feat(agent): pure orchestrator pattern with per-skill delegation tools (tinyhumansai#496)

* feat(agent): pure orchestrator pattern with per-skill delegation tools (tinyhumansai#478)

Refactors the main agent from a direct tool-calling model to a pure
orchestrator that delegates all work through dynamically generated tools.

Architecture changes:
- Orchestrator only sees generated tools (notion, gmail, research,
  run_code, review_code, plan, spawn_subagent) — skill tools are
  architecturally unreachable from the main agent
- Each installed skill auto-generates a delegation tool at build time
  (SkillDelegationTool) that routes to skills_agent with the correct
  skill_filter
- Static archetype tools (research, run_code, etc.) delegate to their
  respective sub-agents
- visible_tool_specs filters the function-calling schema sent to the
  provider, enforcing the orchestrator boundary at the API level

Prompt changes:
- Rewrote AGENTS.md as a lean orchestrator prompt — no more routing
  tables or agent_id instructions
- Orchestrator skips TOOLS.md, MEMORY.md, HEARTBEAT.md (~6k tokens
  saved per turn) — subagents get tool specs from the registry
- Workspace .md files auto-sync via builtin-hash mechanism so prompt
  updates ship automatically to existing installs

Bug fixes:
- ModelSpec::Hint now resolves to {hint}-v1 (e.g. agentic-v1) instead
  of hint:agentic which the backend rejected
- validate_skill_filter now uses skill_id from the engine tuple instead
  of splitting on __ in the raw tool name (which always failed)
- Memory context forwarded to subagents via ParentExecutionContext

Observability:
- Added [agent] tagged logs for tool responses, agent state transitions,
  and delegation decisions throughout turn.rs

See docs/agent-prompt-architecture.excalidraw for the visual diagram.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* style: rustfmt orchestrator_tools.rs

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* style: cargo fmt

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: address CodeRabbit review — dispatch guard, fork specs, decouple sync

- Enforce visible-tool allowlist at dispatch time (not just schema)
- Fork mode uses visible_tool_specs (not full registry)
- De-duplicate spawn_subagent when extending orchestrator tools
- Raw tool output moved to debug level, info level logs metadata only
- Decouple workspace file sync from prompt rendering so skipped files
  still get synced to disk

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: sanil-23

docs/agent-prompt-architecture.excalidraw

@@ -28,6 +28,7 @@ impl AgentBuilder {
         Self {
             provider: None,
             tools: None,
+            visible_tool_names: None,
             memory: None,
             prompt_builder: None,
             tool_dispatcher: None,
@@ -71,6 +72,14 @@ impl AgentBuilder {
         self
     }
 
+    /// Restricts which tools the main agent can see and call directly.
+    /// Tools not in this set are still available to sub-agents via the
+    /// runner. Pass `None` (default) to make all tools visible.
+    pub fn visible_tool_names(mut self, names: std::collections::HashSet<String>) -> Self {
+        self.visible_tool_names = Some(names);
+        self
+    }
+
     /// Sets the memory system for the agent.
     pub fn memory(mut self, memory: Arc<dyn Memory>) -> Self {
         self.memory = Some(memory);
@@ -198,12 +207,38 @@ impl AgentBuilder {
             .ok_or_else(|| anyhow::anyhow!("tools are required"))?;
         let tool_specs: Vec<ToolSpec> = tools.iter().map(|tool| tool.spec()).collect();
 
+        let visible_names = self.visible_tool_names.unwrap_or_default();
+
+        // Build the filtered spec list that the main agent sends to the
+        // provider. When the filter is empty every tool is visible
+        // (backward compat). When populated, only allowlisted tools
+        // appear in the function-calling schema so the LLM literally
+        // cannot call skill tools directly — it must use spawn_subagent.
+        let visible_tool_specs: Vec<ToolSpec> = if visible_names.is_empty() {
+            tool_specs.clone()
+        } else {
+            tool_specs
+                .iter()
+                .filter(|spec| visible_names.contains(&spec.name))
+                .cloned()
+                .collect()
+        };
+
+        log::info!(
+            "[agent] tool spec filter: total={} visible={} (filter_active={})",
+            tool_specs.len(),
+            visible_tool_specs.len(),
+            !visible_names.is_empty()
+        );
+
         Ok(Agent {
             provider: self
                 .provider
                 .ok_or_else(|| anyhow::anyhow!("provider is required"))?,
             tools: Arc::new(tools),
             tool_specs: Arc::new(tool_specs),
+            visible_tool_specs: Arc::new(visible_tool_specs),
+            visible_tool_names: visible_names,
             memory: self
                 .memory
                 .ok_or_else(|| anyhow::anyhow!("memory is required"))?,
@@ -227,6 +262,7 @@ impl AgentBuilder {
             identity_config: self.identity_config.unwrap_or_default(),
             skills: self.skills.unwrap_or_default(),
             auto_save: self.auto_save.unwrap_or(false),
+            last_memory_context: None,
             history: Vec::new(),
             classification_config: self.classification_config.unwrap_or_default(),
             available_hints: self.available_hints.unwrap_or_default(),
@@ -405,9 +441,29 @@ impl Agent {
             }
         }
 
