aru-code 0.31.0__tar.gz → 0.33.0__tar.gz

{aru_code-0.31.0 → aru_code-0.33.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aru-code
-Version: 0.31.0
+Version: 0.33.0
 Summary: A Claude Code clone built with Agno agents
 Author-email: Estevao <estevaofon@gmail.com>
 License-Expression: MIT

aru_code-0.33.0/aru/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.33.0"

{aru_code-0.31.0 → aru_code-0.33.0}/aru/agent_factory.py

@@ -150,15 +150,30 @@ async def create_agent_from_spec(
         resolved_model = model_ref or session.model_ref
 
     tools = _wrap_tools_with_hooks(spec.tools_factory())
-    instructions = _build_instructions(spec.role, extra_instructions)
+    # Merge spec-level extra instructions (static, agent-specific policy like
+    # "you are read-only, never call write tools") with caller-provided extras
+    # (dynamic, session-specific context like cwd or AGENTS.md). Spec text
+    # comes first so the agent's baseline policy is established before any
+    # session-specific text that might try to override it.
+    combined_extra = "\n\n".join(
+        part for part in (spec.extra_instructions, extra_instructions) if part
+    )
+    instructions = _build_instructions(spec.role, combined_extra)
 
     instructions, resolved_model, max_tokens = await _apply_chat_hooks(
         instructions, resolved_model, spec.name, max_tokens=spec.max_tokens,
     )
 
+    reasoning_override = session.reasoning_override if session is not None else None
+
     return Agent(
         name=spec.name,
-        model=create_model(resolved_model, max_tokens=max_tokens),
+        model=create_model(
+            resolved_model,
+            max_tokens=max_tokens,
+            use_reasoning=spec.use_reasoning,
+            reasoning_override=reasoning_override,
+        ),
         tools=tools,
         instructions=instructions,
         markdown=True,
@@ -210,7 +225,11 @@ async def create_custom_agent_instance(agent_def: CustomAgent, session: Session,
 
     return Agent(
         name=agent_def.name,
-        model=create_model(model_ref, max_tokens=max_tokens),
+        model=create_model(
+            model_ref,
+            max_tokens=max_tokens,
+            reasoning_override=session.reasoning_override,
+        ),
         tools=tools,
         instructions=instructions,
         markdown=True,

{aru_code-0.31.0 → aru_code-0.33.0}/aru/agents/base.py

@@ -374,11 +374,101 @@ Complete the search request efficiently and report your findings clearly.\
 """
 
