From 18f1f230c7f7da89b68a08068961c43a035e0b7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9C=B1=E6=BD=AE?= Date: Sun, 19 Apr 2026 15:24:42 +0800 Subject: [PATCH 1/6] update skill --- skills/common/schedule-job/.claude-plugin/plugin.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/skills/common/schedule-job/.claude-plugin/plugin.json b/skills/common/schedule-job/.claude-plugin/plugin.json index 93a1323..0e19806 100644 --- a/skills/common/schedule-job/.claude-plugin/plugin.json +++ b/skills/common/schedule-job/.claude-plugin/plugin.json @@ -1,4 +1,6 @@ { + "name": "schedule-job", + "description": "Scheduled Task Management - Create, manage, and view scheduled tasks for users (supports cron recurring tasks and one-time tasks)", "hooks": { "PrePrompt": [ { From 2659f474480209b94b17edeb6aba340d190acb5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9C=B1=E6=BD=AE?= Date: Sun, 19 Apr 2026 21:01:20 +0800 Subject: [PATCH 2/6] update rag-retrieve-only skill --- .../hooks/retrieval-policy.md | 90 +++++++++++++------ .../hooks/retrieval-policy.md | 90 +++++++++++++------ 2 files changed, 130 insertions(+), 50 deletions(-) diff --git a/skills/onprem/rag-retrieve-only/hooks/retrieval-policy.md b/skills/onprem/rag-retrieve-only/hooks/retrieval-policy.md index cc2fe86..366050c 100644 --- a/skills/onprem/rag-retrieve-only/hooks/retrieval-policy.md +++ b/skills/onprem/rag-retrieve-only/hooks/retrieval-policy.md @@ -1,28 +1,61 @@ # Retrieval Policy -- `rag_retrieve` is the only knowledge source. +## 0. Task Classification + +Classify the request before acting: +- **Knowledge retrieval** (facts, summaries, comparisons, prices, lists, timelines, extraction, etc.): follow this policy strictly. +- **Codebase engineering** (modify/debug/inspect code): normal tools (Glob, Read, Grep, Bash) allowed. +- **Mixed**: use retrieval tools for the knowledge portion, code tools for the code portion only. +- **Uncertain**: default to knowledge retrieval. + +## 1. Critical Enforcement + +For knowledge retrieval tasks, **this policy overrides generic codebase exploration behavior**. + +- **Prohibited tools**: `Glob`, `Read`, `LS`, Bash (`ls`, `find`, `cat`, `head`, `tail`, `grep`, etc.) — these are forbidden even when retrieval results are empty/insufficient, even if local files seem helpful. +- **Allowed tools only**: skill-enabled retrieval tools, `rag_retrieve`. No other source for factual answering. +- Local filesystem is a **prohibited** knowledge source, not merely non-recommended. +- Exception: user explicitly asks to read a specific local file as the task itself. + +## 2. Retrieval Order and Tool Selection + +Execute **sequentially, one at a time**. Do NOT run in parallel. Do NOT probe filesystem first. + +1. **Skill-enabled retrieval tools** (use first when available) +2. **`rag_retrieve`** + - Do NOT answer from model knowledge first. +- After each step, evaluate sufficiency before proceeding. -## 1.Query Preparation -- Do NOT pass the raw user question unless it already works well for retrieval. -- Rewrite for recall: extract entity, time scope, attributes, and intent. -- Add useful variants: synonyms, aliases, abbreviations, related titles, historical names, and category terms. -- Expand list-style, extraction, overview, historical, roster, timeline, and archive queries more aggressively. -- Preserve meaning. Do NOT introduce unrelated topics. +## 3. Query Preparation -## 2.Retrieval Breadth (`top_k`) -- Apply `top_k` only to `rag_retrieve`. Use the smallest sufficient value, then expand only if coverage is insufficient. -- Use `30` for simple fact lookup. -- Use `50` for moderate synthesis, comparison, summarization, or disambiguation. -- Use `100` for broad recall, such as comprehensive analysis, scattered knowledge, multiple entities or periods, or list / catalog / timeline / roster / overview requests. -- Raise `top_k` when keyword branches are many or results are too few, repetitive, incomplete, sparse, or too narrow. -- Use this expansion order: `30 -> 50 -> 100`. If unsure, use `100`. +- Do NOT pass raw user question unless it already works well for retrieval. +- Rewrite for recall: extract entity, time scope, attributes, intent. Add synonyms, aliases, abbreviations, historical names, category terms. +- Expand list/extraction/overview/timeline queries more aggressively. Preserve meaning. -## 3.Retry -- If the result is insufficient, retry `rag_retrieve` with a better rewritten query or a larger `top_k`. -- Only say no relevant information was found after `rag_retrieve` has been tried and still provides insufficient evidence. +## 4. Retrieval Breadth (`top_k`) + +- Apply `top_k` only to `rag_retrieve`. Use smallest sufficient value, expand if insufficient. +- `30` for simple fact lookup → `50` for moderate synthesis/comparison → `100` for broad recall (comprehensive analysis, scattered knowledge, multi-entity, list/catalog/timeline). +- Expansion order: `30 → 50 → 100`. If unsure, use `100`. + +## 5. Result Evaluation + +Treat as insufficient if: empty, `Error:`, off-topic, missing core entity/scope, no usable evidence, partial coverage, or truncated results. + +## 6. Fallback and Sequential Retry + +On insufficient results, follow this sequence: + +1. Rewrite query, retry same tool (once) +2. Switch to next retrieval source in default order +3. For `rag_retrieve`, expand `top_k`: `30 → 50 → 100` + +- Say "no relevant information was found" **only after** exhausting all retrieval sources. +- Do NOT switch to local filesystem inspection at any point. + +## 7. Image Handling -## 4.Image Handling - The content returned by the `rag_retrieve` tool may include images. - Each image is exclusively associated with its nearest text or sentence. - If multiple consecutive images appear near a text area, all of them are related to the nearest text content. @@ -30,10 +63,17 @@ - Each sentence or key point in the response should be accompanied by relevant images when they meet the established association criteria. - Avoid placing all images at the end of the response. -## 5.Citation Requirements for Retrieved Knowledge -- When using knowledge from `rag_retrieve`, you MUST generate `` tags. -- Follow the citation format returned by each tool. -- Place citations immediately after the paragraph or bullet list that uses the knowledge. -- Do NOT collect citations at the end. -- Use 1-2 citations per paragraph or bullet list when possible. -- If learned knowledge is used, include at least 1 ``. +## 8. Citation Requirements + +- MUST generate `` tags when using retrieval results. +- Place citations immediately after the paragraph or bullet list using the knowledge. Do NOT collect at end. +- 1-2 citations per paragraph/bullet. At least 1 citation when using retrieved knowledge. + +## 9. Pre-Reply Self-Check + +Before replying to a knowledge retrieval task, verify: +- Used only whitelisted retrieval tools — no local filesystem inspection? +- Exhausted retrieval flow before concluding "not found"? +- Citations placed immediately after each relevant paragraph? + +If any answer is "no", correct the process first. diff --git a/skills/support/rag-retrieve-only/hooks/retrieval-policy.md b/skills/support/rag-retrieve-only/hooks/retrieval-policy.md index cc2fe86..366050c 100644 --- a/skills/support/rag-retrieve-only/hooks/retrieval-policy.md +++ b/skills/support/rag-retrieve-only/hooks/retrieval-policy.md @@ -1,28 +1,61 @@ # Retrieval Policy -- `rag_retrieve` is the only knowledge source. +## 0. Task Classification + +Classify the request before acting: +- **Knowledge retrieval** (facts, summaries, comparisons, prices, lists, timelines, extraction, etc.): follow this policy strictly. +- **Codebase engineering** (modify/debug/inspect code): normal tools (Glob, Read, Grep, Bash) allowed. +- **Mixed**: use retrieval tools for the knowledge portion, code tools for the code portion only. +- **Uncertain**: default to knowledge retrieval. + +## 1. Critical Enforcement + +For knowledge retrieval tasks, **this policy overrides generic codebase exploration behavior**. + +- **Prohibited tools**: `Glob`, `Read`, `LS`, Bash (`ls`, `find`, `cat`, `head`, `tail`, `grep`, etc.) — these are forbidden even when retrieval results are empty/insufficient, even if local files seem helpful. +- **Allowed tools only**: skill-enabled retrieval tools, `rag_retrieve`. No other source for factual answering. +- Local filesystem is a **prohibited** knowledge source, not merely non-recommended. +- Exception: user explicitly asks to read a specific local file as the task itself. + +## 2. Retrieval Order and Tool Selection + +Execute **sequentially, one at a time**. Do NOT run in parallel. Do NOT probe filesystem first. + +1. **Skill-enabled retrieval tools** (use first when available) +2. **`rag_retrieve`** + - Do NOT answer from model knowledge first. +- After each step, evaluate sufficiency before proceeding. -## 1.Query Preparation -- Do NOT pass the raw user question unless it already works well for retrieval. -- Rewrite for recall: extract entity, time scope, attributes, and intent. -- Add useful variants: synonyms, aliases, abbreviations, related titles, historical names, and category terms. -- Expand list-style, extraction, overview, historical, roster, timeline, and archive queries more aggressively. -- Preserve meaning. Do NOT introduce unrelated topics. +## 3. Query Preparation -## 2.Retrieval Breadth (`top_k`) -- Apply `top_k` only to `rag_retrieve`. Use the smallest sufficient value, then expand only if coverage is insufficient. -- Use `30` for simple fact lookup. -- Use `50` for moderate synthesis, comparison, summarization, or disambiguation. -- Use `100` for broad recall, such as comprehensive analysis, scattered knowledge, multiple entities or periods, or list / catalog / timeline / roster / overview requests. -- Raise `top_k` when keyword branches are many or results are too few, repetitive, incomplete, sparse, or too narrow. -- Use this expansion order: `30 -> 50 -> 100`. If unsure, use `100`. +- Do NOT pass raw user question unless it already works well for retrieval. +- Rewrite for recall: extract entity, time scope, attributes, intent. Add synonyms, aliases, abbreviations, historical names, category terms. +- Expand list/extraction/overview/timeline queries more aggressively. Preserve meaning. -## 3.Retry -- If the result is insufficient, retry `rag_retrieve` with a better rewritten