fix(tools): activate read-only git history + actionable RLM/field errors (v0.8.53)

[Hmbown]

Part of the v0.8.53 stabilization cycle (PR group 4 — tool/deferred/error UX). Targets codex/v0.8.53. Low-risk subset; one medium-risk item deferred (see below).

Issues addressed

• tools: discovery friction makes agents spend turns finding the right tool and schema #2654 — read-only git history is now first-class: git_log and git_show join git_diff/git_status in DEFAULT_ACTIVE_NATIVE_TOOLS, so a model can inspect history without a deferred-tool round-trip. Insertions keep the list alphabetical, so the prefix-cache catalog head stays sorted and byte-stable. git_blame and other history tools stay deferred (no broad un-defer).
• rlm: session API is difficult for agents to use correctly without prior familiarity #2655 — RLM errors are now actionable:
  • rlm_open source-count error echoes common misnamed fields (prompt, text, path, file, …) with a "did you mean file_path/content/url" hint.
  • rlm_eval missing-code error explains it runs raw Python and shows an example (print(len(SOURCE)), FINAL(value)); name/code schema descriptions sharpened.
• tools: validation errors still leave agents doing schema trial-and-error #2659 — likely_field_corrections gains RLM source-field rename hints. (The role/type vocabulary reconciliation itself is in PR fix(subagent): clearer role vocab, lifecycle signals, and eval ergonomics (v0.8.53) #2684 to avoid a double-edit of normalize_role_alias; this PR only touches the corrections table, so the two do not collide.)

Deferred to the medium-risk batch

• tui: deferred tool hydration should not render as a completed run #2648 — rendering deferred-tool schema-hydration distinctly from a completed "done" run. The backend signal already exists (metadata.event = tool.schema_hydrated, executed: false), but the renderer change touches the ToolStatus/cell-build path with wider blast radius than this low-risk PR warrants. Tracked for the next batch.

Scope / deconfliction

• DEFAULT_ACTIVE_NATIVE_TOOLS edits are in the git_* region — non-overlapping with PR fix(subagent): clearer role vocab, lifecycle signals, and eval ergonomics (v0.8.53) #2684's agent_* additions, so both auto-merge.

Verification

• cargo test -p codewhale-tui --bins → 3944 passed, 0 failed, including model_tool_catalog_sorts_each_partition_for_prefix_cache_stability and the native-deferral policy tests (updated to use git_blame as the still-deferred example).
• cargo clippy -p codewhale-tui --bins → clean.
• New tests: rlm_open_misnamed_source_field_gets_did_you_mean_hint, rlm_eval_missing_code_explains_raw_python, and git_log/git_show active assertions.

🤖 Generated with Claude Code

[greptile-apps]

Hmbown has reached the 50-review limit for trial accounts. To continue receiving code reviews, upgrade your plan.

[gemini-code-assist]

Code Review

This pull request activates git_log and git_show by default in non-Yolo mode, updates related tests, and improves error messaging and field correction suggestions for the rlm_open and rlm_eval tools. The review feedback suggests enhancing the rlm_open error messages and correction logic to properly account for session_object as a valid source field, preventing false-positive suggestions and ensuring complete documentation of valid inputs.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

The likely_field_corrections logic for rlm_open checks that none of file_path, content, or url have been received before suggesting corrections. However, session_object is also a valid source field for rlm_open. If a user provides session_object along with an unrecognized/misnamed field (e.g., prompt), this check will incorrectly trigger and suggest correcting the unrecognized field to file_path, content, or url even though a valid source field is already present.

Adding a check for !has_received("session_object") prevents these false-positive suggestions.

    if tool_name == "rlm_open" {
        for wrong in ["prompt", "resident_file", "text", "body", "path", "file", "source"] {
            if has_received(wrong)
                && !has_received("file_path")
                && !has_received("content")
                && !has_received("url")
                && !has_received("session_object")
            {
                corrections.push(format!(
                    "{wrong} -> file_path (local file), content (inline text), url, or session_object"
                ));
            }
        }
    }

[gemini-code-assist]

The error message for rlm_open when source_count != 1 lists file_path, content, and url as the valid options, but omits session_object, which is also a valid source field. To prevent confusion when a user provides session_object along with another source field (or none at all), session_object should be explicitly listed in the primary error message.

Suggested change

	let mut msg = String::from(
	"rlm_open: provide exactly one of `file_path` (local file), `content` (inline text), or `url`",
	);
	let mut msg = String::from(
	"rlm_open: provide exactly one of `file_path` (local file), `content` (inline text), `url`, or `session_object`",
	);