 
+VERIFIER_ROLE = """\
+You are a verification sub-agent. Your sole job is to review a recent batch
+of edits for correctness and report issues.
+
+=== CRITICAL: READ-ONLY MODE — NO FILE MODIFICATIONS ===
+You are STRICTLY PROHIBITED from creating, editing, deleting, or moving
+files. You do not have access to edit tools; attempts will fail. No
+state-changing bash commands (no git add/commit, no npm/pip install, no
+mkdir/touch/rm/cp/mv).
+
+Your workflow:
+1. Read each file mentioned in the task using `read_file` or `read_files`
+2. Search for call sites / references to changed APIs using `grep_search`
+3. Skim related tests using `glob_search` + `read_file`
+4. Report findings in this structure:
+   - Inconsistencies found (with file:line refs)
+   - Missing follow-up edits (call sites not updated, etc.)
+   - Suspicious patterns worth the caller's attention (even if uncertain)
+   - What looks correct (brief — don't pad the report)
+
+Be concise. Skip nitpicks (formatting, naming preferences). Focus on
+bugs, broken contracts, or outdated call sites the caller likely missed.
+
+Return ONE final message. The caller is not able to ask follow-ups
+without a resume — include everything they need to act.\
+"""
+
+
+REVIEWER_ROLE = """\
+You are a code-review sub-agent. Review the files mentioned in the task
+against common quality heuristics and produce actionable findings.
+
+=== CRITICAL: READ-ONLY MODE — NO FILE MODIFICATIONS ===
+You may only read and search. No edit/write/delete/move operations. No
+state-changing bash.
+
+For each file covered:
+
+- Naming: are identifiers clear and consistent with the surrounding code?
+- Error handling: are edge cases covered? Any swallowed exceptions?
+- Testing: is there test coverage for the new/modified code paths?
+- Security: obvious injection, path traversal, secret exposure, unchecked
+  user input, missing auth checks?
+- Complexity: functions that should be split, duplicated logic, over-
+  engineered abstractions for simple cases?
+
+Report format:
+- One bullet per finding
+- Include file:line
+- Classify severity: (blocker) / (important) / (nit) — omit (nit) unless
+  asked for a thorough review
+- If nothing is wrong, say so plainly — do not fabricate issues
+
+Return ONE final message covering every file you looked at.\
+"""
+
+
+GUIDE_ROLE = """\
+You are the Aru user-guide sub-agent. You answer questions about how to
+use and configure Aru itself — slash commands, permission config, skills,
+plugins, tool catalog, session management.
+
+The questions are about Aru, NOT about the user's own codebase. When in
+doubt, treat the task as "explain how to do X with Aru" rather than "do X
+in the user's project".
+
+=== CRITICAL: READ-ONLY MODE — NO FILE MODIFICATIONS ===
+You may only read and search. No edit/write/delete/move operations.
+
+Authoritative sources, in priority order:
+1. `AGENTS.md` at the project root — architectural reference
+2. `docs/*.md` — user-facing documentation
+3. `aru.json` examples in the codebase — config shape
+4. Reading the code under `aru/` directly (last resort — prefer docs)
+
+Workflow:
+1. `read_file` AGENTS.md first
+2. `glob_search` + `read_file` relevant docs/*.md
+3. Search `aru.json` or permission config examples if the question is
+   configuration-related
+
+Never invent features. If the docs do not cover the topic, say so and
+suggest the closest available alternative. Cite file paths in your
+response so the user can verify.
+
+Return ONE final message.\
+"""
+
+
 def build_instructions(role: str, extra: str = "") -> str:
     """Build complete instructions for an agent role.
 
     Args:
-        role: One of 'planner', 'executor', 'general', 'explorer'.
+        role: One of 'planner', 'executor', 'general', 'explorer', 'verifier',
+            'reviewer', 'guide'.
         extra: Additional project-specific instructions (README, AGENTS.md, skills).
     """
     role_text = {
@@ -386,6 +476,9 @@ def build_instructions(role: str, extra: str = "") -> str:
         "executor": EXECUTOR_ROLE,
         "general": GENERAL_ROLE,
         "explorer": EXPLORER_ROLE,
+        "verifier": VERIFIER_ROLE,
+        "reviewer": REVIEWER_ROLE,
+        "guide": GUIDE_ROLE,
     }[role]
 
     parts = [role_text, BASE_INSTRUCTIONS]

