feat(foreman): flag unverifiable facts instead of inventing them (slicer anti-confabulation)#1062
Open
Defilan wants to merge 2 commits into
Open
feat(foreman): flag unverifiable facts instead of inventing them (slicer anti-confabulation)#1062Defilan wants to merge 2 commits into
Defilan wants to merge 2 commits into
Conversation
Add an anti-confabulation contract to the slicer's coder and planner so a
load-bearing fact the model cannot ground from the workspace is surfaced,
not invented.
Coder (config/foreman/system-prompts/coder.md + the two coder Agent CRs it
is mirrored into): a "ground every external fact" rule in Step 2 (never
present a guess about another component's metric names, an API shape, or an
image's hardware behavior as fact) and a NEEDS-VERIFICATION outcome in Step 3
(NO-GO + extra.outcome="NEEDS-VERIFICATION" + extra.unverified listing each
ungroundable fact and how to settle it) instead of guessing.
Planner (pkg/cli/slice_planner.go): a premise-classification step that labels
each load-bearing premise settled-in-repo / repo-verifiable /
externally-empirical, treats issue hedging ("e.g.", "should be hands-verified")
as an unverified signal, outputs UNSLICEABLE when the whole issue hinges on an
empirical premise, and otherwise routes the affected slices to verify-first or
NEEDS-VERIFICATION rather than confident guessing.
Motivated by the first live slicer run on defilantech#700, where the coder invented AMD
GPU metric names for a Grafana dashboard and reached for a community exporter
that does not enumerate the target iGPU: plausible, complete-looking, and wrong
on facts only hardware can settle.
Refs defilantech#1033
Signed-off-by: Christopher Maher <chris@mahercode.io>
… outcome A coder that returns NO-GO + extra.outcome="NEEDS-VERIFICATION" (it could not ground a load-bearing external fact, defilantech#1033) must not be escalated to a larger model: the larger model cannot reach the ground truth (hardware, a live system's output) either. Add the outcome constant and isNeedsVerificationCoder helper mirroring the ALREADY-RESOLVED handling (defilantech#970), plus an explicit guard in shouldEscalateCoder with table-test coverage. Refs defilantech#1033 Signed-off-by: Christopher Maher <chris@mahercode.io>
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Teach the slicer's coder and planner to flag facts they cannot verify instead of inventing them, and recognize the resulting
NEEDS-VERIFICATIONoutcome as a terminal non-failure that is never escalated.Why
Fixes #1061. On the first live slicer run on #700, the coder invented AMD GPU metric names for a Grafana dashboard and reached for a community exporter that does not enumerate the target
gfx1151iGPU (confirmed by a contributor on the actual box). The output was plausible, complete-looking, and wrong on facts only hardware can settle.GOmeans "compiles and looks plausible," not "verified against reality," and there was no honesty layer betweenGOand a capability-failureNO-GO. Two distinct failures: a grounding gap (the fact lives outside the repo) and confabulation under that gap (the model invented rather than flagged).How
config/foreman/system-prompts/coder.md, re-synced into both coder Agent CRs):NEEDS-VERIFICATIONoutcome in Step 3:NO-GO+extra.outcome="NEEDS-VERIFICATION"+extra.unverifiedlisting each ungroundable fact and how to settle it, instead of guessing.pkg/cli/slice_planner.go): a premise-classification step (settled-in-repo / repo-verifiable / externally-empirical), treating issue hedging as an unverified signal;UNSLICEABLEwhen the whole issue hinges on an empirical premise, verify-first orNEEDS-VERIFICATIONfor the affected slices otherwise.internal/foreman/controller/workload_coder_escalation.go):NEEDS-VERIFICATIONrecognized as a terminal non-failure NO-GO and explicitly excluded from escalation, because a larger model cannot reach the ground truth (hardware, a live system's output) either. Mirrors theALREADY-RESOLVEDhandling ([FEATURE] Foreman: distinct ALREADY-RESOLVED coder outcome (don't escalate the honest 'already done' bail) #970).Testing
go build ./...,go vet,golangci-linton the changed packages: clean.go test ./pkg/cli/... ./internal/foreman/controller/... ./pkg/foreman/slicer/...: pass, including newTestShouldEscalateCodercase andTestIsNeedsVerificationCoder.NEEDS-VERIFICATION(naming the unverifiable metric names / the iGPU-enumeration premise) instead of inventing.Deferred follow-up
Rollup surfacing: a dedicated
classifyChildrenbucket, aCoderNeedsVerificationWorkload condition, and cascade-skip so a needs-verification slice does not cascade-fail integrate/reconcile. Best designed after observing a realNEEDS-VERIFICATIONrun (the #700 re-validation), so the terminal-state semantics match reality rather than a guess.Checklist
go build ./...passesAssisted-by: Claude (Anthropic) — analysis, prompt/contract design, controller guard, and tests; reviewed by the maintainer.