Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
418e601f74 |
@@ -1,546 +1,197 @@
|
||||
"""Session compaction with structured fact extraction.
|
||||
"""Session compaction with fact extraction.
|
||||
|
||||
Before compressing conversation context, extract durable facts with enough
|
||||
structure to survive retrieval: source/provenance, temporal anchors,
|
||||
normalized canonical keys, and contradiction groups.
|
||||
Before compressing conversation context, extracts durable facts
|
||||
(user preferences, corrections, project details) and saves them
|
||||
to the fact store so they survive compression.
|
||||
|
||||
Usage:
|
||||
from agent.session_compactor import extract_and_save_facts
|
||||
facts = extract_and_save_facts(messages)
|
||||
"""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import json
|
||||
import logging
|
||||
import re
|
||||
import time
|
||||
from dataclasses import dataclass, field
|
||||
from datetime import datetime, timezone
|
||||
from typing import Any, Dict, List, Tuple
|
||||
from typing import Any, Dict, List, Optional, Tuple
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
_DEPLOY_METHOD_RE = re.compile(r"\bdeploy(?:ing)?\s+(?:via|through|with)\s+([A-Za-z0-9_./+-]+)", re.IGNORECASE)
|
||||
_WATCHDOG_CAP_RE = re.compile(
|
||||
r"\b(?:the\s+)?([A-Za-z0-9_-]+(?:\s+watchdog)?)\s+(?:caps|limits)\s+dispatches(?:\s+per\s+cycle)?\s+to\s+([0-9]+)",
|
||||
re.IGNORECASE,
|
||||
)
|
||||
_PROVIDER_RE = re.compile(
|
||||
r"\bprovider\s+(?:is|should\s+stay|should\s+be|needs\s+to\s+be)\s+([A-Za-z0-9._/-]+)",
|
||||
re.IGNORECASE,
|
||||
)
|
||||
_MODEL_RE = re.compile(
|
||||
r"\bmodel\s+(?:is|should\s+stay|should\s+be|needs\s+to\s+be)\s+([A-Za-z0-9._:/-]+)",
|
||||
re.IGNORECASE,
|
||||
)
|
||||
_PORT_RE = re.compile(r"\bport\s+(?:is|should\s+be)\s+([0-9]+)", re.IGNORECASE)
|
||||
_PROJECT_USES_RE = re.compile(r"\b(?:the\s+)?project\s+(?:uses|needs|requires)\s+(.+?)(?:[.!?]|$)", re.IGNORECASE)
|
||||
_PREFERENCE_RE = re.compile(r"\bI\s+(?:prefer|like|want|need)\s+(.+?)(?:[.!?]|$)", re.IGNORECASE)
|
||||
_CONSTRAINT_RE = re.compile(r"\b(?:do\s+not|don't)\s+(?:ever\s+|again\s+)?(.+?)(?:[.!?]|$)", re.IGNORECASE)
|
||||
_DECISION_RE = re.compile(r"\b(?:we|the\s+team)\s+(?:decided|agreed|chose)\s+(?:to\s+)?(.+?)(?:[.!?]|$)", re.IGNORECASE)
|
||||
|
||||
|
||||
@dataclass
|
||||
class ExtractedFact:
|
||||
"""A durable fact extracted from conversation."""
|
||||
|
||||
category: str
|
||||
entity: str
|
||||
content: str
|
||||
confidence: float
|
||||
source_turn: int
|
||||
"""A fact extracted from conversation."""
|
||||
category: str # "user_pref", "correction", "project", "tool_quirk", "general"
|
||||
entity: str # what the fact is about
|
||||
content: str # the fact itself
|
||||
confidence: float # 0.0-1.0
|
||||
source_turn: int # which message turn it came from
|
||||
timestamp: float = 0.0
|
||||
source_role: str = "user"
|
||||
source_text: str = ""
|
||||
normalized_content: str = ""
|
||||
canonical_key: str = ""
|
||||
relation: str = "general"
|
||||
contradiction_group: str = ""
|
||||
status: str = "active"
|
||||
provenance: str = ""
|
||||
observed_at: str = ""
|
||||
evidence: List[Dict[str, Any]] = field(default_factory=list)
|
||||
metadata: Dict[str, Any] = field(default_factory=dict)
|
||||
|
||||
def __post_init__(self) -> None:
|
||||
if not self.timestamp:
|
||||
self.timestamp = time.time()
|
||||
if not self.observed_at:
|
||||
self.observed_at = _iso_from_timestamp(self.timestamp)
|
||||
if not self.normalized_content:
|
||||
self.normalized_content = _normalize_value(self.content)
|
||||
if not self.provenance:
|
||||
self.provenance = f"conversation:{self.source_role}:{self.source_turn}"
|
||||
if not self.canonical_key:
|
||||
self.canonical_key = _canonical_key(self.entity, self.relation, self.normalized_content)
|
||||
if not self.evidence:
|
||||
self.evidence = [
|
||||
{
|
||||
"source_role": self.source_role,
|
||||
"source_turn": self.source_turn,
|
||||
"source_text": self.source_text or self.content,
|
||||
"observed_at": self.observed_at,
|
||||
"provenance": self.provenance,
|
||||
}
|
||||
]
|
||||
self.metadata = dict(self.metadata or {})
|
||||
self.metadata.setdefault("entity", self.entity)
|
||||
self.metadata.setdefault("relation", self.relation)
|
||||
self.metadata.setdefault("value", self.content)
|
||||
self.metadata.setdefault("normalized_value", self.normalized_content)
|
||||
self.metadata.setdefault("provenance", [self.provenance])
|
||||
self.metadata.setdefault("evidence", list(self.evidence))
|
||||
self.metadata.setdefault("observation_count", len(self.evidence))
|
||||
self.metadata.setdefault("duplicate_count", max(0, self.metadata["observation_count"] - 1))
|
||||
if self.contradiction_group:
|
||||
self.metadata.setdefault("contradiction_group", self.contradiction_group)
|
||||
self.metadata.setdefault("status", self.status)
|
||||
|
||||
# Patterns that indicate user preferences
|
||||
_PREFERENCE_PATTERNS = [
|
||||
(r"(?:I|we) (?:prefer|like|want|need) (.+?)(?:\.|$)", "preference"),
|
||||
(r"(?:always|never) (?:use|do|run|deploy) (.+?)(?:\.|$)", "preference"),
|
||||
(r"(?:my|our) (?:default|preferred|usual) (.+?) (?:is|are) (.+?)(?:\.|$)", "preference"),
|
||||
(r"(?:make sure|ensure|remember) (?:to|that) (.+?)(?:\.|$)", "instruction"),
|
||||
(r"(?:don'?t|do not) (?:ever|ever again) (.+?)(?:\.|$)", "constraint"),
|
||||
]
|
||||
|
||||
# Patterns that indicate corrections
|
||||
_CORRECTION_PATTERNS = [
|
||||
(r"(?:actually|no[, ]|wait[, ]|correction[: ]|sorry[, ]) (.+)", "correction"),
|
||||
(r"(?:I meant|what I meant was|the correct) (.+?)(?:\.|$)", "correction"),
|
||||
(r"(?:it'?s|its) (?:not|shouldn'?t be|wrong) (.+?)(?:\.|$)", "correction"),
|
||||
]
|
||||
|
||||
# Patterns that indicate project/tool facts
|
||||
_PROJECT_PATTERNS = [
|
||||
(r"(?:the |our )?(?:project|repo|codebase|code) (?:is|uses|needs|requires) (.+?)(?:\.|$)", "project"),
|
||||
(r"(?:deploy|push|commit) (?:to|on) (.+?)(?:\.|$)", "project"),
|
||||
(r"(?:this|that|the) (?:server|host|machine|VPS) (?:is|runs|has) (.+?)(?:\.|$)", "infrastructure"),
|
||||
(r"(?:model|provider|engine) (?:is|should be|needs to be) (.+?)(?:\.|$)", "config"),
|
||||
]
|
||||
|
||||
|
||||
def extract_facts_from_messages(messages: List[Dict[str, Any]]) -> List[ExtractedFact]:
|
||||
"""Extract durable facts from conversation messages.
|
||||
|
||||
Scans conversation turns for preferences, decisions, corrections, and
|
||||
operational state. Raw candidates are normalized into canonical facts so
|
||||
near-duplicates merge and contradictions remain inspectable.
|
||||
Scans user messages for preferences, corrections, project facts,
|
||||
and infrastructure details that should survive compression.
|
||||
"""
|
||||
facts = []
|
||||
seen_contents = set()
|
||||
|
||||
raw_candidates: list[ExtractedFact] = []
|
||||
for turn_idx, msg in enumerate(messages):
|
||||
role = msg.get("role", "")
|
||||
content = msg.get("content", "")
|
||||
if role not in {"user", "assistant"}:
|
||||
|
||||
# Only scan user messages and assistant responses with corrections
|
||||
if role not in ("user", "assistant"):
|
||||
continue
|
||||
if not content or not isinstance(content, str):
|
||||
continue
|
||||
if len(content) < 10:
|
||||
continue
|
||||
|
||||
# Skip tool results and system messages
|
||||
if role == "assistant" and msg.get("tool_calls"):
|
||||
continue
|
||||
if not isinstance(content, str) or len(content.strip()) < 10:
|
||||
continue
|
||||
|
||||
timestamp, observed_at = _message_time(msg)
|
||||
raw_candidates.extend(
|
||||
_extract_from_text(
|
||||
content.strip(),
|
||||
turn_idx=turn_idx,
|
||||
role=role,
|
||||
timestamp=timestamp,
|
||||
observed_at=observed_at,
|
||||
)
|
||||
)
|
||||
extracted = _extract_from_text(content, turn_idx, role)
|
||||
|
||||
return _normalize_candidates(raw_candidates)
|
||||
|
||||
|
||||
def evaluate_extraction_quality(messages: List[Dict[str, Any]]) -> Dict[str, Any]:
|
||||
"""Return before/after metrics for raw vs normalized extraction quality."""
