tighten comment hygiene and extract magic-literal consts

alexylon · alexylon · commit 0c3c733abd9c · 2026-05-05T22:16:57.000+03:00
diff --git a/AGENTS.md b/AGENTS.md
@@ -436,6 +436,7 @@ Gitignored scratchpad for helper files the user asks to be created there — typ
     - `cargo clippy --all-targets -- -D warnings`
     - `cargo test --all`
 - Before finishing, review the change for bugs and corner cases.
+- After each final modification, suggest a clear one-line commit message.
 
 ---
 
diff --git a/src/api/anthropic.rs b/src/api/anthropic.rs
@@ -6,9 +6,13 @@ use reqwest::header::{HeaderMap, HeaderValue};
 use std::sync::Arc;
 use std::sync::atomic::{AtomicBool, Ordering};
 
-const API_BASE: &str = "https://api.anthropic.com/v1";
-const API_VERSION: &str = "2023-06-01";
-/// Header name for Anthropic feature opt-ins.
+const ANTHROPIC_API_BASE: &str = "https://api.anthropic.com/v1";
+/// Pinned `anthropic-version` header value. `2023-06-01` is the
+/// version the public Anthropic Messages API is documented against;
+/// bumping it changes streaming-event shapes and request fields, so
+/// any change here needs a smoke test against both streaming and
+/// non-streaming paths.
+const ANTHROPIC_API_VERSION: &str = "2023-06-01";
 const BETA_HEADER_NAME: &str = "anthropic-beta";
 
 /// Universal beta token: shrinks tool-call envelopes. Supported on
@@ -112,7 +116,10 @@ impl AnthropicClient {
             HeaderValue::from_str(&api_key)
                 .map_err(|e| SofosError::Config(format!("Invalid API key format: {}", e)))?,
         );
-        headers.insert("anthropic-version", HeaderValue::from_static(API_VERSION));
+        headers.insert(
+            "anthropic-version",
+            HeaderValue::from_static(ANTHROPIC_API_VERSION),
+        );
         // `anthropic-beta` is set per-request by `anthropic_beta_for`
         // so the compaction beta only ships when the target model
         // actually supports it.
@@ -126,7 +133,7 @@ impl AnthropicClient {
     pub async fn check_connectivity(&self) -> Result<()> {
         utils::check_api_connectivity(
             &self.client,
-            API_BASE,
+            ANTHROPIC_API_BASE,
             "Anthropic",
             "https://status.anthropic.com",
         )
@@ -157,7 +164,7 @@ impl AnthropicClient {
         &self,
         request: CreateMessageRequest,
     ) -> Result<CreateMessageResponse> {
-        let url = format!("{}/messages", API_BASE);
+        let url = format!("{}/messages", ANTHROPIC_API_BASE);
         let request = Self::prepare_request(request);
         let beta = anthropic_beta_for(&request.model);
 
@@ -189,7 +196,7 @@ impl AnthropicClient {
         request.stream = Some(true);
         let beta = anthropic_beta_for(&request.model);
 
-        let url = format!("{}/messages", API_BASE);
+        let url = format!("{}/messages", ANTHROPIC_API_BASE);
 
         let response = utils::send_once(
             "Anthropic",
diff --git a/src/api/openai.rs b/src/api/openai.rs
@@ -6,6 +6,7 @@ use serde::Deserialize;
 use serde_json::json;
 
 const OPENAI_API_BASE: &str = "https://api.openai.com/v1";
+const TOOL_CHOICE_AUTO: &str = "auto";
 
 #[derive(Clone)]
 pub struct OpenAIClient {
@@ -272,7 +273,7 @@ fn build_responses_body(request: &CreateMessageRequest) -> serde_json::Value {
 
         if !tools.is_empty() {
             body["tools"] = json!(tools);
-            body["tool_choice"] = json!("auto");
+            body["tool_choice"] = json!(TOOL_CHOICE_AUTO);
         }
     }
 
diff --git a/src/clipboard.rs b/src/clipboard.rs
@@ -43,12 +43,8 @@ pub fn strip_paste_markers(input: &str) -> (String, Vec<usize>) {
     (cleaned.trim().to_string(), indices)
 }
 
