little-coder 1.0.0

package/.pi/extensions/llama-cpp-provider/index.ts

@@ -0,0 +1,58 @@
+import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+
+const LLAMACPP_BASE_URL = process.env.LLAMACPP_BASE_URL || "http://127.0.0.1:8888/v1";
+const OLLAMA_BASE_URL = process.env.OLLAMA_BASE_URL || "http://127.0.0.1:11434/v1";
+
+export default function (pi: ExtensionAPI) {
+  pi.registerProvider("llamacpp", {
+    baseUrl: LLAMACPP_BASE_URL,
+    apiKey: "LLAMACPP_API_KEY",
+    api: "openai-completions",
+    models: [
+      {
+        id: "qwen3.6-27b",
+        name: "Qwen3.6-27B (dense, local llama.cpp)",
+        reasoning: true,
+        input: ["text"],
+        contextWindow: 32768,
+        maxTokens: 4096,
+        cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+      },
+      {
+        id: "qwen3.6-35b-a3b",
+        name: "Qwen3.6-35B-A3B (MoE, local llama.cpp)",
+        reasoning: true,
+        input: ["text"],
+        contextWindow: 32768,
+        maxTokens: 4096,
+        cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+      },
+      {
+        id: "qwen3.5-9b",
+        name: "Qwen3.5-9B (local llama.cpp)",
+        reasoning: true,
+        input: ["text"],
+        contextWindow: 32768,
+        maxTokens: 4096,
+        cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+      },
+    ],
+  });
+
+  pi.registerProvider("ollama", {
+    baseUrl: OLLAMA_BASE_URL,
+    apiKey: "OLLAMA_API_KEY",
+    api: "openai-completions",
+    models: [
+      {
+        id: "qwen3.5",
+        name: "Qwen3.5 (ollama)",
+        reasoning: true,
+        input: ["text"],
+        contextWindow: 32768,
+        maxTokens: 4096,
+        cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+      },
+    ],
+  });
+}

package/.pi/extensions/output-parser/index.ts

@@ -0,0 +1,56 @@
+import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+import { parseTextToolCalls } from "./parser.ts";
+
+// Detects malformed/fenced tool calls in assistant text and nudges the model
+// back onto native tool-calling. Active-repair (executing extracted calls
+// and synthesizing tool_result messages) is intentionally not attempted on
+// the headline Qwen3.6-35B-A3B path, which uses native tool calling. When
+// extracted calls ARE detected, we log them via ctx.ui.notify and queue a
+// follow-up nudge for the next turn.
+
+function extractAssistantText(message: any): string {
+  if (!message) return "";
+  const content = message.content;
+  if (typeof content === "string") return content;
+  if (Array.isArray(content)) {
+    return content.filter((c) => c?.type === "text").map((c) => c.text).join("\n");
+  }
+  return "";
+}
+
+function hasNativeToolCalls(message: any): boolean {
+  const content = message?.content;
+  if (!Array.isArray(content)) return false;
+  return content.some((c: any) => c?.type === "toolCall");
+}
+
+export default function (pi: ExtensionAPI) {
+  pi.on("turn_end", async (event, ctx) => {
+    const message = (event as any).message;
+    if (!message) return;
+    // If pi already detected native tool calls, nothing to rescue.
+    if (hasNativeToolCalls(message)) return;
+    const text = extractAssistantText(message);
+    if (!text) return;
+
+    const calls = parseTextToolCalls(text);
+    if (calls.length === 0) return;
+
+    const names = calls.map((c) => c.name).join(", ");
+    ctx.ui.notify(
+      `Detected ${calls.length} text-embedded tool call(s) [${names}] — nudging model to native tool calling`,
+      "warning",
+    );
+
+    // Queue a follow-up that will be delivered after the agent finishes.
+    // This nudges the model to use native tool calling on its next turn
+    // rather than emitting fenced blocks in text.
+    pi.sendUserMessage(
+      "Your previous response embedded tool calls inside text (e.g. fenced ```tool blocks or <tool_call> tags). " +
+      "Please re-issue them as NATIVE tool calls. If the intended calls were: " +
+      calls.map((c) => `${c.name}(${JSON.stringify(c.input)})`).join("; ") +
+      " — please execute them now using your tool-call channel, not text.",
+      { deliverAs: "followUp" },
+    );
+  });
+}