+        // Generate the orchestrator's tool set: one tool per skill +
+        // one tool per archetype (research, run_code, etc.) + spawn_subagent
+        // as a fallback. These are the only tools the LLM sees in its
+        // function-calling schema. Sub-agents still access the full `tools`
+        // registry via ParentExecutionContext.
+        let orchestrator_tools = tools::orchestrator_tools::collect_orchestrator_tools();
+        let visible: std::collections::HashSet<String> = orchestrator_tools
+            .iter()
+            .map(|t| t.name().to_string())
+            .collect();
+        // De-duplicate: spawn_subagent is already in the base registry.
+        let existing_names: std::collections::HashSet<String> =
+            tools.iter().map(|t| t.name().to_string()).collect();
+        tools.extend(
+            orchestrator_tools
+                .into_iter()
+                .filter(|t| !existing_names.contains(t.name())),
+        );
+
         Agent::builder()
             .provider(provider)
             .tools(tools)
+            .visible_tool_names(visible)
             .memory(memory)
             .tool_dispatcher(tool_dispatcher)
             .memory_loader(Box::new(

src/openhuman/agent/agent/builder.rs

@@ -41,6 +41,7 @@ impl Agent {
     /// and returns the final assistant response.
     pub async fn turn(&mut self, user_message: &str) -> Result<String> {
         let turn_started = std::time::Instant::now();
+        log::info!("[agent] turn started — awaiting user message processing");
         log::info!(
             "[agent_loop] turn start message_chars={} history_len={} max_tool_iterations={}",
             user_message.chars().count(),
@@ -55,6 +56,7 @@ impl Agent {
             // would just burn memory-store reads on data we throw away.
             let learned = self.fetch_learned_context().await;
             let system_prompt = self.build_system_prompt(learned)?;
+            log::info!("[agent] system prompt built — initialising conversation history");
             log::info!(
                 "[agent_loop] system prompt built chars={}",
                 system_prompt.chars().count()
@@ -87,15 +89,23 @@ impl Agent {
                 .await;
         }
 
+        log::info!("[agent] loading memory context for user message");
         let context = self
             .memory_loader
             .load_context(self.memory.as_ref(), user_message)
             .await
             .unwrap_or_default();
 
         let enriched = if context.is_empty() {
+            log::info!("[agent] no memory context found — using raw user message");
+            self.last_memory_context = None;
             user_message.to_string()
         } else {
+            log::info!(
+                "[agent] memory context loaded — enriching user message context_chars={}",
+                context.chars().count()
+            );
+            self.last_memory_context = Some(context.clone());
             format!("{context}{user_message}")
         };
 
@@ -188,6 +198,12 @@ impl Agent {
                 }
 
                 let messages = self.tool_dispatcher.to_provider_messages(&self.history);
+                log::info!(
+                    "[agent] iteration {}/{} — sending request to provider model={}",
+                    iteration + 1,
+                    self.config.max_tool_iterations,
+                    effective_model
+                );
                 log::info!(
                     "[agent_loop] provider request i={} messages={} send_tool_specs={}",
                     iteration + 1,
@@ -201,7 +217,7 @@ impl Agent {
                         ChatRequest {
                             messages: &messages,
                             tools: if self.tool_dispatcher.should_send_tool_specs() {
-                                Some(self.tool_specs.as_slice())
+                                Some(self.visible_tool_specs.as_slice())
                             } else {
                                 None
                             },
@@ -234,6 +250,11 @@ impl Agent {
 