-/// Ceiling on pasted clipboard images. Matches the 20 MB cap Anthropic
-/// imposes on base64-encoded image bodies in the Messages API — a
-/// larger screenshot would just get rejected at request time with a
-/// confusing 400. Checked on both the raw PNG buffer (encoder output)
-/// and the encoded base64 so a huge image never makes it into the
-/// conversation state.
+/// Matches the 20 MB cap Anthropic imposes on base64-encoded image
+/// bodies in the Messages API.
 const MAX_CLIPBOARD_IMAGE_BYTES: usize = 20 * 1024 * 1024;
 
 pub fn get_clipboard_image() -> Option<PastedImage> {
diff --git a/src/config.rs b/src/config.rs
@@ -1,6 +1,6 @@
 /// Central configuration for Sofos. The actual file-size and bash-output
 /// caps live next to the code that enforces them — `MAX_FILE_SIZE` in
-/// `src/tools/filesystem.rs` (50 MB) and `MAX_OUTPUT_SIZE` in
+/// `src/tools/filesystem.rs` (50 MB) and `MAX_BASH_OUTPUT_BYTES` in
 /// `src/tools/bashexec.rs` (10 MB) — not here, so this struct only
 /// carries config values that the rest of the crate actually reads.
 ///
diff --git a/src/error.rs b/src/error.rs
@@ -1,5 +1,26 @@
 use thiserror::Error;
 
+pub const DEFAULT_PARENT_DIR: &str = ".";
+
+/// Substrings that, when found in a `ToolExecution` error message,
+/// classify the error as an *expected* security block rather than an
+/// actual failure. Both casings of "blocked" / "Blocked" are listed
+/// because tool messages are constructed inline by call sites that
+/// don't share a casing convention.
+const BLOCKED_KEYWORDS: &[&str] = &[
+    "blocked",
+    "Blocked",
+    "denied",
+    "not allowed",
+    "not explicitly allowed",
+    "outside workspace",
+    "absolute paths",
+    "contains '..'",
+    "tilde paths",
+    "output redirection",
+    "here-doc",
+];
+
 #[derive(Error, Debug)]
 pub enum SofosError {
     #[error("API error: {0}")]
@@ -55,19 +76,7 @@ impl SofosError {
     pub fn is_blocked(&self) -> bool {
         match self {
             Self::PathViolation(_) => true,
-            Self::ToolExecution(msg) => {
-                msg.contains("blocked")
-                    || msg.contains("Blocked")
-                    || msg.contains("denied")
-                    || msg.contains("not allowed")
-                    || msg.contains("not explicitly allowed")
-                    || msg.contains("outside workspace")
-                    || msg.contains("absolute paths")
-                    || msg.contains("contains '..'")
-                    || msg.contains("tilde paths")
-                    || msg.contains("output redirection")
-                    || msg.contains("here-doc")
-            }
+            Self::ToolExecution(msg) => BLOCKED_KEYWORDS.iter().any(|kw| msg.contains(kw)),
             Self::McpError(_) => false,
             Self::Join(_) => false,
             Self::Context { source, .. } => source.is_blocked(),
@@ -81,7 +90,7 @@ impl SofosError {
                 let parent = std::path::Path::new(path)
                     .parent()
                     .and_then(|p| p.to_str())
-                    .unwrap_or(".");
+                    .unwrap_or(DEFAULT_PARENT_DIR);
                 Some(format!(
                     "Use list_directory on '{}' to see available files",
                     parent
diff --git a/src/repl/conversation.rs b/src/repl/conversation.rs
@@ -1,15 +1,24 @@
 use crate::api::{Message, SystemPrompt, utils::truncate_at_char_boundary};
 use crate::config::SofosConfig;
 