|
||||
|
||||
raw_candidates: list[ExtractedFact] = []
|
||||
for turn_idx, msg in enumerate(messages):
|
||||
role = msg.get("role", "")
|
||||
content = msg.get("content", "")
|
||||
if role not in {"user", "assistant"}:
|
||||
continue
|
||||
if role == "assistant" and msg.get("tool_calls"):
|
||||
continue
|
||||
if not isinstance(content, str) or len(content.strip()) < 10:
|
||||
continue
|
||||
timestamp, observed_at = _message_time(msg)
|
||||
raw_candidates.extend(
|
||||
_extract_from_text(
|
||||
content.strip(),
|
||||
turn_idx=turn_idx,
|
||||
role=role,
|
||||
timestamp=timestamp,
|
||||
observed_at=observed_at,
|
||||
)
|
||||
)
|
||||
|
||||
normalized = _normalize_candidates(raw_candidates)
|
||||
raw_count = len(raw_candidates)
|
||||
normalized_count = len(normalized)
|
||||
contradiction_groups = {
|
||||
fact.contradiction_group
|
||||
for fact in normalized
|
||||
if fact.status == "contradiction" and fact.contradiction_group
|
||||
}
|
||||
duplicate_count = max(0, raw_count - normalized_count)
|
||||
noise_reduction = (duplicate_count / raw_count) if raw_count else 0.0
|
||||
|
||||
return {
|
||||
"raw_candidates": raw_count,
|
||||
"normalized_facts": normalized_count,
|
||||
"duplicates_merged": duplicate_count,
|
||||
"contradiction_groups": len(contradiction_groups),
|
||||
"noise_reduction": round(noise_reduction, 3),
|
||||
}
|
||||
|
||||
|
||||
def _extract_from_text(
|
||||
text: str,
|
||||
*,
|
||||
turn_idx: int,
|
||||
role: str,
|
||||
timestamp: float,
|
||||
observed_at: str,
|
||||
) -> List[ExtractedFact]:
|
||||
"""Extract raw fact candidates from a single text block."""
|
||||
|
||||
facts: list[ExtractedFact] = []
|
||||
if role != "user":
|
||||
return facts
|
||||
|
||||
deploy_match = _DEPLOY_METHOD_RE.search(text)
|
||||
if deploy_match:
|
||||
method = deploy_match.group(1).strip()
|
||||
facts.append(
|
||||
_build_fact(
|
||||
category="project.decision",
|
||||
entity="project",
|
||||
relation="workflow.deploy_method",
|
||||
value=method,
|
||||
content=f"Deploy via {method}",
|
||||
confidence=0.88,
|
||||
source_turn=turn_idx,
|
||||
source_role=role,
|
||||
source_text=text,
|
||||
timestamp=timestamp,
|
||||
observed_at=observed_at,
|
||||
unique_slot=True,
|
||||
)
|
||||
)
|
||||
|
||||
watchdog_match = _WATCHDOG_CAP_RE.search(text)
|
||||
if watchdog_match:
|
||||
watchdog = watchdog_match.group(1).strip()
|
||||
cap = watchdog_match.group(2).strip()
|
||||
facts.append(
|
||||
_build_fact(
|
||||
category="project.operational",
|
||||
entity=_normalize_entity(watchdog),
|
||||
relation="fleet.dispatch_cap",
|
||||
value=cap,
|
||||
content=f"{watchdog} caps dispatches per cycle to {cap}",
|
||||
confidence=0.92,
|
||||
source_turn=turn_idx,
|
||||
source_role=role,
|
||||
source_text=text,
|
||||
timestamp=timestamp,
|
||||
observed_at=observed_at,
|
||||
unique_slot=True,
|
||||
)
|
||||
)
|
||||
|
||||
provider_match = _PROVIDER_RE.search(text)
|
||||
if provider_match:
|
||||
provider = provider_match.group(1).strip()
|
||||
facts.append(
|
||||
_build_fact(
|
||||
category="project.config",
|
||||
entity="project",
|
||||
relation="config.provider",
|
||||
value=provider,
|
||||
content=f"Provider should stay {provider}",
|
||||
confidence=0.91,
|
||||
source_turn=turn_idx,
|
||||
source_role=role,
|
||||
source_text=text,
|
||||
timestamp=timestamp,
|
||||
observed_at=observed_at,
|
||||
unique_slot=True,
|
||||
)
|
||||
)
|
||||
|
||||
model_match = _MODEL_RE.search(text)
|
||||
if model_match:
|
||||
model = model_match.group(1).strip()
|
||||
facts.append(
|
||||
_build_fact(
|
||||
category="project.config",
|
||||
entity="project",
|
||||
relation="config.model",
|
||||
value=model,
|
||||
content=f"Model should stay {model}",
|
||||
confidence=0.9,
|
||||
source_turn=turn_idx,
|
||||
source_role=role,
|
||||
source_text=text,
|
||||
timestamp=timestamp,
|
||||
observed_at=observed_at,
|
||||
unique_slot=True,
|
||||
)
|
||||
)
|
||||
|
||||
port_match = _PORT_RE.search(text)
|
||||
if port_match:
|
||||
port = port_match.group(1).strip()
|
||||
facts.append(
|
||||
_build_fact(
|
||||
category="project.config",
|
||||
entity="project",
|
||||
relation="config.port",
|
||||
value=port,
|
||||
content=f"Port is {port}",
|
||||
confidence=0.9,
|
||||
source_turn=turn_idx,
|
||||
source_role=role,
|
||||
source_text=text,
|
||||
timestamp=timestamp,
|
||||
observed_at=observed_at,
|
||||
unique_slot=True,
|
||||
)
|
||||
)
|
||||
|
||||
project_match = _PROJECT_USES_RE.search(text)
|
||||
if project_match:
|
||||
value = project_match.group(1).strip().rstrip(".")
|
||||
facts.append(
|
||||
_build_fact(
|
||||
category="project.stack",
|
||||
entity="project",
|
||||
relation="project.stack",
|
||||
value=value,
|
||||
content=f"Project uses {value}",
|
||||
confidence=0.74,
|
||||
source_turn=turn_idx,
|
||||
source_role=role,
|
||||
source_text=text,
|
||||
timestamp=timestamp,
|
||||
observed_at=observed_at,
|
||||
unique_slot=False,
|
||||
)
|
||||
)
|
||||
|
||||
preference_match = _PREFERENCE_RE.search(text)
|
||||
if preference_match:
|
||||
value = preference_match.group(1).strip().rstrip(".")
|
||||
facts.append(
|
||||
_build_fact(
|
||||
category="user_pref.preference",
|
||||
entity="user",
|
||||
relation="user.preference",
|
||||
value=value,
|
||||
content=value,
|
||||
confidence=0.72,
|
||||
source_turn=turn_idx,
|
||||
source_role=role,
|
||||
source_text=text,
|
||||
timestamp=timestamp,
|
||||
observed_at=observed_at,
|
||||
unique_slot=False,
|
||||
)
|
||||
)
|
||||
|
||||
constraint_match = _CONSTRAINT_RE.search(text)
|
||||
if constraint_match:
|
||||
value = constraint_match.group(1).strip().rstrip(".")
|
||||
facts.append(
|
||||
_build_fact(
|
||||
category="user_pref.constraint",
|
||||
entity="user",
|
||||
relation="user.constraint",
|
||||
value=value,
|
||||
content=f"Do not {value}",
|
||||
confidence=0.82,
|
||||
source_turn=turn_idx,
|
||||
source_role=role,
|
||||
source_text=text,
|
||||
timestamp=timestamp,
|
||||
observed_at=observed_at,
|
||||
unique_slot=False,
|
||||
)
|
||||
)
|
||||
|
||||
decision_match = _DECISION_RE.search(text)
|
||||
if decision_match:
|
||||
value = decision_match.group(1).strip().rstrip(".")
|
||||
facts.append(
|
||||
_build_fact(
|
||||
category="project.decision",
|
||||
entity="project",
|
||||
relation="project.decision",
|
||||
value=value,
|
||||
content=f"Decision: {value}",
|
||||
confidence=0.79,
|
||||
source_turn=turn_idx,
|
||||
source_role=role,
|
||||
source_text=text,
|
||||
timestamp=timestamp,
|
||||
observed_at=observed_at,
|
||||
unique_slot=False,
|
||||
)
|
||||
)
|
||||
# Deduplicate by content
|
||||
for fact in extracted:
|
||||
key = f"{fact.category}:{fact.content[:100]}"
|
||||
if key not in seen_contents:
|
||||
seen_contents.add(key)
|
||||
facts.append(fact)
|
||||
|
||||
return facts
|
||||
|
||||
|
||||
def _build_fact(
|
||||
*,
|
||||
category: str,
|
||||
entity: str,
|
||||
relation: str,
|
||||
value: str,
|
||||
content: str,
|
||||
confidence: float,
|
||||
source_turn: int,
|
||||
source_role: str,
|
||||
source_text: str,
|
||||
timestamp: float,
|
||||
observed_at: str,
|
||||
unique_slot: bool,
|
||||
) -> ExtractedFact:
|
||||
normalized_value = _normalize_value(value.rstrip(".!?"))
|
||||
value = value.rstrip(".!?")
|
||||
content = content.rstrip(".!?")
|
||||
provenance = f"conversation:{source_role}:{source_turn}"
|
||||
contradiction_group = relation if unique_slot else ""
|
||||
evidence = [
|
||||
{
|
||||
"source_role": source_role,
|
||||
"source_turn": source_turn,
|
||||
"source_text": source_text,
|
||||
"observed_at": observed_at,
|
||||
"provenance": provenance,
|
||||
}
|
||||
]
|
||||
metadata = {
|
||||
"entity": entity,
|
||||
"relation": relation,
|
||||
"value": value,
|
||||
"normalized_value": normalized_value,
|
||||
"provenance": [provenance],
|
||||
"evidence": list(evidence),
|
||||
"observation_count": 1,
|
||||
"duplicate_count": 0,
|
||||
"status": "active",
|
||||
}
|
||||
if contradiction_group:
|
||||
metadata["contradiction_group"] = contradiction_group
|
||||
return ExtractedFact(
|
||||
category=category,
|
||||
entity=entity,
|
||||
content=content,
|
||||
confidence=confidence,
|
||||
source_turn=source_turn,
|
||||
timestamp=timestamp,
|
||||
source_role=source_role,
|
||||
source_text=source_text,
|
||||
normalized_content=normalized_value,
|
||||
canonical_key=_canonical_key(entity, relation, normalized_value),
|
||||
relation=relation,
|
||||
contradiction_group=contradiction_group,
|
||||
status="active",
|
||||
provenance=provenance,
|
||||
observed_at=observed_at,
|
||||
evidence=evidence,
|
||||
metadata=metadata,
|
||||
)
|
||||
def _extract_from_text(text: str, turn_idx: int, role: str) -> List[ExtractedFact]:
|
||||
"""Extract facts from a single text block."""
|
||||
facts = []
|
||||
timestamp = time.time()
|
||||
|
||||
# Clean text for pattern matching
|
||||
clean = text.strip()
|
||||
|
||||
def _normalize_candidates(candidates: List[ExtractedFact]) -> List[ExtractedFact]:
|
||||
"""Merge duplicates and mark contradictions while preserving evidence."""