query or a larger `top_k`. -- Only say no relevant information was found after `rag_retrieve` has been tried and still provides insufficient evidence. +## 4. Retrieval Breadth (`top_k`) + +- Apply `top_k` only to `rag_retrieve`. Use smallest sufficient value, expand if insufficient. +- `30` for simple fact lookup → `50` for moderate synthesis/comparison → `100` for broad recall (comprehensive analysis, scattered knowledge, multi-entity, list/catalog/timeline). +- Expansion order: `30 → 50 → 100`. If unsure, use `100`. + +## 5. Result Evaluation + +Treat as insufficient if: empty, `Error:`, off-topic, missing core entity/scope, no usable evidence, partial coverage, or truncated results. + +## 6. Fallback and Sequential Retry + +On insufficient results, follow this sequence: + +1. Rewrite query, retry same tool (once) +2. Switch to next retrieval source in default order +3. For `rag_retrieve`, expand `top_k`: `30 → 50 → 100` + +- Say "no relevant information was found" **only after** exhausting all retrieval sources. +- Do NOT switch to local filesystem inspection at any point. + +## 7. Image Handling -## 4.Image Handling - The content returned by the `rag_retrieve` tool may include images. - Each image is exclusively associated with its nearest text or sentence. - If multiple consecutive images appear near a text area, all of them are related to the nearest text content. @@ -30,10 +63,17 @@ - Each sentence or key point in the response should be accompanied by relevant images when they meet the established association criteria. - Avoid placing all images at the end of the response. -## 5.Citation Requirements for Retrieved Knowledge -- When using knowledge from `rag_retrieve`, you MUST generate `` tags. -- Follow the citation format returned by each tool. -- Place citations immediately after the paragraph or bullet list that uses the knowledge. -- Do NOT collect citations at the end. -- Use 1-2 citations per paragraph or bullet list when possible. -- If learned knowledge is used, include at least 1 ``. +## 8. Citation Requirements + +- MUST generate `` tags when using retrieval results. +- Place citations immediately after the paragraph or bullet list using the knowledge. Do NOT collect at end. +- 1-2 citations per paragraph/bullet. At least 1 citation when using retrieved knowledge. + +## 9. Pre-Reply Self-Check + +Before replying to a knowledge retrieval task, verify: +- Used only whitelisted retrieval tools — no local filesystem inspection? +- Exhausted retrieval flow before concluding "not found"? +- Citations placed immediately after each relevant paragraph? + +If any answer is "no", correct the process first. From 18d65513f64ae0cb2ea495d805d75068e9c3ddb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9C=B1=E6=BD=AE?= Date: Mon, 20 Apr 2026 16:50:06 +0800 Subject: [PATCH 3/6] add retrieval-policy-forbidden-self-knowledge.md --- .features/skill/MEMORY.md | 3 +- .features/skill/changelog/2026-Q2.md | 6 + .../onprem/rag-retrieve/hooks/hook-backup.md | 55 --------- .../onprem/rag-retrieve/hooks/pre_prompt.py | 16 ++- ...trieval-policy-forbidden-self-knowledge.md | 113 ++++++++++++++++++ 5 files changed, 133 insertions(+), 60 deletions(-) create mode 100644 .features/skill/changelog/2026-Q2.md delete mode 100644 skills/autoload/onprem/rag-retrieve/hooks/hook-backup.md create mode 100644 skills/autoload/onprem/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md diff --git a/.features/skill/MEMORY.md b/.features/skill/MEMORY.md index 120efd1..262e2f8 100644 --- a/.features/skill/MEMORY.md +++ b/.features/skill/MEMORY.md @@ -1,7 +1,7 @@ # Skill 功能 > 负责范围:技能包管理服务 - 核心实现 -> 最后更新:2026-04-18 +> 最后更新:2026-04-20 ## 当前状态 @@ -18,6 +18,7 @@ Skill 系统支持两种来源:官方 skills (`./skills/`) 和用户 skills (` ## 最近重要事项 +- 2026-04-20: 为 `rag-retrieve` 新增 `retrieval-policy-forbidden-self-knowledge.md`,禁止知识问答场景使用模型自身知识补全答案,要求严格基于检索证据作答 - 2026-04-19: 环境变量 `SKILLS_SUBDIR` 重命名为 `PROJECT_NAME`,用于选择 `skills/{PROJECT_NAME}` 和 `skills/autoload/{PROJECT_NAME}` 目录 - 2026-04-19: `create_robot_project` 的 autoload 去重和 stale 清理补强,autoload 目录也纳入 managed 清理,避免 `rag-retrieve-only` 场景下旧的 `rag-retrieve` 残留 - 2026-04-18: `/api/v1/skill/list` 的官方库改为同时读取 `skills/common` 和 `skills/{PROJECT_NAME}`,并按目录顺序去重 diff --git a/.features/skill/changelog/2026-Q2.md b/.features/skill/changelog/2026-Q2.md new file mode 100644 index 0000000..2218b12 --- /dev/null +++ b/.features/skill/changelog/2026-Q2.md @@ -0,0 +1,6 @@ +# 2026-Q2 Skill Changelog + +### 2026-04-20 +- **新增**: `skills/autoload/onprem/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md` +- **说明**: 基于现有 `retrieval-policy.md` 衍生出更严格的检索策略,明确禁止在知识问答场景中使用模型自身知识补全答案,要求回答只能来自检索证据 +- **作者**: Claude diff --git a/skills/autoload/onprem/rag-retrieve/hooks/hook-backup.md b/skills/autoload/onprem/rag-retrieve/hooks/hook-backup.md deleted file mode 100644 index c90e84f..0000000 --- a/skills/autoload/onprem/rag-retrieve/hooks/hook-backup.md +++ /dev/null @@ -1,55 +0,0 @@ -# Retrieval Policy - -### 1. Retrieval Order and Tool Selection -- Follow this section for source choice, tool choice, query rewrite, `top_k`, fallback, result handling, and citations. -- Use this default retrieval order and execute it sequentially: skill-enabled knowledge retrieval tools > `rag_retrieve` / `table_rag_retrieve`. -- Do NOT answer from model knowledge first. -- Do NOT bypass the retrieval flow and inspect local filesystem documents on your own. -- Do NOT use local filesystem retrieval as a fallback knowledge source. -- Local filesystem documents are not a recommended retrieval source here because file formats are inconsistent and have not been normalized or parsed for reliable knowledge lookup. -- Knowledge must be retrieved through the supported knowledge tools only: skill-enabled retrieval scripts, `table_rag_retrieve`, and `rag_retrieve`. -- When a suitable skill-enabled knowledge retrieval tool is available, use it first. -- If no suitable skill-enabled retrieval tool is available, or if its result is insufficient, continue with `rag_retrieve` or `table_rag_retrieve`. -- Use `table_rag_retrieve` first for values, prices, quantities, inventory, specifications, rankings, comparisons, summaries, extraction, lists, tables, name lookup, historical coverage, mixed questions, and unclear cases. -- Use `rag_retrieve` first only for clearly pure concept, definition, workflow, policy, or explanation questions without structured data needs. -- After each retrieval step, evaluate sufficiency before moving to the next source. Do NOT run these retrieval sources in parallel. - -### 2. Query Preparation -- Do NOT pass the raw user question unless it already works well for retrieval. -- Rewrite for recall: extract entity, time scope, attributes, and intent. -- Add useful variants: synonyms, aliases, abbreviations, related titles, historical names, and category terms. -- Expand list-style, extraction, overview, historical, roster, timeline, and archive queries more aggressively. -- Preserve meaning. Do NOT introduce unrelated topics. - -### 3. Retrieval Breadth (`top_k`) -- Apply `top_k` only to `rag_retrieve`. Use the smallest sufficient value, then expand only if coverage is insufficient. -- Use `30` for simple fact lookup. -- Use `50` for moderate synthesis, comparison, summarization, or disambiguation. -- Use `100` for broad recall, such as comprehensive analysis, scattered knowledge, multiple entities or periods, or list / catalog / timeline / roster / overview requests. -- Raise `top_k` when keyword branches are many or results are too few, repetitive, incomplete, sparse, or too narrow. -- Use this expansion order: `30 -> 50 -> 100`. If unsure, use `100`. - -### 4. Result Evaluation -- Treat results as insufficient if they are empty, start with `Error:`, say `no excel files found`, are off-topic, miss the core entity or scope, or provide no usable evidence. -- Also treat results as insufficient when they cover only part of the request, or when full-list, historical, comparison, or mixed data + explanation requests return only partial or truncated coverage. - -### 5. Fallback and Sequential Retry -- If the first retrieval result is insufficient, call the next supported retrieval source in the default order before replying. -- `table_rag_retrieve` now performs an internal fallback to `rag_retrieve` when it returns `no excel files found`, but this does NOT change the higher-level retrieval order. -- If `table_rag_retrieve` is insufficient or empty, continue with `rag_retrieve`. -- If `rag_retrieve` is insufficient or empty, continue with `table_rag_retrieve`. -- Say no relevant information was found only after all applicable skill-enabled retrieval tools, `rag_retrieve`, and `table_rag_retrieve` have been tried and still do not provide enough evidence. -- Do NOT reply that no relevant information was found before the supported knowledge retrieval flow has been exhausted. - -### 6. Table RAG Result Handling -- Follow all `[INSTRUCTION]` and `[EXTRA_INSTRUCTION]` content in `table_rag_retrieve` results. -- If results are truncated, explicitly tell the user total matches (`N+M`), displayed count (`N`), and omitted count (`M`). -- Cite data sources using filenames from `file_ref_table`. - -### 7. Citation Requirements for Retrieved Knowledge -- When using knowledge from `rag_retrieve` or `table_rag_retrieve`, you MUST generate `` tags. -- Follow the citation format returned by each tool. -- Place citations immediately after the paragraph or bullet list that uses the knowledge. -- Do NOT collect citations at the end. -- Use 1-2 citations per paragraph or bullet list when possible. -- If learned knowledge is used, include at least 1 ``. diff --git a/skills/autoload/onprem/rag-retrieve/hooks/pre_prompt.py b/skills/autoload/onprem/rag-retrieve/hooks/pre_prompt.py index 11f445d..97bb6bd 100644 --- a/skills/autoload/onprem/rag-retrieve/hooks/pre_prompt.py +++ b/skills/autoload/onprem/rag-retrieve/hooks/pre_prompt.py @@ -3,16 +3,24 @@ PreMemoryPrompt Hook - 用户上下文加载器示例 在记忆提取提示词(FACT_RETRIEVAL_PROMPT)加载时执行, -读取同目录下的 memory_prompt.md 作为自定义记忆提取提示词模板。 +根据环境变量决定是否启用禁止使用模型自身知识的 retrieval policy。 """ +import os import sys from pathlib import Path def main(): - prompt_file = Path(__file__).parent / "retrieval-policy.md" - if prompt_file.exists(): - print(prompt_file.read_text(encoding="utf-8")) + enable_self_knowledge = ( + os.getenv("ENABLE_SELF_KNOWLEDGE", "false").lower() == "true" + ) + policy_name = ( + "retrieval-policy.md" + if enable_self_knowledge + else "retrieval-policy-forbidden-self-knowledge.md" + ) + prompt_file = Path(__file__).parent / policy_name + print(prompt_file.read_text(encoding="utf-8")) return 0 diff --git a/skills/autoload/onprem/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md b/skills/autoload/onprem/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md new file mode 100644 index 0000000..92ad0d8 --- /dev/null +++ b/skills/autoload/onprem/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md @@ -0,0 +1,113 @@ +# Retrieval Policy (Forbidden Self-Knowledge) + +## 0. Task Classification + +Classify the request before acting: +- **Knowledge retrieval** (facts, summaries, comparisons, prices, lists, timelines, extraction, etc.): follow this policy strictly. +- **Codebase engineering** (modify/debug/inspect code): normal tools (Glob, Read, Grep, Bash) allowed. +- **Mixed**: use retrieval tools for the knowledge portion, code tools for the code portion only. +- **Uncertain**: default to knowledge retrieval. + +## 1. Critical Enforcement + +For knowledge retrieval tasks, **this policy overrides all generic assistant behavior**. + +- **Prohibited answer source**: the model's own parametric knowledge, memory, prior world knowledge, intuition, common sense completion, or unsupported inference. +- **Prohibited tools**: `Glob`, `Read`, `LS`, Bash (`ls`, `find`, `cat`, `head`, `tail`, `grep`, etc.) — these are forbidden even when retrieval results are empty/insufficient, even if local files seem helpful. +- **Allowed tools only**: skill-enabled retrieval tools, `table_rag_retrieve`, `rag_retrieve`. No other source for factual answering. +- Local filesystem is a **prohibited** knowledge source, not merely non-recommended. +- Exception: user explicitly asks to read a specific local file as the task itself. +- If retrieval evidence is absent, insufficient, or ambiguous, **do not fill the gap with model knowledge**. + +## 2. Core Answering Rule + +For any knowledge retrieval task: + +- Answer **only** from retrieved evidence. +- Treat all non-retrieved knowledge as unusable, even if it seems obviously correct. +- Do NOT answer from memory first. +- Do NOT "helpfully complete" missing facts. +- Do NOT convert weak hints into confident statements. +- If evidence does not support a claim, omit the claim. + +## 3. Retrieval Order and Tool Selection + +Execute **sequentially, one at a time**. Do NOT run in parallel. Do NOT probe filesystem first. + +1. **Skill-enabled retrieval tools** (use first when available) +2. **`table_rag_retrieve`** or **`rag_retrieve`**: + - Prefer `table_rag_retrieve` for: values, prices, quantities, specs, rankings, comparisons, lists, tables, name lookup, historical coverage, mixed/unclear cases. + - Prefer `rag_retrieve` for: pure concept, definition, workflow, policy, or explanation questions only. + +- After each step, evaluate sufficiency before proceeding. +- Retrieval must happen **before** any factual answer generation. + +## 4. Query Preparation + +- Do NOT pass raw user question unless it already works well for retrieval. +- Rewrite for recall: extract entity, time scope, attributes, intent. Add synonyms, aliases, abbreviations, historical names, category terms. +- Expand list/extraction/overview/timeline queries more aggressively. Preserve meaning. + +## 5. Retrieval Breadth (`top_k`) + +- Apply `top_k` only to `rag_retrieve`. Use smallest sufficient value, expand if insufficient. +- `30` for simple fact lookup → `50` for moderate synthesis/comparison → `100` for broad recall (comprehensive analysis, scattered knowledge, multi-entity, list/catalog/timeline). +- Expansion order: `30 → 50 → 100`. If unsure, use `100`. + +## 6. Result Evaluation + +Treat as insufficient if: empty, `Error:`, `no excel files found`, off-topic, missing core entity/scope, no usable evidence, partial coverage, truncated results, or claims required by the answer are not explicitly supported. + +## 7. Fallback and Sequential Retry + +On insufficient results, follow this sequence: + +1. Rewrite query, retry same tool (once) +2. Switch to next retrieval source in default order +3. For `rag_retrieve`, expand `top_k`: `30 → 50 → 100` +4. `table_rag_retrieve` insufficient → try `rag_retrieve`; `rag_retrieve` insufficient → try `table_rag_retrieve` + +- `table_rag_retrieve` internally falls back to `rag_retrieve` on `no excel files found`, but this does NOT change the higher-level order. +- Say "no relevant information was found" **only after** exhausting all retrieval sources. +- Do NOT switch to local filesystem inspection at any point. +- Do NOT switch to model self-knowledge at any point. + +## 8. Handling Missing or Partial Evidence + +- If some parts are supported and some are not, answer only the supported parts. +- Clearly mark unsupported parts as unavailable rather than guessing. +- Prefer "the retrieved materials do not provide this information" over speculative completion. +- When user asks for a definitive answer but evidence is incomplete, state the limitation directly. + +## 9. Table RAG Result Handling + +- Follow all `[INSTRUCTION]` and `[EXTRA_INSTRUCTION]` in results. +- If truncated: tell user total (`N+M`), displayed (`N`), omitted (`M`). +- Cite sources using filenames from `file_ref_table`. + +## 10. Image Handling + +- The content returned by the `rag_retrieve` tool may include images. +- Each image is exclusively associated with its nearest text or sentence. +- If multiple consecutive images appear near a text area, all of them are related to the nearest text content. +- Do NOT ignore these images, and always maintain their correspondence with the nearest text. +- Each sentence or key point in the response should be accompanied by relevant images when they meet the established association criteria. +- Avoid placing all images at the end of the response. + +## 11. Citation Requirements + +- MUST generate `` tags when using retrieval results. +- Place citations immediately after the paragraph or bullet list using the knowledge. Do NOT collect at end. +- 1-2 citations per paragraph/bullet. At least 1 citation when using retrieved knowledge. +- Do NOT cite claims that were not supported by retrieval. + +## 12. Pre-Reply Self-Check + +Before replying to a knowledge retrieval task, verify: +- Used only whitelisted retrieval tools — no local filesystem inspection? +- Did retrieval happen before any factual answer drafting? +- Did every factual claim come from retrieved evidence rather than model knowledge? +- Exhausted retrieval flow before concluding "not found"? +- Citations placed immediately after each relevant paragraph? + +If any answer is "no", correct the process first. From dfc1c003c67babc8dac42a31c97512060fbc604e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9C=B1=E6=BD=AE?= Date: Mon, 20 Apr 2026 19:00:15 +0800 Subject: [PATCH 4/6] sanitize_model_kwargs --- agent/deep_assistant.py | 59 +++++++---------------- routes/chat.py | 5 +- utils/fastapi_utils.py | 102 ++++++++++++++++++++++++++++++++++++---- 3 files changed, 113 insertions(+), 53 deletions(-) diff --git a/agent/deep_assistant.py b/agent/deep_assistant.py index ce827de..2521b6e 100644 --- a/agent/deep_assistant.py +++ b/agent/deep_assistant.py @@ -18,7 +18,7 @@ from langchain.agents.middleware import SummarizationMiddleware as LangchainSumm from .summarization_middleware import SummarizationMiddleware from langchain_mcp_adapters.client import MultiServerMCPClient from sympy.printing.cxx import none -from utils.fastapi_utils import detect_provider +from utils.fastapi_utils import detect_provider, sanitize_model_kwargs from .guideline_middleware import GuidelineMiddleware from .tool_output_length_middleware import ToolOutputLengthMiddleware from .tool_use_cleanup_middleware import ToolUseCleanupMiddleware @@ -200,47 +200,22 @@ async def init_agent(config: AgentConfig): # 检测或使用指定的提供商 model_provider, base_url = detect_provider(config.model_name, config.model_server) - # 构建模型参数 - model_kwargs = { - "model": config.model_name, - "model_provider": model_provider, - "temperature": 0.8, - "base_url": base_url, - "api_key": config.api_key - } - if config.generate_cfg: - # 内部使用的参数,不应传给任何 LLM - internal_params = { - 'tool_output_max_length', - 'tool_output_truncation_strategy', - 'tool_output_filters', - 'tool_output_exclude', - 'preserve_code_blocks', - 'preserve_json', - } - - # Anthropic 不支持的 OpenAI 特有参数 - openai_only_params = { - 'n', # 生成多少个响应 - 'presence_penalty', - 'frequency_penalty', - 'logprobs', - 'top_logprobs', - 'logit_bias', - 'seed', - 'suffix', - 'best_of', - 'echo', - 'user', - } - - # 根据提供商决定需要过滤的参数 - params_to_filter = internal_params.copy() - if model_provider == 'anthropic': - params_to_filter.update(openai_only_params) - - filtered_cfg = {k: v for k, v in config.generate_cfg.items() if k not in params_to_filter} - model_kwargs.update(filtered_cfg) + model_kwargs, dropped_params, default_temperature_applied = sanitize_model_kwargs( + model_name=config.model_name, + model_provider=model_provider, + base_url=base_url, + api_key=config.api_key, + generate_cfg=config.generate_cfg, + source="init_agent" + ) + if dropped_params: + logger.info( + "init_agent dropped_params=%s model=%s provider=%s default_temperature_applied=%s", + dropped_params, + config.model_name, + model_provider, + default_temperature_applied + ) llm_instance = init_chat_model(**model_kwargs) # 创建新的 agent(不再缓存) diff --git a/routes/chat.py b/routes/chat.py index ec4129a..9b9f6f9 100644 --- a/routes/chat.py +++ b/routes/chat.py @@ -514,6 +514,7 @@ async def chat_completions(request: ChatRequest, authorization: Optional[str] = # 收集额外参数作为 generate_cfg exclude_fields = {'messages', 'model', 'model_server', 'dataset_ids', 'language', 'tool_response', 'system_prompt', 'mcp_settings' ,'stream', 'robot_type', 'bot_id', 'user_identifier', 'session_id', 'enable_thinking', 'skills', 'enable_memory', 'n', 'shell_env', 'max_tokens'} generate_cfg = {k: v for k, v in request.model_dump().items() if k not in exclude_fields} + logger.info("chat_completions generate_cfg_keys=%s model=%s", list(generate_cfg.keys()), request.model) # 处理消息 messages = process_messages(request.messages, request.language) # 创建 AgentConfig 对象 @@ -665,9 +666,8 @@ async def chat_warmup_v2(request: ChatRequestV2, authorization: Optional[str] = # 处理消息 messages = process_messages(empty_messages, request.language or "ja") - # 收集额外参数作为 generate_cfg - exclude_fields = {'messages', 'stream', 'tool_response', 'bot_id', 'language', 'user_identifier', 'session_id', 'n', 'model', 'model_server', 'api_key', 'shell_env', 'max_tokens'} generate_cfg = {k: v for k, v in request.model_dump().items() if k not in exclude_fields} + logger.info("chat_warmup_v2 generate_cfg_keys=%s requested_model=%s", list(generate_cfg.keys()), request.model) # 从请求中提取 model/model_server/api_key,优先级高于 bot_config(排除 "whatever" 和空值) req_data = request.model_dump() req_model = req_data.get("model") or "" @@ -775,6 +775,7 @@ async def chat_completions_v2(request: ChatRequestV2, authorization: Optional[st # 收集额外参数作为 generate_cfg exclude_fields = {'messages', 'dataset_ids', 'language', 'tool_response', 'system_prompt', 'mcp_settings', 'stream', 'robot_type', 'bot_id', 'user_identifier', 'session_id', 'enable_thinking', 'skills', 'enable_memory', 'n', 'model', 'model_server', 'api_key', 'shell_env', 'max_tokens'} generate_cfg = {k: v for k, v in request.model_dump().items() if k not in exclude_fields} + logger.info("chat_completions_v2 generate_cfg_keys=%s requested_model=%s", list(generate_cfg.keys()), request.model) # 从请求中提取 model/model_server/api_key,优先级高于 bot_config(排除 "whatever" 和空值) req_data = request.model_dump() req_model = req_data.get("model") or "" diff --git a/utils/fastapi_utils.py b/utils/fastapi_utils.py index ed6847b..589fde8 100644 --- a/utils/fastapi_utils.py +++ b/utils/fastapi_utils.py @@ -36,6 +36,83 @@ def detect_provider(model_name,model_server): # 默认使用 openai 兼容格式 return "openai",model_server + +def is_anthropic_opus_model(model_name: Optional[str]) -> bool: + """判断是否为 Anthropic Opus 模型""" + return bool(model_name and "opus" in model_name.lower()) + + +def sanitize_model_kwargs( + model_name: str, + model_provider: str, + base_url: Optional[str], + api_key: Optional[str], + generate_cfg: Optional[Dict[str, Any]] = None, + source: str = "agent" +) -> tuple[Dict[str, Any], List[str], bool]: + """清洗模型参数,过滤不兼容参数并返回日志所需信息""" + model_kwargs = { + "model": model_name, + "model_provider": model_provider, + "base_url": base_url, + "api_key": api_key + } + + internal_params = { + 'tool_output_max_length', + 'tool_output_truncation_strategy', + 'tool_output_filters', + 'tool_output_exclude', + 'preserve_code_blocks', + 'preserve_json', + } + + openai_only_params = { + 'n', + 'presence_penalty', + 'frequency_penalty', + 'logprobs', + 'top_logprobs', + 'logit_bias', + 'seed', + 'suffix', + 'best_of', + 'echo', + 'user', + } + + params_to_filter = set(internal_params) + is_opus_model = model_provider == 'anthropic' and is_anthropic_opus_model(model_name) + + if model_provider == 'anthropic': + params_to_filter.update(openai_only_params) + if is_opus_model: + params_to_filter.add('temperature') + + original_keys = list((generate_cfg or {}).keys()) + filtered_cfg = {k: v for k, v in (generate_cfg or {}).items() if k not in params_to_filter} + dropped_params = [k for k in original_keys if k in params_to_filter] + + default_temperature_applied = False + if not is_opus_model: + model_kwargs["temperature"] = 0.8 + default_temperature_applied = True + + model_kwargs.update(filtered_cfg) + + logger.info( + "sanitize_model_kwargs source=%s provider=%s model=%s original_keys=%s dropped_keys=%s default_temperature_applied=%s", + source, + model_provider, + model_name, + original_keys, + dropped_params, + default_temperature_applied + ) + + return model_kwargs, dropped_params, default_temperature_applied + + def get_versioned_filename(upload_dir: str, name_without_ext: str, file_extension: str) -> tuple[str, int]: """ 获取带版本号的文件名,自动处理文件删除和版本递增 @@ -451,15 +528,22 @@ async def _sync_call_llm(llm_config, messages) -> str: api_key = llm_config.get('api_key') # 检测或使用指定的提供商 model_provider,base_url = detect_provider(model_name,model_server) - - # 构建模型参数 - model_kwargs = { - "model": model_name, - "model_provider": model_provider, - "temperature": 0.8, - "base_url":base_url, - "api_key":api_key - } + + model_kwargs, dropped_params, default_temperature_applied = sanitize_model_kwargs( + model_name=model_name, + model_provider=model_provider, + base_url=base_url, + api_key=api_key, + source="_sync_call_llm" + ) + if dropped_params: + logger.info( + "_sync_call_llm dropped_params=%s model=%s provider=%s default_temperature_applied=%s", + dropped_params, + model_name, + model_provider, + default_temperature_applied + ) llm_instance = init_chat_model(**model_kwargs) # 转换消息格式为LangChain格式 From f13f208900b52059e28650ad19650e66cd5663e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9C=B1=E6=BD=AE?= Date: Mon, 20 Apr 2026 19:24:30 +0800 Subject: [PATCH 5/6] add ENABLE_SELF_KNOWLEDGE --- agent/agent_config.py | 6 + agent/deep_assistant.py | 1 + agent/plugin_hook_loader.py | 1 + routes/chat.py | 7 +- .../support/rag-retrieve/hooks/hook-backup.md | 55 --------- .../support/rag-retrieve/hooks/pre_prompt.py | 16 ++- ...trieval-policy-forbidden-self-knowledge.md | 113 ++++++++++++++++++ .../rag-retrieve-only/hooks/pre_prompt.py | 16 ++- ...trieval-policy-forbidden-self-knowledge.md | 113 ++++++++++++++++++ .../rag-retrieve-only/hooks/pre_prompt.py | 16 ++- ...trieval-policy-forbidden-self-knowledge.md | 113 ++++++++++++++++++ utils/api_models.py | 1 + 12 files changed, 388 insertions(+), 70 deletions(-) delete mode 100644 skills/autoload/support/rag-retrieve/hooks/hook-backup.md create mode 100644 skills/autoload/support/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md create mode 100644 skills/onprem/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md create mode 100644 skills/support/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md diff --git a/agent/agent_config.py b/agent/agent_config.py index a1503a9..9fd2ec2 100644 --- a/agent/agent_config.py +++ b/agent/agent_config.py @@ -24,6 +24,7 @@ class AgentConfig: mcp_settings: Optional[List[Dict]] = field(default_factory=list) generate_cfg: Optional[Dict] = None enable_thinking: bool = False + enable_self_knowledge: bool = False # 上下文参数 project_dir: Optional[str] = None @@ -64,6 +65,7 @@ class AgentConfig: 'mcp_settings': self.mcp_settings, 'generate_cfg': self.generate_cfg, 'enable_thinking': self.enable_thinking, + 'enable_self_knowledge': self.enable_self_knowledge, 'project_dir': self.project_dir, 'user_identifier': self.user_identifier, 'session_id': self.session_id, @@ -122,6 +124,7 @@ class AgentConfig: user_identifier=request.user_identifier, session_id=request.session_id, enable_thinking=request.enable_thinking, + enable_self_knowledge=request.enable_self_knowledge, project_dir=project_dir, stream=request.stream, tool_response=request.tool_response, @@ -179,6 +182,7 @@ class AgentConfig: enable_thinking = bot_config.get("enable_thinking", False) enable_memori = bot_config.get("enable_memory", False) + enable_self_knowledge = bot_config.get("enable_self_knowledge", False) config = cls( bot_id=request.bot_id, @@ -191,6 +195,7 @@ class AgentConfig: user_identifier=request.user_identifier, session_id=request.session_id, enable_thinking=enable_thinking, + enable_self_knowledge=enable_self_knowledge, project_dir=project_dir, stream=request.stream, tool_response=request.tool_response, @@ -246,6 +251,7 @@ class AgentConfig: 'language': self.language, 'generate_cfg': self.generate_cfg, 'enable_thinking': self.enable_thinking, + 'enable_self_knowledge': self.enable_self_knowledge, 'user_identifier': self.user_identifier, 'session_id': self.session_id, 'dataset_ids': self.dataset_ids, # 添加dataset_ids到缓存键生成 diff --git a/agent/deep_assistant.py b/agent/deep_assistant.py index 2521b6e..3efdf37 100644 --- a/agent/deep_assistant.py +++ b/agent/deep_assistant.py @@ -306,6 +306,7 @@ async def init_agent(config: AgentConfig): "ASSISTANT_ID": config.bot_id, "USER_IDENTIFIER": config.user_identifier, "TRACE_ID": config.trace_id, + "ENABLE_SELF_KNOWLEDGE": str(config.enable_self_knowledge).lower(), **(config.shell_env or {}), } ) diff --git a/agent/plugin_hook_loader.py b/agent/plugin_hook_loader.py index 5796e59..177937c 100644 --- a/agent/plugin_hook_loader.py +++ b/agent/plugin_hook_loader.py @@ -214,6 +214,7 @@ async def _execute_command(skill_path: str, command: str, hook_type: str, config env['ASSISTANT_ID'] = str(getattr(config, 'bot_id', '')) env['USER_IDENTIFIER'] = str(getattr(config, 'user_identifier', '')) env['TRACE_ID'] = str(getattr(config, 'trace_id', '')) + env['ENABLE_SELF_KNOWLEDGE'] = str(getattr(config, 'enable_self_knowledge', False)).lower() env['SESSION_ID'] = str(getattr(config, 'session_id', '')) env['LANGUAGE'] = str(getattr(config, 'language', '')) env['HOOK_TYPE'] = hook_type diff --git a/routes/chat.py b/routes/chat.py index 9b9f6f9..87e8584 100644 --- a/routes/chat.py +++ b/routes/chat.py @@ -512,7 +512,7 @@ async def chat_completions(request: ChatRequest, authorization: Optional[str] = project_dir = create_project_directory(request.dataset_ids, bot_id, request.skills) # 收集额外参数作为 generate_cfg - exclude_fields = {'messages', 'model', 'model_server', 'dataset_ids', 'language', 'tool_response', 'system_prompt', 'mcp_settings' ,'stream', 'robot_type', 'bot_id', 'user_identifier', 'session_id', 'enable_thinking', 'skills', 'enable_memory', 'n', 'shell_env', 'max_tokens'} + exclude_fields = {'messages', 'model', 'model_server', 'dataset_ids', 'language', 'tool_response', 'system_prompt', 'mcp_settings' ,'stream', 'robot_type', 'bot_id', 'user_identifier', 'session_id', 'enable_thinking', 'skills', 'enable_memory', 'enable_self_knowledge', 'n', 'shell_env', 'max_tokens'} generate_cfg = {k: v for k, v in request.model_dump().items() if k not in exclude_fields} logger.info("chat_completions generate_cfg_keys=%s model=%s", list(generate_cfg.keys()), request.model) # 处理消息 @@ -563,7 +563,7 @@ async def chat_warmup_v1(request: ChatRequest, authorization: Optional[str] = He project_dir = create_project_directory(request.dataset_ids, bot_id, request.skills) # 收集额外参数作为 generate_cfg - exclude_fields = {'messages', 'model', 'model_server', 'dataset_ids', 'language', 'tool_response', 'system_prompt', 'mcp_settings' ,'stream', 'robot_type', 'bot_id', 'user_identifier', 'session_id', 'enable_thinking', 'skills', 'enable_memory', 'n', 'shell_env'} + exclude_fields = {'messages', 'model', 'model_server', 'dataset_ids', 'language', 'tool_response', 'system_prompt', 'mcp_settings' ,'stream', 'robot_type', 