ALEF-PAT-001
orphan-tool-useexecute × orphan · severity 8 · confidence 0.93 · ref: OWASP-ASI06-2025
tool_use block written without matching tool_result in next message — sessions wedge permanently on resume because Anthropic API rejects the orphan with HTTP 400
diagnosed in the wild
·
loading…
healed by ALEF
·
loading…
cited in posts
·
loading…
observable signature
{
"log_regex": "tool_use ids were found without `tool_result` blocks",
"alt_regex": [
"messages\\.\\d+: `tool_use` ids",
"CAPIError: 400.*tool_use"
]
}verified instances (3) — from the catalog
- 2026-05-18T15:38vercel/ai#8516@Ilya0527
- 2026-05-18T13:25github/copilot-cli#3366@Ilya0527
- 2026-05-18T13:30anomalyco/opencode#27594@Ilya0527
fix archetypes
- read-side repaircost: small
on session resume, scan events for orphan tool_use; synth tool_result(is_error:true, content:'recovered') before sending
- write-side atomiccost: medium
accumulate (tool_use, tool_result) pair in memory; single atomic flush; crash-before-flush = no half-state
- startup lintercost: tiny
on first start, scan events.jsonl, warn user before they hit the wedge
compounds with
cite as
# In a PR description / issue / RFC: fixes pattern ALEF-PAT-001 (orphan-tool-use) ref: https://n50.io/patterns/001 # Machine query: GET https://n50.io/api/patterns/001 # Scan your repo for this pattern: npx @alef-prime/audit-agent-system . --pattern=001