aiden-runtime 4.9.3 → 4.9.4

package/README.md

@@ -235,7 +235,7 @@ Full v4.5 internals: [`docs/v4.5/`](docs/v4.5/) (overview, triggers, architectur
 
 
 
-https://github.com/user-attachments/assets/a76bf4a5-28ca-43b5-8975-5ef0a66ee90d
+
 
 
 

package/dist/core/v4/aidenAgent.js

@@ -80,6 +80,9 @@ exports.AidenAgent = void 0;
 // AIDEN_TCE=0 to disable. Zero
 // behavioral change when unset. See core/v4/turnState.ts.
 const turnState_1 = require("./turnState");
+// v4.9.4 Slice 1 — tool-call/result protocol invariant + synthetic
+// blocked-result helpers used at the surface + abort fill sites.
+const toolCallInvariant_1 = require("./toolCallInvariant");
 // v4.2 Phase 1 — per-tool result verifier. Same TCE gate as
 // TurnState (default ON, opt-out via AIDEN_TCE=0); classification
 // feeds the recovery controller.
@@ -152,6 +155,7 @@ class AidenAgent {
         this.provider = opts.provider;
         this.toolExecutor = opts.toolExecutor;
         this.tools = opts.tools;
+        this.turnStateFactory = opts.turnStateFactory;
         this.maxTurns = opts.maxTurns ?? DEFAULT_MAX_TURNS;
         this.fallback = opts.fallback;
         this.onToolCall = opts.onToolCall;
@@ -640,7 +644,9 @@ class AidenAgent {
         // When disabled, TurnState.recordToolCall short-circuits with
         // `{kind: 'allow'}` and the entire v4.2 recovery surface stays
         // dormant (zero behavioural change vs v4.1.6).
-        const turnState = new turnState_1.TurnState();
+        // v4.9.4 Slice 1 — honor optional test-seam factory. Production
+        // paths never pass turnStateFactory → falls through to real ctor.
+        const turnState = this.turnStateFactory?.() ?? new turnState_1.TurnState();
         // v4.2 Phase 1 — per-tool verifier registry. Constructed
         // unconditionally (cheap, no side effects) but only used to
         // classify tool outcomes when TCE is enabled; verification args
@@ -850,13 +856,27 @@ class AidenAgent {
             // TurnState internals + pushes a corrective system message,
             // then continues the outer iteration loop from a clean baseline.
             let rollbackDecision = null;
-            for (const call of output.toolCalls) {
+            // v4.9.4 Slice 1 — `.entries()` so the surface + abort fill sites
+            // can slice from `callIndex + 1` to compute the un-dispatched tail.
+            for (const [callIndex, call] of output.toolCalls.entries()) {
                 // v4.6 prep — pre-tool-call cooperative-cancellation check.
                 // If the caller aborted between the model emitting tool calls
                 // and us dispatching them, skip the remaining calls in this
                 // batch. We set finishReason here; the outer-while break is
                 // handled after the for-of exits.
                 if (runOptions.signal?.aborted) {
+                    // v4.9.4 Slice 1 — fill synthetic results so the assistant's
+                    // toolCalls[] is balanced before we break. `call` (the one we
+                    // were ABOUT to dispatch) gets variant='interrupted'; every
+                    // remaining call gets variant='skipped'. Both with reason
+                    // 'cancelled'. CRITICAL: also push turnToolMessages into the
+                    // history NOW — the outer `if (finishReason === 'interrupted')`
+                    // break (post-for-of) exits before reaching the line 1599
+                    // bulk-push. Without this explicit push the synthetic results
+                    // we just collected get discarded.
+                    turnToolMessages.push((0, toolCallInvariant_1.synthesizeBlockedToolResult)(call, 'cancelled', { variant: 'interrupted' }));
+                    (0, toolCallInvariant_1.fillRemainingAsBlocked)(turnToolMessages, output.toolCalls, callIndex + 1, 'cancelled', 'skipped');
+                    messages.push(...turnToolMessages);
                     finishReason = 'interrupted';
                     finalContent = '';
                     break;
@@ -1084,9 +1104,22 @@ class AidenAgent {
                 }
                 else if (recovery.kind === 'surface' && recovery.surfaceCard) {
                     // Stage 3: structured failure. Stop dispatching the rest of
-                    // the batch — anything else is throwing good budget after
-                    // bad. The outer loop reads `surfaceDecision` below and
-                    // exits cleanly.
+                    // the batch — anything else is throwing good budget after bad.
+                    // The outer loop reads `surfaceDecision` below and exits cleanly.
+                    //
+                    // v4.9.4 Slice 1 — BEFORE breaking, fill synthetic blocked-
+                    // tool-result messages for every un-dispatched call in this
+                    // batch (slice from callIndex+1; the current call already had
+                    // its real result pushed at line ~1440 just above). Without
+                    // this fill, the assistant message at line ~1170 carries
+                    // tool_call_ids whose matching tool results never land in
+                    // history. The outer surfaceDecision branch (line ~1573)
+                    // pushes turnToolMessages into `messages` and breaks the
+                    // outer while loop, ending the turn — but the persisted
+                    // history carries the orphans. A resumed conversation (or
+                    // any second provider call in the same turn) then returns
+                    // 400 "No tool output found for function call <id>".
+                    (0, toolCallInvariant_1.fillRemainingAsBlocked)(turnToolMessages, output.toolCalls, callIndex + 1, 'tool_loop_surface');
                     surfaceDecision = recovery;
                     break;
                 }
@@ -1211,6 +1244,15 @@ class AidenAgent {
      * loop sees the same `ProviderCallOutput` regardless.
      */
     async callProvider(messages, tools, runOptions) {
+        // v4.9.4 Slice 1 — tool-call protocol preflight. Every assistant
+        // toolCalls[] entry must have a matching {role:'tool', toolCallId}
+        // BEFORE shipping to any provider. If this throws, a guard in
+        // runTurnLoop is leaking orphan tool_call_ids — find the culprit,
+        // don't catch this. The surface + abort fill sites above already
+        // satisfy the invariant; preflight is the audit-loud safety net
+        // for new guards added later (v4.10 rate-limit / cost-budget /
+        // hook-deny). See core/v4/toolCallInvariant.ts.
+        (0, toolCallInvariant_1.assertNoUnansweredToolCalls)(messages);
         const wantStream = runOptions.stream === true && typeof this.provider.callStream === 'function';
         // v4.1.5 Issue K — fire just before the HTTP request opens, so the
         // display layer can transition the activity verb from local-prep