package/.pi/extensions/output-parser/parser.test.ts

@@ -0,0 +1,90 @@
+import { describe, it, expect } from "vitest";
+import { repairJson, parseTextToolCalls, escapeNewlinesInJsonStrings } from "./parser.ts";
+
+describe("repairJson", () => {
+  it("direct parse on valid JSON", () => {
+    expect(repairJson('{"a":1}')).toEqual({ a: 1 });
+  });
+  it("trailing commas", () => {
+    expect(repairJson('{"a":1,}')).toEqual({ a: 1 });
+    expect(repairJson('[1,2,]')).toEqual([1, 2]);
+  });
+  it("single quotes", () => {
+    expect(repairJson("{'a':1}")).toEqual({ a: 1 });
+  });
+  it("unquoted keys", () => {
+    expect(repairJson("{a:1}")).toEqual({ a: 1 });
+  });
+  it("missing closing brace", () => {
+    expect(repairJson('{"a":1')).toEqual({ a: 1 });
+  });
+  it("literal newlines in strings", () => {
+    const input = '{"text":"line1\nline2"}';
+    expect(repairJson(input)).toEqual({ text: "line1\nline2" });
+  });
+  it("escapeNewlinesInJsonStrings leaves non-string content alone", () => {
+    expect(escapeNewlinesInJsonStrings('{"a":1,\n"b":2}')).toBe('{"a":1,\n"b":2}');
+  });
+  it("truncated / garbage returns _raw sentinel", () => {
+    const result = repairJson("not json at all");
+    expect(result._raw).toBe("not json at all");
+  });
+});
+
+describe("parseTextToolCalls", () => {
+  it("extracts fenced ```tool block", () => {
+    const text = 'reasoning first\n```tool\n{"name":"Read","input":{"file_path":"/x.py"}}\n```';
+    const calls = parseTextToolCalls(text);
+    expect(calls.length).toBe(1);
+    expect(calls[0].name).toBe("Read");
+    expect(calls[0].input).toEqual({ file_path: "/x.py" });
+  });
+  it("extracts ```json block (Gemma pattern)", () => {
+    const text = '```json\n{"name":"Bash","input":{"command":"ls"}}\n```';
+    const calls = parseTextToolCalls(text);
+    expect(calls[0].name).toBe("Bash");
+  });
+  it("extracts <tool_call> tag", () => {
+    const text = '<tool_call>\n{"name":"Edit","input":{"file_path":"/a","old_string":"x","new_string":"y"}}\n</tool_call>';
+    const calls = parseTextToolCalls(text);
+    expect(calls[0].name).toBe("Edit");
+    expect(calls[0].input).toHaveProperty("new_string", "y");
+  });
+  it("extracts multiple fenced calls", () => {
+    const text =
+      '```tool\n{"name":"Read","input":{"file_path":"/a"}}\n```\n' +
+      'later\n```tool\n{"name":"Read","input":{"file_path":"/b"}}\n```';
+    const calls = parseTextToolCalls(text);
+    expect(calls.length).toBe(2);
+    expect(calls[0].input.file_path).toBe("/a");
+    expect(calls[1].input.file_path).toBe("/b");
+  });
+  it("falls back to bare JSON for flat objects (no nested input)", () => {
+    // The bare-JSON regex is restricted to flat objects ([^{}]*), matching
+    // the Python implementation. A nested "input": {...} won't match; the
+    // model must use a fenced block for those.
+    const text = 'the model said: {"name":"Glob","pattern":"**/*.py"}';
+    const calls = parseTextToolCalls(text);
+    expect(calls.length).toBe(1);
+    expect(calls[0].name).toBe("Glob");
+  });
+  it("does not extract from nested-object bare JSON (matches Python behavior)", () => {
+    const text = 'the model said: {"name":"Glob","input":{"pattern":"**/*.py"}}';
+    const calls = parseTextToolCalls(text);
+    // Inner object doesn't have "name", outer doesn't match the flat regex
+    expect(calls).toEqual([]);
+  });
+  it("repairs trailing comma inside fenced block", () => {
+    const text = '```tool\n{"name":"Read","input":{"file_path":"/x"},}\n```';
+    const calls = parseTextToolCalls(text);
+    expect(calls[0].name).toBe("Read");
+  });
+  it("accepts parameters/args alias for input", () => {
+    const text = '```tool\n{"name":"Read","parameters":{"file_path":"/x"}}\n```';
+    const calls = parseTextToolCalls(text);
+    expect(calls[0].input.file_path).toBe("/x");
+  });
+  it("empty on plain text", () => {
+    expect(parseTextToolCalls("just regular text, no tools here")).toEqual([]);
+  });
+});

