diff --git a/safety.lua b/safety.lua index b76ba8c..158187d 100644 --- a/safety.lua +++ b/safety.lua @@ -243,9 +243,205 @@ M._match_static = match_static -- testable in isolation M._reset_cache = function() _llm_cache = {} end -- ---------------------------------------------------------------- norris_step --- Phase 3 commit #4 lands the planner. Stub stays for now. -function M.norris_step(plan, broker, executor) - error("safety.norris_step: not implemented yet (lands in Phase 3 commit #4)") +-- One iteration of the Norris planning loop per PHASE3.md §4. +-- The driver in repl.lua calls this in a while loop, advancing on every +-- non-terminal status. +-- +-- Inputs: +-- ctx aish Context (read & written: turns + pending_exec_output) +-- model_cfg the active broker model config (model_cfg.endpoint/.model/etc.) +-- helpers table of injected dispatch helpers: +-- .tools_schema() → tools array for opts.tools +-- .exec_cmd(cmd) → run shell cmd; returns (out, exit_code) +-- .dispatch_tool(call,args)→ run an MCP tool; returns (content, is_error) +-- .extract_cmd_lines(text)→ executor.extract_cmd_lines (passed in) +-- .halt(step_n, max_n, reason, action) → "proceed"|"skip"|"abort" +-- .render_step(n, max_n, descr) (renderer.norris_step) +-- .render_tool_begin(name, args) (renderer.tool_call_begin) +-- .render_tool_end(content, is_error) (renderer.tool_call_end) +-- .render_exec_begin() (renderer.exec_begin) +-- .render_exec_end(code) (renderer.exec_end) +-- .render_assistant_delta(chunk) (renderer.assistant_delta) +-- .render_assistant_flush() (renderer.assistant_flush) +-- .log_turn(turn) (session log append) +-- opts: +-- .step_n current step (1-based) +-- .max_steps budget cap (default 8) +-- .cfg full aish config (for is_destructive) +-- +-- Returns: { status, reason } where status ∈ { +-- "continue" — keep looping (driver bumps step_n) +-- "done" — model emitted GOAL: complete +-- "aborted" — user typed abort at a halt prompt +-- "stalled" — model emitted nothing actionable +-- "budget_exhausted" — step_n >= max_steps after this iteration +-- "broker_error" — broker.chat_stream returned (nil, err) +-- } +function M.norris_step(ctx, model_cfg, helpers, opts) + local step_n = opts.step_n or 1 + local max_steps = opts.max_steps or 8 + local cfg = opts.cfg + + helpers.render_step(step_n, max_steps) + + -- (1) one broker round-trip — stream text + collect tool_calls + local text_parts = {} + local tool_calls_seen = {} + local ok, err = broker.chat_stream(model_cfg, ctx:to_messages(), + function(kind, payload) + if kind == "text" then + text_parts[#text_parts + 1] = payload + helpers.render_assistant_delta(payload) + elseif kind == "tool_call" then + tool_calls_seen[#tool_calls_seen + 1] = payload + end + end, + { tools = helpers.tools_schema() }) + helpers.render_assistant_flush() + + if not ok then + return { status = "broker_error", reason = tostring(err) } + end + + local resp_text = table.concat(text_parts) + + -- (2) parse actions from response + local cmd_lines = helpers.extract_cmd_lines(resp_text) or {} + local goal_done = false + for line in (resp_text .. "\n"):gmatch("([^\n]*)\n") do + local trimmed = line:gsub("^%s+", ""):gsub("%s+$", "") + if trimmed == "GOAL: complete" then + goal_done = true; break + end + end + + local n_actions = #tool_calls_seen + #cmd_lines + + -- (3) record assistant turn (with optional tool_calls) + if #tool_calls_seen > 0 then + ctx:append({ role = "assistant", content = resp_text, + tool_calls = tool_calls_seen }) + else + ctx:append({ role = "assistant", content = resp_text }) + end + helpers.log_turn(ctx.turns[#ctx.turns]) + + if n_actions == 0 and not goal_done then + return { status = "stalled", reason = "no action emitted" } + end + + -- (4) dispatch