|
||||
# User preference patterns (from user messages)
|
||||
if role == "user":
|
||||
for pattern, subcategory in _PREFERENCE_PATTERNS:
|
||||
for match in re.finditer(pattern, clean, re.IGNORECASE):
|
||||
content = match.group(1).strip() if match.lastindex else match.group(0).strip()
|
||||
if len(content) > 5:
|
||||
facts.append(ExtractedFact(
|
||||
category=f"user_pref.{subcategory}",
|
||||
entity="user",
|
||||
content=content[:200],
|
||||
confidence=0.7,
|
||||
source_turn=turn_idx,
|
||||
timestamp=timestamp,
|
||||
))
|
||||
|
||||
by_key: dict[str, ExtractedFact] = {}
|
||||
contradiction_groups: dict[str, list[ExtractedFact]] = {}
|
||||
# Correction patterns (from user messages)
|
||||
if role == "user":
|
||||
for pattern, subcategory in _CORRECTION_PATTERNS:
|
||||
for match in re.finditer(pattern, clean, re.IGNORECASE):
|
||||
content = match.group(1).strip() if match.lastindex else match.group(0).strip()
|
||||
if len(content) > 5:
|
||||
facts.append(ExtractedFact(
|
||||
category=f"correction.{subcategory}",
|
||||
entity="user",
|
||||
content=content[:200],
|
||||
confidence=0.8,
|
||||
source_turn=turn_idx,
|
||||
timestamp=timestamp,
|
||||
))
|
||||
|
||||
for candidate in candidates:
|
||||
existing = by_key.get(candidate.canonical_key)
|
||||
if existing is not None:
|
||||
by_key[candidate.canonical_key] = _merge_fact(existing, candidate)
|
||||
continue
|
||||
# Project/infrastructure patterns (from both user and assistant)
|
||||
for pattern, subcategory in _PROJECT_PATTERNS:
|
||||
for match in re.finditer(pattern, clean, re.IGNORECASE):
|
||||
content = match.group(1).strip() if match.lastindex else match.group(0).strip()
|
||||
if len(content) > 5:
|
||||
facts.append(ExtractedFact(
|
||||
category=f"project.{subcategory}",
|
||||
entity=subcategory,
|
||||
content=content[:200],
|
||||
confidence=0.6,
|
||||
source_turn=turn_idx,
|
||||
timestamp=timestamp,
|
||||
))
|
||||
|
||||
by_key[candidate.canonical_key] = candidate
|
||||
if candidate.contradiction_group:
|
||||
contradiction_groups.setdefault(candidate.contradiction_group, []).append(candidate)
|
||||
|
||||
for group, facts in contradiction_groups.items():
|
||||
canonical_keys = {fact.canonical_key for fact in facts}
|
||||
if len(canonical_keys) <= 1:
|
||||
continue
|
||||
for fact in facts:
|
||||
fact.status = "contradiction"
|
||||
fact.metadata["status"] = "contradiction"
|
||||
fact.metadata["contradiction_group"] = group
|
||||
fact.metadata["contradiction_keys"] = sorted(canonical_keys - {fact.canonical_key})
|
||||
|
||||
return sorted(by_key.values(), key=lambda fact: (fact.source_turn, fact.timestamp, fact.canonical_key))
|
||||
|
||||
|
||||
def _merge_fact(existing: ExtractedFact, incoming: ExtractedFact) -> ExtractedFact:
|
||||
existing.confidence = max(existing.confidence, incoming.confidence)
|
||||
existing.timestamp = min(existing.timestamp, incoming.timestamp)
|
||||
existing.source_turn = min(existing.source_turn, incoming.source_turn)
|
||||
if not existing.observed_at or (incoming.observed_at and incoming.observed_at < existing.observed_at):
|
||||
existing.observed_at = incoming.observed_at
|
||||
existing.provenance = min(existing.provenance, incoming.provenance)
|
||||
|
||||
provenance = _ordered_unique(existing.metadata.get("provenance", []), incoming.metadata.get("provenance", []))
|
||||
evidence = _merge_evidence(existing.metadata.get("evidence", []), incoming.metadata.get("evidence", []))
|
||||
observation_count = int(existing.metadata.get("observation_count", len(existing.evidence) or 1))
|
||||
observation_count += int(incoming.metadata.get("observation_count", len(incoming.evidence) or 1))
|
||||
|
||||
existing.evidence = evidence
|
||||
existing.metadata["provenance"] = provenance
|
||||
existing.metadata["evidence"] = evidence
|
||||
existing.metadata["observation_count"] = observation_count
|
||||
existing.metadata["duplicate_count"] = max(0, observation_count - 1)
|
||||
existing.metadata["status"] = existing.status
|
||||
return existing
|
||||
return facts
|
||||
|
||||
|
||||
def save_facts_to_store(facts: List[ExtractedFact], fact_store_fn=None) -> int:
|
||||
"""Save extracted facts to the fact store.
|
||||
|
||||
If a callback is supplied, prefer the structured signature but fall back to
|
||||
the legacy four-argument callback for compatibility.
|
||||
Args:
|
||||
facts: List of extracted facts.
|
||||
fact_store_fn: Optional callable(category, entity, content, trust).
|
||||
If None, uses the holographic fact store if available.
|
||||
|
||||
Returns:
|
||||
Number of facts saved.
|
||||
"""
|
||||
|
||||
saved = 0
|
||||
for fact in facts:
|
||||
payload = {
|
||||
"category": _store_category(fact.category),
|
||||
"entity": fact.entity,
|
||||
"content": fact.content,
|
||||
"trust": fact.confidence,
|
||||
"metadata": dict(fact.metadata),
|
||||
"canonical_key": fact.canonical_key,
|
||||
"observed_at": fact.observed_at,
|
||||
"source_role": fact.source_role,
|
||||
"source_turn": fact.source_turn,
|
||||
"contradiction_group": fact.contradiction_group,
|
||||
"status": fact.status,
|
||||
"relation": fact.relation,
|
||||
}
|
||||
|
||||
if fact_store_fn:
|
||||
if fact_store_fn:
|
||||
for fact in facts:
|
||||
try:
|
||||
fact_store_fn(**payload)
|
||||
fact_store_fn(
|
||||
category=fact.category,
|
||||
entity=fact.entity,
|
||||
content=fact.content,
|
||||
trust=fact.confidence,
|
||||
)
|
||||
saved += 1
|
||||
continue
|
||||
except TypeError:
|
||||
try:
|
||||
fact_store_fn(payload["category"], payload["entity"], payload["content"], payload["trust"])
|
||||
saved += 1
|
||||
continue
|
||||
except Exception as exc:
|
||||
logger.debug("Failed to save fact via callback: %s", exc)
|
||||
continue
|
||||
except Exception as exc:
|
||||
logger.debug("Failed to save fact via callback: %s", exc)
|
||||
continue
|
||||
|
||||
except Exception as e:
|
||||
logger.debug("Failed to save fact: %s", e)
|
||||
else:
|
||||
# Try holographic fact store
|
||||
try:
|
||||
from fact_store import fact_store as _fs
|
||||
|
||||
tags = ",".join(filter(None, [fact.entity, fact.relation, fact.status]))
|
||||
_fs(
|
||||
action="add",
|
||||
content=fact.content,
|
||||
category=_store_category(fact.category),
|
||||
tags=tags,
|
||||
trust_delta=fact.confidence - 0.5,
|
||||
)
|
||||
saved += 1
|
||||
for fact in facts:
|
||||
try:
|
||||
_fs(
|
||||
action="add",
|
||||
content=fact.content,
|
||||
category=fact.category,
|
||||
tags=fact.entity,
|
||||
trust_delta=fact.confidence - 0.5,
|
||||
)
|
||||
saved += 1
|
||||
except Exception as e:
|
||||
logger.debug("Failed to save fact via fact_store: %s", e)
|
||||
except ImportError:
|
||||
logger.debug("fact_store not available — facts not persisted")
|
||||
break
|
||||
except Exception as exc:
|
||||
logger.debug("Failed to save fact via fact_store: %s", exc)
|
||||
|
||||
return saved
|
||||
|
||||
@@ -553,10 +204,9 @@ def extract_and_save_facts(
|
||||
|
||||
Returns (extracted_facts, saved_count).
|
||||
"""
|
||||
|
||||
facts = extract_facts_from_messages(messages)
|
||||
if facts:
|
||||
logger.info("Extracted %d normalized facts from conversation", len(facts))
|
||||
logger.info("Extracted %d facts from conversation", len(facts))
|
||||
saved = save_facts_to_store(facts, fact_store_fn)
|
||||
logger.info("Saved %d/%d facts to store", saved, len(facts))
|
||||
else:
|
||||
@@ -566,105 +216,16 @@ def extract_and_save_facts(
|
||||
|
||||
def format_facts_summary(facts: List[ExtractedFact]) -> str:
|
||||
"""Format extracted facts as a readable summary."""
|
||||
|
||||
if not facts:
|
||||
return "No facts extracted."
