Summary
finalReadinessCheck() in internal/agent/agent.go enforces that complete_step must appear after the last writer tool call in the receipt sequence (HasSuccessfulCompleteStepAfter(writer)). This ordering constraint conflicts with the fact that todo_write already has its own guard (verifyTodoCompletionTransitions) that rejects marking items completed without a prior matching complete_step.
The result: even when the model correctly calls complete_step → todo_write (in that order), if a writer call happens to appear between them in the receipt stream, the final answer is blocked with a confusing error.
Root Cause
internal/agent/agent.go:573:
if hasTodoReceipt && !a.evidence.HasSuccessfulCompleteStepAfter(writer) {
missing = append(missing, "call complete_step after the latest write")
}This uses HasSuccessfulCompleteStepAfter(writer) — the complete_step must be at an index greater than the last writer receipt. But in a multi-step turn, the receipt ordering is:
[0] write_file (write config)
[1] todo_write (mark step 1 completed)
[2] edit_file (write plan doc)
[3] complete_step (sign off step 2) ← index 3 < writer at index 2? NO, 3 > 2, should pass
Wait — let me re-check the actual scenario. The actual problem was:
The model called todo_write first (marking items completed), then complete_step. The todo_write succeeded because its own guard only checks for a matching complete_step anywhere in the turn, not the ordering. But finalReadinessCheck then rejected the final answer because complete_step wasn't after the writer.
So the core tension is:
todo_write's internal guard allows either order (it searches all receipts)finalReadinessCheck requires strict order (complete_step after writer)
Steps to Reproduce
- In a session where files have been written, call
complete_step then todo_write (or vice versa), with writer calls interspersed
- Attempt to produce a final answer
- See:
"Host final-answer readiness check failed. Before giving a final answer, address the missing host-observable receipts: call complete_step after the latest write"
Suggested Fix
Two options:
Option A (minimal): Remove the HasSuccessfulCompleteStepAfter(writer) check from finalReadinessCheck. The todo_write tool already enforces that items can't be marked completed without a matching complete_step receipt — this is a sufficient guard. The finalReadinessCheck should only check for incompleteTodos and projectChecks, both of which are unique concerns not covered by any tool-level guard.
Option B (relaxed): Change HasSuccessfulCompleteStepAfter(writer) to a new HasSuccessfulCompleteStep() that finds a matching complete_step receipt anywhere in the turn, not just after the writer.
Related Code
internal/agent/agent.go: finalReadinessCheck() (line ~537), finalReadinessRetryMessage() (line ~607)internal/evidence/evidence.go: HasSuccessfulCompleteStepAfter() (line ~126), UnverifiedCompletedTodos() (line ~259)internal/tool/builtin/todo.go: verifyTodoCompletionTransitions() (line ~95)internal/tool/builtin/completestep.go: Execute() (line ~79)
Summary
finalReadinessCheck()ininternal/agent/agent.goenforces thatcomplete_stepmust appear after the last writer tool call in the receipt sequence (HasSuccessfulCompleteStepAfter(writer)). This ordering constraint conflicts with the fact thattodo_writealready has its own guard (verifyTodoCompletionTransitions) that rejects marking itemscompletedwithout a prior matchingcomplete_step.The result: even when the model correctly calls
complete_step → todo_write(in that order), if a writer call happens to appear between them in the receipt stream, the final answer is blocked with a confusing error.Root Cause
internal/agent/agent.go:573:This uses
HasSuccessfulCompleteStepAfter(writer)— the complete_step must be at an index greater than the last writer receipt. But in a multi-step turn, the receipt ordering is:Wait — let me re-check the actual scenario. The actual problem was:
The model called
todo_writefirst (marking items completed), thencomplete_step. Thetodo_writesucceeded because its own guard only checks for a matchingcomplete_stepanywhere in the turn, not the ordering. ButfinalReadinessCheckthen rejected the final answer becausecomplete_stepwasn't after the writer.So the core tension is:
todo_write's internal guard allows either order (it searches all receipts)finalReadinessCheckrequires strict order (complete_step after writer)Steps to Reproduce
complete_stepthentodo_write(or vice versa), with writer calls interspersed"Host final-answer readiness check failed. Before giving a final answer, address the missing host-observable receipts: call complete_step after the latest write"Suggested Fix
Two options:
Option A (minimal): Remove the
HasSuccessfulCompleteStepAfter(writer)check fromfinalReadinessCheck. Thetodo_writetool already enforces that items can't be markedcompletedwithout a matchingcomplete_stepreceipt — this is a sufficient guard. ThefinalReadinessCheckshould only check forincompleteTodosandprojectChecks, both of which are unique concerns not covered by any tool-level guard.Option B (relaxed): Change
HasSuccessfulCompleteStepAfter(writer)to a newHasSuccessfulCompleteStep()that finds a matchingcomplete_stepreceipt anywhere in the turn, not just after the writer.Related Code
internal/agent/agent.go:finalReadinessCheck()(line ~537),finalReadinessRetryMessage()(line ~607)internal/evidence/evidence.go:HasSuccessfulCompleteStepAfter()(line ~126),UnverifiedCompletedTodos()(line ~259)internal/tool/builtin/todo.go:verifyTodoCompletionTransitions()(line ~95)internal/tool/builtin/completestep.go:Execute()(line ~79)