tool_calls first (structured route) + for _, call in ipairs(tool_calls_seen) do + local args_table = {} + if call.arguments and call.arguments ~= "" then + local d, _, derr = json.decode(call.arguments) + if d then args_table = d + else + -- Argument JSON parse failure: synthesize tool turn (alternation) + ctx:append({ role = "tool", tool_call_id = call.id, + content = "[aish] tool arguments not " + .. "parseable as JSON: " .. tostring(derr) }) + helpers.log_turn(ctx.turns[#ctx.turns]) + goto continue_tool + end + end + + -- Probe destructive on the JSON-serialized call as a proxy. + local call_repr = (call.name or "?") .. " " .. (call.arguments or "") + local destr, reason = M.is_destructive(call_repr, cfg) + + local verdict + if destr then + verdict = helpers.halt(step_n, max_steps, reason or "destructive", + call_repr) + else + -- Non-destructive tool_call: auto_approve OR halt for consent + local policy = cfg and cfg.mcp and cfg.mcp.auto_approve or {} + local alias = (call.name or ""):match("^(.-)__") + local auto = policy[call.name] + or (alias and alias ~= "" and policy[alias .. "__*"]) + if auto then + verdict = "proceed" + else + verdict = helpers.halt(step_n, max_steps, "tool consent", + call_repr) + end + end + + if verdict == "abort" then + return { status = "aborted", reason = "user abort at halt" } + elseif verdict == "skip" then + ctx.norris_consecutive_skips = (ctx.norris_consecutive_skips or 0) + 1 + ctx:append({ role = "tool", tool_call_id = call.id, + content = "[aish] tool call skipped by user: " + .. (reason or "no reason") }) + helpers.log_turn(ctx.turns[#ctx.turns]) + else -- proceed + ctx.norris_consecutive_skips = 0 + helpers.render_tool_begin(call.name, call.arguments) + local content, is_error = helpers.dispatch_tool(call.name, args_table) + helpers.render_tool_end(content, is_error) + ctx:append({ role = "tool", tool_call_id = call.id, + content = content or "" }) + helpers.log_turn(ctx.turns[#ctx.turns]) + end + ::continue_tool:: + end + + -- (5) dispatch CMD: lines (legacy route) + for _, cmd in ipairs(cmd_lines) do + local destr, reason = M.is_destructive(cmd, cfg) + local verdict + if destr then + verdict = helpers.halt(step_n, max_steps, reason or "destructive", + cmd) + else + verdict = "proceed" -- non-destructive CMD: runs without consent + -- in Norris (Norris user accepted autonomy) + end + + if verdict == "abort" then + return { status = "aborted", reason = "user abort at halt" } + elseif verdict == "skip" then + ctx.norris_consecutive_skips = (ctx.norris_consecutive_skips or 0) + 1 + -- CMD: skip → synthesize exec-output line so the model sees it + ctx:append_exec_output("[aish] CMD skipped by user: " + .. (reason or "no reason")) + else -- proceed + ctx.norris_consecutive_skips = 0 + helpers.render_exec_begin() + local out, code = helpers.exec_cmd(cmd) + helpers.render_exec_end(code) + if cfg and cfg.shell and cfg.shell.capture_output then + ctx:append_exec_output(out) + end + end + end + + -- Skip-budget escalation: R-C1 + if (ctx.norris_consecutive_skips or 0) >= 3 then + local verdict = helpers.halt(step_n, max_steps, + ("%d consecutive user skips"):format(ctx.norris_consecutive_skips), + "(repeated similar destructive proposals)") + if verdict == "abort" then + return { status = "aborted", reason = "user abort on skip-escalation" } + end + -- Else: reset the counter and continue (user said proceed) + ctx.norris_consecutive_skips = 0 + end + + -- (6) goal_done after dispatch + if goal_done then + return { status = "done", reason = "GOAL: complete" } + end + + -- (7) budget + if step_n >= max_steps then + return { status = "budget_exhausted", + reason = ("%d step limit reached"):format(max_steps) } + end + + return { status = "continue" } end return M