+/// Hard floor on the number of messages `trim_if_needed` will keep,
+/// even when the per-message budget would normally drop more. Below
+/// this, conversations lose enough context that the model starts
+/// hallucinating prior tool results.
+const TRIM_MIN_MESSAGES: usize = 10;
+
+/// Per-end cap on retained characters when `truncate_tool_results`
+/// shortens a long tool output during compaction. The middle is
+/// replaced with an elision marker.
+const COMPACTION_TOOL_RESULT_KEEP_CHARS: usize = 500;
+
 #[derive(Clone)]
 pub struct ConversationHistory {
     messages: Vec<Message>,
     system_prompt: Vec<SystemPrompt>,
     config: SofosConfig,
-    /// Set when `trim_if_needed` printed the floor-hit warning; cleared
-    /// the next time we end a trim under budget. Stops the warning from
-    /// firing on every message append once we're stuck at the 10-message
-    /// floor.
+    /// Latches the floor-hit warning so it fires once per stuck-at-floor
+    /// episode, not on every append.
     warned_at_floor: bool,
     /// Index of the message whose last block carries the secondary
     /// Anthropic `cache_control` marker (the "anchor"). Stays put across
@@ -300,17 +309,21 @@ Show imperial units only when the user explicitly asks for them."#,
         // The warning describes our internal trim heuristic, not the
         // model's API context window — those are different numbers.
         // The condition below means: we tried to trim down to budget
-        // but hit the 10-message floor. The model API will still accept
-        // the request; this just warns the user that auto-trim can't
-        // help further. Dedup with `warned_at_floor` so a long agent
-        // loop doesn't print the warning on every tool round-trip.
-        let at_floor = total_tokens > self.config.max_context_tokens && self.messages.len() <= 10;
+        // but hit the `TRIM_MIN_MESSAGES` floor. The model API will
+        // still accept the request; this just warns the user that
+        // auto-trim can't help further. Dedup with `warned_at_floor`
+        // so a long agent loop doesn't print the warning on every
+        // tool round-trip.
+        let at_floor = total_tokens > self.config.max_context_tokens
+            && self.messages.len() <= TRIM_MIN_MESSAGES;
         if at_floor {
             if !self.warned_at_floor {
                 eprintln!(
-                    "⚠️  Auto-trim hit the 10-message floor at ~{} tokens (budget {}). \
+                    "⚠️  Auto-trim hit the {floor}-message floor at ~{tokens} tokens (budget {budget}). \
                      Run /compact or /clear if responses start degrading.",
-                    total_tokens, self.config.max_context_tokens
+                    floor = TRIM_MIN_MESSAGES,
+                    tokens = total_tokens,
+                    budget = self.config.max_context_tokens,
                 );
                 self.warned_at_floor = true;
             }
@@ -573,7 +586,7 @@ Show imperial units only when the user explicitly asks for them."#,
         // stamp a marker on a now-mismatched position.
         self.cache_anchor_message_idx = None;
         let threshold = self.config.tool_result_truncate_threshold;
-        let keep_chars = 500;
+        let keep_chars = COMPACTION_TOOL_RESULT_KEEP_CHARS;
 
         for msg in self.messages[..up_to].iter_mut() {
             if let crate::api::MessageContent::Blocks { content } = &mut msg.content {
diff --git a/src/repl/mod.rs b/src/repl/mod.rs
@@ -77,13 +77,10 @@ pub struct Repl {
     /// iterations so the user can redirect in-flight work without having
     /// to interrupt it.
     steer_queue: SteerQueue,
-    /// Text the TUI should print through its captured-stdout pipe right
-    /// after `OutputCapture` is installed. Collected in `main.rs` (logo,
-    /// workspace, model, reasoning/thinking, morph availability) so the
-    /// same lines that used to go to the real tty before the TUI took
-    /// over now flow through the history pipeline — keeping the viewport
-    /// from overwriting them on terminals whose cursor-position DSR
-    /// doesn't answer (e.g. Ghostty), where our fallback was `(0, 0)`.
+    /// Queued through the TUI's captured-stdout pipe so the banner
+    /// survives terminals whose cursor-position DSR doesn't answer
+    /// (e.g. Ghostty), where the fallback origin would let the viewport
+    /// overwrite the lines.
     startup_banner: String,
     /// Shared tokio runtime driving every `block_on` in the REPL
     /// (initial request, compaction summary, tool-list refresh). Built
diff --git a/src/repl/response_handler.rs b/src/repl/response_handler.rs
@@ -65,11 +65,6 @@ impl ResponseHandler {
         }
     }
 