'bot_id', 'user_identifier', 'session_id', 'enable_thinking', 'skills', 'enable_memory', 'enable_self_knowledge', 'n', 'shell_env'} generate_cfg = {k: v for k, v in request.model_dump().items() if k not in exclude_fields} # 创建一个空的消息列表用于预热(实际消息不会在warmup中处理) @@ -666,6 +666,7 @@ async def chat_warmup_v2(request: ChatRequestV2, authorization: Optional[str] = # 处理消息 messages = process_messages(empty_messages, request.language or "ja") + exclude_fields = {'messages', 'dataset_ids', 'language', 'tool_response', 'system_prompt', 'mcp_settings', 'stream', 'robot_type', 'bot_id', 'user_identifier', 'session_id', 'enable_thinking', 'skills', 'enable_memory', 'enable_self_knowledge', 'n', 'model', 'model_server', 'api_key', 'shell_env', 'max_tokens'} generate_cfg = {k: v for k, v in request.model_dump().items() if k not in exclude_fields} logger.info("chat_warmup_v2 generate_cfg_keys=%s requested_model=%s", list(generate_cfg.keys()), request.model) # 从请求中提取 model/model_server/api_key,优先级高于 bot_config(排除 "whatever" 和空值) @@ -773,7 +774,7 @@ async def chat_completions_v2(request: ChatRequestV2, authorization: Optional[st # 处理消息 messages = process_messages(request.messages, request.language) # 收集额外参数作为 generate_cfg - exclude_fields = {'messages', 'dataset_ids', 'language', 'tool_response', 'system_prompt', 'mcp_settings', 'stream', 'robot_type', 'bot_id', 'user_identifier', 'session_id', 'enable_thinking', 'skills', 'enable_memory', 'n', 'model', 'model_server', 'api_key', 'shell_env', 'max_tokens'} + exclude_fields = {'messages', 'dataset_ids', 'language', 'tool_response', 'system_prompt', 'mcp_settings', 'stream', 'robot_type', 'bot_id', 'user_identifier', 'session_id', 'enable_thinking', 'skills', 'enable_memory', 'enable_self_knowledge', 'n', 'model', 'model_server', 'api_key', 'shell_env', 'max_tokens'} generate_cfg = {k: v for k, v in request.model_dump().items() if k not in exclude_fields} logger.info("chat_completions_v2 generate_cfg_keys=%s requested_model=%s", list(generate_cfg.keys()), request.model) # 从请求中提取 model/model_server/api_key,优先级高于 bot_config(排除 "whatever" 和空值) diff --git a/skills/autoload/support/rag-retrieve/hooks/hook-backup.md b/skills/autoload/support/rag-retrieve/hooks/hook-backup.md deleted file mode 100644 index c90e84f..0000000 --- a/skills/autoload/support/rag-retrieve/hooks/hook-backup.md +++ /dev/null @@ -1,55 +0,0 @@ -# Retrieval Policy - -### 1. Retrieval Order and Tool Selection -- Follow this section for source choice, tool choice, query rewrite, `top_k`, fallback, result handling, and citations. -- Use this default retrieval order and execute it sequentially: skill-enabled knowledge retrieval tools > `rag_retrieve` / `table_rag_retrieve`. -- Do NOT answer from model knowledge first. -- Do NOT bypass the retrieval flow and inspect local filesystem documents on your own. -- Do NOT use local filesystem retrieval as a fallback knowledge source. -- Local filesystem documents are not a recommended retrieval source here because file formats are inconsistent and have not been normalized or parsed for reliable knowledge lookup. -- Knowledge must be retrieved through the supported knowledge tools only: skill-enabled retrieval scripts, `table_rag_retrieve`, and `rag_retrieve`. -- When a suitable skill-enabled knowledge retrieval tool is available, use it first. -- If no suitable skill-enabled retrieval tool is available, or if its result is insufficient, continue with `rag_retrieve` or `table_rag_retrieve`. -- Use `table_rag_retrieve` first for values, prices, quantities, inventory, specifications, rankings, comparisons, summaries, extraction, lists, tables, name lookup, historical coverage, mixed questions, and unclear cases. -- Use `rag_retrieve` first only for clearly pure concept, definition, workflow, policy, or explanation questions without structured data needs. -- After each retrieval step, evaluate sufficiency before moving to the next source. Do NOT run these retrieval sources in parallel. - -### 2. Query Preparation -- Do NOT pass the raw user question unless it already works well for retrieval. -- Rewrite for recall: extract entity, time scope, attributes, and intent. -- Add useful variants: synonyms, aliases, abbreviations, related titles, historical names, and category terms. -- Expand list-style, extraction, overview, historical, roster, timeline, and archive queries more aggressively. -- Preserve meaning. Do NOT introduce unrelated topics. - -### 3. Retrieval Breadth (`top_k`) -- Apply `top_k` only to `rag_retrieve`. Use the smallest sufficient value, then expand only if coverage is insufficient. -- Use `30` for simple fact lookup. -- Use `50` for moderate synthesis, comparison, summarization, or disambiguation. -- Use `100` for broad recall, such as comprehensive analysis, scattered knowledge, multiple entities or periods, or list / catalog / timeline / roster / overview requests. -- Raise `top_k` when keyword branches are many or results are too few, repetitive, incomplete, sparse, or too narrow. -- Use this expansion order: `30 -> 50 -> 100`. If unsure, use `100`. - -### 4. Result Evaluation -- Treat results as insufficient if they are empty, start with `Error:`, say `no excel files found`, are off-topic, miss the core entity or scope, or provide no usable evidence. -- Also treat results as insufficient when they cover only part of the request, or when full-list, historical, comparison, or mixed data + explanation requests return only partial or truncated coverage. - -### 5. Fallback and Sequential Retry -- If the first retrieval result is insufficient, call the next supported retrieval source in the default order before replying. -- `table_rag_retrieve` now performs an internal fallback to `rag_retrieve` when it returns `no excel files found`, but this does NOT change the higher-level retrieval order. -- If `table_rag_retrieve` is insufficient or empty, continue with `rag_retrieve`. -- If `rag_retrieve` is insufficient or empty, continue with `table_rag_retrieve`. -- Say no relevant information was found only after all applicable skill-enabled retrieval tools, `rag_retrieve`, and `table_rag_retrieve` have been tried and still do not provide enough evidence. -- Do NOT reply that no relevant information was found before the supported knowledge retrieval flow has been exhausted. - -### 6. Table RAG Result Handling -- Follow all `[INSTRUCTION]` and `[EXTRA_INSTRUCTION]` content in `table_rag_retrieve` results. -- If results are truncated, explicitly tell the user total matches (`N+M`), displayed count (`N`), and omitted count (`M`). -- Cite data sources using filenames from `file_ref_table`. - -### 7. Citation Requirements for Retrieved Knowledge -- When using knowledge from `rag_retrieve` or `table_rag_retrieve`, you MUST generate `` tags. -- Follow the citation format returned by each tool. -- Place citations immediately after the paragraph or bullet list that uses the knowledge. -- Do NOT collect citations at the end. -- Use 1-2 citations per paragraph or bullet list when possible. -- If learned knowledge is used, include at least 1 ``. diff --git a/skills/autoload/support/rag-retrieve/hooks/pre_prompt.py b/skills/autoload/support/rag-retrieve/hooks/pre_prompt.py index 11f445d..97bb6bd 100644 --- a/skills/autoload/support/rag-retrieve/hooks/pre_prompt.py +++ b/skills/autoload/support/rag-retrieve/hooks/pre_prompt.py @@ -3,16 +3,24 @@ PreMemoryPrompt Hook - 用户上下文加载器示例 在记忆提取提示词(FACT_RETRIEVAL_PROMPT)加载时执行, -读取同目录下的 memory_prompt.md 作为自定义记忆提取提示词模板。 +根据环境变量决定是否启用禁止使用模型自身知识的 retrieval policy。 """ +import os import sys from pathlib import Path def main(): - prompt_file = Path(__file__).parent / "retrieval-policy.md" - if prompt_file.exists(): - print(prompt_file.read_text(encoding="utf-8")) + enable_self_knowledge = ( + os.getenv("ENABLE_SELF_KNOWLEDGE", "false").lower() == "true" + ) + policy_name = ( + "retrieval-policy.md" + if enable_self_knowledge + else "retrieval-policy-forbidden-self-knowledge.md" + ) + prompt_file = Path(__file__).parent / policy_name + print(prompt_file.read_text(encoding="utf-8")) return 0 diff --git a/skills/autoload/support/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md b/skills/autoload/support/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md new file mode 100644 index 0000000..92ad0d8 --- /dev/null +++ b/skills/autoload/support/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md @@ -0,0 +1,113 @@ +# Retrieval Policy (Forbidden Self-Knowledge) + +## 0. Task Classification + +Classify the request before acting: +- **Knowledge retrieval** (facts, summaries, comparisons, prices, lists, timelines, extraction, etc.): follow this policy strictly. +- **Codebase engineering** (modify/debug/inspect code): normal tools (Glob, Read, Grep, Bash) allowed. +- **Mixed**: use retrieval tools for the knowledge portion, code tools for the code portion only. +- **Uncertain**: default to knowledge retrieval. + +## 1. Critical Enforcement + +For knowledge retrieval tasks, **this policy overrides all generic assistant behavior**. + +- **Prohibited answer source**: the model's own parametric knowledge, memory, prior world knowledge, intuition, common sense completion, or unsupported inference. +- **Prohibited tools**: `Glob`, `Read`, `LS`, Bash (`ls`, `find`, `cat`, `head`, `tail`, `grep`, etc.) — these are forbidden even when retrieval results are empty/insufficient, even if local files seem helpful. +- **Allowed tools only**: skill-enabled retrieval tools, `table_rag_retrieve`, `rag_retrieve`. No other source for factual answering. +- Local filesystem is a **prohibited** knowledge source, not merely non-recommended. +- Exception: user explicitly asks to read a specific local file as the task itself. +- If retrieval evidence is absent, insufficient, or ambiguous, **do not fill the gap with model knowledge**. + +## 2. Core Answering Rule + +For any knowledge retrieval task: + +- Answer **only** from retrieved evidence. +- Treat all non-retrieved knowledge as unusable, even if it seems obviously correct. +- Do NOT answer from memory first. +- Do NOT "helpfully complete" missing facts. +- Do NOT convert weak hints into confident statements. +- If evidence does not support a claim, omit the claim. + +## 3. Retrieval Order and Tool Selection + +Execute **sequentially, one at a time**. Do NOT run in parallel. Do NOT probe filesystem first. + +1. **Skill-enabled retrieval tools** (use