aru_code-0.33.0/aru/agents/catalog.py

@@ -0,0 +1,157 @@
+"""Native agent catalog — single source of truth for built-in agent specs.
+
+Each AgentSpec describes a runtime-parameterized agent: prompt role, tool list,
+mode (primary/subagent), and model sizing. The factory in agent_factory.py
+consumes specs and builds Agno Agent instances. The runner in runner.py looks
+up specs by name when handling runner.prompt(PromptInput).
+
+Custom agents (defined via .agents/agents/*.md) follow a separate path through
+create_custom_agent_instance and are NOT listed here.
+"""
+
+from __future__ import annotations
+
+from dataclasses import dataclass
+from typing import Callable, Literal
+
+
+@dataclass(frozen=True)
+class AgentSpec:
+    """Static description of a native agent.
+
+    The tools_factory is a lazy callable so module load order does not force
+    aru.tools.codebase to be imported before this module.
+
+    `max_tokens=None` means "use the model's full cap" (see providers.py).
+    An explicit int caps the agent below that ceiling — providers.py always
+    clamps the final value to min(requested, model_cap) so specs can never
+    ask for more than the model supports.
+
+    `description` is the LLM-facing summary rendered into `delegate_task`'s
+    docstring. Only subagent specs need a meaningful description (primary
+    agents are never picked via `agent_name`). Keep it short (1-3 sentences)
+    and directive — the model uses it to decide when this agent fits.
+
+    `extra_instructions` is appended to the base role instructions when the
+    agent is built. Use it for agent-specific policy ("you are read-only,
+    never call write tools") that shouldn't leak into other roles.
+    """
+
+    name: str                            # display name passed to Agno
+    role: str                            # key into build_instructions(role, ...)
+    mode: Literal["primary", "subagent"]
+    tools_factory: Callable[[], list]    # lazy resolver — invoked at agent creation
+    max_tokens: int | None
+    small_model: bool = False            # if True, factory uses ctx.small_model_ref
+    use_reasoning: bool = True           # False skips thinking params (e.g. explorer)
+    description: str = ""                # LLM-facing summary for `delegate_task` docstring
+    extra_instructions: str = ""         # appended to base role instructions on build
+
+
+def _build_tools() -> list:
+    from aru.tools.registry import GENERAL_TOOLS
+    return GENERAL_TOOLS
+
+
+def _plan_tools() -> list:
+    from aru.tools.registry import PLANNER_TOOLS
+    return PLANNER_TOOLS
+
+
+def _exec_tools() -> list:
+    from aru.tools.registry import EXECUTOR_TOOLS
+    return EXECUTOR_TOOLS
+
+
+def _explore_tools() -> list:
+    from aru.tools.registry import EXPLORER_TOOLS
+    return EXPLORER_TOOLS
+
+
+AGENTS: dict[str, AgentSpec] = {
+    # Primary agents default to the model's full output cap (clamped by
+    # providers.create_model). Subagents keep a tight budget so a runaway
+    # explorer can't blow through the whole turn.
+    "build": AgentSpec(
+        name="Aru",
+        role="general",
+        mode="primary",
+        tools_factory=_build_tools,
+        max_tokens=None,
+    ),
+    "plan": AgentSpec(
+        name="Planner",
+        role="planner",
+        mode="primary",
+        tools_factory=_plan_tools,
+        max_tokens=4096,
+    ),
+    "executor": AgentSpec(
+        name="Executor",
+        role="executor",
+        mode="primary",
+        tools_factory=_exec_tools,
+        max_tokens=None,
+    ),
+    "explorer": AgentSpec(
+        name="Explorer",
+        role="explorer",
+        mode="subagent",
+        tools_factory=_explore_tools,
+        max_tokens=8192,
+        small_model=True,
+        use_reasoning=False,  # fast read-only subagent — no thinking overhead
+        description=(
+            "Fast read-only codebase exploration agent. Use for searching "
+            "files, finding patterns, reading code, and understanding "
+            "structure. Specify thoroughness in the task text: \"quick\" "
+            "(basic searches), \"medium\" (moderate exploration), or "
+            "\"very thorough\" (comprehensive analysis)."
+        ),
+    ),
+    "verification": AgentSpec(
+        name="Verifier",
+        role="verifier",
+        mode="subagent",
+        tools_factory=_explore_tools,  # read-only
+        max_tokens=4096,
+        small_model=True,
+        use_reasoning=False,
+        description=(
+            "Double-check a recent batch of edits for correctness. Reads "
+            "changed files, searches for call sites, reports inconsistencies "
+            "and missing follow-up edits. Read-only — never edits. Use after "
+            "non-trivial multi-file edits to catch issues before the user sees them."
+        ),
+    ),
+    "reviewer": AgentSpec(
+        name="Reviewer",
+        role="reviewer",
+        mode="subagent",
+        tools_factory=_explore_tools,  # read-only
+        max_tokens=4096,
+        small_model=True,
+        use_reasoning=False,
+        description=(
+            "Code review against naming, error handling, test coverage, and "
+            "security heuristics. Read-only; produces bulleted findings with "
+            "file:line refs and severity tags. Use when you want a second "
+            "pair of eyes before finalising changes."
+        ),
+    ),
+    "guide": AgentSpec(
+        name="Guide",
+        role="guide",
+        mode="subagent",
+        tools_factory=_explore_tools,  # read-only
+        max_tokens=4096,
+        small_model=True,
+        use_reasoning=False,
+        description=(
+            "Answer questions about using Aru itself — slash commands, "
+            "permission config, skills, plugins, tool catalog. Reads "
+            "AGENTS.md and docs/ to ground answers. Use when the user's "
+            "question is about Aru's features, not their own codebase."
+        ),
+    ),
+}

