feat: adopt QwenLM engineering patterns (MCP schema pruning, inline tool calls, read-only validator)

Patterns ported from a deep-research scan of the QwenLM org (Qwen-Agent /
qwen-code, both Apache-2.0); no code copied. Four changes:

- engine: route Hermes/Nous <tool_call> inline tool calls through
  ParseInlineToolCalls (the eyrie side lands in eyrie fd2d49b), so Qwen
  and OpenAI-compatible local models that inline tool calls are parsed.
- mcp: SanitizeToolSchema prunes MCP tool JSON Schema to the
  {type,properties,required} subset strict function-calling endpoints
  accept; wired into PluginToolAdapter.Parameters() (was passing the raw
  upstream schema straight to the model). Transports already covered
  stdio/HTTP/SSE/WS, so only schema pruning was missing.
- multiagent: add a read-only validation worker (readOnlyWorkerTools +
  ReadOnlyValidationWorker) and a `validator` built-in persona with an
  enforceable ReadOnly contract (no Write/Edit/Bash) — the
  implement-then-validate pair where the agent that writes the code is
  not the one that signs off on it.
- personas: stop pinning built-in personas to specific model names
  (reviewer/architect/speed/critic/security-reviewer/verifier); they now
  inherit the session model so a name absent on the user's provider can't
  break them.

Bumps external/eyrie -> fd2d49b and external/yaad -> e9d7df3.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Author: Patel230

external/eyrie

@@ -499,8 +499,10 @@ func (s *Session) agentLoop(ctx context.Context, ch chan<- StreamEvent) {
 			return
 		}
 
-		// Check for inline tool calls in text (some providers embed tool calls in text)
-		if len(toolCalls) == 0 && strings.Contains(textContent.String(), "<|tool_calls_section_begin|>") {
+		// Check for inline tool calls in text (some providers embed tool calls in
+		// text): Moonshot/kimi <|tool_calls_section_begin|> or Hermes/Nous
+		// <tool_call> (Qwen and most OpenAI-compatible local models).
+		if len(toolCalls) == 0 && (strings.Contains(textContent.String(), "<|tool_calls_section_begin|>") || strings.Contains(textContent.String(), "<tool_call>")) {
 			cleanText, inlineCalls := types.ParseInlineToolCalls(textContent.String())
 			if len(inlineCalls) > 0 {
 				textContent.Reset()

external/yaad

@@ -0,0 +1,112 @@
+package mcp
+
+// SanitizeToolSchema prunes an MCP tool's JSON Schema down to the subset that
+// strict OpenAI-compatible function-calling endpoints accept. Many MCP servers
+// publish full JSON Schema documents (with "$schema", "title", "definitions",
+// "additionalProperties", "examples", etc.); several providers (and some local
+// vLLM/SGLang routes) reject a function's parameter schema outright when it
+// carries keys outside the function-calling subset. Qwen-Agent solves this by
+// keeping only {type, properties, required} per tool — hawk does the same.
+//
+// The function is conservative: it never invents structure. If the input does
+// not look like an object schema (no "type":"object" and no "properties"), it is
+// returned unchanged so non-object tools (rare, but valid) are not corrupted. A
+// nil input yields the canonical empty-object schema so the model still sees a
+// well-formed parameter block.
+func SanitizeToolSchema(schema map[string]interface{}) map[string]interface{} {
+	if schema == nil {
+		return map[string]interface{}{
+			"type":       "object",
+			"properties": map[string]interface{}{},
+		}
+	}
+
+	_, hasProps := schema["properties"]
+	if schema["type"] != "object" && !hasProps {
+		// Not an object schema — leave it alone.
+		return schema
+	}
+
+	out := map[string]interface{}{"type": "object"}
+
+	if props, ok := schema["properties"].(map[string]interface{}); ok {
+		out["properties"] = sanitizeProperties(props)
+	} else {
+		out["properties"] = map[string]interface{}{}
+	}
+
+	// "required" must be a list of strings; copy it only when well-formed and
+	// non-empty (an empty required list is the default and adds nothing).
+	if req, ok := schema["required"].([]interface{}); ok && len(req) > 0 {
+		out["required"] = req
+	}
+
+	return out
+}
+
+// allowedPropKeys is the per-property keyword subset preserved during pruning.
+// These are the keywords function-calling endpoints actually consume to build a
+// prompt-time tool description; everything else (validation-only or
+// documentation-only keywords) is dropped.
+var allowedPropKeys = map[string]struct{}{
+	"type":        {},
+	"description": {},
+	"enum":        {},
+	"items":       {},
+	"properties":  {},
+	"required":    {},
+	"default":     {},
+}
+
+// sanitizeProperties prunes each property to allowedPropKeys, recursing into
+// nested object/array schemas so the subset is applied at every depth.
+func sanitizeProperties(props map[string]interface{}) map[string]interface{} {
+	cleaned := make(map[string]interface{}, len(props))
+	for name, raw := range props {
+		spec, ok := raw.(map[string]interface{})
+		if !ok {
+			cleaned[name] = raw
+			continue
+		}
+		cp := make(map[string]interface{}, len(spec))
+		for k, v := range spec {
+			if _, allow := allowedPropKeys[k]; !allow {
+				continue
+			}
+			switch k {
+			case "properties":
+				if nested, ok := v.(map[string]interface{}); ok {
+					cp[k] = sanitizeProperties(nested)
+					continue
+				}
+			case "items":
+				if item, ok := v.(map[string]interface{}); ok {
+					cp[k] = sanitizeItems(item)
+					continue
+				}
+			}
+			cp[k] = v
+		}
+		cleaned[name] = cp
+	}
+	return cleaned
+}
+
+// sanitizeItems prunes an array "items" sub-schema, recursing into its own
+// properties when it describes objects.
+func sanitizeItems(item map[string]interface{}) map[string]interface{} {
+	cp := make(map[string]interface{}, len(item))
+	for k, v := range item {
+		if _, allow := allowedPropKeys[k]; !allow {
+			continue
+		}
+		if k == "properties" {
+			if nested, ok := v.(map[string]interface{}); ok {
+				cp[k] = sanitizeProperties(nested)
+				continue
+			}
+		}
+		cp[k] = v
+	}
+	return cp
+}