first when available) +2. **`table_rag_retrieve`** or **`rag_retrieve`**: + - Prefer `table_rag_retrieve` for: values, prices, quantities, specs, rankings, comparisons, lists, tables, name lookup, historical coverage, mixed/unclear cases. + - Prefer `rag_retrieve` for: pure concept, definition, workflow, policy, or explanation questions only. + +- After each step, evaluate sufficiency before proceeding. +- Retrieval must happen **before** any factual answer generation. + +## 4. Query Preparation + +- Do NOT pass raw user question unless it already works well for retrieval. +- Rewrite for recall: extract entity, time scope, attributes, intent. Add synonyms, aliases, abbreviations, historical names, category terms. +- Expand list/extraction/overview/timeline queries more aggressively. Preserve meaning. + +## 5. Retrieval Breadth (`top_k`) + +- Apply `top_k` only to `rag_retrieve`. Use smallest sufficient value, expand if insufficient. +- `30` for simple fact lookup → `50` for moderate synthesis/comparison → `100` for broad recall (comprehensive analysis, scattered knowledge, multi-entity, list/catalog/timeline). +- Expansion order: `30 → 50 → 100`. If unsure, use `100`. + +## 6. Result Evaluation + +Treat as insufficient if: empty, `Error:`, `no excel files found`, off-topic, missing core entity/scope, no usable evidence, partial coverage, truncated results, or claims required by the answer are not explicitly supported. + +## 7. Fallback and Sequential Retry + +On insufficient results, follow this sequence: + +1. Rewrite query, retry same tool (once) +2. Switch to next retrieval source in default order +3. For `rag_retrieve`, expand `top_k`: `30 → 50 → 100` +4. `table_rag_retrieve` insufficient → try `rag_retrieve`; `rag_retrieve` insufficient → try `table_rag_retrieve` + +- `table_rag_retrieve` internally falls back to `rag_retrieve` on `no excel files found`, but this does NOT change the higher-level order. +- Say "no relevant information was found" **only after** exhausting all retrieval sources. +- Do NOT switch to local filesystem inspection at any point. +- Do NOT switch to model self-knowledge at any point. + +## 8. Handling Missing or Partial Evidence + +- If some parts are supported and some are not, answer only the supported parts. +- Clearly mark unsupported parts as unavailable rather than guessing. +- Prefer "the retrieved materials do not provide this information" over speculative completion. +- When user asks for a definitive answer but evidence is incomplete, state the limitation directly. + +## 9. Table RAG Result Handling + +- Follow all `[INSTRUCTION]` and `[EXTRA_INSTRUCTION]` in results. +- If truncated: tell user total (`N+M`), displayed (`N`), omitted (`M`). +- Cite sources using filenames from `file_ref_table`. + +## 10. Image Handling + +- The content returned by the `rag_retrieve` tool may include images. +- Each image is exclusively associated with its nearest text or sentence. +- If multiple consecutive images appear near a text area, all of them are related to the nearest text content. +- Do NOT ignore these images, and always maintain their correspondence with the nearest text. +- Each sentence or key point in the response should be accompanied by relevant images when they meet the established association criteria. +- Avoid placing all images at the end of the response. + +## 11. Citation Requirements + +- MUST generate `` tags when using retrieval results. +- Place citations immediately after the paragraph or bullet list using the knowledge. Do NOT collect at end. +- 1-2 citations per paragraph/bullet. At least 1 citation when using retrieved knowledge. +- Do NOT cite claims that were not supported by retrieval. + +## 12. Pre-Reply Self-Check + +Before replying to a knowledge retrieval task, verify: +- Used only whitelisted retrieval tools — no local filesystem inspection? +- Did retrieval happen before any factual answer drafting? +- Did every factual claim come from retrieved evidence rather than model knowledge? +- Exhausted retrieval flow before concluding "not found"? +- Citations placed immediately after each relevant paragraph? + +If any answer is "no", correct the process first. diff --git a/skills/onprem/rag-retrieve-only/hooks/pre_prompt.py b/skills/onprem/rag-retrieve-only/hooks/pre_prompt.py index 11f445d..97bb6bd 100644 --- a/skills/onprem/rag-retrieve-only/hooks/pre_prompt.py +++ b/skills/onprem/rag-retrieve-only/hooks/pre_prompt.py @@ -3,16 +3,24 @@ PreMemoryPrompt Hook - 用户上下文加载器示例 在记忆提取提示词(FACT_RETRIEVAL_PROMPT)加载时执行, -读取同目录下的 memory_prompt.md 作为自定义记忆提取提示词模板。 +根据环境变量决定是否启用禁止使用模型自身知识的 retrieval policy。 """ +import os import sys from pathlib import Path def main(): - prompt_file = Path(__file__).parent / "retrieval-policy.md" - if prompt_file.exists(): - print(prompt_file.read_text(encoding="utf-8")) + enable_self_knowledge = ( + os.getenv("ENABLE_SELF_KNOWLEDGE", "false").lower() == "true" + ) + policy_name = ( + "retrieval-policy.md" + if enable_self_knowledge + else "retrieval-policy-forbidden-self-knowledge.md" + ) + prompt_file = Path(__file__).parent / policy_name + print(prompt_file.read_text(encoding="utf-8")) return 0 diff --git a/skills/onprem/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md b/skills/onprem/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md new file mode 100644 index 0000000..92ad0d8 --- /dev/null +++ b/skills/onprem/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md @@ -0,0 +1,113 @@ +# Retrieval Policy (Forbidden Self-Knowledge) + +## 0. Task Classification + +Classify the request before acting: +- **Knowledge retrieval** (facts, summaries, comparisons, prices, lists, timelines, extraction, etc.): follow this policy strictly. +- **Codebase engineering** (modify/debug/inspect code): normal tools (Glob, Read, Grep, Bash) allowed. +- **Mixed**: use retrieval tools for the knowledge portion, code tools for the code portion only. +- **Uncertain**: default to knowledge retrieval. + +## 1. Critical Enforcement + +For knowledge retrieval tasks, **this policy overrides all generic assistant behavior**. + +- **Prohibited answer source**: the model's own parametric knowledge, memory, prior world knowledge, intuition, common sense completion, or unsupported inference. +- **Prohibited tools**: `Glob`, `Read`, `LS`, Bash (`ls`, `find`, `cat`, `head`, `tail`, `grep`, etc.) — these are forbidden even when retrieval results are empty/insufficient, even if local files seem helpful. +- **Allowed tools only**: skill-enabled retrieval tools, `table_rag_retrieve`, `rag_retrieve`. No other source for factual answering. +- Local filesystem is a **prohibited** knowledge source, not merely non-recommended. +- Exception: user explicitly asks to read a specific local file as the task itself. +- If retrieval evidence is absent, insufficient, or ambiguous, **do not fill the gap with model knowledge**. + +## 2. Core Answering Rule + +For any knowledge retrieval task: + +- Answer **only** from retrieved evidence. +- Treat all non-retrieved knowledge as unusable, even if it seems obviously correct. +- Do NOT answer from memory first. +- Do NOT "helpfully complete" missing facts. +- Do NOT convert weak hints into confident statements. +- If evidence does not support a claim, omit the claim. + +## 3. Retrieval Order and Tool Selection + +Execute **sequentially, one at a time**. Do NOT run in parallel. Do NOT probe filesystem first. + +1. **Skill-enabled retrieval tools** (use first when available) +2. **`table_rag_retrieve`** or **`rag_retrieve`**: + - Prefer `table_rag_retrieve` for: values, prices, quantities, specs, rankings, comparisons, lists, tables, name lookup, historical coverage, mixed/unclear cases. + - Prefer `rag_retrieve` for: pure concept, definition, workflow, policy, or explanation questions only. + +- After each step, evaluate sufficiency before proceeding. +- Retrieval must happen **before** any factual answer generation. + +## 4. Query Preparation + +- Do NOT pass raw user question unless it already works well for retrieval. +- Rewrite for recall: extract entity, time scope, attributes, intent. Add synonyms, aliases, abbreviations, historical names, category terms. +- Expand list/extraction/overview/timeline queries more aggressively. Preserve meaning. + +## 5. Retrieval Breadth (`top_k`) + +- Apply `top_k` only to `rag_retrieve`. Use smallest sufficient value, expand if insufficient. +- `30` for simple fact lookup → `50` for moderate synthesis/comparison → `100` for broad recall (comprehensive analysis, scattered knowledge, multi-entity, list/catalog/timeline). +- Expansion order: `30 → 50 → 100`. If unsure, use `100`. + +## 6. Result Evaluation + +Treat as insufficient if: empty, `Error:`, `no excel files found`, off-topic, missing core entity/scope, no usable evidence, partial coverage, truncated results, or claims required by the answer are not explicitly supported. + +## 7. Fallback and Sequential Retry + +On insufficient results, follow this sequence: + +1. Rewrite query, retry same tool (once) +2. Switch to next retrieval source in default order +3. For `rag_retrieve`, expand `top_k`: `30 → 50 → 100` +4. `table_rag_retrieve` insufficient → try `rag_retrieve`; `rag_retrieve` insufficient → try `table_rag_retrieve` + +- `table_rag_retrieve` internally falls back to `rag_retrieve` on `no excel files found`, but this does NOT change the higher-level order. +- Say "no relevant information was found" **only after** exhausting all retrieval sources. +- Do NOT switch to local filesystem inspection at any point. +- Do NOT switch to model self-knowledge at any point. + +## 8. Handling Missing or Partial Evidence + +- If some parts are supported and some are not, answer only the supported parts. +- Clearly mark unsupported parts as unavailable rather than guessing. +- Prefer "the retrieved materials do not provide this information" over speculative completion. +- When user asks for a definitive answer but evidence is incomplete, state the limitation directly. + +## 9. Table RAG Result Handling + +- Follow all `[INSTRUCTION]` and `[EXTRA_INSTRUCTION]` in results. +- If truncated: tell user total (`N+M`), displayed (`N`), omitted (`M`). +- Cite sources using filenames from `file_ref_table`. + +## 10. Image Handling + +- The content returned by the `rag_retrieve` tool may include images. +- Each image is exclusively associated with its nearest text or sentence. +- If