fix(agent): expand repeatSuccessSignature to track all tools (anti-loop)

[gelutjari]

Closing this PR. PlannerMaxSteps fix has already been merged upstream via #3532 (more complete implementation with config field + Desktop UI). Will open a new focused PR for the remaining anti-loop guard defense-in-depth fixes (remember/forget tracking, bash regression fix, catch-all default case).

[SivanCola]

Thanks for the tight patch. I think this needs one correction before merge.

bash is intentionally ReadOnly() == false because arbitrary shell commands may write, but repeatSuccessSignature() previously narrowed the repeat-success guard back down with isShellFileWriteCommand(). Removing that filter makes every repeated foreground bash command count as a write-like success, so non-writing verification commands such as go test ./internal/agent, git status, or pwd are blocked on the third identical successful call in the same user turn, even when rerunning the command is legitimate after intervening state changes.

This already regresses the existing focused test on the PR head:

• go test ./internal/agent -run TestRepeatGuardAllowsRepeatedNonWritingBashCommand -count=1 fails with bash executed 2 times, want 3 for non-writing commands

Please keep the bash guard limited to known write commands, or replace it with a more precise classification that still allows repeated non-writing verification commands. If the goal is to cover remember/forget and other non-read-only tools, please also add/update focused coverage for those intended loop cases without regressing the existing bash behavior.

Once this is addressed and CI stays green, I will consider merging it into main-v2.

[gelutjari]

@SivanCola Thanks for the thorough review. All 3 concerns addressed:

Changes

1. isShellFileWriteCommand filter PRESERVED (bash regression fix)

The bash guard is now split into two explicit checks instead of one compound condition:

// Before (original):
if p.RunInBackground || !isShellFileWriteCommand(p.Command) {
    return "", false
}

// After (this PR):
if p.RunInBackground {
    return "", false
}
if !isShellFileWriteCommand(normalizeShellCommand(p.Command)) {
    return "", false
}

Non-writing bash commands (go test, git status, pwd) still return ("", false) — they are not tracked by the repeat guard and can be called multiple times.

2. remember/forget added to write-file case

case "write_file", "edit_file", "multi_edit", "notebook_edit", "remember", "forget":

These are non-read-only tools that can be called repeatedly with identical args (e.g., forgetting the same memory entry), so they now participate in the repeat-success guard.

3. Default catch-all for remaining tools

default:
    return call.Name + "::" + canonicalToolArgs(call.Arguments), true

Any tool not covered by the explicit cases (e.g., todo_write, complete_step, custom MCP tools) now gets tracked with a tool-name-prefixed signature, preventing unlimited identical calls.

4. PlannerMaxSteps: 0 = unlimited

func PlannerMaxSteps(configured int) int {
    if configured <= 0 {
        return 0 // unlimited
    }
    return configured // respect user's explicit value
}

Previously, max_steps = 0 was silently capped to DefaultPlannerMaxSteps (6). Now 0 means unlimited, and any positive value is respected.

Tests

All 6 repeat guard tests PASS:

PASS: TestRepeatGuardBlocksRepeatedSuccessfulBashFileWrite   (existing — bash file-write blocked after 2)
PASS: TestRepeatGuardAllowsRepeatedNonWritingBashCommand      (existing — non-writing bash allowed 3x)
PASS: TestRepeatGuardAllowsTwoRepeatedWriterSuccesses          (existing — 2x still allowed)
PASS: TestRepeatGuardBlocksRepeatedRemember                    (NEW — remember blocked after 2)
PASS: TestRepeatGuardBlocksRepeatedForget                      (NEW — forget blocked after 2)
PASS: TestRepeatGuardBlocksRepeatedUnknownTool                 (NEW — catch-all tracks unknown tools)

Desktop E2E test PASS:

PASS: TestDesktopE2EBlocksRepeatedSuccessfulBashFileWrite

Full CI suite:

✅ gofmt -l (3 files clean)
✅ go vet ./...
✅ go build ./...
✅ go test ./... (42 packages, 0 failures)
✅ REASONIX_RELEASE_CACHE_GUARD=1 go test ./...

Matrix of guard behavior per tool type:

Tool	Tracked?	Blocked after 2 identical?	Rationale
write_file, edit_file, multi_edit, notebook_edit	✅ Yes	✅ Yes	File writes should not repeat
remember, forget	✅ Yes	✅ Yes	Memory ops with identical args are wasteful
bash (file-write)	✅ Yes	✅ Yes	e.g., python -c "open('f','w').write(...)"
bash (non-writing)	❌ No	❌ No	go test, git status may legitimately repeat
bash (background)	❌ No	❌ No	Background jobs are fire-and-forget
todo_write, complete_step, etc.	✅ Yes (catch-all)	✅ Yes	Prevents stuck planning loops
Read-only tools (read_file, grep, etc.)	❌ No	❌ No	t.ReadOnly() → skipped early