{aru_code-0.31.0 → aru_code-0.33.0}/aru/cache_patch.py

@@ -43,6 +43,43 @@ _last_call_cache_write: int = 0
 # We normalize "length" → "max_tokens" so callers can check a single value.
 _last_call_stop_reason: str | None = None
 
+# Micro-compaction metrics (process-wide, reset by tests via
+# reset_microcompact_stats()). Recorded by _prune_tool_messages every time it
+# fires from the format_function_call_results patch. Surfaced in /cost so
+# users can see what the pre-API-call prune is actually doing — the basis
+# for any future calibration of count/time-based triggers (Passos 3/4 of the
+# plan, deferred until we have data here to justify them).
+_microcompact_invocations: int = 0   # times _prune_tool_messages was called
+_microcompact_clear_passes: int = 0  # times the prune actually cleared anything
+_microcompact_results_cleared: int = 0  # cumulative tool_result blocks cleared
+
+# Reactive overflow recovery: counts API calls where the provider rejected the
+# request as too long and we wiped older tool_results then retried. Surfaced
+# in /cost so users can tell when the recovery path is masking a chronically
+# oversized context (suggests prune thresholds or model choice need attention).
+_microcompact_overflow_recoveries: int = 0
+# Aggressive prune keeps only the last N compactable tool_results, no matter
+# the budget. Picked low because by definition we got here AFTER the regular
+# prune (160K protect) failed to keep the context within model limits.
+_OVERFLOW_RECOVERY_KEEP_RECENT = 3
+# Substrings (case-insensitive) that mark a provider error as a context-too-long
+# rejection. Anthropic / OpenAI / DashScope / DeepSeek / Groq all phrase it
+# slightly differently; the union below covers the seen variants. Match is
+# substring against str(exc) — wider than ideal, but the fallback path (no
+# recovery) only kicks in when wrong, and a false positive at worst replays
+# the same call after a no-op prune.
+_OVERFLOW_ERROR_SIGNATURES = (
+    "prompt is too long",
+    "context length",
+    "context_length_exceeded",
+    "maximum context",
+    "exceeds the maximum",
+    "exceeds context",
+    "input is too long",
+    "too many tokens",
+    "request too large",
+)
+
 
 def get_last_call_metrics() -> tuple[int, int, int, int]:
     """Return (input, output, cache_read, cache_write) from the most recent API call."""
@@ -68,6 +105,130 @@ def reset_last_stop_reason() -> None:
     _last_call_stop_reason = None
 