package/dist/core/v4/toolCallInvariant.js

@@ -0,0 +1,150 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * core/v4/toolCallInvariant.ts — v4.9.4 SLICE 1.
+ *
+ * The tool-call/tool-result protocol invariant required by the OpenAI /
+ * ChatGPT-Plus / Anthropic / Codex Responses message wire formats:
+ *
+ *   For every assistant message with toolCalls[],
+ *   every tool_call.id MUST be answered by a later `tool` role message
+ *   carrying the same toolCallId, before the next provider request.
+ *
+ * Aiden previously violated this in two known dispatch sites
+ * (aidenAgent runTurnLoop's surfaceDecision break + abort-signal break)
+ * which left orphan tool_call_ids in persisted history. Resuming such
+ * a history triggered 400 from the provider:
+ *
+ *   Provider chatgpt-plus request failed (400):
+ *   No tool output found for function call call_<id>.
+ *
+ * This module exposes three primitives:
+ *   - assertNoUnansweredToolCalls(messages)        — preflight gate
+ *   - synthesizeBlockedToolResult(call, reason)    — fill primitive
+ *   - fillRemainingAsBlocked(buf, calls, idx, ..)  — batch helper
+ *
+ * Plus the OrphanToolCallError class thrown by the preflight.
+ *
+ * Provider-agnostic — each adapter translates Aiden's internal Message
+ * type into its native wire shape. Assertions run against the internal
+ * Message shape itself.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OrphanToolCallError = void 0;
+exports.assertNoUnansweredToolCalls = assertNoUnansweredToolCalls;
+exports.synthesizeBlockedToolResult = synthesizeBlockedToolResult;
+exports.fillRemainingAsBlocked = fillRemainingAsBlocked;
+// ── Error class ──────────────────────────────────────────────────────
+/**
+ * Thrown by assertNoUnansweredToolCalls. Subclassed from Error so
+ * triage code can:
+ *
+ *   try { ... } catch (e) {
+ *     if (e instanceof OrphanToolCallError) { ... }
+ *   }
+ *
+ * Production code MUST NOT catch this. If it fires, a guard upstream
+ * is leaking orphan tool_call_ids and we want the failure loud at the
+ * site that introduced the leak.
+ */
+class OrphanToolCallError extends Error {
+    constructor(orphans) {
+        const ids = orphans.map((o) => `${o.toolName}#${o.toolCallId}`).join(', ');
+        super(`Tool-call/result protocol violated: ${orphans.length} unanswered tool_call_id(s) [${ids}]. ` +
+            `Some guard in the dispatch loop emitted an assistant message with tool_calls[] ` +
+            `but did not push a matching {role:'tool', toolCallId} for every id. ` +
+            `Find the guard and add a synthesizeBlockedToolResult() call before its break/continue.`);
+        this.name = 'OrphanToolCallError';
+        this.orphans = orphans;
+    }
+}
+exports.OrphanToolCallError = OrphanToolCallError;
+// ── Preflight assertion ──────────────────────────────────────────────
+/**
+ * Walk the messages once. For each assistant message at index i, scan
+ * messages[i+1..] for `{ role: 'tool', toolCallId }` entries matching
+ * each toolCalls[].id. Orphans (unmatched ids) accumulate; a single
+ * Error is thrown listing all of them so a single debugging session
+ * sees the full damage (better than throw-on-first).
+ *
