python-codex 0.0.1__py3-none-any.whl → 0.1.0__py3-none-any.whl

pycodex/model.py

@@ -0,0 +1,533 @@
+from __future__ import annotations
+
+import asyncio
+import json
+import os
+import urllib.parse
+from collections.abc import Callable
+from dataclasses import dataclass, field, replace
+from pathlib import Path
+from typing import Protocol
+
+import requests
+
+try:
+    import tomllib
+except ModuleNotFoundError:  # pragma: no cover - Python 3.10 path
+    import tomli as tomllib
+
+from .protocol import (
+    AssistantMessage,
+    ModelResponse,
+    ModelStreamEvent,
+    Prompt,
+    ReasoningItem,
+    ToolCall,
+)
+from .utils import build_user_agent, uuid7_string
+
+DEFAULT_CODEX_CONFIG_PATH = Path.home() / ".codex" / "config.toml"
+DEFAULT_ORIGINATOR = "pycodex"
+ModelStreamEventHandler = Callable[[ModelStreamEvent], None]
+NOOP_MODEL_STREAM_EVENT_HANDLER: ModelStreamEventHandler = lambda _event: None
+
+
+class ModelClient(Protocol):
+    async def complete(
+        self,
+        prompt: Prompt,
+        event_handler: ModelStreamEventHandler = NOOP_MODEL_STREAM_EVENT_HANDLER,
+    ) -> ModelResponse:
+        """Return the next batch of model output items for the current prompt."""
+
+
+@dataclass(frozen=True, slots=True)
+class ResponsesProviderConfig:
+    model: str
+    provider_name: str
+    base_url: str
+    api_key_env: str
+    wire_api: str = "responses"
+    query_params: dict[str, str] = field(default_factory=dict)
+    reasoning_effort: str | None = None
+    reasoning_summary: str | None = None
+    verbosity: str | None = None
+    sandbox_mode: str | None = None
+    beta_features_header: str | None = None
+
+    @classmethod
+    def from_codex_config(
+        cls,
+        config_path: str | Path = DEFAULT_CODEX_CONFIG_PATH,
+        profile: str | None = None,
+    ) -> ResponsesProviderConfig:
+        data = tomllib.loads(Path(config_path).read_text())
+        selected = dict(data)
+        if profile is not None:
+            overrides = data.get("profiles", {}).get(profile)
+            if overrides is None:
+                raise ValueError(f"unknown Codex profile: {profile}")
+            selected.update(overrides)
+
+        provider_name = selected["model_provider"]
+        provider = data["model_providers"][provider_name]
+        wire_api = provider.get("wire_api", "responses")
+        if wire_api != "responses":
+            raise ValueError(f"unsupported wire_api for Python client: {wire_api}")
+
+        api_key_env = provider.get("env_key")
+        if not api_key_env:
+            raise ValueError(
+                f"provider {provider_name} does not define env_key in Codex config"
+            )
+
+        query_params = {
+            str(key): str(value)
+            for key, value in provider.get("query_params", {}).items()
+        }
+        features = selected.get("features", {})
+        beta_features: list[str] = []
+        if isinstance(features, dict) and features.get("guardian_approval") is True:
+            beta_features.append("guardian_approval")
+        return cls(
+            model=selected["model"],
+            provider_name=provider_name,
+            base_url=provider["base_url"],
+            api_key_env=api_key_env,
+            wire_api=wire_api,
+            query_params=query_params,
+            reasoning_effort=selected.get("model_reasoning_effort"),
+            reasoning_summary=selected.get("model_reasoning_summary"),
+            verbosity=selected.get("model_verbosity"),
+            sandbox_mode=selected.get("sandbox_mode"),
+            beta_features_header=",".join(beta_features) or None,
+        )
+
+    def api_key(self) -> str:
+        value = os.environ.get(self.api_key_env, "")
+        if not value:
+            raise RuntimeError(
+                f"missing API key environment variable: {self.api_key_env}"
+            )
+        return value
+
+    def with_overrides(
+        self,
+        model: str | None = None,
+        reasoning_effort: str | None = None,
+    ) -> ResponsesProviderConfig:
+        return replace(
+            self,
+            model=self.model if model is None else model,
+            reasoning_effort=(
+                self.reasoning_effort
+                if reasoning_effort is None
+                else reasoning_effort
+            ),
+        )
+
+
+class ResponsesApiError(RuntimeError):
+    pass
+
+
+class ResponsesModelClient:
+    """Minimal OpenAI-compatible Responses API client.