 
+def get_microcompact_stats() -> dict:
+    """Return process-wide micro-compaction metrics.
+
+    Keys:
+      - invocations: total times _prune_tool_messages ran
+      - clear_passes: subset that actually cleared something
+      - results_cleared: cumulative tool_result blocks wiped
+
+    Used by /cost and tests. The ratio results_cleared/invocations is the
+    natural calibration signal for whether the budget-based trigger fires
+    often enough — if it's near zero across long sessions, the threshold
+    is too lax (or the protect window too generous).
+    """
+    return {
+        "invocations": _microcompact_invocations,
+        "clear_passes": _microcompact_clear_passes,
+        "results_cleared": _microcompact_results_cleared,
+        "overflow_recoveries": _microcompact_overflow_recoveries,
+    }
+
+
+def reset_microcompact_stats() -> None:
+    """Zero the micro-compaction counters. Test-only helper."""
+    global _microcompact_invocations, _microcompact_clear_passes, _microcompact_results_cleared
+    global _microcompact_overflow_recoveries
+    _microcompact_invocations = 0
+    _microcompact_clear_passes = 0
+    _microcompact_results_cleared = 0
+    _microcompact_overflow_recoveries = 0
+
+
+def _is_context_overflow_error(exc) -> bool:
+    """Return True iff `exc` looks like a provider context-too-long rejection.
+
+    Substring match (case-insensitive) against the str of the exception and any
+    nested `original_error` attribute. Wider than ideal but cheap; the recovery
+    path that consumes this is itself idempotent (re-running with no changes
+    after a no-op prune just hits the same error again and propagates).
+    """
+    msgs: list[str] = []
+    try:
+        msgs.append(str(exc))
+    except Exception:
+        pass
+    inner = getattr(exc, "original_error", None) or getattr(exc, "__cause__", None)
+    if inner is not None:
+        try:
+            msgs.append(str(inner))
+        except Exception:
+            pass
+    blob = " ".join(m.lower() for m in msgs if m)
+    return any(sig in blob for sig in _OVERFLOW_ERROR_SIGNATURES)
+
+
+def _aggressive_prune(messages, keep_recent: int = _OVERFLOW_RECOVERY_KEEP_RECENT) -> int:
+    """Wipe content of all but the last `keep_recent` compactable tool_results.
+
+    Used reactively after a provider rejects a request as too long. Ignores the
+    budget walk entirely — by the time we get here, the budget-based prune
+    already failed to keep us under the model's context limit, so its answer
+    is wrong for this request.
+
+    Non-compactable tool_results (delegate_task etc.) are still preserved.
+    Returns the number of results actually cleared.
+    """
+    from aru.context import COMPACTABLE_TOOLS
+
+    id_to_name = _build_tool_id_to_name_map(messages)
+
+    # Collect compactable tool_result indices in encounter order.
+    compactable_indices: list[int] = []
+    for i, msg in enumerate(messages):
+        if getattr(msg, "role", None) != "tool":
+            continue
+        tc_id = getattr(msg, "tool_call_id", None)
+        tool_name = id_to_name.get(tc_id) if tc_id else None
+        if tool_name in COMPACTABLE_TOOLS:
+            compactable_indices.append(i)
+
+    if len(compactable_indices) <= keep_recent:
+        return 0
+
+    to_clear = compactable_indices[:-keep_recent] if keep_recent > 0 else compactable_indices
+    cleared = 0
+    for idx in to_clear:
+        msg = messages[idx]
+        content = getattr(msg, "content", None)
+        if content is None or str(content) == _PRUNED_PLACEHOLDER:
+            continue
+        try:
+            msg.content = _PRUNED_PLACEHOLDER
+            if hasattr(msg, "compressed_content"):
+                msg.compressed_content = None
+            cleared += 1
+        except (AttributeError, TypeError):
+            pass
+    return cleared
+
+
+def _build_tool_id_to_name_map(messages) -> dict:
+    """Walk assistant messages forward, building tool_call_id → tool_name map.
+
+    Required because Agno's `role="tool"` Message carries `tool_call_id` but
+    not the originating tool name — the name lives on the matching
+    `assistant.tool_calls[i].function.name` in a previous message.
+    """
+    id_to_name: dict = {}
+    for msg in messages:
+        if getattr(msg, "role", None) != "assistant":
+            continue
+        tool_calls = getattr(msg, "tool_calls", None)
+        if not tool_calls:
+            continue
+        for tc in tool_calls:
+            tc_id = tc.get("id") if isinstance(tc, dict) else None
+            if not tc_id:
+                continue
+            fn = tc.get("function") if isinstance(tc, dict) else None
+            tc_name = fn.get("name") if isinstance(fn, dict) else None
+            if tc_name:
+                id_to_name[tc_id] = tc_name
+    return id_to_name
+
+
 def _prune_tool_messages(messages):
     """Clear old tool result content using a token-budget approach.
 