|
||||
|
||||
by_category: dict[str, list[ExtractedFact]] = {}
|
||||
for fact in facts:
|
||||
by_category.setdefault(fact.category, []).append(fact)
|
||||
by_category = {}
|
||||
for f in facts:
|
||||
by_category.setdefault(f.category, []).append(f)
|
||||
|
||||
lines = [f"Extracted {len(facts)} facts:", ""]
|
||||
for category, category_facts in sorted(by_category.items()):
|
||||
lines.append(f" {category}:")
|
||||
for fact in category_facts:
|
||||
suffix = f" [{fact.status}]" if fact.status != "active" else ""
|
||||
lines.append(f" - {fact.content[:80]}{suffix}")
|
||||
for cat, cat_facts in sorted(by_category.items()):
|
||||
lines.append(f" {cat}:")
|
||||
for f in cat_facts:
|
||||
lines.append(f" - {f.content[:80]}")
|
||||
return "\n".join(lines)
|
||||
|
||||
|
||||
def _store_category(category: str) -> str:
|
||||
if category.startswith("user_pref"):
|
||||
return "user_pref"
|
||||
if category.startswith("project"):
|
||||
return "project"
|
||||
if category.startswith("tool"):
|
||||
return "tool"
|
||||
return "general"
|
||||
|
||||
|
||||
def _message_time(msg: Dict[str, Any]) -> Tuple[float, str]:
|
||||
for key in ("created_at", "timestamp", "time"):
|
||||
value = msg.get(key)
|
||||
if value is None:
|
||||
continue
|
||||
if isinstance(value, (int, float)):
|
||||
ts = float(value)
|
||||
return ts, _iso_from_timestamp(ts)
|
||||
if isinstance(value, str):
|
||||
parsed = _parse_time_string(value)
|
||||
if parsed is not None:
|
||||
return parsed, _iso_from_timestamp(parsed) if "T" not in value else value.replace("+00:00", "Z")
|
||||
return time.time(), value
|
||||
now = time.time()
|
||||
return now, _iso_from_timestamp(now)
|
||||
|
||||
|
||||
def _parse_time_string(value: str) -> float | None:
|
||||
text = value.strip()
|
||||
if not text:
|
||||
return None
|
||||
try:
|
||||
return float(text)
|
||||
except ValueError:
|
||||
pass
|
||||
try:
|
||||
normalized = text[:-1] + "+00:00" if text.endswith("Z") else text
|
||||
return datetime.fromisoformat(normalized).timestamp()
|
||||
except ValueError:
|
||||
return None
|
||||
|
||||
|
||||
def _iso_from_timestamp(value: float) -> str:
|
||||
return datetime.fromtimestamp(value, tz=timezone.utc).isoformat().replace("+00:00", "Z")
|
||||
|
||||
|
||||
def _normalize_value(value: str) -> str:
|
||||
normalized = re.sub(r"[^a-z0-9]+", " ", value.lower())
|
||||
normalized = re.sub(r"\s+", " ", normalized).strip()
|
||||
return normalized
|
||||
|
||||
|
||||
def _normalize_entity(value: str) -> str:
|
||||
return _normalize_value(value).replace(" ", "_") or "entity"
|
||||
|
||||
|
||||
def _canonical_key(entity: str, relation: str, normalized_value: str) -> str:
|
||||
return f"{entity}|{relation}|{normalized_value}"
|
||||
|
||||
|
||||
def _ordered_unique(*groups: List[str]) -> List[str]:
|
||||
seen: set[str] = set()
|
||||
ordered: list[str] = []
|
||||
for group in groups:
|
||||
for item in group:
|
||||
if item and item not in seen:
|
||||
seen.add(item)
|
||||
ordered.append(item)
|
||||
return ordered
|
||||
|
||||
|
||||
def _merge_evidence(existing: List[Dict[str, Any]], incoming: List[Dict[str, Any]]) -> List[Dict[str, Any]]:
|
||||
seen: set[tuple[str, str, str]] = set()
|
||||
merged: list[dict[str, Any]] = []
|
||||
for item in list(existing) + list(incoming):
|
||||
key = (
|
||||
str(item.get("provenance", "")),
|
||||
str(item.get("observed_at", "")),
|
||||
str(item.get("source_text", "")),
|
||||
)
|
||||
if key in seen:
|
||||
continue
|
||||
seen.add(key)
|
||||
merged.append(dict(item))
|
||||
return merged
|
||||
|
||||
@@ -356,57 +356,44 @@ class HolographicMemoryProvider(MemoryProvider):
|
||||
# -- Auto-extraction (on_session_end) ------------------------------------
|
||||
|
||||
def _auto_extract_facts(self, messages: list) -> None:
|
||||
from agent.session_compactor import evaluate_extraction_quality, extract_facts_from_messages
|
||||
|
||||
def _store_category(category: str) -> str:
|
||||
if category.startswith("user_pref"):
|
||||
return "user_pref"
|
||||
if category.startswith("project"):
|
||||
return "project"
|
||||
if category.startswith("tool"):
|
||||
return "tool"
|
||||
return "general"
|
||||
|
||||
facts = extract_facts_from_messages(messages)
|
||||
if not facts:
|
||||
return
|
||||
_PREF_PATTERNS = [
|
||||
re.compile(r'\bI\s+(?:prefer|like|love|use|want|need)\s+(.+)', re.IGNORECASE),
|
||||
re.compile(r'\bmy\s+(?:favorite|preferred|default)\s+\w+\s+is\s+(.+)', re.IGNORECASE),
|
||||
re.compile(r'\bI\s+(?:always|never|usually)\s+(.+)', re.IGNORECASE),
|
||||
]
|
||||
_DECISION_PATTERNS = [
|
||||
re.compile(r'\bwe\s+(?:decided|agreed|chose)\s+(?:to\s+)?(.+)', re.IGNORECASE),
|
||||
re.compile(r'\bthe\s+project\s+(?:uses|needs|requires)\s+(.+)', re.IGNORECASE),
|
||||
]
|
||||
|
||||
extracted = 0
|
||||
for fact in facts:
|
||||
try:
|
||||
metadata = dict(fact.metadata)
|
||||
metadata.setdefault("relation", fact.relation)
|
||||
metadata.setdefault("value", fact.content)
|
||||
metadata.setdefault("provenance", [fact.provenance])
|
||||
metadata.setdefault("evidence", list(fact.evidence))
|
||||
metadata.setdefault("observation_count", len(fact.evidence))
|
||||
metadata.setdefault("duplicate_count", max(0, len(fact.evidence) - 1))
|
||||
self._store.add_fact(
|
||||
fact.content,
|
||||
category=_store_category(fact.category),
|
||||
tags=",".join(filter(None, [fact.entity, fact.relation, fact.status])),
|
||||
canonical_key=fact.canonical_key,
|
||||
metadata=metadata,
|
||||
confidence=fact.confidence,
|
||||
source_role=fact.source_role,
|
||||
source_turn=fact.source_turn,
|
||||
observed_at=fact.observed_at,
|
||||
contradiction_group=fact.contradiction_group,
|
||||
status=fact.status,
|
||||
)
|
||||
extracted += 1
|
||||
except Exception as exc:
|
||||
logger.debug("Structured auto-extract failed for %s: %s", fact.canonical_key, exc)
|
||||
for msg in messages:
|
||||
if msg.get("role") != "user":
|
||||
continue
|
||||
content = msg.get("content", "")
|
||||
if not isinstance(content, str) or len(content) < 10:
|
||||
continue
|
||||
|
||||
for pattern in _PREF_PATTERNS:
|
||||
if pattern.search(content):
|
||||
try:
|
||||
self._store.add_fact(content[:400], category="user_pref")
|
||||
extracted += 1
|
||||
except Exception:
|
||||
pass
|
||||
break
|
||||
|
||||
for pattern in _DECISION_PATTERNS:
|
||||
if pattern.search(content):
|
||||
try:
|
||||
self._store.add_fact(content[:400], category="project")
|
||||
extracted += 1
|
||||
except Exception:
|
||||
pass
|
||||
break
|
||||
|
||||
if extracted:
|
||||
metrics = evaluate_extraction_quality(messages)
|
||||
logger.info(
|
||||
"Auto-extracted %d structured facts from conversation (raw=%d normalized=%d contradictions=%d)",
|
||||
extracted,
|
||||
metrics["raw_candidates"],
|
||||
metrics["normalized_facts"],
|
||||
metrics["contradiction_groups"],
|
||||
)
|
||||
logger.info("Auto-extracted %d facts from conversation", extracted)
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
@@ -3,7 +3,6 @@ SQLite-backed fact store with entity resolution and trust scoring.
|
||||
Single-user Hermes memory store plugin.
|
||||
"""
|
||||
|
||||
import json
|
||||
import re
|
||||
import sqlite3
|
||||
import threading
|
||||
@@ -16,24 +15,16 @@ except ImportError:
|
||||
|
||||
_SCHEMA = """
|
||||
CREATE TABLE IF NOT EXISTS facts (
|
||||
fact_id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
content TEXT NOT NULL UNIQUE,
|
||||
category TEXT DEFAULT 'general',
|
||||
tags TEXT DEFAULT '',
|
||||
trust_score REAL DEFAULT 0.5,
|
||||
retrieval_count INTEGER DEFAULT 0,
|
||||
helpful_count INTEGER DEFAULT 0,
|
||||
canonical_key TEXT DEFAULT '',
|
||||
metadata_json TEXT DEFAULT '{}',
|
||||
confidence REAL DEFAULT 0.5,
|
||||
source_role TEXT DEFAULT '',
|
||||
source_turn INTEGER DEFAULT -1,
|
||||
observed_at TEXT DEFAULT '',
|
||||
contradiction_group TEXT DEFAULT '',
|
||||
status TEXT DEFAULT 'active',
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
hrr_vector BLOB
|
||||
fact_id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
content TEXT NOT NULL UNIQUE,
|
||||
category TEXT DEFAULT 'general',
|
||||
tags TEXT DEFAULT '',
|
||||
trust_score REAL DEFAULT 0.5,
|
||||
retrieval_count INTEGER DEFAULT 0,
|
||||
helpful_count INTEGER DEFAULT 0,
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
hrr_vector BLOB
|
||||
);
|
||||
|
||||
CREATE TABLE IF NOT EXISTS entities (
|
||||
@@ -50,11 +41,9 @@ CREATE TABLE IF NOT EXISTS fact_entities (
|
||||
PRIMARY KEY (fact_id, entity_id)
|
||||
);
|
||||
|
||||
CREATE INDEX IF NOT EXISTS idx_facts_trust ON facts(trust_score DESC);
|
||||
CREATE INDEX IF NOT EXISTS idx_facts_category ON facts(category);
|
||||
CREATE INDEX IF NOT EXISTS idx_facts_canonical_key ON facts(canonical_key);
|
||||
CREATE INDEX IF NOT EXISTS idx_facts_contradiction_group ON facts(contradiction_group);
|
||||
CREATE INDEX IF NOT EXISTS idx_entities_name ON entities(name);
|
||||
CREATE INDEX IF NOT EXISTS idx_facts_trust ON facts(trust_score DESC);
|
||||
CREATE INDEX IF NOT EXISTS idx_facts_category ON facts(category);
|
||||
CREATE INDEX IF NOT EXISTS idx_entities_name ON entities(name);
|
||||
|
||||
CREATE VIRTUAL TABLE IF NOT EXISTS facts_fts
|
||||
USING fts5(content, tags, content=facts, content_rowid=fact_id);
|
||||
@@ -140,23 +129,10 @@ class MemoryStore:
|
||||
"""Create tables, indexes, and triggers if they do not exist. Enable WAL mode."""