package/.pi/extensions/output-parser/parser.ts

@@ -0,0 +1,126 @@
+// Port of local/output_parser.py. Pure-function JSON repair + text-based
+// tool-call extraction. Used by the output-parser extension to DETECT
+// malformed tool calls (fenced, <tool_call> tags, raw JSON) in assistant
+// text. Active repair (executing the extracted calls) is handled by the
+// extension via session.followUp() to nudge the model back onto native
+// tool-calling for subsequent turns.
+
+export function escapeNewlinesInJsonStrings(text: string): string {
+  const out: string[] = [];
+  let inString = false;
+  let i = 0;
+  while (i < text.length) {
+    const ch = text[i];
+    if (ch === "\\" && inString && i + 1 < text.length) {
+      out.push(ch, text[i + 1]);
+      i += 2;
+      continue;
+    }
+    if (ch === '"') {
+      inString = !inString;
+      out.push(ch);
+    } else if (inString && ch === "\n") {
+      out.push("\\n");
+    } else if (inString && ch === "\t") {
+      out.push("\\t");
+    } else if (inString && ch === "\r") {
+      out.push("\\r");
+    } else {
+      out.push(ch);
+    }
+    i++;
+  }
+  return out.join("");
+}
+
+export function repairJson(raw: string): Record<string, unknown> {
+  const trimmed = raw.trim();
+  if (!trimmed) return {};
+  // 0. direct parse
+  try {
+    return JSON.parse(trimmed);
+  } catch {}
+  // 1. re-escape literal newlines/tabs in strings
+  let fixed = escapeNewlinesInJsonStrings(trimmed);
+  try {
+    return JSON.parse(fixed);
+  } catch {}
+  // 2. trailing commas
+  fixed = fixed.replace(/,\s*}/g, "}").replace(/,\s*]/g, "]");
+  // 3. single quotes → double, only if no doubles present
+  if (!fixed.includes('"') && fixed.includes("'")) fixed = fixed.replace(/'/g, '"');
+  // 4. unquoted keys — skip if content already has quoted string keys
+  if (!fixed.includes('": ') && !fixed.includes('":"')) {
+    fixed = fixed.replace(/(?<=[{,\s])(\w+)\s*:/g, '"$1":');
+  }
+  // 5. missing closing braces / brackets
+  const openB = (fixed.match(/\{/g) || []).length - (fixed.match(/\}/g) || []).length;
+  if (openB > 0) fixed += "}".repeat(openB);
+  const openS = (fixed.match(/\[/g) || []).length - (fixed.match(/\]/g) || []).length;
+  if (openS > 0) fixed += "]".repeat(openS);
+  try {
+    return JSON.parse(fixed);
+  } catch {}
+  // 6. extract first JSON object
+  const m = fixed.match(/\{[^{}]*\}/);
+  if (m) {
+    try {
+      return JSON.parse(m[0]);
+    } catch {}
+  }
+  return { _raw: raw };
+}
+
+export interface ExtractedCall {
+  id: string;
+  name: string;
+  input: Record<string, unknown>;
+}
+
+export function parseTextToolCalls(text: string): ExtractedCall[] {
+  const calls: ExtractedCall[] = [];
+
+  // Pattern 1: ```tool ... ``` or ```json ... ```
+  const fenceRe = /```(?:tool|json)\s*\n([\s\S]*?)\n```/g;
+  let m: RegExpExecArray | null;
+  while ((m = fenceRe.exec(text))) {
+    const data = repairJson(m[1]);
+    if (typeof data.name === "string" && data.name) {
+      calls.push({
+        id: `call_text_${calls.length}`,
+        name: data.name,
+        input: (data.input ?? data.parameters ?? data.args ?? {}) as Record<string, unknown>,
+      });
+    }
+  }
+
+  // Pattern 2: <tool_call> ... </tool_call>
+  const tagRe = /<tool_call>\s*([\s\S]*?)\s*<\/tool_call>/g;
+  while ((m = tagRe.exec(text))) {
+    const data = repairJson(m[1]);
+    if (typeof data.name === "string" && data.name) {
+      calls.push({
+        id: `call_text_${calls.length}`,
+        name: data.name,
+        input: (data.input ?? data.parameters ?? data.args ?? {}) as Record<string, unknown>,
+      });
+    }
+  }
+
+  // Pattern 3: bare JSON object with "name"+"input"
+  if (calls.length === 0) {
+    const bareRe = /\{[^{}]*"name"\s*:\s*"(\w+)"[^{}]*\}/g;
+    while ((m = bareRe.exec(text))) {
+      const data = repairJson(m[0]);
+      if (typeof data.name === "string" && data.name) {
+        calls.push({
+          id: `call_text_${calls.length}`,
+          name: data.name,
+          input: (data.input ?? data.parameters ?? {}) as Record<string, unknown>,
+        });
+      }
+    }
+  }
+
+  return calls;
+}

