archeious/luminos
1
0
Fork 0
Code Issues 41 Pull requests Projects 1 Releases Packages Wiki Activity Actions

Wire survey output into dir loop system prompt #6

New issue
Closed
opened 2026-04-06 22:27:09 +00:00 by archeious · 2 comments
archeious commented 2026-04-06 22:27:09 +00:00
Owner
Copy link

After _run_survey() completes, inject its output into the dir loop system prompt so each dir loop agent knows what it's looking at before it starts.

The domain_notes, approach, and relevant_tools/skip_tools fields shape what the dir loop agent prioritizes.

After `_run_survey()` completes, inject its output into the dir loop system prompt so each dir loop agent knows what it's looking at before it starts. The `domain_notes`, `approach`, and `relevant_tools`/`skip_tools` fields shape what the dir loop agent prioritizes.
archeious added this to the Phase 2: Survey Pass milestone 2026-04-06 22:27:09 +00:00
archeious added this to the Agentic Investigation Engine project 2026-04-06 22:33:53 +00:00
archeious commented 2026-04-07 03:58:49 +00:00
Author
Owner
Copy link

Empirical finding from #5 smoke test

Ran python3 luminos.py --ai luminos_lib after #5 shipped (survey log-only, not yet wired into the dir loop).

The survey returned skip_tools: ["run_command"] for this Python library target — a sensible call. The dir loop nonetheless invoked run_command twice on its second turn:

[AI]   -> run_command(command="tail -n 50 ai.py")
[AI]   -> run_command(command="grep -n analyze_directory ai.py")

This means the prompt-injection approach alone is insufficient. The dir-loop agent reaches for any tool that is in its toolbox, even when the system prompt has been told otherwise. The model treats prompt instructions as soft preferences and tool availability as hard affordances.

Scope expansion

#6 should do BOTH:

  1. Inject into the prompt (original scope) — description, approach, domain_notes, and the relevant_tools/skip_tools lists go into the dir loop system prompt so the agent has the context.
  2. Filter the tool schema (new scope) — when building the tools= list passed to _call_api_streaming for the dir loop, remove any tool whose name is in survey["skip_tools"]. This is a hard enforcement: the agent literally cannot call tools that are not in the schema.

Confidence guard

Skip-tool filtering should be gated on survey["confidence"] >= 0.5. If the survey is unsure (thin signals, generic target), do not let it strip tools — that risks breaking the dir loop on a wrong call. The prompt injection (item 1) can still happen at any confidence level since it is advisory.

Acceptance update

  • Dir loop system prompt contains survey description, approach, domain_notes
  • Dir loop tool schema excludes skip_tools when confidence >= 0.5
  • A re-run of the smoke test (--ai luminos_lib) shows zero run_command invocations in the dir loop, given the same survey output
  • Survey-unavailable case (None return) leaves dir loop behavior unchanged
## Empirical finding from #5 smoke test Ran `python3 luminos.py --ai luminos_lib` after #5 shipped (survey log-only, not yet wired into the dir loop). The survey returned `skip_tools: ["run_command"]` for this Python library target — a sensible call. The dir loop nonetheless invoked `run_command` twice on its second turn: ``` [AI] -> run_command(command="tail -n 50 ai.py") [AI] -> run_command(command="grep -n analyze_directory ai.py") ``` This means the prompt-injection approach alone is insufficient. The dir-loop agent reaches for any tool that is in its toolbox, even when the system prompt has been told otherwise. The model treats prompt instructions as soft preferences and tool availability as hard affordances. ## Scope expansion #6 should do BOTH: 1. **Inject into the prompt** (original scope) — `description`, `approach`, `domain_notes`, and the `relevant_tools`/`skip_tools` lists go into the dir loop system prompt so the agent has the context. 2. **Filter the tool schema** (new scope) — when building the `tools=` list passed to `_call_api_streaming` for the dir loop, remove any tool whose name is in `survey["skip_tools"]`. This is a hard enforcement: the agent literally cannot call tools that are not in the schema. ## Confidence guard Skip-tool filtering should be gated on `survey["confidence"] >= 0.5`. If the survey is unsure (thin signals, generic target), do not let it strip tools — that risks breaking the dir loop on a wrong call. The prompt injection (item 1) can still happen at any confidence level since it is advisory. ## Acceptance update - Dir loop system prompt contains survey description, approach, domain_notes - Dir loop tool schema excludes `skip_tools` when `confidence >= 0.5` - A re-run of the smoke test (`--ai luminos_lib`) shows zero `run_command` invocations in the dir loop, given the same survey output - Survey-unavailable case (None return) leaves dir loop behavior unchanged
archeious commented 2026-04-07 04:57:45 +00:00
Author
Owner
Copy link

Shipped in #45, merged to main. Closing manually — Forgejo's Closes keyword didn't auto-close this from the PR body.

Shipped in #45, merged to main. Closing manually — Forgejo's `Closes` keyword didn't auto-close this from the PR body.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
chore/issue-followups-session5
docs/issue-53-onboarding-internals
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Phase 2: Survey Pass
Projects
Clear projects
No items
No project
Agentic Investigation Engine
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: archeious/luminos#6
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?