@miller-tech/uap 1.20.46 → 1.20.48

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@miller-tech/uap",
-  "version": "1.20.46",
+  "version": "1.20.48",
   "description": "Autonomous AI agent memory system with CLAUDE.md protocol enforcement",
   "type": "module",
   "main": "dist/index.js",

package/tools/agents/scripts/anthropic_proxy.py

@@ -224,6 +224,16 @@ PROXY_FINALIZE_CONTINUATION_MAX = int(
 PROXY_FINALIZE_SESSION_HARD_CAP = int(
     os.environ.get("PROXY_FINALIZE_SESSION_HARD_CAP", "3")
 )
+# Recon-convergence guardrail: after this many consecutive turns of PURE
+# read-only exploration (Read/Grep/Glob/etc. — no write/edit/deliverable
+# tool), the proxy injects a directive telling the model to stop exploring
+# and produce its deliverable. Targets the failure mode where an agentic
+# recon task reads files for hundreds of turns and never converges to the
+# synthesis/write step (observed: 664-turn recon, no deliverable started).
+# 0 disables.
+PROXY_RECON_CONVERGENCE_THRESHOLD = int(
+    os.environ.get("PROXY_RECON_CONVERGENCE_THRESHOLD", "40")
+)
 PROXY_STREAM_REASONING_FALLBACK = (
     os.environ.get("PROXY_STREAM_REASONING_FALLBACK", "off").strip().lower()
 )
@@ -716,6 +726,7 @@ class SessionMonitor:
     )
     loop_warnings_emitted: int = 0  # How many loop warnings sent to the model
     no_progress_streak: int = 0  # Forced tool turns without new tool_result
+    consecutive_readonly_turns: int = 0  # turns of pure read-only exploration (B1)
     unexpected_end_turn_count: int = 0  # end_turn without tool_use in active loop
     tool_starvation_streak: int = 0  # Consecutive forced turns with no tool_calls produced
     malformed_tool_streak: int = 0  # consecutive malformed pseudo tool payloads
@@ -812,7 +823,12 @@ class SessionMonitor:
         turns_str = f"~{turns} turns remaining" if turns is not None else "unknown"
 
         if warning == "CRITICAL":
-            logger.error(
+            # WARNING, not ERROR: critical context utilization is a *handled*
+            # condition — the proxy force-prunes and the session continues.
+            # Logging it at ERROR floods the error stream (100+/2h for a few
+            # context-saturated agentic sessions) and drowns genuine failures.
+            # CONTEXT HIGH below is already WARNING; this keeps parity.
+            logger.warning(
                 "CONTEXT CRITICAL: %d/%d tokens (%.1f%%), %s, pruned=%d, overflows=%d",
                 self.last_input_tokens,
                 self.context_window,
@@ -868,6 +884,16 @@ class SessionMonitor:
         if len(self.tool_call_history) > 30:
             self.tool_call_history = self.tool_call_history[-30:]
 
+        # Recon-convergence (B1): count consecutive turns of PURE read-only
+        # exploration. A turn that uses any non-read-only tool (write, edit,
+        # a deliverable tool) resets the streak — that's the model
+        # converging from exploration toward synthesis/action.
+        _ro = {n.lower() for n in _READ_ONLY_TOOL_CLASS}
+        if tool_names and all(n.lower() in _ro for n in tool_names):
+            self.consecutive_readonly_turns += 1
+        else:
+            self.consecutive_readonly_turns = 0
+
         # Track read-only tool targets for dedup (Option 3)
         if tool_targets:
             for name, target in tool_targets.items():
@@ -3213,6 +3239,51 @@ def _resolve_state_machine_tool_choice(
     return None, "unknown_phase"
 
 
+def _maybe_inject_recon_convergence(openai_body: dict, monitor: "SessionMonitor") -> None:
+    """Nudge a session stuck in prolonged read-only exploration toward its
+    deliverable.
+
+    Fires when `consecutive_readonly_turns` crosses
+    PROXY_RECON_CONVERGENCE_THRESHOLD — the model has read files for many
+    turns without writing anything. Targets the observed failure mode of
+    an agentic recon task wandering for hundreds of turns and never
+    converging to the synthesis/write step. Two escalation tiers: a firm
+    "switch to synthesis" directive, then a hard "STOP, write it now" once
+    the streak is 2x over threshold.
+    """
+    if PROXY_RECON_CONVERGENCE_THRESHOLD <= 0:
+        return
+    streak = monitor.consecutive_readonly_turns
+    if streak < PROXY_RECON_CONVERGENCE_THRESHOLD:
+        return
+    util = monitor.get_utilization()
+    if streak >= 2 * PROXY_RECON_CONVERGENCE_THRESHOLD:
+        directive = (
+            f"STOP exploring. You have run {streak} consecutive turns of "
+            f"read-only exploration and context is at {util * 100:.0f}%. "
+            "You will NOT finish if you keep reading files. Produce your "
+            "deliverable NOW from the information you already have — write "
+            "it to a file with the appropriate tool. Do not read anything else."
+        )
+        tier = "hard"
+    else:
+        directive = (
+            f"You have read files for {streak} consecutive turns without "
+            f"producing a deliverable (context {util * 100:.0f}%). You have "
+            "enough to begin. Switch from exploration to synthesis: write "
+            "your deliverable now. Read at most one more file, and only if "
+            "strictly required to write it."
+        )
+        tier = "firm"
+    msgs = openai_body.get("messages", [])
+    msgs.append({"role": "user", "content": directive})
+    openai_body["messages"] = msgs
+    logger.warning(
+        "RECON CONVERGENCE: injected %s directive (readonly_streak=%d, ctx=%.0f%%)",
+        tier, streak, util * 100,
+    )
+
+
 def build_openai_request(
     anthropic_body: dict,
     monitor: SessionMonitor,
@@ -3720,6 +3791,11 @@ def build_openai_request(
 