|
||||
self._conn.execute("PRAGMA journal_mode=WAL")
|
||||
self._conn.executescript(_SCHEMA)
|
||||
# Migrate: add hrr_vector column if missing (safe for existing databases)
|
||||
columns = {row[1] for row in self._conn.execute("PRAGMA table_info(facts)").fetchall()}
|
||||
migrations = {
|
||||
"hrr_vector": "ALTER TABLE facts ADD COLUMN hrr_vector BLOB",
|
||||
"canonical_key": "ALTER TABLE facts ADD COLUMN canonical_key TEXT DEFAULT ''",
|
||||
"metadata_json": "ALTER TABLE facts ADD COLUMN metadata_json TEXT DEFAULT '{}'",
|
||||
"confidence": "ALTER TABLE facts ADD COLUMN confidence REAL DEFAULT 0.5",
|
||||
"source_role": "ALTER TABLE facts ADD COLUMN source_role TEXT DEFAULT ''",
|
||||
"source_turn": "ALTER TABLE facts ADD COLUMN source_turn INTEGER DEFAULT -1",
|
||||
"observed_at": "ALTER TABLE facts ADD COLUMN observed_at TEXT DEFAULT ''",
|
||||
"contradiction_group": "ALTER TABLE facts ADD COLUMN contradiction_group TEXT DEFAULT ''",
|
||||
"status": "ALTER TABLE facts ADD COLUMN status TEXT DEFAULT 'active'",
|
||||
}
|
||||
for column, ddl in migrations.items():
|
||||
if column not in columns:
|
||||
self._conn.execute(ddl)
|
||||
self._conn.execute("CREATE INDEX IF NOT EXISTS idx_facts_canonical_key ON facts(canonical_key)")
|
||||
self._conn.execute("CREATE INDEX IF NOT EXISTS idx_facts_contradiction_group ON facts(contradiction_group)")
|
||||
if "hrr_vector" not in columns:
|
||||
self._conn.execute("ALTER TABLE facts ADD COLUMN hrr_vector BLOB")
|
||||
self._conn.commit()
|
||||
|
||||
# ------------------------------------------------------------------
|
||||
@@ -168,148 +144,41 @@ class MemoryStore:
|
||||
content: str,
|
||||
category: str = "general",
|
||||
tags: str = "",
|
||||
*,
|
||||
canonical_key: str = "",
|
||||
metadata: dict | None = None,
|
||||
confidence: float | None = None,
|
||||
source_role: str = "",
|
||||
source_turn: int = -1,
|
||||
observed_at: str = "",
|
||||
contradiction_group: str = "",
|
||||
status: str = "active",
|
||||
) -> int:
|
||||
"""Insert a fact and return its fact_id.
|
||||
|
||||
Exact duplicates are deduplicated by content. Near-duplicates are
|
||||
normalized by canonical_key, with provenance/evidence merged into the
|
||||
existing row. Contradictions sharing the same contradiction_group remain
|
||||
stored as separate rows and are marked inspectably.
|
||||
Deduplicates by content (UNIQUE constraint). On duplicate, returns
|
||||
the existing fact_id without modifying the row. Extracts entities from
|
||||
the content and links them to the fact.
|
||||
"""
|
||||
with self._lock:
|
||||
content = content.strip()
|
||||
if not content:
|
||||
raise ValueError("content must not be empty")
|
||||
|
||||
metadata = dict(metadata or {})
|
||||
canonical_key = canonical_key.strip()
|
||||
contradiction_group = contradiction_group.strip()
|
||||
observed_at = observed_at.strip()
|
||||
status = status or "active"
|
||||
trust_score = self.default_trust if confidence is None else _clamp_trust(confidence)
|
||||
metadata_json = json.dumps(metadata, sort_keys=True)
|
||||
|
||||
if canonical_key:
|
||||
existing = self._conn.execute(
|
||||
"SELECT fact_id, metadata_json, trust_score, confidence, observed_at FROM facts WHERE canonical_key = ?",
|
||||
(canonical_key,),
|
||||
).fetchone()
|
||||
if existing is not None:
|
||||
merged_metadata = self._merge_metadata(existing["metadata_json"], metadata)
|
||||
merged_trust = max(float(existing["trust_score"]), trust_score)
|
||||
merged_observed_at = existing["observed_at"] or observed_at
|
||||
if observed_at and merged_observed_at:
|
||||
merged_observed_at = min(merged_observed_at, observed_at)
|
||||
elif observed_at:
|
||||
merged_observed_at = observed_at
|
||||
self._conn.execute(
|
||||
"""
|
||||
UPDATE facts
|
||||
SET metadata_json = ?,
|
||||
trust_score = ?,
|
||||
confidence = ?,
|
||||
observed_at = ?,
|
||||
updated_at = CURRENT_TIMESTAMP
|
||||
WHERE fact_id = ?
|
||||
""",
|
||||
(
|
||||
json.dumps(merged_metadata, sort_keys=True),
|
||||
merged_trust,
|
||||
max(float(existing["confidence"] or 0.0), confidence or trust_score),
|
||||
merged_observed_at,
|
||||
existing["fact_id"],
|
||||
),
|
||||
)
|
||||
self._conn.commit()
|
||||
return int(existing["fact_id"])
|
||||
|
||||
contradiction_rows = []
|
||||
if contradiction_group:
|
||||
contradiction_rows = self._conn.execute(
|
||||
"""
|
||||
SELECT fact_id, canonical_key, metadata_json
|
||||
FROM facts
|
||||
WHERE contradiction_group = ?
|
||||
AND canonical_key != ?
|
||||
""",
|
||||
(contradiction_group, canonical_key),
|
||||
).fetchall()
|
||||
if contradiction_rows:
|
||||
status = "contradiction"
|
||||
metadata = dict(metadata)
|
||||
metadata["status"] = "contradiction"
|
||||
metadata["contradiction_group"] = contradiction_group
|
||||
metadata["contradiction_keys"] = sorted(
|
||||
{
|
||||
canonical_key,
|
||||
*[str(row["canonical_key"]) for row in contradiction_rows if row["canonical_key"]],
|
||||
}
|
||||
- {""}
|
||||
)
|
||||
metadata_json = json.dumps(metadata, sort_keys=True)
|
||||
|
||||
try:
|
||||
cur = self._conn.execute(
|
||||
"""
|
||||
INSERT INTO facts (
|
||||
content,
|
||||
category,
|
||||
tags,
|
||||
trust_score,
|
||||
canonical_key,
|
||||
metadata_json,
|
||||
confidence,
|
||||
source_role,
|
||||
source_turn,
|
||||
observed_at,
|
||||
contradiction_group,
|
||||
status
|
||||
)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
|
||||
INSERT INTO facts (content, category, tags, trust_score)
|
||||
VALUES (?, ?, ?, ?)
|
||||
""",
|
||||
(
|
||||
content,
|
||||
category,
|
||||
tags,
|
||||
trust_score,
|
||||
canonical_key,
|
||||
metadata_json,
|
||||
confidence if confidence is not None else trust_score,
|
||||
source_role,
|
||||
source_turn,
|
||||
observed_at,
|
||||
contradiction_group,
|
||||
status,
|
||||
),
|
||||
(content, category, tags, self.default_trust),
|
||||
)
|
||||
self._conn.commit()
|
||||
fact_id: int = cur.lastrowid # type: ignore[assignment]
|
||||
except sqlite3.IntegrityError:
|
||||
# Duplicate content — return existing id
|
||||
row = self._conn.execute(
|
||||
"SELECT fact_id FROM facts WHERE content = ?", (content,)
|
||||
).fetchone()
|
||||
return int(row["fact_id"])
|
||||
|
||||
if contradiction_rows:
|
||||
self._mark_contradictions(
|
||||
contradiction_group=contradiction_group,
|
||||
new_canonical_key=canonical_key,
|
||||
existing_rows=contradiction_rows,
|
||||
)
|
||||
|
||||
# Entity extraction and linking
|
||||
for name in self._extract_entities(content):
|
||||
entity_id = self._resolve_entity(name)
|
||||
self._link_fact_entity(fact_id, entity_id)
|
||||
|
||||
# Compute HRR vector after entity linking
|
||||
self._compute_hrr_vector(fact_id, content)
|
||||
self._rebuild_bank(category)
|
||||
|
||||
@@ -342,9 +211,6 @@ class MemoryStore:
|
||||
sql = f"""
|
||||
SELECT f.fact_id, f.content, f.category, f.tags,
|
||||
f.trust_score, f.retrieval_count, f.helpful_count,
|
||||
f.canonical_key, f.metadata_json, f.confidence,
|
||||
f.source_role, f.source_turn, f.observed_at,
|
||||
f.contradiction_group, f.status,
|
||||
f.created_at, f.updated_at
|
||||
FROM facts f
|
||||
JOIN facts_fts fts ON fts.rowid = f.fact_id
|
||||
@@ -470,11 +336,7 @@ class MemoryStore:
|
||||
|
||||
sql = f"""
|
||||
SELECT fact_id, content, category, tags, trust_score,
|
||||
retrieval_count, helpful_count,
|
||||
canonical_key, metadata_json, confidence,
|
||||
source_role, source_turn, observed_at,
|
||||
contradiction_group, status,
|
||||
created_at, updated_at
|
||||
retrieval_count, helpful_count, created_at, updated_at
|
||||
FROM facts
|
||||
WHERE trust_score >= ?
|
||||
{category_clause}
|
||||
@@ -525,89 +387,6 @@ class MemoryStore:
|
||||
"helpful_count": row["helpful_count"] + helpful_increment,
|
||||
}
|
||||
|
||||
# ------------------------------------------------------------------
|
||||
# Metadata helpers
|
||||
# ------------------------------------------------------------------
|
||||
|
||||
def _load_metadata(self, metadata_json: str | None) -> dict:
|
||||
if not metadata_json:
|
||||
return {}
|
||||
try:
|
||||
data = json.loads(metadata_json)
|
||||
return data if isinstance(data, dict) else {}
|
||||
except Exception:
|
||||
return {}
|
||||
|
||||
def _merge_metadata(self, existing_json: str | None, incoming: dict | None) -> dict:
|
||||
existing = self._load_metadata(existing_json)
|
||||
incoming = dict(incoming or {})
|
||||
merged = dict(existing)
|
||||
merged.update({k: v for k, v in incoming.items() if k not in {"provenance", "evidence", "observation_count", "duplicate_count", "contradiction_keys"}})
|
||||
|
||||
provenance = []
|
||||
seen_provenance: set[str] = set()
|
||||
for item in list(existing.get("provenance", [])) + list(incoming.get("provenance", [])):
|
||||
if item and item not in seen_provenance:
|
||||
seen_provenance.add(item)
|
||||
provenance.append(item)
|
||||
|
||||
evidence = []
|
||||
seen_evidence: set[tuple[str, str, str]] = set()
|
||||
for item in list(existing.get("evidence", [])) + list(incoming.get("evidence", [])):
|
||||
if not isinstance(item, dict):
|
||||
continue
|
||||
key = (
|
||||
str(item.get("provenance", "")),
|
||||
str(item.get("observed_at", "")),
|
||||
str(item.get("source_text", "")),
|
||||
)
|
||||
if key in seen_evidence:
|
||||
continue
|
||||
seen_evidence.add(key)
|
||||
evidence.append(dict(item))
|
||||
|
||||
observation_count = int(existing.get("observation_count", max(1, len(existing.get("evidence", [])) or 1)))
|
||||
observation_count += int(incoming.get("observation_count", max(1, len(incoming.get("evidence", [])) or 1)))
|
||||
|
||||
contradiction_keys = []
|
||||
seen_keys: set[str] = set()
|
||||
for item in list(existing.get("contradiction_keys", [])) + list(incoming.get("contradiction_keys", [])):
|
||||
if item and item not in seen_keys:
|
||||
seen_keys.add(item)
|
||||
contradiction_keys.append(item)
|
||||
|
||||
merged["provenance"] = provenance
|
||||
merged["evidence"] = evidence
|
||||
merged["observation_count"] = observation_count
|
||||
merged["duplicate_count"] = max(0, observation_count - 1)
|
||||
if contradiction_keys:
|
||||
merged["contradiction_keys"] = contradiction_keys
|
||||
return merged
|
||||
|
||||
def _mark_contradictions(self, contradiction_group: str, new_canonical_key: str, existing_rows: list[sqlite3.Row]) -> None:
|
||||
for row in existing_rows:
|
||||
metadata = self._load_metadata(row["metadata_json"])
|
||||
keys = []
|
||||
seen: set[str] = set()
|
||||
for item in list(metadata.get("contradiction_keys", [])) + [new_canonical_key]:
|
||||
if item and item not in seen:
|
||||
seen.add(item)
|
||||
keys.append(item)
|
||||
metadata["status"] = "contradiction"
|
||||
metadata["contradiction_group"] = contradiction_group
|
||||
metadata["contradiction_keys"] = keys
|
||||
self._conn.execute(
|
||||
"""
|
||||
UPDATE facts
|
||||
SET status = 'contradiction',
|
||||
metadata_json = ?,
|
||||
updated_at = CURRENT_TIMESTAMP
|
||||
WHERE fact_id = ?