internal/engine/stream.go

@@ -0,0 +1,112 @@
+package mcp
+
+import "testing"
+
+func TestSanitizeToolSchema_PrunesTopLevelKeys(t *testing.T) {
+	in := map[string]interface{}{
+		"$schema":              "https://json-schema.org/draft/2020-12/schema",
+		"title":                "DoThing",
+		"description":          "does a thing",
+		"additionalProperties": false,
+		"type":                 "object",
+		"properties": map[string]interface{}{
+			"path": map[string]interface{}{"type": "string", "description": "a path"},
+		},
+		"required": []interface{}{"path"},
+	}
+	out := SanitizeToolSchema(in)
+
+	for _, banned := range []string{"$schema", "title", "additionalProperties", "description"} {
+		if _, ok := out[banned]; ok {
+			t.Errorf("expected %q to be pruned, got %v", banned, out[banned])
+		}
+	}
+	if out["type"] != "object" {
+		t.Errorf("type = %v, want object", out["type"])
+	}
+	if _, ok := out["properties"].(map[string]interface{})["path"]; !ok {
+		t.Errorf("properties.path dropped: %v", out["properties"])
+	}
+	req, ok := out["required"].([]interface{})
+	if !ok || len(req) != 1 || req[0] != "path" {
+		t.Errorf("required = %v, want [path]", out["required"])
+	}
+}
+
+func TestSanitizeToolSchema_PrunesPerPropertyKeys(t *testing.T) {
+	in := map[string]interface{}{
+		"type": "object",
+		"properties": map[string]interface{}{
+			"q": map[string]interface{}{
+				"type":        "string",
+				"description": "query",
+				"minLength":   1,       // validation-only — should be dropped
+				"examples":    []any{}, // doc-only — should be dropped
+				"enum":        []interface{}{"a", "b"},
+			},
+		},
+	}
+	out := SanitizeToolSchema(in)
+	prop := out["properties"].(map[string]interface{})["q"].(map[string]interface{})
+	if _, ok := prop["minLength"]; ok {
+		t.Error("minLength should be pruned")
+	}
+	if _, ok := prop["examples"]; ok {
+		t.Error("examples should be pruned")
+	}
+	if prop["type"] != "string" || prop["description"] != "query" {
+		t.Errorf("kept keys lost: %v", prop)
+	}
+	if _, ok := prop["enum"]; !ok {
+		t.Error("enum should be kept")
+	}
+}
+
+func TestSanitizeToolSchema_RecursesNestedAndItems(t *testing.T) {
+	in := map[string]interface{}{
+		"type": "object",
+		"properties": map[string]interface{}{
+			"filter": map[string]interface{}{
+				"type":  "object",
+				"title": "Filter", // dropped at nested level
+				"properties": map[string]interface{}{
+					"tags": map[string]interface{}{
+						"type":  "array",
+						"items": map[string]interface{}{"type": "string", "pattern": "x"}, // pattern dropped
+					},
+				},
+			},
+		},
+	}
+	out := SanitizeToolSchema(in)
+	filter := out["properties"].(map[string]interface{})["filter"].(map[string]interface{})
+	if _, ok := filter["title"]; ok {
+		t.Error("nested title should be pruned")
+	}
+	tags := filter["properties"].(map[string]interface{})["tags"].(map[string]interface{})
+	items := tags["items"].(map[string]interface{})
+	if _, ok := items["pattern"]; ok {
+		t.Error("items.pattern should be pruned")
+	}
+	if items["type"] != "string" {
+		t.Errorf("items.type lost: %v", items)
+	}
+}
+
+func TestSanitizeToolSchema_NilYieldsEmptyObject(t *testing.T) {
+	out := SanitizeToolSchema(nil)
+	if out["type"] != "object" {
+		t.Fatalf("nil schema = %v, want empty object schema", out)
+	}
+	if _, ok := out["properties"].(map[string]interface{}); !ok {
+		t.Errorf("expected empty properties map, got %v", out["properties"])
+	}
+}
+
+func TestSanitizeToolSchema_NonObjectLeftAlone(t *testing.T) {
+	in := map[string]interface{}{"type": "string", "minLength": 3}
+	out := SanitizeToolSchema(in)
+	if out["minLength"] != 3 {
+		t.Errorf("non-object schema should be returned unchanged, got %v", out)
+	}
+}