multiple consecutive images appear near a text area, all of them are related to the nearest text content. +- Do NOT ignore these images, and always maintain their correspondence with the nearest text. +- Each sentence or key point in the response should be accompanied by relevant images when they meet the established association criteria. +- Avoid placing all images at the end of the response. + +## 11. Citation Requirements + +- MUST generate `` tags when using retrieval results. +- Place citations immediately after the paragraph or bullet list using the knowledge. Do NOT collect at end. +- 1-2 citations per paragraph/bullet. At least 1 citation when using retrieved knowledge. +- Do NOT cite claims that were not supported by retrieval. + +## 12. Pre-Reply Self-Check + +Before replying to a knowledge retrieval task, verify: +- Used only whitelisted retrieval tools — no local filesystem inspection? +- Did retrieval happen before any factual answer drafting? +- Did every factual claim come from retrieved evidence rather than model knowledge? +- Exhausted retrieval flow before concluding "not found"? +- Citations placed immediately after each relevant paragraph? + +If any answer is "no", correct the process first. diff --git a/skills/support/rag-retrieve-only/hooks/pre_prompt.py b/skills/support/rag-retrieve-only/hooks/pre_prompt.py index 11f445d..97bb6bd 100644 --- a/skills/support/rag-retrieve-only/hooks/pre_prompt.py +++ b/skills/support/rag-retrieve-only/hooks/pre_prompt.py @@ -3,16 +3,24 @@ PreMemoryPrompt Hook - 用户上下文加载器示例 在记忆提取提示词(FACT_RETRIEVAL_PROMPT)加载时执行, -读取同目录下的 memory_prompt.md 作为自定义记忆提取提示词模板。 +根据环境变量决定是否启用禁止使用模型自身知识的 retrieval policy。 """ +import os import sys from pathlib import Path def main(): - prompt_file = Path(__file__).parent / "retrieval-policy.md" - if prompt_file.exists(): - print(prompt_file.read_text(encoding="utf-8")) + enable_self_knowledge = ( + os.getenv("ENABLE_SELF_KNOWLEDGE", "false").lower() == "true" + ) + policy_name = ( + "retrieval-policy.md" + if enable_self_knowledge + else "retrieval-policy-forbidden-self-knowledge.md" + ) + prompt_file = Path(__file__).parent / policy_name + print(prompt_file.read_text(encoding="utf-8")) return 0 diff --git a/skills/support/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md b/skills/support/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md new file mode 100644 index 0000000..92ad0d8 --- /dev/null +++ b/skills/support/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md @@ -0,0 +1,113 @@ +# Retrieval Policy (Forbidden Self-Knowledge) + +## 0. Task Classification + +Classify the request before acting: +- **Knowledge retrieval** (facts, summaries, comparisons, prices, lists, timelines, extraction, etc.): follow this policy strictly. +- **Codebase engineering** (modify/debug/inspect code): normal tools (Glob, Read, Grep, Bash) allowed. +- **Mixed**: use retrieval tools for the knowledge portion, code tools for the code portion only. +- **Uncertain**: default to knowledge retrieval. + +## 1. Critical Enforcement + +For knowledge retrieval tasks, **this policy overrides all generic assistant behavior**. + +- **Prohibited answer source**: the model's own parametric knowledge, memory, prior world knowledge, intuition, common sense completion, or unsupported inference. +- **Prohibited tools**: `Glob`, `Read`, `LS`, Bash (`ls`, `find`, `cat`, `head`, `tail`, `grep`, etc.) — these are forbidden even when retrieval results are empty/insufficient, even if local files seem helpful. +- **Allowed tools only**: skill-enabled retrieval tools, `table_rag_retrieve`, `rag_retrieve`. No other source for factual answering. +- Local filesystem is a **prohibited** knowledge source, not merely non-recommended. +- Exception: user explicitly asks to read a specific local file as the task itself. +- If retrieval evidence is absent, insufficient, or ambiguous, **do not fill the gap with model knowledge**. + +## 2. Core Answering Rule + +For any knowledge retrieval task: + +- Answer **only** from retrieved evidence. +- Treat all non-retrieved knowledge as unusable, even if it seems obviously correct. +- Do NOT answer from memory first. +- Do NOT "helpfully complete" missing facts. +- Do NOT convert weak hints into confident statements. +- If evidence does not support a claim, omit the claim. + +## 3. Retrieval Order and Tool Selection + +Execute **sequentially, one at a time**. Do NOT run in parallel. Do NOT probe filesystem first. + +1. **Skill-enabled retrieval tools** (use first when available) +2. **`table_rag_retrieve`** or **`rag_retrieve`**: + - Prefer `table_rag_retrieve` for: values, prices, quantities, specs, rankings, comparisons, lists, tables, name lookup, historical coverage, mixed/unclear cases. + - Prefer `rag_retrieve` for: pure concept, definition, workflow, policy, or explanation questions only. + +- After each step, evaluate sufficiency before proceeding. +- Retrieval must happen **before** any factual answer generation. + +## 4. Query Preparation + +- Do NOT pass raw user question unless it already works well for retrieval. +- Rewrite for recall: extract entity, time scope, attributes, intent. Add synonyms, aliases, abbreviations, historical names, category terms. +- Expand list/extraction/overview/timeline queries more aggressively. Preserve meaning. + +## 5. Retrieval Breadth (`top_k`) + +- Apply `top_k` only to `rag_retrieve`. Use smallest sufficient value, expand if insufficient. +- `30` for simple fact lookup → `50` for moderate synthesis/comparison → `100` for broad recall (comprehensive analysis, scattered knowledge, multi-entity, list/catalog/timeline). +- Expansion order: `30 → 50 → 100`. If unsure, use `100`. + +## 6. Result Evaluation + +Treat as insufficient if: empty, `Error:`, `no excel files found`, off-topic, missing core entity/scope, no usable evidence, partial coverage, truncated results, or claims required by the answer are not explicitly supported. + +## 7. Fallback and Sequential Retry + +On insufficient results, follow this sequence: + +1. Rewrite query, retry same tool (once) +2. Switch to next retrieval source in default order +3. For `rag_retrieve`, expand `top_k`: `30 → 50 → 100` +4. `table_rag_retrieve` insufficient → try `rag_retrieve`; `rag_retrieve` insufficient → try `table_rag_retrieve` + +- `table_rag_retrieve` internally falls back to `rag_retrieve` on `no excel files found`, but this does NOT change the higher-level order. +- Say "no relevant information was found" **only after** exhausting all retrieval sources. +- Do NOT switch to local filesystem inspection at any point. +- Do NOT switch to model self-knowledge at any point. + +## 8. Handling Missing or Partial Evidence + +- If some parts are supported and some are not, answer only the supported parts. +- Clearly mark unsupported parts as unavailable rather than guessing. +- Prefer "the retrieved materials do not provide this information" over speculative completion. +- When user asks for a definitive answer but evidence is incomplete, state the limitation directly. + +## 9. Table RAG Result Handling + +- Follow all `[INSTRUCTION]` and `[EXTRA_INSTRUCTION]` in results. +- If truncated: tell user total (`N+M`), displayed (`N`), omitted (`M`). +- Cite sources using filenames from `file_ref_table`. + +## 10. Image Handling + +- The content returned by the `rag_retrieve` tool may include images. +- Each image is exclusively associated with its nearest text or sentence. +- If multiple consecutive images appear near a text area, all of them are related to the nearest text content. +- Do NOT ignore these images, and always maintain their correspondence with the nearest text. +- Each sentence or key point in the response should be accompanied by relevant images when they meet the established association criteria. +- Avoid placing all images at the end of the response. + +## 11. Citation Requirements + +- MUST generate `` tags when using retrieval results. +- Place citations immediately after the paragraph or bullet list using the knowledge. Do NOT collect at end. +- 1-2 citations per paragraph/bullet. At least 1 citation when using retrieved knowledge. +- Do NOT cite claims that were not supported by retrieval. + +## 12. Pre-Reply Self-Check + +Before replying to a knowledge retrieval task, verify: +- Used only whitelisted retrieval tools — no local filesystem inspection? +- Did retrieval happen before any factual answer drafting? +- Did every factual claim come from retrieved evidence rather than model knowledge? +- Exhausted retrieval flow before concluding "not found"? +- Citations placed immediately after each relevant paragraph? + +If any answer is "no", correct the process first. diff --git a/utils/api_models.py b/utils/api_models.py index 645fba6..0ba7932 100644 --- a/utils/api_models.py +++ b/utils/api_models.py @@ -54,6 +54,7 @@ class ChatRequest(BaseModel): enable_thinking: Optional[bool] = False skills: Optional[List[str]] = None enable_memory: Optional[bool] = False + enable_self_knowledge: Optional[bool] = False shell_env: Optional[Dict[str, str]] = None model_config = ConfigDict(extra='allow') From 9521d283a5d7ca5a99af10aab078e35d29b26415 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9C=B1=E6=BD=AE?= Date: Mon, 20 Apr 2026 22:37:54 +0800 Subject: [PATCH 6/6] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E6=8F=90=E7=A4=BA?= =?UTF-8?q?