-    /// Fold a `Usage` payload into the per-turn running totals carried
-    /// by `handle_response`. Centralised so the counter increments
-    /// stay consistent across the three sites that consume responses
-    /// (auto-continue after reasoning-only blocks, tool-result loop,
-    /// max-iterations summary).
     fn accumulate_usage(
         usage: &crate::api::Usage,
         total_input: &mut u32,
diff --git a/src/repl/tui/mod.rs b/src/repl/tui/mod.rs
@@ -40,6 +40,9 @@ use app::{App, Picker};
 use event::{Job, UiEvent};
 use output::OutputCapture;
 
+/// Background tick cadence — frame rate vs. event-loop responsiveness
+/// tradeoff. ~11 Hz is fast enough that streamed output looks fluid
+/// without burning CPU on a quiet conversation.
 const TICK_INTERVAL: Duration = Duration::from_millis(90);
 /// Maximum captured output lines coalesced into a single `insert_before`
 /// call. A high value amortises terminal I/O when a tool streams a lot of
diff --git a/src/session/selector.rs b/src/session/selector.rs
@@ -3,6 +3,11 @@ use crate::session::SessionMetadata;
 use colored::Colorize;
 use std::io::{self, Write};
 
+const SECONDS_PER_MINUTE: u64 = 60;
+const SECONDS_PER_HOUR: u64 = 60 * SECONDS_PER_MINUTE;
+const SECONDS_PER_DAY: u64 = 24 * SECONDS_PER_HOUR;
+const SECONDS_PER_WEEK: u64 = 7 * SECONDS_PER_DAY;
+
 pub fn select_session(sessions: Vec<SessionMetadata>) -> Result<Option<String>> {
     if sessions.is_empty() {
         println!("{}", "No saved sessions found.".yellow());
@@ -54,16 +59,16 @@ fn format_timestamp(timestamp: u64) -> String {
         .as_secs();
     let diff = now.saturating_sub(timestamp);
 
-    if diff < 60 {
+    if diff < SECONDS_PER_MINUTE {
         "just now".to_string()
-    } else if diff < 3600 {
-        let mins = diff / 60;
+    } else if diff < SECONDS_PER_HOUR {
+        let mins = diff / SECONDS_PER_MINUTE;
         format!("{} min{} ago", mins, if mins == 1 { "" } else { "s" })
-    } else if diff < 86400 {
-        let hours = diff / 3600;
+    } else if diff < SECONDS_PER_DAY {
+        let hours = diff / SECONDS_PER_HOUR;
         format!("{} hour{} ago", hours, if hours == 1 { "" } else { "s" })
-    } else if diff < 604800 {
-        let days = diff / 86400;
+    } else if diff < SECONDS_PER_WEEK {
+        let days = diff / SECONDS_PER_DAY;
         format!("{} day{} ago", days, if days == 1 { "" } else { "s" })
     } else {
         use chrono::{DateTime, Utc};
diff --git a/src/tools/bashexec.rs b/src/tools/bashexec.rs
@@ -8,7 +8,7 @@ use std::path::PathBuf;
 use std::process::Command;
 use std::sync::{Arc, Mutex};
 
-const MAX_OUTPUT_SIZE: usize = 10 * 1024 * 1024; // 10MB limit
+const MAX_BASH_OUTPUT_BYTES: usize = 10 * 1024 * 1024;
 
 /// Return true when a command argument looks like a parent-directory
 /// reference (`..`, `../foo`, `foo/..`, `foo/../bar`). Substring matches
@@ -205,19 +205,19 @@ impl BashExecutor {
             .output()
             .map_err(|e| SofosError::ToolExecution(format!("Failed to execute command: {}", e)))?;
 
