feat: validate-then-repair layer for semantic tool argument issues

[NikolayGusev-astra]

Problem

LLMs (especially open-weight models like DeepSeek, Qwen, GLM) systematically produce tool call arguments with 5 classes of semantic malformations that pass JSON syntax validation but violate the tool argument schema:

1. null on optional fields — instead of omitting the field
2. JSON-encoded string where array expected — causes silent data loss when json.loads fails and repair layer returns empty object
3. Bare scalar where array expected — single value not wrapped in array
4. Markdown links in path fields — [notes.md](http://notes.md) instead of notes.md
5. Relational invariant violations — offset without limit (or vice versa)

All 5 patterns currently pass through without feedback to the model, causing silent data loss, false successes, or confusing error messages.

Solution

A validate-then-repair layer in handle_function_call() that:

• Checks each argument against the tool's registered JSON Schema
• Only touches fields that violate the schema (valid data passes through unchanged)
• Applies one of 5 targeted repairs
• Prepends a [validate-then-repair: ...] note to the tool result so the model learns from its mistakes
• Logs every repair at INFO level for telemetry by (tool_name, repair_type)

Key design choices

• validate-then-repair, not preprocessing: the schema itself locates the problem, repair budget is spent only where needed
• Repairs are ordered: null->omit runs before string->array / bare->array to avoid wrapping None in arrays
• The existing _repair_tool_call_arguments in run_agent.py (JSON syntax: trailing commas, unclosed brackets, control chars) is complementary — this layer handles semantic issues

Testing

• Syntax-verified with ast.parse
• All 5 repair functions independently tested conceptually against known failure modes from production use with DeepSeek V4 Flash

Related

Blog post detailing the problem analysis: https://telegra.ph/Cursor-vsyo-slomal-no-chinit-nado-ne-Cursor-validate-then-repair-protiv-razryva-svyazej-v-AI-agentah-05-04

[alt-glitch]

Note: This PR adds a standalone model_tools.py file rather than integrating into the existing _repair_tool_call_arguments flow in run_agent.py. Consider whether this should be a method in the existing repair pipeline or a separate module.

[teknium1]

Thanks for the contribution and the detailed analysis in your blog post — the bare-scalar-as-array pattern is real and worth fixing.

Salvaged the genuinely new capability (wrapping bare scalars into single-element lists when the schema declares type: array) into #19717, which just merged as commit fdf9343 with your authorship preserved.

The broader validate-then-repair layer had a few issues that kept us from merging the full PR:

• String→array / null→coerce — already handled by the existing coerce_tool_args + _coerce_value path in model_tools.py (_coerce_json(value, list) parses JSON strings, _schema_allows_null handles nullable "null").
• Markdown-in-path — old_string is the patch tool's text-to-find argument, not a path. Stripping markdown link syntax from it would silently corrupt any patch that edits markdown files.
• Relational offset/limit defaults — hardcoding offset=1 / limit=500 matches read_file but is incorrect for any other tool that happens to share those parameter names.
• Prefix-injected repair notes on the tool result — many tools return JSON strings; prepending [validate-then-repair: ...]\n turns the result into non-JSON and breaks downstream consumers (compression, plugins, telemetry) that do json.loads(result).
• Bare→array wrapping on None — if the field is required, _repair_null_to_omit leaves None in place and _repair_bare_to_array then wraps it to [None], turning a clear error into a confusing one.

The surviving capability lives directly in the existing coercion path — ~24 LOC + 7 tests — and you're the commit author. Thanks again!