@@ -77,49 +238,81 @@ def _prune_tool_messages(messages):
     PRUNE_MINIMUM_CHARS (avoids unnecessary churn on small conversations).
 
     Aligned with OpenCode's strategy: budget-based, not fixed-N.
+
+    **Tool allowlist**: only outputs of tools in `COMPACTABLE_TOOLS` are
+    eligible for clearing. Non-compactable tools (delegate_task, invoke_skill,
+    tasklist mutators) still consume the protection budget but are never
+    pruned — their content is semantically load-bearing. The id→name map is
+    built from prior assistant `tool_calls` since `role="tool"` Messages carry
+    only the call id, not the tool name. Single source of truth lives in
+    `aru.context.COMPACTABLE_TOOLS`.
+
+    Returns the number of tool results actually cleared (0 if none) for
+    metrics consumption by `_microcompact_stats`.
     """
-    # Collect tool message indices and their content sizes
-    tool_indices = []
-    for i, msg in enumerate(messages):
-        if getattr(msg, "role", None) == "tool":
-            content = getattr(msg, "content", None)
-            content_len = len(str(content)) if content is not None else 0
-            tool_indices.append((i, content_len))
+    from aru.context import COMPACTABLE_TOOLS
 
-    if not tool_indices:
-        return
+    global _microcompact_invocations, _microcompact_clear_passes, _microcompact_results_cleared
+    _microcompact_invocations += 1
 
-    # Walk backwards, accumulating protected chars
-    protected_chars = 0
-    prune_candidates = []  # (index, content_len) of messages outside protection
+    id_to_name = _build_tool_id_to_name_map(messages)
 
-    for idx, content_len in reversed(tool_indices):
-        if protected_chars + content_len <= _PRUNE_PROTECT_CHARS:
-            protected_chars += content_len
-        else:
+    # Collect tool message indices, their content sizes, and compactability.
+    tool_entries = []  # (index, content_len, is_compactable)
+    for i, msg in enumerate(messages):
+        if getattr(msg, "role", None) != "tool":
+            continue
+        content = getattr(msg, "content", None)
+        content_len = len(str(content)) if content is not None else 0
+        tc_id = getattr(msg, "tool_call_id", None)
+        tool_name = id_to_name.get(tc_id) if tc_id else None
+        # Defensive: if we can't resolve the name, treat as non-compactable.
+        # Better to leak budget than wipe a delegate_task result by mistake.
+        is_compactable = tool_name in COMPACTABLE_TOOLS if tool_name else False
+        tool_entries.append((i, content_len, is_compactable))
+
+    if not tool_entries:
+        return 0
+
+    # Walk backwards. ALL tool content (compactable or not) consumes the
+    # protection budget — the prompt carries it either way. Once the budget
+    # is exhausted, older entries are prune candidates ONLY if compactable;
+    # non-compactable old entries (delegate_task etc.) stay untouched.
+    running_total = 0
+    prune_candidates = []  # (index, content_len) of compactable messages outside protection
+
+    for idx, content_len, is_compactable in reversed(tool_entries):
+        in_recent_window = (running_total + content_len) <= _PRUNE_PROTECT_CHARS
+        running_total += content_len
+        if not in_recent_window and is_compactable:
             prune_candidates.append((idx, content_len))
 