+
+    This implementation is intentionally narrow: it supports the subset needed
+    by the current AgentLoop abstraction, namely assistant text and function
+    tool calls over the streaming `/responses` endpoint.
+    """
+
+    def __init__(
+        self,
+        config: ResponsesProviderConfig,
+        timeout_seconds: float = 120.0,
+        session_id: str | None = None,
+        originator: str = DEFAULT_ORIGINATOR,
+        user_agent: str | None = None,
+        openai_subagent: str | None = None,
+    ) -> None:
+        self._config = config
+        self.model = config.model
+        self._timeout_seconds = timeout_seconds
+        self._session_id = session_id or uuid7_string()
+        self._originator = originator
+        self._user_agent = user_agent or build_user_agent(originator)
+        self._openai_subagent = openai_subagent
+
+    @classmethod
+    def from_codex_config(
+        cls,
+        config_path: str | Path = DEFAULT_CODEX_CONFIG_PATH,
+        profile: str | None = None,
+        timeout_seconds: float = 120.0,
+        originator: str = DEFAULT_ORIGINATOR,
+        user_agent: str | None = None,
+    ) -> ResponsesModelClient:
+        config = ResponsesProviderConfig.from_codex_config(config_path, profile)
+        return cls(config, timeout_seconds, originator=originator, user_agent=user_agent)
+
+    def with_overrides(
+        self,
+        model: str | None = None,
+        reasoning_effort: str | None = None,
+        session_id: str | None = None,
+        openai_subagent: str | None = None,
+    ) -> ResponsesModelClient:
+        return ResponsesModelClient(
+            self._config.with_overrides(
+                model or self.model,
+                reasoning_effort,
+            ),
+            self._timeout_seconds,
+            session_id=self._session_id if session_id is None else session_id,
+            originator=self._originator,
+            user_agent=self._user_agent,
+            openai_subagent=(
+                self._openai_subagent
+                if openai_subagent is None
+                else openai_subagent
+            ),
+        )
+
+    def responses_url(self) -> str:
+        base_url = self._config.base_url.rstrip("/")
+        url = f"{base_url}/responses"
+        if self._config.query_params:
+            return f"{url}?{urllib.parse.urlencode(self._config.query_params)}"
+        return url
+
+    def models_url(self) -> str:
+        base_url = self._config.base_url.rstrip("/")
+        url = f"{base_url}/models"
+        if self._config.query_params:
+            return f"{url}?{urllib.parse.urlencode(self._config.query_params)}"
+        return url
+
+    async def list_models(self) -> list[str]:
+        return await asyncio.to_thread(self._list_models_sync)
+
+    async def complete(
+        self,
+        prompt: Prompt,
+        event_handler: ModelStreamEventHandler = NOOP_MODEL_STREAM_EVENT_HANDLER,
+    ) -> ModelResponse:
+        return await asyncio.to_thread(self._complete_sync, prompt, event_handler)
+
+    def _complete_sync(
+        self,
+        prompt: Prompt,
+        event_handler: ModelStreamEventHandler,
+    ) -> ModelResponse:
+        payload = self._build_payload(prompt)
+        body = json.dumps(payload).encode("utf-8")
+        url = self.responses_url()
+        prepared = requests.PreparedRequest()
+        prepared.prepare(
+            method="POST",
+            url=url,
+            headers=self._build_headers(prompt),
+            data=body,
+        )
+        try:
+            with requests.Session() as session:
+                settings = session.merge_environment_settings(
+                    prepared.url,
+                    proxies={},
+                    stream=True,
+                    verify=None,
+                    cert=None,
+                )
+                verify = _requests_verify_setting()
+                if verify is not None:
+                    settings["verify"] = verify
+                response = session.send(
+                    prepared,
+                    timeout=self._timeout_seconds,
+                    allow_redirects=False,
+                    **settings,
+                )
+                with response:
+                    if response.status_code >= 400:
+                        error_body = response.text
+                        raise ResponsesApiError(
+                            f"responses request failed with status {response.status_code}: "
+                            f"{error_body[:500]}"
+                        )
+                    return self._parse_stream(
+                        response.iter_lines(chunk_size=1, decode_unicode=False),
+                        event_handler,
+                    )
+        except requests.RequestException as exc:
+            raise ResponsesApiError(f"responses request failed: {exc}") from exc
+
+    def _build_payload(self, prompt: Prompt) -> dict[str, object]:
+        payload: dict[str, object] = {
+            "model": self.model,
+            "instructions": prompt.base_instructions or "",
+            "input": [item.serialize() for item in prompt.input],
+            "tools": [tool.serialize() for tool in prompt.tools],
+            "tool_choice": "auto",
+            "parallel_tool_calls": prompt.parallel_tool_calls,