internal/mcp/schema.go

@@ -17,13 +17,19 @@ import (
 // Persona represents an enhanced agent definition with specific skills,
 // model preferences, and behavioral configuration.
 type Persona struct {
-	Name               string           `json:"name"`
-	Description        string           `json:"description"`
-	Model              string           `json:"model"`
-	Provider           string           `json:"provider"`
-	SystemPrompt       string           `json:"system_prompt"`
-	Tools              []string         `json:"tools"`
-	ExcludedTools      []string         `json:"excluded_tools"`
+	Name          string   `json:"name"`
+	Description   string   `json:"description"`
+	Model         string   `json:"model"`
+	Provider      string   `json:"provider"`
+	SystemPrompt  string   `json:"system_prompt"`
+	Tools         []string `json:"tools"`
+	ExcludedTools []string `json:"excluded_tools"`
+	// ReadOnly declares that this persona must never mutate the workspace. It is
+	// a machine-readable contract (stronger than listing Edit/Write in
+	// ExcludedTools, since it also forbids mutation via Bash): orchestrators
+	// should run a ReadOnly persona with a read-only tool registry. Used by the
+	// validation half of an implement-then-validate agent pair.
+	ReadOnly           bool             `json:"read_only,omitempty"`
 	Temperature        float64          `json:"temperature"`
 	MaxTokens          int              `json:"max_tokens"`
 	Expertise          []string         `json:"expertise"`
@@ -408,6 +414,8 @@ func parsePersonaContent(content, path string) (*Persona, error) {
 			p.Tools = parseYAMLList(val)
 		case "excluded_tools":
 			p.ExcludedTools = parseYAMLList(val)
+		case "read_only":
+			p.ReadOnly = val == "true" || val == "yes"
 		case "rules":
 			p.Rules = parseYAMLList(val)
 		case "created_at":
@@ -481,6 +489,9 @@ func RenderPersonaFile(persona *Persona) string {
 	if len(persona.ExcludedTools) > 0 {
 		sb.WriteString(fmt.Sprintf("excluded_tools: [%s]\n", strings.Join(persona.ExcludedTools, ", ")))
 	}
+	if persona.ReadOnly {
+		sb.WriteString("read_only: true\n")
+	}
 	if persona.Color != "" {
 		sb.WriteString(fmt.Sprintf("color: %s\n", persona.Color))
 	}
@@ -556,7 +567,7 @@ func BuiltinPersonas() []*Persona {
 		{
 			Name:               "reviewer",
 			Description:        "Security and correctness focused code reviewer",
-			Model:              "claude-sonnet-4-6",
+			Model:              "", // inherit session model (was claude-sonnet-4-6)
 			Temperature:        0.2,
 			Expertise:          []string{"security", "backend", "testing"},
 			CommunicationStyle: "concise",
@@ -574,7 +585,7 @@ func BuiltinPersonas() []*Persona {
 		{
 			Name:               "architect",
 			Description:        "High-level system design with minimal code",
-			Model:              "claude-opus-4-6",
+			Model:              "", // inherit session model (was claude-opus-4-6)
 			Temperature:        0.7,
 			MaxTokens:          16384,
 			Expertise:          []string{"backend", "devops"},
@@ -634,7 +645,7 @@ func BuiltinPersonas() []*Persona {
 		{
 			Name:               "speed",
 			Description:        "Fast and concise, uses cheapest model",
-			Model:              "claude-haiku-3-5",
+			Model:              "", // inherit session model (was claude-haiku-3-5)
 			Temperature:        0.3,
 			MaxTokens:          4096,
 			Expertise:          []string{"backend", "frontend"},
@@ -684,7 +695,7 @@ func BuiltinPersonas() []*Persona {
 		{
 			Name:               "critic",
 			Description:        "Reviews plans and code for flaws before commitment",
-			Model:              "claude-sonnet-4-6",
