Skip to content

fix(agent): steer background review to permitted tools#65803

Open
henrynguyeninfo1 wants to merge 1 commit into
NousResearch:mainfrom
henrynguyeninfo1:henrynguyeninfo1/issue-61521-background-review-toolset
Open

fix(agent): steer background review to permitted tools#65803
henrynguyeninfo1 wants to merge 1 commit into
NousResearch:mainfrom
henrynguyeninfo1:henrynguyeninfo1/issue-61521-background-review-toolset

Conversation

@henrynguyeninfo1

Copy link
Copy Markdown

Summary

  • preserve the background review fork's parent tool schemas for prompt-cache byte parity
  • make denied file-tool results name the permitted skills_list, skill_view, and skill_manage path
  • cover the model-visible read_file denial through the real thread-local dispatch gate

Root cause

The review fork intentionally advertises the parent agent's full tool schema, but runtime dispatch only permits memory and skill tools. The denial result previously said only that memory/skill tools were allowed, so it did not redirect models from read_file or patch to the APIs that satisfy the skill manager's read-before-write guard.

Testing

  • uv run --extra dev pytest tests/run_agent/test_background_review.py tests/run_agent/test_background_review_cost_controls.py tests/run_agent/test_background_review_cache_parity.py tests/run_agent/test_background_review_summary.py tests/run_agent/test_background_review_toolset_restriction.py tests/test_background_review_session_isolation.py tests/test_background_review_list_shapes.py tests/hermes_cli/test_plugins.py::TestThreadToolWhitelist -q
  • uv run --extra dev ruff check agent/background_review.py tests/run_agent/test_background_review_toolset_restriction.py
  • uv run --extra dev python -m py_compile agent/background_review.py tests/run_agent/test_background_review_toolset_restriction.py

Tested on macOS.

Alternative considered

Narrowing the fork's advertised schemas would eliminate invalid calls earlier, but it would break the intentional byte parity with the parent request and lose prompt-cache reuse. This change keeps parity and improves self-correction at the dispatch boundary.

Fixes #61521

Rejected: narrow review tool schemas | breaks prompt-cache byte parity with the parent agent

Not-tested: live provider response after a denied file-tool call

RISK: model self-correction remains probabilistic across providers
@alt-glitch alt-glitch added type/bug Something isn't working P2 Medium — degraded but workaround exists comp/agent Core agent runtime: loop, agent_init, prompt builder, context-compression, responses endpoint duplicate This issue or pull request already exists labels Jul 16, 2026
@alt-glitch

Copy link
Copy Markdown
Collaborator

This was generated by AI during triage.

Duplicate of #61618: both update the background-review denial guidance to direct denied file-tool calls toward the permitted skill and memory tools. #61618 also updates the review prompt, making it the broader earlier version.

@tonydwb tonydwb left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review Summary

Verdict: Approved (read-only token — formal approval requires write access)

Improves the denial message for background review when a non-whitelisted tool is called. The new message guides users toward the correct tools (skill_view, skill_manage) instead of just saying "not allowed."

  • Small, helpful UX improvement
  • Good test coverage verifying the new message includes skill_view, skill_manage, and memory keywords

Reviewed by Hermes Agent

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

comp/agent Core agent runtime: loop, agent_init, prompt builder, context-compression, responses endpoint duplicate This issue or pull request already exists P2 Medium — degraded but workaround exists type/bug Something isn't working

Projects

None yet

3 participants