package/.pi/extensions/permission-gate/index.ts

@@ -0,0 +1,53 @@
+import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+
+// Port of tools.py::_SAFE_PREFIXES + agent.py::_check_permission. Bash
+// commands not matching the whitelist are blocked in "auto" mode. In
+// "accept-all" mode all commands pass (benchmark runs set this explicitly).
+// Write/Edit confirmations are deferred to the TUI's own prompt; we simply
+// add an extra guardrail on bash here to match little-coder's behavior.
+
+const SAFE_PREFIXES: readonly string[] = [
+  "ls", "cat", "head", "tail", "wc", "pwd", "echo", "printf", "date",
+  "which", "type", "env", "printenv", "uname", "whoami", "id",
+  "git log", "git status", "git diff", "git show", "git branch",
+  "git remote", "git stash list", "git tag",
+  "find ", "grep ", "rg ", "ag ", "fd ",
+  "python ", "python3 ", "node ", "ruby ", "perl ",
+  "pip show", "pip list", "npm list", "cargo metadata",
+  "df ", "du ", "free ", "top -bn", "ps ",
+  "curl -I", "curl --head",
+];
+
+export function isSafeBash(command: string): boolean {
+  const c = command.trim();
+  return SAFE_PREFIXES.some((p) => c.startsWith(p));
+}
+
+function getPermissionMode(): "auto" | "accept-all" | "manual" {
+  const v = process.env.LITTLE_CODER_PERMISSION_MODE;
+  if (v === "accept-all" || v === "manual") return v;
+  return "auto";
+}
+
+export default function (pi: ExtensionAPI) {
+  pi.on("tool_call", async (event, _ctx) => {
+    const mode = getPermissionMode();
+    if (mode === "accept-all") return;
+
+    const toolName = (event as any).toolName;
+    const input: any = (event as any).input ?? (event as any).args;
+
+    // Only gate bash-family tools for now; pi has its own confirmation flow
+    // for destructive edits via the TUI.
+    if (toolName === "bash" || toolName === "Bash") {
+      const cmd = input?.command;
+      if (typeof cmd === "string" && !isSafeBash(cmd)) {
+        if (mode === "manual") {
+          return { block: true, reason: "manual permission mode: bash command not pre-approved" };
+        }
+        // auto: block when not whitelisted
+        return { block: true, reason: `bash whitelist: "${cmd.split(/\s+/)[0]}" is not in SAFE_PREFIXES` };
+      }
+    }
+  });
+}