|
||||
""",
|
||||
(json.dumps(metadata, sort_keys=True), row["fact_id"]),
|
||||
)
|
||||
self._conn.commit()
|
||||
|
||||
# ------------------------------------------------------------------
|
||||
# Entity helpers
|
||||
# ------------------------------------------------------------------
|
||||
@@ -781,14 +560,8 @@ class MemoryStore:
|
||||
# ------------------------------------------------------------------
|
||||
|
||||
def _row_to_dict(self, row: sqlite3.Row) -> dict:
|
||||
"""Convert a sqlite3.Row to a plain dict with decoded metadata."""
|
||||
data = dict(row)
|
||||
metadata = self._load_metadata(data.get("metadata_json"))
|
||||
if metadata:
|
||||
data["metadata"] = metadata
|
||||
data.setdefault("relation", metadata.get("relation"))
|
||||
data.pop("metadata_json", None)
|
||||
return data
|
||||
"""Convert a sqlite3.Row to a plain dict."""
|
||||
return dict(row)
|
||||
|
||||
def close(self) -> None:
|
||||
"""Close the database connection."""
|
||||
|
||||
515
research_human_confirmation_firewall.md
Normal file
515
research_human_confirmation_firewall.md
Normal file
@@ -0,0 +1,515 @@
|
||||
# Human Confirmation Firewall: Research Report
|
||||
## Implementation Patterns for Hermes Agent
|
||||
|
||||
**Issue:** #878
|
||||
**Parent:** #659
|
||||
**Priority:** P0
|
||||
**Scope:** Human-in-the-loop safety patterns for tool calls, crisis handling, and irreversible actions
|
||||
|
||||
---
|
||||
|
||||
## Executive Summary
|
||||
|
||||
Hermes already has a partial human confirmation firewall, but it is narrow.
|
||||
|
||||
Current repo state shows:
|
||||
- a real **pre-execution gate** for dangerous terminal commands in `tools/approval.py`
|
||||
- a partial **confidence-threshold path** via `_smart_approve()` in `tools/approval.py`
|
||||
- gateway support for blocking approval resolution in `gateway/run.py`
|
||||
|
||||
What is still missing is the core recommendation from this research issue:
|
||||
- **confidence scoring on all tool calls**, not just terminal commands that already matched a dangerous regex
|
||||
- a **hard pre-execution human gate for crisis interventions**, especially any action that would auto-respond to suicidal content
|
||||
- a consistent way to classify actions into:
|
||||
1. pre-execution gate
|
||||
2. post-execution review
|
||||
3. confidence-threshold execution
|
||||
|
||||
Recommendation:
|
||||
- use **Pattern 1: Pre-Execution Gate** for crisis interventions and irreversible/high-impact actions
|
||||
- use **Pattern 3: Confidence Threshold** for normal operations
|
||||
- reserve **Pattern 2: Post-Execution Review** only for low-risk and reversible actions
|
||||
|
||||
The next implementation step should be a **tool-call risk assessment layer** that runs before dispatch in `model_tools.handle_function_call()`, assigns a score and pattern to every tool call, and routes only the highest-risk calls into mandatory human confirmation.
|
||||
|
||||
---
|
||||
|
||||
## 1. The Three Proven Patterns
|
||||
|
||||
### Pattern 1: Pre-Execution Gate
|
||||
|
||||
Definition:
|
||||
- halt before execution
|
||||
- show the proposed action to the human
|
||||
- require explicit approval or denial
|
||||
|
||||
Best for:
|
||||
- destructive actions
|
||||
- irreversible side effects
|
||||
- crisis interventions
|
||||
- actions that affect another human's safety, money, infrastructure, or private data
|
||||
|
||||
Strengths:
|
||||
- strongest safety guarantee
|
||||
- simplest audit story
|
||||
- prevents the most catastrophic failure mode: acting first and apologizing later
|
||||
|
||||
Weaknesses:
|
||||
- adds latency
|
||||
- creates operator burden if overused
|
||||
- should not be applied to every ordinary tool call
|
||||
|
||||
### Pattern 2: Post-Execution Review
|
||||
|
||||
Definition:
|
||||
- execute first
|
||||
- expose result to human
|
||||
- allow rollback or follow-up correction
|
||||
|
||||
Best for:
|
||||
- reversible operations
|
||||
- low-risk actions with fast recovery
|
||||
- tasks where human review matters but immediate execution is acceptable
|
||||
|
||||
Strengths:
|
||||
- low friction
|
||||
- fast iteration
|
||||
- useful when rollback is practical
|
||||
|
||||
Weaknesses:
|
||||
- unsafe for crisis or destructive actions
|
||||
- only works when rollback actually exists
|
||||
- a poor fit for external communication or life-safety contexts
|
||||
|
||||
### Pattern 3: Confidence Threshold
|
||||
|
||||
Definition:
|
||||
- compute a risk/confidence score before execution
|
||||
- auto-execute high-confidence safe actions
|
||||
- request confirmation for lower-confidence or higher-risk actions
|
||||
|
||||
Best for:
|
||||
- mixed-risk tool ecosystems
|
||||
- day-to-day operations where always-confirm would be too expensive
|
||||
- systems with a large volume of ordinary, safe reads and edits
|
||||
|
||||
Strengths:
|
||||
- best balance of speed and safety
|
||||
- scales across many tool types
|
||||
- allows targeted human attention where it matters most
|
||||
|
||||
Weaknesses:
|
||||
- depends on a good scoring model
|
||||
- weak scoring creates false negatives or unnecessary prompts
|
||||
- must remain inspectable and debuggable
|
||||
|
||||
---
|
||||
|
||||
## 2. What Hermes Already Has
|
||||
|
||||
## 2.1 Existing Pre-Execution Gate for Dangerous Terminal Commands
|
||||
|
||||
`tools/approval.py` already implements a real pre-execution confirmation path for dangerous shell commands.
|
||||
|
||||
Observed components:
|
||||
- `DANGEROUS_PATTERNS`
|
||||
- `detect_dangerous_command()`
|
||||
- `prompt_dangerous_approval()`
|
||||
- `check_dangerous_command()`
|
||||
- gateway queueing and resolution support in the same module
|
||||
|
||||
This is already Pattern 1.
|
||||
|
||||
Current behavior:
|
||||
- dangerous terminal commands are detected before execution
|
||||
- the user can allow once / session / always / deny
|
||||
- gateway sessions can block until approval resolves
|
||||
|
||||
This is a strong foundation, but it is limited to a subset of terminal commands.
|
||||
|
||||
## 2.2 Partial Confidence Threshold via Smart Approvals
|
||||
|
||||
Hermes also already has a partial Pattern 3.
|
||||
|
||||
Observed component:
|
||||
- `_smart_approve()` in `tools/approval.py`
|
||||
|
||||
Current behavior:
|
||||
- only runs **after** a command has already been flagged by dangerous-pattern detection
|
||||
- uses the auxiliary LLM to decide:
|
||||
- approve
|
||||
- deny
|
||||
- escalate
|
||||
|
||||
This means Hermes has a confidence-threshold mechanism, but only for **already-flagged dangerous terminal commands**.
|
||||
|
||||
What it does not yet do:
|
||||
- score all tool calls
|
||||
- classify non-terminal tools
|
||||
- distinguish crisis interventions from normal ops
|
||||
- produce a shared risk model across the tool surface
|
||||
|
||||
## 2.3 Blocking Approval UX in Gateway
|
||||
|
||||
`gateway/run.py` already routes `/approve` and `/deny` into the blocking approval path.
|
||||
|
||||
This means the infrastructure for a true human confirmation firewall already exists in messaging contexts.
|
||||
|
||||
That is important because the missing work is not "invent human approval from zero."
|
||||
The missing work is:
|
||||
- expand the scope from dangerous shell commands to **all tool calls that matter**
|
||||
- make the routing policy explicit and inspectable
|
||||
|
||||
---
|
||||
|
||||
## 3. What Hermes Still Lacks
|
||||
|
||||
## 3.1 No Universal Tool-Call Risk Assessment
|
||||
|
||||
The current approval system is command-pattern-centric.
|
||||
It is not yet a tool-call firewall.
|
||||
|
||||
Missing capability:
|
||||
- before dispatch, every tool call should receive a structured assessment:
|
||||
- tool name
|
||||
- side-effect class
|
||||
- reversibility
|
||||
- human-impact potential
|
||||
- crisis relevance
|
||||
- confidence score
|
||||
- recommended confirmation pattern
|
||||
|
||||
Natural insertion point:
|
||||
- `model_tools.handle_function_call()`
|
||||
|
||||
That function already sits at the central dispatch boundary.
|
||||
It is the right place to add a pre-dispatch classifier.
|
||||
|
||||
## 3.2 No Hard Crisis Gate for Outbound Intervention
|
||||
|
||||
Issue #878 explicitly recommends:
|
||||
- Pattern 1 for crisis interventions
|
||||
- never auto-respond to suicidal content
|
||||
|
||||
That recommendation is not yet codified as a global firewall rule.
|
||||
|
||||
Missing rule:
|
||||
- if a tool call would directly intervene in a crisis context or send outward guidance in response to suicidal content, it must require explicit human confirmation before execution
|
||||
|
||||
Examples that should hard-gate:
|
||||
- outbound `send_message` content aimed at a suicidal user
|
||||
- any future tool that places calls, escalates emergencies, or contacts third parties about a crisis
|
||||
- any autonomous action that claims a person should or should not take a life-safety step
|
||||
|
||||
## 3.3 No First-Class Post-Execution Review Policy
|
||||
|
||||
Hermes has approval and denial, but it does not yet have a formal policy for when Pattern 2 is acceptable.
|
||||
|
||||
Without a policy, post-execution review tends to get used implicitly rather than intentionally.
