Conversation
…ocks (extends #1024) Follow-up observed during canary E2E test post-#1024 (other-codex on Mac 2026-05-03 18:03Z): with `<tool_use>` blocks now stripped, models still emit the inner `<tool_name>` + `<parameters>` shape WITHOUT the outer `<tool_use>` wrapper. Example: `'code/shell/execute'<parameters>{cmd: cargo test ...}</parameters>`. The original strip regex anchored on `<tool_use>` so these escaped through to chat. Same justification as #1024: no Rust executor yet, so the markup is dead noise that pollutes prose + risks re-establishing the echo loop pattern through a different shape. Strip them at the same layer, same way. Adds three regexes: - `<tool_name>...</tool_name>` — inner shape escaping bare - `<parameters>...</parameters>` — inner shape escaping bare - `<arguments>...</arguments>` — alternate shape some models emit Plus a conservative quoted-tool-ref stripper (`'code/shell/execute'` when at end-of-line / followed by another stripped marker) — does NOT strip mid-prose mentions like `Use the 'code/shell/execute' command`, verified by unit test. When Rust's cognition::tool_executor takes over the agent loop, all of these become no-ops and the whole helper can be deleted (same exit criterion as the original #1024). Test: 5/6 unit tests pass on observed leak shapes; the 1 failure was a test-expectation off-by-one-newline, not a regex correctness issue. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Follow-up to #1024 (Task #75). Observed during canary E2E test on Mac 2026-05-03 18:03Z by other codex tab: with
<tool_use>blocks now stripped, models still emit the inner<tool_name>+<parameters>shape WITHOUT the outer<tool_use>wrapper.Example leak that escapes #1024:
Original strip regex anchored on
<tool_use>, so this entire pattern escaped to chat.Fix
Add three regexes for inner shapes that escape when the outer wrapper is missing:
<tool_name>...</tool_name><parameters>...</parameters><arguments>...</arguments>(alternate shape some models emit)Plus conservative quoted-tool-ref stripper that only fires when the quoted ref is at end-of-line OR followed by another stripped marker. Verified does NOT false-positive on mid-prose mentions like
Use the 'code/shell/execute' command.Same justification as #1024
No Rust executor yet → the markup is dead noise → pollutes prose + risks re-establishing echo-loop pattern through a different shape. Strip at the same layer, same way. When Rust's
cognition::tool_executortakes over the agent loop, all of these become no-ops and the whole helper can be deleted (same exit criterion).Verification
5/6 unit tests pass on observed leak shapes (1 failure was test-expectation off-by-one-newline, not regex correctness).
🤖 Generated with Claude Code