package/.pi/extensions/permission-gate/permission.test.ts

@@ -0,0 +1,26 @@
+import { describe, it, expect } from "vitest";
+import { isSafeBash } from "./index.ts";
+
+describe("isSafeBash", () => {
+  it("allows whitelisted read-only commands", () => {
+    expect(isSafeBash("ls -la")).toBe(true);
+    expect(isSafeBash("cat /etc/hosts")).toBe(true);
+    expect(isSafeBash("git log --oneline")).toBe(true);
+    expect(isSafeBash("grep -r pattern .")).toBe(true);
+    expect(isSafeBash("rg pattern src/")).toBe(true);
+  });
+  it("blocks non-whitelisted commands", () => {
+    expect(isSafeBash("rm -rf /")).toBe(false);
+    expect(isSafeBash("npm install foo")).toBe(false);
+    expect(isSafeBash("cp a b")).toBe(false);
+    expect(isSafeBash("sudo anything")).toBe(false);
+  });
+  it("handles leading whitespace", () => {
+    expect(isSafeBash("   ls")).toBe(true);
+  });
+  it("git subcommand gating is strict", () => {
+    expect(isSafeBash("git log")).toBe(true);
+    expect(isSafeBash("git push origin main")).toBe(false);
+    expect(isSafeBash("git commit -m x")).toBe(false);
+  });
+});

package/.pi/extensions/quality-monitor/index.ts

@@ -0,0 +1,70 @@
+import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+import { assessResponse, buildCorrectionMessage, type ToolCall } from "./quality.ts";
+
+// Port of local/quality.py. Hooks turn_end, inspects the assistant message
+// + previous turn's tool calls, and — if we detect a failure mode — queues
+// a correction user message via session.followUp() so the model gets a
+// chance to recover on its next turn.
+
+// Session-scoped state. Pi reuses extensions across turns within a session;
+// a fresh extension instance is loaded per session via the session lifecycle.
+let previousToolCalls: ToolCall[] = [];
+let consecutiveFailures = 0;
+const MAX_CONSECUTIVE_CORRECTIONS = 2; // stop nudging after 2 failed corrections
+
+export default function (pi: ExtensionAPI) {
+  // Populate the known-tools set lazily by observing tool_execution events.
+  // This avoids needing to read pi's tool registry directly.
+  const knownTools = new Set<string>();
+  pi.on("tool_execution_start", async (event) => {
+    const name = (event as any).toolName;
+    if (typeof name === "string") knownTools.add(name);
+  });
+
+  pi.on("session_start", async () => {
+    previousToolCalls = [];
+    consecutiveFailures = 0;
+  });
+
+  pi.on("turn_end", async (event, ctx) => {
+    const message = (event as any).message;
+    if (!message) return;
+
+    // Extract assistant text + tool calls from pi's content-block format
+    const content = Array.isArray(message.content) ? message.content : [];
+    const text = content
+      .filter((c: any) => c?.type === "text")
+      .map((c: any) => c.text ?? "")
+      .join("\n");
+    const currentCalls: ToolCall[] = content
+      .filter((c: any) => c?.type === "toolCall")
+      .map((c: any) => ({ name: c.name, input: c.arguments ?? c.input ?? {} }));
+
+    const verdict = assessResponse(text, currentCalls, previousToolCalls, knownTools);
+
+    // Update rolling state for next turn regardless of verdict
+    previousToolCalls = currentCalls;
+
+    if (verdict.ok) {
+      consecutiveFailures = 0;
+      return;
+    }
+
+    // Cap corrections so we don't burn turns in a correction loop
+    consecutiveFailures++;
+    if (consecutiveFailures > MAX_CONSECUTIVE_CORRECTIONS) {
+      ctx.ui.notify(
+        `quality-monitor: ${verdict.reason} (suppressed after ${consecutiveFailures} in a row)`,
+        "warning",
+      );
+      return;
+    }
+
+    const correction = buildCorrectionMessage(verdict.reason);
+    ctx.ui.notify(
+      `quality-monitor: ${verdict.reason} → queued correction`,
+      "warning",
+    );
+    pi.sendUserMessage(correction, { deliverAs: "followUp" });
+  });
+}