         _apply_tool_call_grammar(openai_body, grammar_override=profile_grammar)
 
+    # Recon-convergence guardrail (B1) — runs on every built request so a
+    # session wandering in read-only exploration is nudged toward its
+    # deliverable regardless of tool-turn phase.
+    _maybe_inject_recon_convergence(openai_body, monitor)
+
     return openai_body
 
 

package/tools/agents/tests/test_anthropic_proxy_streaming.py

@@ -5371,3 +5371,84 @@ class TestSlotSaveRestore(unittest.TestCase):
         self.assertIn("fp:owner", proxy._slot_lru)
         self.assertIn("fp:new1", proxy._slot_lru)
         self.assertIn("fp:new2", proxy._slot_lru)
+
+
+class TestReconConvergence(unittest.TestCase):
+    """Tests for the B1 recon-convergence guardrail — nudges a session
+    stuck doing read-only exploration toward producing its deliverable.
+
+    Targets the observed failure: a 664-turn agentic recon task that read
+    files for hours and never converged to the synthesis/write step."""
+
+    def setUp(self):
+        self._threshold = proxy.PROXY_RECON_CONVERGENCE_THRESHOLD
+
+    def tearDown(self):
+        proxy.PROXY_RECON_CONVERGENCE_THRESHOLD = self._threshold
+
+    def test_readonly_turns_increment_the_streak(self):
+        """Consecutive turns using only read-only tools grow the streak."""
+        m = proxy.SessionMonitor(context_window=131072)
+        for _ in range(5):
+            m.record_tool_calls(["Read"])
+        self.assertEqual(m.consecutive_readonly_turns, 5)
+        m.record_tool_calls(["Grep", "Glob"])
+        self.assertEqual(m.consecutive_readonly_turns, 6)
+
+    def test_non_readonly_tool_resets_the_streak(self):
+        """A turn using a write/edit tool means the model converged toward
+        action — the streak resets to 0."""
+        m = proxy.SessionMonitor(context_window=131072)
+        for _ in range(10):
+            m.record_tool_calls(["Read"])
+        self.assertEqual(m.consecutive_readonly_turns, 10)
+        m.record_tool_calls(["Write"])
+        self.assertEqual(m.consecutive_readonly_turns, 0)
+
+    def test_mixed_turn_with_one_write_resets(self):
+        """A turn mixing read-only and a write tool still counts as
+        converging — any non-read-only tool resets."""
+        m = proxy.SessionMonitor(context_window=131072)
+        for _ in range(10):
+            m.record_tool_calls(["Read"])
+        m.record_tool_calls(["Read", "Edit"])
+        self.assertEqual(m.consecutive_readonly_turns, 0)
+
+    def test_no_injection_below_threshold(self):
+        proxy.PROXY_RECON_CONVERGENCE_THRESHOLD = 40
+        m = proxy.SessionMonitor(context_window=131072)
+        m.consecutive_readonly_turns = 39
+        body = {"messages": [{"role": "user", "content": "go"}]}
+        proxy._maybe_inject_recon_convergence(body, m)
+        self.assertEqual(len(body["messages"]), 1)
+
+    def test_firm_directive_at_threshold(self):
+        proxy.PROXY_RECON_CONVERGENCE_THRESHOLD = 40
+        m = proxy.SessionMonitor(context_window=131072)
+        m.consecutive_readonly_turns = 45
+        m.last_input_tokens = 120000
+        body = {"messages": [{"role": "user", "content": "go"}]}
+        proxy._maybe_inject_recon_convergence(body, m)
+        self.assertEqual(len(body["messages"]), 2)
+        injected = body["messages"][-1]["content"]
+        self.assertIn("synthesis", injected.lower())
+        self.assertNotIn("STOP exploring", injected)
+
+    def test_hard_directive_at_2x_threshold(self):
+        """Once the streak is 2x over threshold, escalate to a hard STOP."""
+        proxy.PROXY_RECON_CONVERGENCE_THRESHOLD = 40
+        m = proxy.SessionMonitor(context_window=131072)
+        m.consecutive_readonly_turns = 80
+        m.last_input_tokens = 250000  # over budget — the real-incident shape
+        body = {"messages": [{"role": "user", "content": "go"}]}
+        proxy._maybe_inject_recon_convergence(body, m)
+        injected = body["messages"][-1]["content"]
+        self.assertIn("STOP exploring", injected)
+
+    def test_disabled_when_threshold_zero(self):
+        proxy.PROXY_RECON_CONVERGENCE_THRESHOLD = 0
+        m = proxy.SessionMonitor(context_window=131072)
+        m.consecutive_readonly_turns = 500
+        body = {"messages": [{"role": "user", "content": "go"}]}
+        proxy._maybe_inject_recon_convergence(body, m)
+        self.assertEqual(len(body["messages"]), 1)