fix(compressor): summary role can violate consecutive-role constraint#1720
Merged
Conversation
The summary message role was determined only by the last head message, ignoring the first tail message. This could create consecutive user messages (rejected by Anthropic) when the tail started with 'user'. Now checks both neighbors. Priority: avoid colliding with the head (already committed). If the chosen role also collides with the tail, flip it — but only if flipping wouldn't re-collide with the head.
teknium1
added a commit
that referenced
this pull request
Mar 30, 2026
…, tool error sanitization Three resilience features ported from Ironclaw: 1. Discard incomplete tool calls (ironclaw#1632) When finish_reason='length' and tool calls are present, they're likely incomplete. Discard them, inject a summarize notice. After 3 consecutive occurrences, temporarily disable tools. 2. Empty response recovery (ironclaw#1677 + #1720) When the LLM returns empty (no content, no tool calls): - If meaningful output exists earlier, treat as completion - Otherwise nudge once, then fail gracefully Max 2 consecutive empties before giving up. 3. Sanitize tool error results (ironclaw#1639) Strip XML boundary markers, CDATA sections, and code fences from error messages before sending to LLM. Cap at 2000 chars. Prevents injection attacks via crafted tool error messages. 18 new tests.
angelburgosrosado
pushed a commit
to angelburgosrosado/hermes-agent
that referenced
this pull request
Apr 27, 2026
…-consecutive-role-violation fix(compressor): summary role can violate consecutive-role constraint
angelburgosrosado
pushed a commit
to angelburgosrosado/hermes-agent
that referenced
this pull request
Apr 28, 2026
…, tool error sanitization Three resilience features ported from Ironclaw: 1. Discard incomplete tool calls (ironclaw#1632) When finish_reason='length' and tool calls are present, they're likely incomplete. Discard them, inject a summarize notice. After 3 consecutive occurrences, temporarily disable tools. 2. Empty response recovery (ironclaw#1677 + NousResearch#1720) When the LLM returns empty (no content, no tool calls): - If meaningful output exists earlier, treat as completion - Otherwise nudge once, then fail gracefully Max 2 consecutive empties before giving up. 3. Sanitize tool error results (ironclaw#1639) Strip XML boundary markers, CDATA sections, and code fences from error messages before sending to LLM. Cap at 2000 chars. Prevents injection attacks via crafted tool error messages. 18 new tests.
02356abc
pushed a commit
to 02356abc/hermes-agent
that referenced
this pull request
May 14, 2026
…-consecutive-role-violation fix(compressor): summary role can violate consecutive-role constraint
teknium1
added a commit
that referenced
this pull request
May 16, 2026
…text (#26823) Adds _sanitize_tool_error() in model_tools and routes both error paths through it: registry.dispatch's try/except (the primary path for tool exceptions) and handle_function_call's outer except (defense in depth). Stripping targets structural framing tokens that the model itself can react to even though json.dumps already handles wire-layer escaping: XML role tags (tool_call, function_call, result, response, output, input, system, assistant, user), CDATA sections, and markdown code fences. Caps message body at 2000 chars and wraps with [TOOL_ERROR] prefix. Defense-in-depth: a tool exception carrying '<tool_call>...' won't break message framing (json escapes it), but the model still reads those tokens and they nudge it toward role-confusion framing. Ported from ironclaw#1639 (one piece of #3838's three-feature scout). The truncated-tool-call (#1632) and empty-response-recovery (#1677, #1720) pieces are skipped because main now implements both far more thoroughly (run_agent.py L8147/L12209/L13012 for truncation retry + length rewrite; L4500/L15090+ for empty-response scaffolding stripper, multi-stage nudge, fallback model activation).
olympus-terminal
pushed a commit
to olympus-terminal/hermes-agent
that referenced
this pull request
May 16, 2026
…-consecutive-role-violation fix(compressor): summary role can violate consecutive-role constraint
DIZ-admin
pushed a commit
to DIZ-admin/hermes-agent
that referenced
this pull request
May 16, 2026
…text (NousResearch#26823) Adds _sanitize_tool_error() in model_tools and routes both error paths through it: registry.dispatch's try/except (the primary path for tool exceptions) and handle_function_call's outer except (defense in depth). Stripping targets structural framing tokens that the model itself can react to even though json.dumps already handles wire-layer escaping: XML role tags (tool_call, function_call, result, response, output, input, system, assistant, user), CDATA sections, and markdown code fences. Caps message body at 2000 chars and wraps with [TOOL_ERROR] prefix. Defense-in-depth: a tool exception carrying '<tool_call>...' won't break message framing (json escapes it), but the model still reads those tokens and they nudge it toward role-confusion framing. Ported from ironclaw#1639 (one piece of NousResearch#3838's three-feature scout). The truncated-tool-call (NousResearch#1632) and empty-response-recovery (NousResearch#1677, NousResearch#1720) pieces are skipped because main now implements both far more thoroughly (run_agent.py L8147/L12209/L13012 for truncation retry + length rewrite; L4500/L15090+ for empty-response scaffolding stripper, multi-stage nudge, fallback model activation).