                 let (text, calls) = self.tool_dispatcher.parse_response(&response);
                 let calls = Self::with_fallback_tool_call_ids(calls, iteration);
+                log::info!(
+                    "[agent] provider responded — parsed tool_calls={} text_chars={}",
+                    calls.len(),
+                    text.chars().count()
+                );
                 log::info!(
                     "[agent_loop] parsed response i={} parsed_text_chars={} parsed_tool_calls={}",
                     iteration + 1,
@@ -246,6 +267,10 @@ impl Agent {
                     } else {
                         text
                     };
+                    log::info!(
+                        "[agent] no tool calls — returning final response after {} iteration(s)",
+                        iteration + 1
+                    );
                     log::info!(
                         "[agent_loop] final response i={} final_chars={}",
                         iteration + 1,
@@ -309,6 +334,11 @@ impl Agent {
                         )));
                 }
                 let tool_names: Vec<&str> = calls.iter().map(|call| call.name.as_str()).collect();
+                log::info!(
+                    "[agent] dispatching {} tool(s): {:?}",
+                    calls.len(),
+                    tool_names
+                );
                 log::info!(
                     "[agent_loop] executing tools i={} names={:?}",
                     iteration + 1,
@@ -338,6 +368,23 @@ impl Agent {
                     iteration + 1,
                     results.len()
                 );
+                for r in &results {
+                    log::info!(
+                        "[agent] tool response name={} success={} output_chars={}",
+                        r.name,
+                        r.success,
+                        r.output.chars().count(),
+                    );
+                    log::debug!(
+                        "[agent] tool response body name={}: {}",
+                        r.name,
+                        truncate_with_ellipsis(&r.output, 300)
+                    );
+                }
+                log::info!(
+                    "[agent] all tools complete for iteration {} — looping back to provider",
+                    iteration + 1
+                );
                 let formatted = self.tool_dispatcher.format_results(&results);
                 self.history.push(formatted);
                 self.trim_history();
@@ -348,6 +395,10 @@ impl Agent {
                 );
             }
 
+            log::warn!(
+                "[agent] exceeded max tool iterations ({}) — aborting turn",
+                self.config.max_tool_iterations
+            );
             log::warn!(
                 "[agent_loop] exceeded maximum tool iterations max={}",
                 self.config.max_tool_iterations
@@ -399,6 +450,7 @@ impl Agent {
             tool_name: call.name.clone(),
             session_id: self.event_session_id().to_string(),
         });
+        log::info!("[agent] executing tool: {}", call.name);
         log::info!("[agent_loop] tool start name={}", call.name);
 
         // Special-case `spawn_subagent { mode: "fork", … }`: stash a
@@ -420,27 +472,37 @@ impl Agent {
             None
         };
 
-        let (raw_result, success) =
-            if let Some(tool) = self.tools.iter().find(|t| t.name() == call.name) {
-                let exec = tool.execute(call.arguments.clone());
-                let outcome = if let Some(fork_ctx) = fork_context_for_call {
-                    harness::with_fork_context(fork_ctx, exec).await
-                } else {
-                    exec.await
-                };
-                match outcome {
-                    Ok(r) => {
-                        if !r.is_error {
-                            (r.output(), true)
-                        } else {
-                            (format!("Error: {}", r.output()), false)
-                        }
-                    }
-                    Err(e) => (format!("Error executing {}: {e}", call.name), false),
-                }
+        let (raw_result, success) = if !self.visible_tool_names.is_empty()
+            && !self.visible_tool_names.contains(&call.name)
+        {
+            log::warn!(
+                "[agent] blocked tool call '{}' — not in visible tool set",
+                call.name
+            );
+            (
+                format!("Tool '{}' is not available to this agent", call.name),
+                false,
+            )
+        } else if let Some(tool) = self.tools.iter().find(|t| t.name() == call.name) {
+            let exec = tool.execute(call.arguments.clone());
+            let outcome = if let Some(fork_ctx) = fork_context_for_call {
+                harness::with_fork_context(fork_ctx, exec).await
             } else {
-                (format!("Unknown tool: {}", call.name), false)
+                exec.await
             };
+            match outcome {
+                Ok(r) => {
+                    if !r.is_error {
+                        (r.output(), true)
+                    } else {
+                        (format!("Error: {}", r.output()), false)
+                    }
+                }
+                Err(e) => (format!("Error executing {}: {e}", call.name), false),
+            }
+        } else {
+            (format!("Unknown tool: {}", call.name), false)
+        };
 