+			Model:              "", // inherit session model (was claude-sonnet-4-6)
 			Temperature:        0.2,
 			Expertise:          []string{"backend", "testing", "security"},
 			CommunicationStyle: "concise",
@@ -701,7 +712,7 @@ func BuiltinPersonas() []*Persona {
 		{
 			Name:               "security-reviewer",
 			Description:        "Deep security-focused code reviewer",
-			Model:              "claude-sonnet-4-6",
+			Model:              "", // inherit session model (was claude-sonnet-4-6)
 			Temperature:        0.2,
 			MaxTokens:          8192,
 			Expertise:          []string{"security", "backend"},
@@ -751,7 +762,7 @@ func BuiltinPersonas() []*Persona {
 		{
 			Name:               "verifier",
 			Description:        "Validates implementations against specifications",
-			Model:              "claude-sonnet-4-6",
+			Model:              "", // inherit session model (was claude-sonnet-4-6)
 			Temperature:        0.2,
 			Expertise:          []string{"testing", "backend"},
 			CommunicationStyle: "concise",
@@ -765,6 +776,34 @@ func BuiltinPersonas() []*Persona {
 			},
 			CreatedAt: now,
 		},
+		{
+			// validator is the read-only half of an implement-then-validate
+			// agent pair: a separate agent reviews the implementation worker's
+			// output without the ability to change it. Unlike verifier it is
+			// ReadOnly (no Bash), so its sign-off cannot be tainted by mutating
+			// the very code it judges.
+			Name:        "validator",
+			Description: "Read-only validator of an implementation it did not write",
+			// Model intentionally left empty: a validator should run on whatever
+			// model the user has configured for the session rather than pinning a
+			// specific name that may not exist on their provider. (Several
+			// built-ins pin claude-sonnet-4-6; this one deliberately inherits.)
+			Model:              "",
+			Temperature:        0.1,
+			Expertise:          []string{"testing", "backend", "security"},
+			CommunicationStyle: "concise",
+			ReadOnly:           true,
+			Tools:              []string{"Read", "Grep", "Glob", "LS"},
+			ExcludedTools:      []string{"Edit", "Write", "Bash"},
+			SystemPrompt:       "You are a read-only validation agent. You did not write the code under review and you cannot modify it. Inspect the implementation against the stated expected behavior and report, per acceptance criterion, a concrete PASS or FAIL with file:line evidence. Never assume — cite what you actually read.",
+			Rules: []string{
+				"You are read-only: never propose to edit, write, or run shell commands",
+				"Cite file:line evidence for every PASS or FAIL",
+				"Judge against the expected behavior, not your own preferences",
+				"Report partial or unclear completion honestly rather than rounding up",
+			},
+			CreatedAt: now,
+		},
 		{
 			Name:               "integrator",
 			Description:        "Handles merges, integration, and compatibility",

internal/mcp/schema_test.go

@@ -470,6 +470,7 @@ func TestBuiltinPersonas_AreValid(t *testing.T) {
 		"test-engineer":         false,
 		"tracer":                false,
 		"verifier":              false,
+		"validator":             false,
 		"integrator":            false,
 		"documenter":            false,
 		"devops":                false,
@@ -549,8 +550,8 @@ func TestSelectPersona_NewDomains(t *testing.T) {
 }
 
 func TestBuiltinPersonas_Count(t *testing.T) {
-	if got := len(BuiltinPersonas()); got != 21 {
-		t.Errorf("expected 21 built-in personas, got %d", got)
+	if got := len(BuiltinPersonas()); got != 22 {
+		t.Errorf("expected 22 built-in personas, got %d", got)
 	}
 }