venyon2k
pushed a commit
to venyon2k/hermes-agent
that referenced
this pull request
May 17, 2026
…text (NousResearch#26823) Adds _sanitize_tool_error() in model_tools and routes both error paths through it: registry.dispatch's try/except (the primary path for tool exceptions) and handle_function_call's outer except (defense in depth). Stripping targets structural framing tokens that the model itself can react to even though json.dumps already handles wire-layer escaping: XML role tags (tool_call, function_call, result, response, output, input, system, assistant, user), CDATA sections, and markdown code fences. Caps message body at 2000 chars and wraps with [TOOL_ERROR] prefix. Defense-in-depth: a tool exception carrying '<tool_call>...' won't break message framing (json escapes it), but the model still reads those tokens and they nudge it toward role-confusion framing. Ported from ironclaw#1639 (one piece of NousResearch#3838's three-feature scout). The truncated-tool-call (NousResearch#1632) and empty-response-recovery (NousResearch#1677, NousResearch#1720) pieces are skipped because main now implements both far more thoroughly (run_agent.py L8147/L12209/L13012 for truncation retry + length rewrite; L4500/L15090+ for empty-response scaffolding stripper, multi-stage nudge, fallback model activation).
clckmedia
pushed a commit
to clckmedia/hermes-agent
that referenced
this pull request
May 19, 2026
…text (NousResearch#26823) Adds _sanitize_tool_error() in model_tools and routes both error paths through it: registry.dispatch's try/except (the primary path for tool exceptions) and handle_function_call's outer except (defense in depth). Stripping targets structural framing tokens that the model itself can react to even though json.dumps already handles wire-layer escaping: XML role tags (tool_call, function_call, result, response, output, input, system, assistant, user), CDATA sections, and markdown code fences. Caps message body at 2000 chars and wraps with [TOOL_ERROR] prefix. Defense-in-depth: a tool exception carrying '<tool_call>...' won't break message framing (json escapes it), but the model still reads those tokens and they nudge it toward role-confusion framing. Ported from ironclaw#1639 (one piece of NousResearch#3838's three-feature scout). The truncated-tool-call (NousResearch#1632) and empty-response-recovery (NousResearch#1677, NousResearch#1720) pieces are skipped because main now implements both far more thoroughly (run_agent.py L8147/L12209/L13012 for truncation retry + length rewrite; L4500/L15090+ for empty-response scaffolding stripper, multi-stage nudge, fallback model activation). (cherry picked from commit 627f8a5)
CumulusService
pushed a commit
to Cumulus-Service-GmbH/hermes-agent
that referenced
this pull request
May 30, 2026
…, tool error sanitization Three resilience features ported from Ironclaw: 1. Discard incomplete tool calls (ironclaw#1632) When finish_reason='length' and tool calls are present, they're likely incomplete. Discard them, inject a summarize notice. After 3 consecutive occurrences, temporarily disable tools. 2. Empty response recovery (ironclaw#1677 + NousResearch#1720) When the LLM returns empty (no content, no tool calls): - If meaningful output exists earlier, treat as completion - Otherwise nudge once, then fail gracefully Max 2 consecutive empties before giving up. 3. Sanitize tool error results (ironclaw#1639) Strip XML boundary markers, CDATA sections, and code fences from error messages before sending to LLM. Cap at 2000 chars. Prevents injection attacks via crafted tool error messages. 18 new tests.
gweeteve
pushed a commit
to gweeteve/hermes-agent
that referenced
this pull request
Jun 2, 2026
…-consecutive-role-violation fix(compressor): summary role can violate consecutive-role constraint
gweeteve
pushed a commit
to gweeteve/hermes-agent
that referenced
this pull request
Jun 2, 2026
…text (NousResearch#26823) Adds _sanitize_tool_error() in model_tools and routes both error paths through it: registry.dispatch's try/except (the primary path for tool exceptions) and handle_function_call's outer except (defense in depth). Stripping targets structural framing tokens that the model itself can react to even though json.dumps already handles wire-layer escaping: XML role tags (tool_call, function_call, result, response, output, input, system, assistant, user), CDATA sections, and markdown code fences. Caps message body at 2000 chars and wraps with [TOOL_ERROR] prefix. Defense-in-depth: a tool exception carrying '<tool_call>...' won't break message framing (json escapes it), but the model still reads those tokens and they nudge it toward role-confusion framing. Ported from ironclaw#1639 (one piece of NousResearch#3838's three-feature scout). The truncated-tool-call (NousResearch#1632) and empty-response-recovery (NousResearch#1677, NousResearch#1720) pieces are skipped because main now implements both far more thoroughly (run_agent.py L8147/L12209/L13012 for truncation retry + length rewrite; L4500/L15090+ for empty-response scaffolding stripper, multi-stage nudge, fallback model activation).
Egavasyug
pushed a commit
to Egavasyug/hermes-agent
that referenced
this pull request
Jun 10, 2026
…-consecutive-role-violation fix(compressor): summary role can violate consecutive-role constraint
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The context compressor's summary message role was determined only by the last head message's role, ignoring what the first tail message's role is. When the last head message was
assistantand the first tail message wasuser, the summary role was set touser— creating consecutiveusermessages that Anthropic's API rejects.What changed
agent/context_compressor.py: Now checks both the head and tail neighbors when choosing the summary role. Prioritizes not colliding with the head (already committed), then avoids the tail collision if possible without re-colliding with the head.Test plan
python -m pytest tests/ -n0 -q -k compress→ 61 passed, 14 skipped ✔test_summary_role_avoids_consecutive_user_messagesstill passes