-        if output.stdout.len() > MAX_OUTPUT_SIZE {
+        if output.stdout.len() > MAX_BASH_OUTPUT_BYTES {
             return Err(SofosError::ToolExecution(format!(
                 "Command output too large ({} bytes). Maximum size is {} MB",
                 output.stdout.len(),
-                MAX_OUTPUT_SIZE / (1024 * 1024)
+                MAX_BASH_OUTPUT_BYTES / (1024 * 1024)
             )));
         }
 
-        if output.stderr.len() > MAX_OUTPUT_SIZE {
+        if output.stderr.len() > MAX_BASH_OUTPUT_BYTES {
             return Err(SofosError::ToolExecution(format!(
                 "Command error output too large ({} bytes). Maximum size is {} MB",
                 output.stderr.len(),
-                MAX_OUTPUT_SIZE / (1024 * 1024)
+                MAX_BASH_OUTPUT_BYTES / (1024 * 1024)
             )));
         }
 
diff --git a/src/tools/image.rs b/src/tools/image.rs
@@ -5,7 +5,7 @@ use crate::tools::utils::is_absolute_or_tilde;
 use base64::{Engine, engine::general_purpose::STANDARD};
 use std::path::PathBuf;
 
-const MAX_IMAGE_SIZE: u64 = 20 * 1024 * 1024;
+const MAX_IMAGE_SIZE_BYTES: u64 = 20 * 1024 * 1024;
 
 #[derive(Debug, Clone, PartialEq)]
 pub enum ImageFormat {
@@ -186,11 +186,11 @@ impl ImageLoader {
         let metadata = std::fs::metadata(&canonical)
             .with_context(|| format!("Failed to read image metadata: {}", path))?;
 
-        if metadata.len() > MAX_IMAGE_SIZE {
+        if metadata.len() > MAX_IMAGE_SIZE_BYTES {
             return Err(SofosError::ToolExecution(format!(
                 "Image too large: {} (max: {} MB)",
                 path,
-                MAX_IMAGE_SIZE / (1024 * 1024)
+                MAX_IMAGE_SIZE_BYTES / (1024 * 1024)
             )));
         }
 
diff --git a/src/tools/mod.rs b/src/tools/mod.rs
diff --git a/src/ui/mod.rs b/src/ui/mod.rs

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@ use serde::Deserialize;`
`6`	`6`	`use serde_json::json;`
`7`	`7`
`8`	`8`	`const OPENAI_API_BASE: &str = "https://api.openai.com/v1";`
	`9`	`+const TOOL_CHOICE_AUTO: &str = "auto";`
`9`	`10`
`10`	`11`	`#[derive(Clone)]`
`11`	`12`	`pub struct OpenAIClient {`
`@@ -272,7 +273,7 @@ fn build_responses_body(request: &CreateMessageRequest) -> serde_json::Value {`
`272`	`273`
`273`	`274`	`if !tools.is_empty() {`
`274`	`275`	`body["tools"] = json!(tools);`
`275`		`- body["tool_choice"] = json!("auto");`
	`276`	`+ body["tool_choice"] = json!(TOOL_CHOICE_AUTO);`
`276`	`277`	`}`
`277`	`278`	`}`
`278`	`279`
Original file line number	Diff line number	Diff line change
`@@ -65,11 +65,6 @@ impl ResponseHandler {`
`65`	`65`	`}`
`66`	`66`	`}`
`67`	`67`
`68`		- /// Fold a `Usage` payload into the per-turn running totals carried
`69`		- /// by `handle_response`. Centralised so the counter increments
`70`		`- /// stay consistent across the three sites that consume responses`
`71`		`- /// (auto-continue after reasoning-only blocks, tool-result loop,`
`72`		`- /// max-iterations summary).`
`73`	`68`	`fn accumulate_usage(`
`74`	`69`	`usage: &crate::api::Usage,`
`75`	`70`	`total_input: &mut u32,`