+            "store": False,
+            "stream": True,
+            "include": ["reasoning.encrypted_content"],
+            "prompt_cache_key": self._session_id,
+        }
+
+        reasoning: dict[str, str] = {}
+        if self._config.reasoning_effort is not None:
+            reasoning["effort"] = self._config.reasoning_effort
+        if self._config.reasoning_summary is not None:
+            reasoning["summary"] = self._config.reasoning_summary
+        if reasoning:
+            payload["reasoning"] = reasoning
+
+        text = None
+        if self._config.verbosity is not None:
+            text = {"verbosity": self._config.verbosity}
+        if text is not None:
+            payload["text"] = text
+
+        return payload
+
+    def _list_models_sync(self) -> list[str]:
+        prepared = requests.PreparedRequest()
+        prepared.prepare(
+            method="GET",
+            url=self.models_url(),
+            headers=self._build_model_list_headers(),
+        )
+        try:
+            with requests.Session() as session:
+                settings = session.merge_environment_settings(
+                    prepared.url,
+                    proxies={},
+                    stream=False,
+                    verify=None,
+                    cert=None,
+                )
+                verify = _requests_verify_setting()
+                if verify is not None:
+                    settings["verify"] = verify
+                response = session.send(
+                    prepared,
+                    timeout=self._timeout_seconds,
+                    allow_redirects=False,
+                    **settings,
+                )
+                with response:
+                    if response.status_code >= 400:
+                        raise ResponsesApiError(
+                            f"models request failed with status {response.status_code}: "
+                            f"{response.text[:500]}"
+                        )
+                    payload = response.json()
+        except requests.RequestException as exc:
+            raise ResponsesApiError(f"models request failed: {exc}") from exc
+
+        data = payload.get("data")
+        if not isinstance(data, list):
+            raise ResponsesApiError("models response is missing `data` list")
+        models: list[str] = []
+        for item in data:
+            if not isinstance(item, dict):
+                continue
+            model_id = str(item.get("id", "")).strip()
+            if model_id:
+                models.append(model_id)
+        return models
+
+    def _build_headers(self, prompt: Prompt) -> dict[str, str]:
+        headers = {
+            "content-type": "application/json",
+            "accept": "text/event-stream",
+            "authorization": f"Bearer {self._config.api_key()}",
+            "x-client-request-id": self._session_id,
+            "session_id": self._session_id,
+            "originator": self._originator,
+            "user-agent": self._user_agent,
+        }
+        if self._config.beta_features_header is not None:
+            headers["x-codex-beta-features"] = self._config.beta_features_header
+        if self._openai_subagent is not None:
+            headers["x-openai-subagent"] = self._openai_subagent
+        if prompt.turn_metadata is not None:
+            headers["x-codex-turn-metadata"] = json.dumps(
+                prompt.turn_metadata,
+                separators=(",", ":"),
+            )
+        return headers
+
+    def _build_model_list_headers(self) -> dict[str, str]:
+        headers = {
+            "accept": "application/json",
+            "authorization": f"Bearer {self._config.api_key()}",
+            "originator": self._originator,
+            "user-agent": self._user_agent,
+        }
+        if self._config.beta_features_header is not None:
+            headers["x-codex-beta-features"] = self._config.beta_features_header
+        if self._openai_subagent is not None:
+            headers["x-openai-subagent"] = self._openai_subagent
+        return headers
+
+    def _parse_stream(
+        self,
+        response,
+        event_handler: ModelStreamEventHandler,
+    ) -> ModelResponse:
+        items: list[AssistantMessage | ToolCall | ReasoningItem] = []
+        saw_completed = False
+
+        for event_name, data in self._iter_sse_events(response):
+            if not data:
+                continue
+            payload = json.loads(data)
+            event_type = payload.get("type", event_name)
+
+            if event_type == "response.output_text.delta":
+                event_handler(
+                    ModelStreamEvent(
+                        kind="assistant_delta",
+                        payload={"delta": str(payload.get("delta", ""))},
+                    )
+                )
+                continue
+
+            if event_type == "response.output_item.done":
+                item_payload = payload.get("item", {})
+                if (
+                    isinstance(item_payload, dict)
+                    and item_payload.get("type") == "web_search_call"
+                ):
+                    action_payload = item_payload.get("action")
+                    event_payload = {
+                        "call_id": str(item_payload.get("id", "web_search")),