package/.pi/extensions/quality-monitor/quality.test.ts

@@ -0,0 +1,75 @@
+import { describe, it, expect } from "vitest";
+import { assessResponse, buildCorrectionMessage } from "./quality.ts";
+
+const known = new Set(["Read", "Write", "Edit", "Bash", "Glob", "Grep"]);
+
+describe("assessResponse", () => {
+  it("accepts text-only assistant response", () => {
+    expect(assessResponse("here's my thinking", [], [], known)).toEqual({ ok: true });
+  });
+  it("accepts valid tool calls", () => {
+    const calls = [{ name: "Read", input: { file_path: "/a" } }];
+    expect(assessResponse("", calls, [], known)).toEqual({ ok: true });
+  });
+  it("detects empty response (no text, no calls)", () => {
+    expect(assessResponse("", [], [], known)).toEqual({
+      ok: false, reason: "empty_response",
+    });
+  });
+  it("detects empty tool name", () => {
+    expect(assessResponse("", [{ name: "", input: {} }], [], known)).toEqual({
+      ok: false, reason: "empty_tool_name",
+    });
+  });
+  it("detects hallucinated tool name", () => {
+    const result = assessResponse("", [{ name: "FakeTool", input: {} }], [], known);
+    expect(result).toEqual({ ok: false, reason: "unknown_tool:FakeTool" });
+  });
+  it("skips hallucination check when registry empty", () => {
+    expect(
+      assessResponse("", [{ name: "Anything", input: {} }], [], new Set()),
+    ).toEqual({ ok: true });
+  });
+  it("detects repeated tool call", () => {
+    const now = [{ name: "Read", input: { file_path: "/a" } }];
+    const prev = [{ name: "Read", input: { file_path: "/a" } }];
+    expect(assessResponse("", now, prev, known)).toEqual({
+      ok: false, reason: "repeated_tool_call",
+    });
+  });
+  it("does not flag as repeat when inputs differ", () => {
+    const now = [{ name: "Read", input: { file_path: "/a" } }];
+    const prev = [{ name: "Read", input: { file_path: "/b" } }];
+    expect(assessResponse("", now, prev, known)).toEqual({ ok: true });
+  });
+  it("detects malformed args sentinel", () => {
+    const calls = [{ name: "Read", input: { _raw: "garbage" } }];
+    expect(assessResponse("", calls, [], known)).toEqual({
+      ok: false, reason: "malformed_args:Read",
+    });
+  });
+});
+
+describe("buildCorrectionMessage", () => {
+  it("generates empty-response message", () => {
+    const m = buildCorrectionMessage("empty_response");
+    expect(m).toContain("empty");
+  });
+  it("generates unknown-tool message with tool name", () => {
+    const m = buildCorrectionMessage("unknown_tool:FakeTool");
+    expect(m).toContain("'FakeTool'");
+    expect(m).toContain("does not exist");
+  });
+  it("generates malformed-args message", () => {
+    const m = buildCorrectionMessage("malformed_args:Read");
+    expect(m).toContain("'Read'");
+    expect(m).toContain("malformed");
+  });
+  it("generates repeated-tool-call message", () => {
+    const m = buildCorrectionMessage("repeated_tool_call");
+    expect(m).toContain("loop");
+  });
+  it("falls back to generic on unknown reason", () => {
+    expect(buildCorrectionMessage("weird_thing")).toContain("weird_thing");
+  });
+});