     # Only prune if there's enough to free
     freeable = sum(cl for _, cl in prune_candidates)
     if freeable < _PRUNE_MINIMUM_CHARS:
-        return
+        return 0
 
-    # Replace old tool results with placeholder
+    cleared = 0
     for idx, _ in prune_candidates:
         msg = messages[idx]
         content = getattr(msg, "content", None)
         if content is None:
             continue
-        # Skip if already pruned
         if str(content) == _PRUNED_PLACEHOLDER:
             continue
         try:
             msg.content = _PRUNED_PLACEHOLDER
             if hasattr(msg, "compressed_content"):
                 msg.compressed_content = None
+            cleared += 1
         except (AttributeError, TypeError):
             pass
 
+    if cleared:
+        _microcompact_clear_passes += 1
+        _microcompact_results_cleared += cleared
+    return cleared
+
 
 def apply_cache_patch():
     """Apply all patches to reduce Agno's token consumption."""
@@ -127,6 +320,73 @@ def apply_cache_patch():
     _patch_claude_cache_breakpoints()
     _patch_per_call_metrics()
     _patch_stop_reason_capture()
+    _patch_overflow_recovery()
+
+
+def _patch_overflow_recovery():
+    """Wrap Agno's retry loops to handle context-overflow rejections.
+
+    When the provider rejects a request as too long (after the regular pre-call
+    prune was insufficient), wipe content of all but the last
+    `_OVERFLOW_RECOVERY_KEEP_RECENT` compactable tool_results in the message
+    list and re-raise. Agno's existing retry loop in `_a*invoke_with_retry`
+    will retry once with the now-shorter messages.
+
+    Patches both `_ainvoke_with_retry` (non-stream) and
+    `_ainvoke_stream_with_retry` (stream — what Aru's runner uses). Each is
+    wrapped to call `_aggressive_prune` once per turn before the underlying
+    retry fires; subsequent overflow errors propagate normally so we never
+    loop forever wiping the same messages.
+
+    A turn-scoped flag (`_overflow_recovery_done` set on the Model instance)
+    ensures we only attempt recovery once per call site — if even the
+    aggressive prune doesn't shrink the prompt enough, the error propagates
+    and the user sees it instead of a silent retry storm.
+    """
+    from agno.models.base import Model
+    from agno.exceptions import ModelProviderError
+
+    _orig_ainvoke = Model._ainvoke_with_retry
+    _orig_ainvoke_stream = Model._ainvoke_stream_with_retry
+
+    async def _patched_ainvoke_with_retry(self, **kwargs):
+        global _microcompact_overflow_recoveries
+        try:
+            return await _orig_ainvoke(self, **kwargs)
+        except ModelProviderError as e:
+            if not _is_context_overflow_error(e):
+                raise
+            messages = kwargs.get("messages")
+            if messages is None:
+                raise
+            cleared = _aggressive_prune(messages)
+            if cleared == 0:
+                raise
+            _microcompact_overflow_recoveries += 1
+            return await _orig_ainvoke(self, **kwargs)
+
+    async def _patched_ainvoke_stream_with_retry(self, **kwargs):
+        global _microcompact_overflow_recoveries
+        try:
+            async for response in _orig_ainvoke_stream(self, **kwargs):
+                yield response
+            return
+        except ModelProviderError as e:
+            if not _is_context_overflow_error(e):
+                raise
+            messages = kwargs.get("messages")
+            if messages is None:
+                raise
+            cleared = _aggressive_prune(messages)
+            if cleared == 0:
+                raise
+            _microcompact_overflow_recoveries += 1
+        # Retry once with the now-pruned messages. A second overflow propagates.
+        async for response in _orig_ainvoke_stream(self, **kwargs):
+            yield response
+
+    Model._ainvoke_with_retry = _patched_ainvoke_with_retry
+    Model._ainvoke_stream_with_retry = _patched_ainvoke_stream_with_retry
 
 
 def _patch_tool_result_pruning():