braces are trimmed and JSON parsed."""
+        garbled = '{"name":"bash","arguments":{"command":"ls"}}}}'
+        repaired = proxy._repair_tool_call_json(garbled)
+        self.assertIsNotNone(repaired)
+        parsed = json.loads(repaired)
+        self.assertEqual(parsed["name"], "bash")
+
+    def test_repairs_unbalanced_open_braces(self):
+        """Missing closing braces are added."""
+        garbled = '{"name":"read","arguments":{"file_path":"/foo"}'
+        repaired = proxy._repair_tool_call_json(garbled)
+        self.assertIsNotNone(repaired)
+        parsed = json.loads(repaired)
+        self.assertEqual(parsed["name"], "read")
+
+    def test_returns_none_for_total_garbage(self):
+        """Completely invalid JSON returns None."""
+        result = proxy._repair_tool_call_json("not json at all")
+        self.assertIsNone(result)
+
+    def test_extracts_repaired_tool_call_from_text(self):
+        """End-to-end: garbled <tool_call> XML is extracted after repair."""
+        text = '<tool_call>\n{"name":"bash","arguments":{"command":"pwd"}}}\n</tool_call>'
+        extracted, remaining = proxy._extract_tool_calls_from_text(text)
+        self.assertEqual(len(extracted), 1)
+        self.assertEqual(extracted[0]["function"]["name"], "bash")
+
+
+class TestRetryTemperatureVariance(unittest.TestCase):
+    """Tests for Cycle 15 Option 3: retry temperature variance."""
+
+    def test_retry_attempt_1_uses_configured_temp(self):
+        """First retry attempt uses PROXY_MALFORMED_TOOL_RETRY_TEMPERATURE."""
+        body = proxy._build_malformed_retry_body(
+            {"messages": [{"role": "user", "content": "test"}], "tools": []},
+            {"messages": [{"role": "user", "content": "test"}], "tools": []},
+            retry_hint="fix it",
+            tool_choice="required",
+            attempt=1,
+            total_attempts=3,
+            is_garbled=False,
+        )
+        self.assertEqual(body["temperature"], proxy.PROXY_MALFORMED_TOOL_RETRY_TEMPERATURE)
+
+    def test_retry_attempt_2_uses_higher_temp(self):
+        """Second retry attempt uses temp=0.5 to break degenerate patterns."""
+        body = proxy._build_malformed_retry_body(
+            {"messages": [{"role": "user", "content": "test"}], "tools": []},
+            {"messages": [{"role": "user", "content": "test"}], "tools": []},
+            retry_hint="fix it",
+            tool_choice="required",
+            attempt=2,
+            total_attempts=3,
+            is_garbled=False,
+        )
+        self.assertEqual(body["temperature"], 0.5)
+
+
+class TestCycle18SessionBanAndLogNoise(unittest.TestCase):
+    """Tests for Cycle 18: session tool banning and log noise reduction."""
+
+    def test_tool_banned_after_3_cycle_detections(self):
+        """Option 2: tool gets session-banned after cycling 3 times."""
+        monitor = proxy.SessionMonitor(context_window=262144)
+        # Simulate 3 separate cycle detections for 'task'
+        monitor.tool_cycle_counts["task"] = 2
+        monitor.cycling_tool_names = ["task"]
+
+        # This is what happens inside the cycle detection — manually trigger
+        for name in monitor.cycling_tool_names:
+            monitor.tool_cycle_counts[name] = monitor.tool_cycle_counts.get(name, 0) + 1
+            if monitor.tool_cycle_counts[name] >= 3:
+                monitor.session_banned_tools.add(name)
+
+        self.assertIn("task", monitor.session_banned_tools)
+        self.assertEqual(monitor.tool_cycle_counts["task"], 3)
+
+    def test_session_ban_survives_state_reset(self):
+        """Option 2: session_banned_tools persists through reset_tool_turn_state."""
+        monitor = proxy.SessionMonitor(context_window=262144)
+        monitor.session_banned_tools.add("task")
+        monitor.tool_cycle_counts["task"] = 3
+
+        monitor.reset_tool_turn_state(reason="test")
+
+        # Session bans survive resets — they're session-level, not phase-level
+        self.assertIn("task", monitor.session_banned_tools)
+        self.assertEqual(monitor.tool_cycle_counts["task"], 3)
+
+    def test_banned_tools_excluded_even_without_cycling(self):
+        """Option 2: session-banned tools are excluded even when cycling_tool_names is empty."""
+        old_vals = {}
+        for k in ["PROXY_TOOL_STATE_MACHINE", "PROXY_TOOL_STATE_MIN_MESSAGES",
+                   "PROXY_TOOL_STATE_FORCED_BUDGET"]:
+            old_vals[k] = getattr(proxy, k)
+        try:
+            setattr(proxy, "PROXY_TOOL_STATE_MACHINE", True)
+            setattr(proxy, "PROXY_TOOL_STATE_MIN_MESSAGES", 3)
+            setattr(proxy, "PROXY_TOOL_STATE_FORCED_BUDGET", 6)
+
+            body = {
+                "model": "test",
+                "messages": [
+                    {"role": "user", "content": "do"},
+                    {"role": "assistant", "content": [
+                        {"type": "tool_use", "id": "t1", "name": "bash", "input": {"command": "ls"}}
+                    ]},
+                    {"role": "user", "content": [
+                        {"type": "tool_result", "tool_use_id": "t1", "content": "ok"}
+                    ]},
+                ],
+                "tools": [
+                    {"name": "task", "description": "Task", "input_schema": {"type": "object"}},
+                    {"name": "bash", "description": "Bash", "input_schema": {"type": "object"}},
+                    {"name": "read", "description": "Read", "input_schema": {"type": "object"}},
+                ],
+            }
+            monitor = proxy.SessionMonitor(context_window=262144)
+            monitor.session_banned_tools.add("task")
+            monitor.cycling_tool_names = []  # no active cycling
+
+            openai = proxy.build_openai_request(body, monitor)
+            remaining = [t["function"]["name"] for t in openai.get("tools", [])]
+            self.assertNotIn("task", remaining)
+            self.assertIn("bash", remaining)
+        finally:
+            for k, v in old_vals.items():
+                setattr(proxy, k, v)