+                        "tool_name": "web_search",
+                    }
+                    if isinstance(action_payload, dict):
+                        event_payload["action_type"] = str(
+                            action_payload.get("type", "")
+                        )
+                        if "query" in action_payload:
+                            event_payload["query"] = str(action_payload.get("query", ""))
+                        queries = action_payload.get("queries")
+                        if isinstance(queries, list):
+                            event_payload["queries"] = [
+                                str(query) for query in queries if str(query).strip()
+                            ]
+                        if "url" in action_payload:
+                            event_payload["url"] = str(action_payload.get("url", ""))
+                        if "pattern" in action_payload:
+                            event_payload["pattern"] = str(
+                                action_payload.get("pattern", "")
+                            )
+                    event_handler(
+                        ModelStreamEvent(
+                            kind="tool_call",
+                            payload=event_payload,
+                        )
+                    )
+                    continue
+
+                parsed = self._parse_output_item(item_payload)
+                if parsed is not None:
+                    if isinstance(parsed, ToolCall):
+                        event_handler(
+                            ModelStreamEvent(
+                                kind="tool_call",
+                                payload={
+                                    "call_id": parsed.call_id,
+                                    "tool_name": parsed.name,
+                                },
+                            )
+                        )
+                    items.append(parsed)
+                continue
+
+            if event_type == "response.completed":
+                saw_completed = True
+                break
+
+            if event_type == "response.failed":
+                error = payload.get("response", {}).get("error") or {}
+                message = error.get("message") or "responses stream failed"
+                raise ResponsesApiError(message)
+
+        if not saw_completed:
+            raise ResponsesApiError("responses stream ended before response.completed")
+
+        return ModelResponse(items=items)
+
+    def _parse_output_item(
+        self,
+        item: dict[str, object],
+    ) -> AssistantMessage | ToolCall | ReasoningItem | None:
+        item_type = item.get("type")
+        if item_type == "reasoning":
+            return ReasoningItem(payload=dict(item))
+
+        if item_type == "message" and item.get("role") == "assistant":
+            content = item.get("content", [])
+            text_parts = []
+            for part in content:
+                if isinstance(part, dict) and part.get("type") == "output_text":
+                    text_parts.append(str(part.get("text", "")))
+            return AssistantMessage(text="".join(text_parts))
+
+        if item_type == "function_call":
+            raw_arguments = str(item.get("arguments", "") or "{}")
+            arguments = json.loads(raw_arguments)
+            if not isinstance(arguments, dict):
+                raise ResponsesApiError(
+                    f"function call arguments must decode to an object, got {type(arguments).__name__}"
+                )
+            return ToolCall(
+                call_id=str(item["call_id"]),
+                name=str(item["name"]),
+                arguments=arguments,
+            )
+
+        if item_type == "custom_tool_call":
+            return ToolCall(
+                call_id=str(item["call_id"]),
+                name=str(item["name"]),
+                arguments=str(item.get("input", "")),
+                tool_type="custom",
+            )
+
+        return None
+
+    def _iter_sse_events(self, response):
+        event_name: str | None = None
+        data_lines: list[str] = []
+
+        for raw_line in response:
+            line = raw_line.decode("utf-8", errors="replace").rstrip("\r\n")
+            if line == "":
+                if data_lines:
+                    yield event_name or "message", "\n".join(data_lines)
+                event_name = None
+                data_lines = []
+                continue
+
+            if line.startswith(":"):
+                continue
+            if line.startswith("event:"):
+                event_name = line.split(":", 1)[1].lstrip()
+                continue
+            if line.startswith("data:"):
+                data_lines.append(line.split(":", 1)[1].lstrip())
+
+        if data_lines:
+            yield event_name or "message", "\n".join(data_lines)
+
+
+def _requests_verify_setting() -> str | bool | None:
+    for env_name in ("REQUESTS_CA_BUNDLE", "CURL_CA_BUNDLE", "SSL_CERT_FILE"):
+        value = os.environ.get(env_name, "").strip()
+        if value:
+            return value
+    return None

pycodex/prompts/collaboration_default.md

@@ -0,0 +1,11 @@
+# Collaboration Mode: Default
+
+You are now in Default mode. Any previous instructions for other modes (e.g. Plan mode) are no longer active.