         // Context pipeline stage 1: apply the per-result byte budget
         // *inline* before the result enters history. This is the only
@@ -466,6 +528,17 @@ impl Agent {
             success,
             elapsed_ms,
         });
+        log::info!(
+            "[agent] tool completed: {} success={} elapsed_ms={}",
+            call.name,
+            success,
+            elapsed_ms
+        );
+        log::debug!(
+            "[agent] tool output for {}: {}",
+            call.name,
+            truncate_with_ellipsis(&result, 500)
+        );
         log::info!(
             "[agent_loop] tool finish name={} elapsed_ms={} output_chars={} success={}",
             call.name,
@@ -527,6 +600,7 @@ impl Agent {
             agent_config: self.config.clone(),
             identity_config: self.identity_config.clone(),
             skills: Arc::new(self.skills.clone()),
+            memory_context: self.last_memory_context.clone(),
             session_id: self.event_session_id().to_string(),
             channel: self.event_channel().to_string(),
         }
@@ -559,7 +633,7 @@ impl Agent {
 
         harness::ForkContext {
             system_prompt: Arc::new(system_prompt),
-            tool_specs: Arc::clone(&self.tool_specs),
+            tool_specs: Arc::clone(&self.visible_tool_specs),
             message_prefix: Arc::new(messages),
             cache_boundary: None,
             fork_task_prompt,
@@ -667,6 +741,7 @@ impl Agent {
             identity_config: Some(&self.identity_config),
             dispatcher_instructions: &instructions,
             learned,
+            visible_tool_names: &self.visible_tool_names,
         };
         self.prompt_builder.build(&ctx)
     }

src/openhuman/agent/agent/turn.rs

@@ -23,8 +23,21 @@ use std::sync::Arc;
 /// system to maintain context across turns.
 pub struct Agent {
     pub(super) provider: Arc<dyn Provider>,
+    /// Full tool registry. Sub-agents pull from this via
+    /// [`ParentExecutionContext::all_tools`].
     pub(super) tools: Arc<Vec<Box<dyn Tool>>>,
+    /// Full tool specs — sub-agents receive these via
+    /// [`ParentExecutionContext::all_tool_specs`].
     pub(super) tool_specs: Arc<Vec<ToolSpec>>,
+    /// Tool specs filtered by `visible_tool_names`. These are the specs
+    /// actually sent to the provider in the main agent's chat requests.
+    /// When `visible_tool_names` is empty this equals `tool_specs`.
+    pub(super) visible_tool_specs: Arc<Vec<ToolSpec>>,
+    /// When non-empty, only these tool names are visible in the main
+    /// agent's prompt and callable by the main agent. Sub-agents ignore
+    /// this filter — they apply per-definition whitelists in the runner.
+    /// Empty = no filter (all tools visible, backward compat).
+    pub(super) visible_tool_names: std::collections::HashSet<String>,
     pub(super) memory: Arc<dyn Memory>,
     pub(super) prompt_builder: SystemPromptBuilder,
     pub(super) tool_dispatcher: Box<dyn ToolDispatcher>,
@@ -36,6 +49,9 @@ pub struct Agent {
     pub(super) identity_config: crate::openhuman::config::IdentityConfig,
     pub(super) skills: Vec<crate::openhuman::skills::Skill>,
     pub(super) auto_save: bool,
+    /// Last memory context loaded for the current turn. Stored so it can
+    /// be forwarded to subagents via `ParentExecutionContext`.
+    pub(super) last_memory_context: Option<String>,
     pub(super) history: Vec<ConversationMessage>,
     pub(super) classification_config: crate::openhuman::config::QueryClassificationConfig,
     pub(super) available_hints: Vec<String>,
@@ -57,6 +73,8 @@ pub struct Agent {
 pub struct AgentBuilder {
     pub(super) provider: Option<Arc<dyn Provider>>,
     pub(super) tools: Option<Vec<Box<dyn Tool>>>,
+    /// When set, restricts which tools the main agent sees/calls.
+    pub(super) visible_tool_names: Option<std::collections::HashSet<String>>,
     pub(super) memory: Option<Arc<dyn Memory>>,
     pub(super) prompt_builder: Option<SystemPromptBuilder>,
     pub(super) tool_dispatcher: Option<Box<dyn ToolDispatcher>>,

src/openhuman/agent/agent/types.rs

@@ -45,7 +45,7 @@ impl std::fmt::Display for AgentArchetype {
 }
 
 impl AgentArchetype {
-    /// Model hint passed to `RouterProvider` (prefixed with `"hint:"` at call site).
+    /// Model hint resolved to `{hint}-v1` at call site (e.g. `"agentic"` → `"agentic-v1"`).
     pub fn default_model_hint(&self) -> &'static str {
         match self {
             Self::Orchestrator => "reasoning",
@@ -54,8 +54,7 @@ impl AgentArchetype {
             Self::SkillsAgent => "agentic",
             Self::ToolMaker => "coding",
             Self::Researcher => "agentic",
-            Self::Critic => "reasoning",
-            // Archivist uses the cheapest available model (local preferred).
+            Self::Critic => "agentic",
             Self::Archivist => "local",
         }
     }