|
||||
|
||||
That is risky.
|
||||
|
||||
Hermes should define Pattern 2 narrowly:
|
||||
- only for actions that are both low-risk and reversible
|
||||
- only when the system can show the human exactly what happened
|
||||
- never for crisis, finance, destructive config, or sensitive comms
|
||||
|
||||
---
|
||||
|
||||
## 4. Recommended Architecture for Hermes
|
||||
|
||||
## 4.1 Add a Tool-Call Assessment Layer
|
||||
|
||||
Add a pre-dispatch assessment object for every tool call.
|
||||
|
||||
Suggested shape:
|
||||
|
||||
```python
|
||||
@dataclass
|
||||
class ToolCallAssessment:
|
||||
tool_name: str
|
||||
risk_score: float # 0.0 to 1.0
|
||||
confidence: float # confidence in the assessment itself
|
||||
pattern: str # pre_execution_gate | post_execution_review | confidence_threshold
|
||||
requires_human: bool
|
||||
reasons: list[str]
|
||||
reversible: bool
|
||||
crisis_sensitive: bool
|
||||
```
|
||||
|
||||
Suggested execution point:
|
||||
- inside `model_tools.handle_function_call()` before `orchestrator.dispatch()`
|
||||
|
||||
Why here:
|
||||
- one place covers all tools
|
||||
- one place can emit traces
|
||||
- one place can remain model-agnostic
|
||||
- one place lets plugins observe or override the assessment
|
||||
|
||||
## 4.2 Classify Tool Calls by Side-Effect Class
|
||||
|
||||
Suggested first-pass taxonomy:
|
||||
|
||||
### A. Read-only
|
||||
Examples:
|
||||
- `read_file`
|
||||
- `search_files`
|
||||
- `browser_snapshot`
|
||||
- `browser_console` read-only inspection
|
||||
|
||||
Pattern:
|
||||
- confidence threshold
|
||||
- almost always auto-execute
|
||||
- human confirmation normally unnecessary
|
||||
|
||||
### B. Local reversible edits
|
||||
Examples:
|
||||
- `patch`
|
||||
- `write_file`
|
||||
- `todo`
|
||||
|
||||
Pattern:
|
||||
- confidence threshold
|
||||
- human confirmation only when risk score rises because of path sensitivity or scope breadth
|
||||
|
||||
### C. External side effects
|
||||
Examples:
|
||||
- `send_message`
|
||||
- `cronjob`
|
||||
- `delegate_task`
|
||||
- smart-home actuation tools
|
||||
|
||||
Pattern:
|
||||
- confidence threshold by default
|
||||
- pre-execution gate when score exceeds threshold or when context is sensitive
|
||||
|
||||
### D. Critical / destructive / crisis-sensitive
|
||||
Examples:
|
||||
- dangerous `terminal`
|
||||
- financial actions
|
||||
- deletion / kill / restart / deployment in sensitive paths
|
||||
- outbound crisis intervention
|
||||
|
||||
Pattern:
|
||||
- pre-execution gate
|
||||
- never auto-execute on confidence alone
|
||||
|
||||
## 4.3 Crisis Override Rule
|
||||
|
||||
Add a hard override:
|
||||
|
||||
```text
|
||||
If tool call is crisis-sensitive AND outbound or irreversible:
|
||||
requires_human = True
|
||||
pattern = pre_execution_gate
|
||||
```
|
||||
|
||||
This is the most important rule in the issue.
|
||||
|
||||
The model may draft the message.
|
||||
The human must confirm before the system sends it.
|
||||
|
||||
## 4.4 Use Confidence Threshold for Normal Ops
|
||||
|
||||
For non-crisis operations, use Pattern 3.
|
||||
|
||||
Suggested logic:
|
||||
- low risk + high assessment confidence -> auto-execute
|
||||
- medium risk or medium confidence -> ask human
|
||||
- high risk -> always ask human
|
||||
|
||||
Key point:
|
||||
- confidence is not just "how sure the LLM is"
|
||||
- confidence should combine:
|
||||
- tool type certainty
|
||||
- argument clarity
|
||||
- path sensitivity
|
||||
- external side effects
|
||||
- crisis indicators
|
||||
|
||||
---
|
||||
|
||||
## 5. Recommended Initial Scoring Factors
|
||||
|
||||
A simple initial scorer is enough.
|
||||
It does not need to be fancy.
|
||||
|
||||
Suggested factors:
|
||||
|
||||
### 5.1 Tool class risk
|
||||
- read-only tools: very low base risk
|
||||
- local mutation tools: moderate base risk
|
||||
- external communication / automation tools: higher base risk
|
||||
- shell execution: variable, often high
|
||||
|
||||
### 5.2 Target sensitivity
|
||||
Examples:
|
||||
- `/tmp` or local scratch paths -> lower
|
||||
- repo files under git -> medium
|
||||
- system config, credentials, secrets, gateway lifecycle -> high
|
||||
- human-facing channels -> high if message content is sensitive
|
||||
|
||||
### 5.3 Reversibility
|
||||
- reversible -> lower
|
||||
- difficult but possible to undo -> medium
|
||||
- practically irreversible -> high
|
||||
|
||||
### 5.4 Human-impact content
|
||||
- no direct human impact -> low
|
||||
- administrative impact -> medium
|
||||
- crisis / safety / emotional intervention -> critical
|
||||
|
||||
### 5.5 Context certainty
|
||||
- arguments are explicit and narrow -> higher confidence
|
||||
- arguments are vague, inferred, or broad -> lower confidence
|
||||
|
||||
---
|
||||
|
||||
## 6. Implementation Plan
|
||||
|
||||
## Phase 1: Assessment Without Behavior Change
|
||||
|
||||
Goal:
|
||||
- score all tool calls
|
||||
- log assessment decisions
|
||||
- emit traces for review
|
||||
- do not yet block new tool categories
|
||||
|
||||
Files to touch:
|
||||
- `tools/approval.py`
|
||||
- `model_tools.py`
|
||||
- tests for assessment coverage
|
||||
|
||||
Output:
|
||||
- risk/confidence trace for every tool call
|
||||
- pattern recommendation for every tool call
|
||||
|
||||
Why first:
|
||||
- lets us calibrate before changing runtime behavior
|
||||
- avoids breaking existing workflows blindly
|
||||
|
||||
## Phase 2: Hard-Gate Crisis-Sensitive Outbound Actions
|
||||
|
||||
Goal:
|
||||
- enforce Pattern 1 for crisis interventions
|
||||
|
||||
Likely surfaces:
|
||||
- `send_message`
|
||||
- any future telephony / call / escalation tools
|
||||
- other tools with direct human intervention side effects
|
||||
|
||||
Rule:
|
||||
- never auto-send crisis intervention content without human confirmation
|
||||
|
||||
## Phase 3: General Confidence Threshold for Normal Ops
|
||||
|
||||
Goal:
|
||||
- apply Pattern 3 to all tool calls
|
||||
- auto-run clearly safe actions
|
||||
- escalate ambiguous or medium-risk actions
|
||||
|
||||
Likely thresholds:
|
||||
- score < 0.25 -> auto
|
||||
- 0.25 to 0.60 -> confirm if confidence is weak
|
||||
- > 0.60 -> confirm
|
||||
- crisis-sensitive -> always confirm
|
||||
|
||||
## Phase 4: Optional Post-Execution Review Lane
|
||||
|
||||
Goal:
|
||||
- allow Pattern 2 only for explicitly reversible operations
|
||||
|
||||
Examples:
|
||||
- maybe low-risk messaging drafts saved locally
|
||||
- maybe reversible UI actions in specific environments
|
||||
|
||||
Important:
|
||||
- this phase is optional
|
||||
- Hermes should not rely on Pattern 2 for safety-critical flows
|
||||
|
||||
---
|
||||
|
||||
## 7. Verification Criteria for the Future Implementation
|
||||
|
||||
The eventual implementation should prove all of the following:
|
||||
|
||||
1. every tool call receives a scored assessment before dispatch
|
||||
2. crisis-sensitive outbound actions always require human confirmation
|
||||
3. dangerous terminal commands still preserve their current pre-execution gate
|
||||
4. clearly safe read-only tool calls are not slowed by unnecessary prompts
|
||||
5. assessment traces can be inspected after a run
|
||||
6. approval decisions remain session-safe across CLI and gateway contexts
|
||||
|
||||
---
|
||||
|
||||
## 8. Concrete Recommendations
|
||||
|
||||
### Recommendation 1
|
||||
Do **not** replace the current dangerous-command approval path.
|
||||
Generalize above it.
|
||||
|
||||
Why:
|
||||
- existing terminal Pattern 1 already works
|
||||
- this is the strongest piece of the current firewall
|
||||
|
||||
### Recommendation 2
|
||||
Add a universal scorer in `model_tools.handle_function_call()`.
|
||||
|
||||
Why:
|
||||
- that is the first point where Hermes knows the tool name and structured arguments
|
||||
- it is the cleanest place to classify all tool calls uniformly
|
||||
|
||||
### Recommendation 3
|
||||
Treat crisis-sensitive outbound intervention as a separate safety class.
|
||||
|
||||
Why:
|
||||
- issue #878 explicitly calls for Pattern 1 here
|
||||
- this matches Timmy's SOUL-level safety requirements
|
||||
|
||||
### Recommendation 4
|
||||
Ship scoring traces before enforcement expansion.
|
||||
|
||||
Why:
|
||||
- you cannot tune thresholds you cannot inspect
|
||||
- false positives will otherwise frustrate normal usage
|
||||
|
||||
### Recommendation 5
|
||||
Use Pattern 3 as the default policy for normal operations.
|
||||
|
||||
Why:
|
||||
- full manual confirmation on every tool call is too expensive
|
||||
- full autonomy is too risky
|
||||
- Pattern 3 is the practical middle ground
|
||||
|
||||
---
|
||||
|
||||
## 9. Bottom Line
|
||||
|
||||
Hermes should implement a **two-track human confirmation firewall**:
|
||||
|
||||
1. **Pattern 1: Pre-Execution Gate**
|
||||
- crisis interventions
|
||||
- destructive terminal actions
|
||||
- irreversible or safety-critical tool calls
|
||||
|
||||
2. **Pattern 3: Confidence Threshold**
|
||||
- all ordinary tool calls
|
||||
- driven by a universal tool-call assessment layer
|
||||
- integrated at the central dispatch boundary
|
||||
|
||||
Pattern 2 should remain optional and narrow.
|
||||
It is not the primary answer for Hermes.
|
||||
|
||||
The repo already contains the beginnings of this system.
|
||||
The next step is not new theory.
|
||||
It is to turn the existing approval path into a true **tool-call-wide human confirmation firewall**.