+
+Your active mode changes only when new developer instructions with a different `<collaboration_mode>...</collaboration_mode>` change it; user requests or tool descriptions do not change mode by themselves. Known mode names are Default and Plan.
+
+## request_user_input availability
+
+The `request_user_input` tool is unavailable in Default mode. If you call it while in Default mode, it will return an error.
+
+In Default mode, strongly prefer making reasonable assumptions and executing the user's request rather than stopping to ask questions. If you absolutely must ask a question because the answer cannot be discovered from local context and a reasonable assumption would be risky, ask the user directly with a concise plain-text question. Never write a multiple choice question as a textual assistant message.

pycodex/prompts/collaboration_plan.md

@@ -0,0 +1,128 @@
+# Plan Mode (Conversational)
+
+You work in 3 phases, and you should *chat your way* to a great plan before finalizing it. A great plan is very detailed—intent- and implementation-wise—so that it can be handed to another engineer or agent to be implemented right away. It must be **decision complete**, where the implementer does not need to make any decisions.
+
+## Mode rules (strict)
+
+You are in **Plan Mode** until a developer message explicitly ends it.
+
+Plan Mode is not changed by user intent, tone, or imperative language. If a user asks for execution while still in Plan Mode, treat it as a request to **plan the execution**, not perform it.
+
+## Plan Mode vs update_plan tool
+
+Plan Mode is a collaboration mode that can involve requesting user input and eventually issuing a `<proposed_plan>` block.
+
+Separately, `update_plan` is a checklist/progress/TODOs tool; it does not enter or exit Plan Mode. Do not confuse it with Plan mode or try to use it while in Plan mode. If you try to use `update_plan` in Plan mode, it will return an error.
+
+## Execution vs. mutation in Plan Mode
+
+You may explore and execute **non-mutating** actions that improve the plan. You must not perform **mutating** actions.
+
+### Allowed (non-mutating, plan-improving)
+
+Actions that gather truth, reduce ambiguity, or validate feasibility without changing repo-tracked state. Examples:
+
+* Reading or searching files, configs, schemas, types, manifests, and docs
+* Static analysis, inspection, and repo exploration
+* Dry-run style commands when they do not edit repo-tracked files
+* Tests, builds, or checks that may write to caches or build artifacts (for example, `target/`, `.cache/`, or snapshots) so long as they do not edit repo-tracked files
+
+### Not allowed (mutating, plan-executing)
+
+Actions that implement the plan or change repo-tracked state. Examples:
+
+* Editing or writing files
+* Running formatters or linters that rewrite files
+* Applying patches, migrations, or codegen that updates repo-tracked files
+* Side-effectful commands whose purpose is to carry out the plan rather than refine it
+
+When in doubt: if the action would reasonably be described as "doing the work" rather than "planning the work," do not do it.
+
+## PHASE 1 — Ground in the environment (explore first, ask second)
+
+Begin by grounding yourself in the actual environment. Eliminate unknowns in the prompt by discovering facts, not by asking the user. Resolve all questions that can be answered through exploration or inspection. Identify missing or ambiguous details only if they cannot be derived from the environment. Silent exploration between turns is allowed and encouraged.
+
+Before asking the user any question, perform at least one targeted non-mutating exploration pass (for example: search relevant files, inspect likely entrypoints/configs, confirm current implementation shape), unless no local environment/repo is available.
+
+Exception: you may ask clarifying questions about the user's prompt before exploring, ONLY if there are obvious ambiguities or contradictions in the prompt itself. However, if ambiguity might be resolved by exploring, always prefer exploring first.
+
+Do not ask questions that can be answered from the repo or system (for example, "where is this struct?" or "which UI component should we use?" when exploration can make it clear). Only ask once you have exhausted reasonable non-mutating exploration.
+
+## PHASE 2 — Intent chat (what they actually want)
+
+* Keep asking until you can clearly state: goal + success criteria, audience, in/out of scope, constraints, current state, and the key preferences/tradeoffs.
+* Bias toward questions over guessing: if any high-impact ambiguity remains, do NOT plan yet—ask.