+ * Pure. No IO, no clock. Cost is O(N*M) where N = total messages and
+ * M = avg tool-calls-per-assistant-turn; trivial for any realistic
+ * session (low hundreds of messages, low tens of tool calls per turn).
+ *
+ * Called from AidenAgent.callProvider() as the single boundary preflight
+ * — every provider adapter receives messages[] through that one funnel.
+ */
+function assertNoUnansweredToolCalls(messages) {
+    // Collect all tool-result ids first (single pass) so we can resolve
+    // each assistant's tool_calls in O(1) against a Set.
+    const answeredIds = new Set();
+    for (const m of messages) {
+        if (m.role === 'tool')
+            answeredIds.add(m.toolCallId);
+    }
+    // Now walk assistants and collect orphans.
+    const orphans = [];
+    for (const m of messages) {
+        if (m.role !== 'assistant' || !m.toolCalls)
+            continue;
+        for (const tc of m.toolCalls) {
+            if (!answeredIds.has(tc.id)) {
+                orphans.push({ toolCallId: tc.id, toolName: tc.name });
+            }
+        }
+    }
+    if (orphans.length > 0)
+        throw new OrphanToolCallError(orphans);
+}
+// ── Synthesis primitives ─────────────────────────────────────────────
+/**
+ * Build a tool-role message whose content is a JSON-stringified failure
+ * object the LLM can parse:
+ *
+ *   { ok: false, blocked: true, reason: <code>, message: <human> }
+ *
+ * Same shape regardless of which guard fired so the LLM sees a uniform
+ * signal. Internal Aiden Message type — providers/v4 adapters handle
+ * wire-shape translation per their native protocol.
+ */
+function synthesizeBlockedToolResult(call, reason, opts = {}) {
+    const variant = opts.variant ?? 'skipped';
+    const humanMessage = variant === 'interrupted'
+        ? `This call was interrupted before execution. (reason: ${reason})`
+        : `This call was skipped because the turn was cancelled. (reason: ${reason})`;
+    // tool_loop_surface variant is always 'skipped' semantically (we
+    // already executed the call before the surface decision fired, so
+    // the SKIPPED calls are the remainder). But we still let the caller
+    // override if a future site has a different shape.
+    const content = JSON.stringify({
+        ok: false,
+        blocked: true,
+        reason,
+        message: humanMessage,
+    });
+    return {
+        role: 'tool',
+        toolCallId: call.id,
+        content,
+    };
+}
+/**
+ * Push synthetic blocked-tool-result messages for every unprocessed
+ * call from `startIdx` (inclusive) onward. Mutates `buf` in place
+ * (matches the existing turnToolMessages accumulator pattern in
+ * aidenAgent.ts; pure-returning would force a spread at every call
+ * site).
+ *
+ * Exported because v4.10 guards (rate-limit, cost-budget, hook-deny)
+ * will want the same shape.
+ */
+function fillRemainingAsBlocked(buf, toolCalls, startIdx, reason, variant = 'skipped') {
+    for (let i = startIdx; i < toolCalls.length; i++) {
+        buf.push(synthesizeBlockedToolResult(toolCalls[i], reason, { variant }));
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aiden-runtime",
-  "version": "4.9.3",
+  "version": "4.9.4",
   "publishConfig": {
     "access": "public"
   },