package/.pi/extensions/quality-monitor/quality.ts

@@ -0,0 +1,84 @@
+// Port of local/quality.py::assess_response + build_correction_message.
+
+export interface ToolCall {
+  name: string;
+  input: unknown;
+}
+
+export type QualityResult =
+  | { ok: true }
+  | { ok: false; reason: string };
+
+export function assessResponse(
+  text: string,
+  toolCalls: ToolCall[],
+  recentToolCalls: ToolCall[],
+  knownTools: Set<string>,
+): QualityResult {
+  // 1. Empty response with no tool calls
+  if (!text.trim() && toolCalls.length === 0) {
+    return { ok: false, reason: "empty_response" };
+  }
+
+  // 2. Hallucinated tool names (only checked when registry populated)
+  for (const tc of toolCalls) {
+    if (!tc.name) return { ok: false, reason: "empty_tool_name" };
+    if (knownTools.size > 0 && !knownTools.has(tc.name)) {
+      return { ok: false, reason: `unknown_tool:${tc.name}` };
+    }
+  }
+
+  // 3. Repeated tool call loop (exact name+input match with previous turn)
+  if (toolCalls.length > 0 && recentToolCalls.length > 0) {
+    for (const tc of toolCalls) {
+      for (const prev of recentToolCalls) {
+        if (tc.name === prev.name &&
+            JSON.stringify(tc.input) === JSON.stringify(prev.input)) {
+          return { ok: false, reason: "repeated_tool_call" };
+        }
+      }
+    }
+  }
+
+  // 4. Malformed arguments sentinel from repairJson fallback
+  for (const tc of toolCalls) {
+    if (tc.input && typeof tc.input === "object" && "_raw" in tc.input) {
+      return { ok: false, reason: `malformed_args:${tc.name || "?"}` };
+    }
+  }
+
+  return { ok: true };
+}
+
+export function buildCorrectionMessage(reason: string): string {
+  const corrections: Record<string, string> = {
+    empty_response:
+      "Your previous response was empty. Please respond with either " +
+      "text or a tool call to make progress on the task.",
+    empty_tool_name:
+      "Your tool call had an empty name. Please specify a valid tool name. " +
+      "Available tools include: Read, Write, Edit, Bash, Glob, Grep.",
+    repeated_tool_call:
+      "You just made the exact same tool call as your previous turn. " +
+      "This suggests you may be stuck in a loop. Please try a different " +
+      "approach or explain what you're trying to accomplish.",
+  };
+
+  if (reason.startsWith("unknown_tool:")) {
+    const toolName = reason.slice("unknown_tool:".length);
+    return (
+      `Tool '${toolName}' does not exist. ` +
+      "Available tools are: Read, Write, Edit, Bash, Glob, Grep, " +
+      "WebFetch, WebSearch. Please use one of these."
+    );
+  }
+  if (reason.startsWith("malformed_args:")) {
+    const toolName = reason.slice("malformed_args:".length);
+    return (
+      `The arguments for tool '${toolName}' were malformed (not valid JSON). ` +
+      "Please provide the arguments as a proper JSON object."
+    );
+  }
+
+  return corrections[reason] ?? `Issue detected: ${reason}. Please try again.`;
+}