|
||||
|
||||
---
|
||||
|
||||
## References
|
||||
|
||||
- Issue #878 — Human Confirmation Firewall Implementation Patterns
|
||||
- Issue #659 — Critical Research Tasks
|
||||
- `tools/approval.py` — current dangerous-command approval flow and smart approvals
|
||||
- `model_tools.py` — central tool dispatch boundary
|
||||
- `gateway/run.py` — blocking approval handling for messaging sessions
|
||||
63
tests/fixtures/memory_extraction_fragments.json
vendored
63
tests/fixtures/memory_extraction_fragments.json
vendored
@@ -1,63 +0,0 @@
|
||||
{
|
||||
"preferences_and_duplicates": [
|
||||
{
|
||||
"role": "user",
|
||||
"content": "Deploy via Ansible for production changes.",
|
||||
"created_at": "2026-04-22T10:00:00Z"
|
||||
},
|
||||
{
|
||||
"role": "user",
|
||||
"content": "We deploy through Ansible on this repo.",
|
||||
"created_at": "2026-04-22T10:01:00Z"
|
||||
},
|
||||
{
|
||||
"role": "user",
|
||||
"content": "Gitea-first for repository work.",
|
||||
"created_at": "2026-04-22T10:02:00Z"
|
||||
}
|
||||
],
|
||||
"operational_and_contradictions": [
|
||||
{
|
||||
"role": "user",
|
||||
"content": "The BURN watchdog caps dispatches per cycle to 6.",
|
||||
"created_at": "2026-04-22T11:00:00Z"
|
||||
},
|
||||
{
|
||||
"role": "user",
|
||||
"content": "The provider should stay openai-codex/gpt-5.4.",
|
||||
"created_at": "2026-04-22T11:01:00Z"
|
||||
},
|
||||
{
|
||||
"role": "user",
|
||||
"content": "Correction: the provider should stay mimo-v2-pro.",
|
||||
"created_at": "2026-04-22T11:02:00Z"
|
||||
}
|
||||
],
|
||||
"mixed_transcript": [
|
||||
{
|
||||
"role": "user",
|
||||
"content": "Deploy via Ansible for production changes.",
|
||||
"created_at": "2026-04-22T10:00:00Z"
|
||||
},
|
||||
{
|
||||
"role": "user",
|
||||
"content": "We deploy through Ansible on this repo.",
|
||||
"created_at": "2026-04-22T10:01:00Z"
|
||||
},
|
||||
{
|
||||
"role": "user",
|
||||
"content": "The BURN watchdog caps dispatches per cycle to 6.",
|
||||
"created_at": "2026-04-22T11:00:00Z"
|
||||
},
|
||||
{
|
||||
"role": "user",
|
||||
"content": "The provider should stay openai-codex/gpt-5.4.",
|
||||
"created_at": "2026-04-22T11:01:00Z"
|
||||
},
|
||||
{
|
||||
"role": "user",
|
||||
"content": "Correction: the provider should stay mimo-v2-pro.",
|
||||
"created_at": "2026-04-22T11:02:00Z"
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -1,50 +0,0 @@
|
||||
"""Integration tests for holographic auto-extraction with structured fact persistence."""
|
||||
|
||||
import json
|
||||
import sys
|
||||
from pathlib import Path
|
||||
|
||||
sys.path.insert(0, str(Path(__file__).resolve().parents[3]))
|
||||
|
||||
from plugins.memory.holographic import HolographicMemoryProvider
|
||||
|
||||
_FIXTURE_PATH = Path(__file__).resolve().parents[2] / "fixtures" / "memory_extraction_fragments.json"
|
||||
|
||||
|
||||
def _load_fixture(name: str):
|
||||
return json.loads(_FIXTURE_PATH.read_text())[name]
|
||||
|
||||
|
||||
class TestHolographicAutoExtract:
|
||||
def test_auto_extract_persists_structured_metadata_and_normalizes_duplicates(self, tmp_path):
|
||||
provider = HolographicMemoryProvider(
|
||||
config={
|
||||
"db_path": str(tmp_path / "memory_store.db"),
|
||||
"auto_extract": True,
|
||||
"default_trust": 0.5,
|
||||
}
|
||||
)
|
||||
provider.initialize("test-session")
|
||||
|
||||
messages = _load_fixture("mixed_transcript")
|
||||
provider.on_session_end(messages)
|
||||
provider.on_session_end(messages)
|
||||
|
||||
facts = provider._store.list_facts(min_trust=0.0, limit=20)
|
||||
deploy_facts = [f for f in facts if f.get("relation") == "workflow.deploy_method"]
|
||||
provider_facts = [f for f in facts if f.get("contradiction_group") == "config.provider"]
|
||||
|
||||
assert len(deploy_facts) == 1
|
||||
assert deploy_facts[0]["metadata"]["duplicate_count"] >= 3
|
||||
assert deploy_facts[0]["observed_at"] == "2026-04-22T10:00:00Z"
|
||||
assert deploy_facts[0]["metadata"]["provenance"] == [
|
||||
"conversation:user:0",
|
||||
"conversation:user:1",
|
||||
]
|
||||
|
||||
assert len(provider_facts) == 2
|
||||
assert {f["status"] for f in provider_facts} == {"contradiction"}
|
||||
assert {f["metadata"]["value"] for f in provider_facts} == {
|
||||
"openai-codex/gpt-5.4",
|
||||
"mimo-v2-pro",
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
"""Tests for session compaction with fact extraction."""
|
||||
|
||||
import json
|
||||
import pytest
|
||||
import sys
|
||||
from pathlib import Path
|
||||
|
||||
@@ -8,19 +8,12 @@ sys.path.insert(0, str(Path(__file__).resolve().parent.parent))
|
||||
|
||||
from agent.session_compactor import (
|
||||
ExtractedFact,
|
||||
evaluate_extraction_quality,
|
||||
extract_and_save_facts,
|
||||
extract_facts_from_messages,
|
||||
format_facts_summary,
|
||||
save_facts_to_store,
|
||||
extract_and_save_facts,
|
||||
format_facts_summary,
|
||||
)
|
||||
|
||||
_FIXTURE_PATH = Path(__file__).resolve().parent / "fixtures" / "memory_extraction_fragments.json"
|
||||
|
||||
|
||||
def _load_fixture(name: str):
|
||||
return json.loads(_FIXTURE_PATH.read_text())[name]
|
||||
|
||||
|
||||
class TestFactExtraction:
|
||||
def test_extract_preference(self):
|
||||
@@ -67,48 +60,14 @@ class TestFactExtraction:
|
||||
{"role": "user", "content": "I prefer Python."},
|
||||
]
|
||||
facts = extract_facts_from_messages(messages)
|
||||
# Should deduplicate
|
||||
python_facts = [f for f in facts if "Python" in f.content]
|
||||
assert len(python_facts) == 1
|
||||
|
||||
def test_structured_fact_preserves_provenance_and_temporal_metadata(self):
|
||||
facts = extract_facts_from_messages(_load_fixture("preferences_and_duplicates"))
|
||||
deploy_fact = next(f for f in facts if f.relation == "workflow.deploy_method")
|
||||
assert deploy_fact.source_role == "user"
|
||||
assert deploy_fact.source_turn == 0
|
||||
assert deploy_fact.observed_at == "2026-04-22T10:00:00Z"
|
||||
assert deploy_fact.provenance == "conversation:user:0"
|
||||
assert deploy_fact.canonical_key
|
||||
assert deploy_fact.evidence
|
||||
assert deploy_fact.evidence[0]["source_text"].startswith("Deploy via Ansible")
|
||||
|
||||
def test_near_duplicate_facts_are_normalized_into_one_canonical_fact(self):
|
||||
facts = extract_facts_from_messages(_load_fixture("preferences_and_duplicates"))
|
||||
deploy_facts = [f for f in facts if f.relation == "workflow.deploy_method"]
|
||||
assert len(deploy_facts) == 1
|
||||
assert len(deploy_facts[0].evidence) == 2
|
||||
assert deploy_facts[0].metadata["duplicate_count"] == 1
|
||||
|
||||
def test_contradictory_facts_are_preserved_for_unique_slots(self):
|
||||
facts = extract_facts_from_messages(_load_fixture("operational_and_contradictions"))
|
||||
provider_facts = [f for f in facts if f.contradiction_group == "config.provider"]
|
||||
assert len(provider_facts) == 2
|
||||
assert {f.status for f in provider_facts} == {"contradiction"}
|
||||
assert {f.normalized_content for f in provider_facts} == {
|
||||
"openai codex gpt 5 4",
|
||||
"mimo v2 pro",
|
||||
}
|
||||
|
||||
def test_quality_evaluation_reports_noise_reduction(self):
|
||||
metrics = evaluate_extraction_quality(_load_fixture("mixed_transcript"))
|
||||
assert metrics["raw_candidates"] > metrics["normalized_facts"]
|
||||
assert metrics["noise_reduction"] > 0
|
||||
assert metrics["contradiction_groups"] == 1
|
||||
|
||||
|
||||
class TestSaveFacts:
|
||||
def test_save_with_callback(self):
|
||||
saved = []
|
||||
|
||||
def mock_save(category, entity, content, trust):
|
||||
saved.append({"category": category, "content": content})
|
||||
|
||||
@@ -117,38 +76,6 @@ class TestSaveFacts:
|
||||
assert count == 1
|
||||
assert len(saved) == 1
|
||||
|
||||
def test_save_with_extended_callback_metadata(self):
|
||||
saved = []
|
||||
|
||||
def mock_save(category, entity, content, trust, **kwargs):
|
||||
saved.append({
|
||||
"category": category,
|
||||
"entity": entity,
|
||||
"content": content,
|
||||
"trust": trust,
|
||||
**kwargs,
|
||||
})
|
||||
|
||||
fact = ExtractedFact(
|
||||
"project.operational",
|
||||
"watchdog",
|
||||
"BURN watchdog caps dispatches per cycle to 6",
|
||||
0.9,
|
||||
2,
|
||||
source_role="user",
|
||||
observed_at="2026-04-22T11:00:00Z",
|
||||
provenance="conversation:user:2",
|
||||
canonical_key="project.operational|watchdog|dispatch_cap|6",
|
||||
relation="fleet.dispatch_cap",
|
||||
contradiction_group="fleet.dispatch_cap",
|
||||
metadata={"duplicate_count": 0},
|
||||
)
|
||||
count = save_facts_to_store([fact], fact_store_fn=mock_save)
|
||||
assert count == 1
|
||||
assert saved[0]["canonical_key"] == fact.canonical_key
|
||||
assert saved[0]["observed_at"] == "2026-04-22T11:00:00Z"
|
||||
assert saved[0]["metadata"]["duplicate_count"] == 0
|
||||
|
||||
|
||||
class TestFormatSummary:
|
||||
def test_empty(self):
|
||||
|
||||
Reference in New Issue
Block a user