+
+## PHASE 3 — Implementation chat (what/how we’ll build)
+
+* Once intent is stable, keep asking until the spec is decision complete: approach, interfaces (APIs/schemas/I/O), data flow, edge cases/failure modes, testing + acceptance criteria, rollout/monitoring, and any migrations/compat constraints.
+
+## Asking questions
+
+Critical rules:
+
+* Strongly prefer using the `request_user_input` tool to ask any questions.
+* Offer only meaningful multiple‑choice options; don’t include filler choices that are obviously wrong or irrelevant.
+* In rare cases where an unavoidable, important question can’t be expressed with reasonable multiple‑choice options (due to extreme ambiguity), you may ask it directly without the tool.
+
+You SHOULD ask many questions, but each question must:
+
+* materially change the spec/plan, OR
+* confirm/lock an assumption, OR
+* choose between meaningful tradeoffs.
+* not be answerable by non-mutating commands.
+
+Use the `request_user_input` tool only for decisions that materially change the plan, for confirming important assumptions, or for information that cannot be discovered via non-mutating exploration.
+
+## Two kinds of unknowns (treat differently)
+
+1. **Discoverable facts** (repo/system truth): explore first.
+
+   * Before asking, run targeted searches and check likely sources of truth (configs/manifests/entrypoints/schemas/types/constants).
+   * Ask only if: multiple plausible candidates; nothing found but you need a missing identifier/context; or ambiguity is actually product intent.
+   * If asking, present concrete candidates (paths/service names) + recommend one.
+   * Never ask questions you can answer from your environment (e.g., “where is this struct”).
+
+2. **Preferences/tradeoffs** (not discoverable): ask early.
+
+   * These are intent or implementation preferences that cannot be derived from exploration.
+   * Provide 2–4 mutually exclusive options + a recommended default.
+   * If unanswered, proceed with the recommended option and record it as an assumption in the final plan.
+
+## Finalization rule
+
+Only output the final plan when it is decision complete and leaves no decisions to the implementer.
+
+When you present the official plan, wrap it in a `<proposed_plan>` block so the client can render it specially:
+
+1) The opening tag must be on its own line.
+2) Start the plan content on the next line (no text on the same line as the tag).
+3) The closing tag must be on its own line.
+4) Use Markdown inside the block.
+5) Keep the tags exactly as `<proposed_plan>` and `</proposed_plan>` (do not translate or rename them), even if the plan content is in another language.
+
+Example:
+
+<proposed_plan>
+plan content
+</proposed_plan>
+
+plan content should be human and agent digestible. The final plan must be plan-only, concise by default, and include:
+
+* A clear title
+* A brief summary section
+* Important changes or additions to public APIs/interfaces/types
+* Test cases and scenarios
+* Explicit assumptions and defaults chosen where needed
+
+When possible, prefer a compact structure with 3-5 short sections, usually: Summary, Key Changes or Implementation Changes, Test Plan, and Assumptions. Do not include a separate Scope section unless scope boundaries are genuinely important to avoid mistakes.
+
+Prefer grouped implementation bullets by subsystem or behavior over file-by-file inventories. Mention files only when needed to disambiguate a non-obvious change, and avoid naming more than 3 paths unless extra specificity is necessary to prevent mistakes. Prefer behavior-level descriptions over symbol-by-symbol removal lists. For v1 feature-addition plans, do not invent detailed schema, validation, precedence, fallback, or wire-shape policy unless the request establishes it or it is needed to prevent a concrete implementation mistake; prefer the intended capability and minimum interface/behavior changes.
+
+Keep bullets short and avoid explanatory sub-bullets unless they are needed to prevent ambiguity. Prefer the minimum detail needed for implementation safety, not exhaustive coverage. Within each section, compress related changes into a few high-signal bullets and omit branch-by-branch logic, repeated invariants, and long lists of unaffected behavior unless they are necessary to prevent a likely implementation mistake. Avoid repeated repo facts and irrelevant edge-case or rollout detail. For straightforward refactors, keep the plan to a compact summary, key edits, tests, and assumptions. If the user asks for more detail, then expand.
+
+Do not ask "should I proceed?" in the final output. The user can easily switch out of Plan mode and request implementation if you have included a `<proposed_plan>` block in your response. Alternatively, they can decide to stay in Plan mode and continue refining the plan.
+
+Only produce at most one `<proposed_plan>` block per turn, and only when you are presenting a complete spec.
+
+If the user stays in Plan mode and asks for revisions after a prior `<proposed_plan>`, any new `<proposed_plan>` must be a complete replacement.