=E8=AF=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...trieval-policy-forbidden-self-knowledge.md | 20 +++++++++- .../rag-retrieve/hooks/retrieval-policy.md | 20 +++++++++- ...trieval-policy-forbidden-self-knowledge.md | 20 +++++++++- .../rag-retrieve/hooks/retrieval-policy.md | 20 +++++++++- ...trieval-policy-forbidden-self-knowledge.md | 38 +++++++++++-------- .../hooks/retrieval-policy.md | 19 +++++++++- ...trieval-policy-forbidden-self-knowledge.md | 38 +++++++++++-------- .../hooks/retrieval-policy.md | 19 +++++++++- 8 files changed, 154 insertions(+), 40 deletions(-) diff --git a/skills/autoload/onprem/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md b/skills/autoload/onprem/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md index 92ad0d8..b6c1296 100644 --- a/skills/autoload/onprem/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md +++ b/skills/autoload/onprem/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md @@ -10,7 +10,7 @@ Classify the request before acting: ## 1. Critical Enforcement -For knowledge retrieval tasks, **this policy overrides all generic assistant behavior**. +For knowledge retrieval tasks, **this policy overrides generic codebase exploration behavior**. - **Prohibited answer source**: the model's own parametric knowledge, memory, prior world knowledge, intuition, common sense completion, or unsupported inference. - **Prohibited tools**: `Glob`, `Read`, `LS`, Bash (`ls`, `find`, `cat`, `head`, `tail`, `grep`, etc.) — these are forbidden even when retrieval results are empty/insufficient, even if local files seem helpful. @@ -101,7 +101,22 @@ On insufficient results, follow this sequence: - 1-2 citations per paragraph/bullet. At least 1 citation when using retrieved knowledge. - Do NOT cite claims that were not supported by retrieval. -## 12. Pre-Reply Self-Check +## 12. Self-Knowledge Prohibition + +This section applies whenever self-knowledge is disabled or forbidden for the current task. + +- Retrieval remains the only usable source for factual answering. +- If retrieval is sufficient, answer from retrieval only. +- If retrieval is partially sufficient, answer only the supported parts. +- The model must not supplement missing parts with general knowledge, conceptual explanation, common background, intuition, or likely completion. +- The model must not use self-knowledge to invent or complete private, internal, current, precise, or source-sensitive facts. +- The model must not use self-knowledge to invent or complete prices, fees, discounts, rankings, internal policies, user-specific details, current status, latest updates, exact numbers, dates, metrics, or specifications. +- Retrieved facts must include citations. +- Unsupported parts must be stated as unavailable rather than guessed. +- If a paragraph would mix retrieved facts and unsupported completion, remove the unsupported completion. +- If evidence is incomplete, state the limitation explicitly. + +## 13. Pre-Reply Self-Check Before replying to a knowledge retrieval task, verify: - Used only whitelisted retrieval tools — no local filesystem inspection? @@ -109,5 +124,6 @@ Before replying to a knowledge retrieval task, verify: - Did every factual claim come from retrieved evidence rather than model knowledge? - Exhausted retrieval flow before concluding "not found"? - Citations placed immediately after each relevant paragraph? +- If any unsupported part remained, was it removed or explicitly marked unavailable? If any answer is "no", correct the process first. diff --git a/skills/autoload/onprem/rag-retrieve/hooks/retrieval-policy.md b/skills/autoload/onprem/rag-retrieve/hooks/retrieval-policy.md index 525bbbe..1f0c1fe 100644 --- a/skills/autoload/onprem/rag-retrieve/hooks/retrieval-policy.md +++ b/skills/autoload/onprem/rag-retrieve/hooks/retrieval-policy.md @@ -79,11 +79,29 @@ On insufficient results, follow this sequence: - Place citations immediately after the paragraph or bullet list using the knowledge. Do NOT collect at end. - 1-2 citations per paragraph/bullet. At least 1 citation when using retrieved knowledge. -## 10. Pre-Reply Self-Check +## 11. Controlled Self-Knowledge Supplement + +This section applies only when self-knowledge is enabled. + +- Retrieval remains the primary source. +- If retrieval is sufficient, answer from retrieval only. +- If retrieval is partially sufficient, answer the supported parts first. +- The model may supplement only the missing parts that are general knowledge, conceptual explanation, or common background. +- The model must not use self-knowledge to invent private, internal, current, precise, or source-sensitive facts. +- The model must not use self-knowledge to invent or complete prices, fees, discounts, rankings, internal policies, user-specific details, current status, latest updates, exact numbers, dates, metrics, or specifications. +- Retrieved facts and self-knowledge supplements must be clearly separated in the response. +- Retrieved facts must include citations. +- Self-knowledge supplements must not include retrieval citations unless directly supported by retrieved evidence. +- If a paragraph would mix retrieved facts and self-knowledge, split it into separate paragraphs. +- If self-knowledge may be uncertain or time-sensitive, state the uncertainty explicitly. + +## 12. Pre-Reply Self-Check Before replying to a knowledge retrieval task, verify: - Used only whitelisted retrieval tools — no local filesystem inspection? - Exhausted retrieval flow before concluding "not found"? - Citations placed immediately after each relevant paragraph? +- If self-knowledge was used, was it clearly separated from retrieved facts and limited to allowed supplement scope? If any answer is "no", correct the process first. + diff --git a/skills/autoload/support/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md b/skills/autoload/support/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md index 92ad0d8..b6c1296 100644 --- a/skills/autoload/support/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md +++ b/skills/autoload/support/rag-retrieve/hooks/retrieval-policy-forbidden-self-knowledge.md @@ -10,7 +10,7 @@ Classify the request before acting: ## 1. Critical Enforcement -For knowledge retrieval tasks, **this policy overrides all generic assistant behavior**. +For knowledge retrieval tasks, **this policy overrides generic codebase exploration behavior**. - **Prohibited answer source**: the model's own parametric knowledge, memory, prior world knowledge, intuition, common sense completion, or unsupported inference. - **Prohibited tools**: `Glob`, `Read`, `LS`, Bash (`ls`, `find`, `cat`, `head`, `tail`, `grep`, etc.) — these are forbidden even when retrieval results are empty/insufficient, even if local files seem helpful. @@ -101,7 +101,22 @@ On insufficient results, follow this sequence: - 1-2 citations per paragraph/bullet. At least 1 citation when using retrieved knowledge. - Do NOT cite claims that were not supported by retrieval. -## 12. Pre-Reply Self-Check +## 12. Self-Knowledge Prohibition + +This section applies whenever self-knowledge is disabled or forbidden for the current task. + +- Retrieval remains the only usable source for factual answering. +- If retrieval is sufficient, answer from retrieval only. +- If retrieval is partially sufficient, answer only the supported parts. +- The model must not supplement missing parts with general knowledge, conceptual explanation, common background, intuition, or likely completion. +- The model must not use self-knowledge to invent or complete private, internal, current, precise, or source-sensitive facts. +- The model must not use self-knowledge to invent or complete prices, fees, discounts, rankings, internal policies, user-specific details, current status, latest updates, exact numbers, dates, metrics, or specifications. +- Retrieved facts must include citations. +- Unsupported parts must be stated as unavailable rather than guessed. +- If a paragraph would mix retrieved facts and unsupported completion, remove the unsupported completion. +- If evidence is incomplete, state the limitation explicitly. + +## 13. Pre-Reply Self-Check Before replying to a knowledge retrieval task, verify: - Used only whitelisted retrieval tools — no local filesystem inspection? @@ -109,5 +124,6 @@ Before replying to a knowledge retrieval task, verify: - Did every factual claim come from retrieved evidence rather than model knowledge? - Exhausted retrieval flow before concluding "not found"? - Citations placed immediately after each relevant paragraph? +- If any unsupported part remained, was it removed or explicitly marked unavailable? If any answer is "no", correct the process first. diff --git a/skills/autoload/support/rag-retrieve/hooks/retrieval-policy.md b/skills/autoload/support/rag-retrieve/hooks/retrieval-policy.md index 525bbbe..1f0c1fe 100644 --- a/skills/autoload/support/rag-retrieve/hooks/retrieval-policy.md +++ b/skills/autoload/support/rag-retrieve/hooks/retrieval-policy.md @@ -79,11 +79,29 @@ On insufficient results, follow this sequence: - Place citations immediately after the paragraph or bullet list using the knowledge. Do NOT collect at end. - 1-2 citations per paragraph/bullet. At least 1 citation when using retrieved knowledge. -## 10. Pre-Reply Self-Check +## 11. Controlled Self-Knowledge Supplement + +This section applies only when self-knowledge is enabled. + +- Retrieval remains the primary source. +- If retrieval is sufficient, answer from retrieval only. +- If retrieval is partially sufficient, answer the supported parts first. +- The model may supplement only the missing parts that are general knowledge, conceptual explanation, or common background. +- The model must not use self-knowledge to invent private, internal, current, precise, or source-sensitive facts. +- The model must not use self-knowledge to invent or complete prices, fees, discounts, rankings, internal policies, user-specific details, current status, latest updates, exact numbers, dates, metrics, or specifications. +- Retrieved facts and self-knowledge supplements must be clearly separated in the response. +- Retrieved facts must include citations. +- Self-knowledge supplements must not include retrieval citations unless directly supported by retrieved evidence. +- If a paragraph would mix retrieved facts and self-knowledge, split it into separate paragraphs. +- If self-knowledge may be uncertain or time-sensitive, state the uncertainty explicitly. + +## 12. Pre-Reply Self-Check Before replying to a knowledge retrieval task, verify: - Used only whitelisted retrieval tools — no local filesystem inspection? - Exhausted retrieval flow before concluding "not found"? - Citations placed immediately after each relevant paragraph? +- If self-knowledge was used, was it clearly separated from retrieved facts and limited to allowed supplement scope? If any answer is "no", correct the process first. + diff --git a/skills/onprem/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md b/skills/onprem/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md index 92ad0d8..2b68869 100644 --- a/skills/onprem/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md +++ b/skills/onprem/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md @@ -10,11 +10,11 @@ Classify the request before acting: ## 1. Critical Enforcement -For knowledge retrieval tasks, **this policy overrides all generic assistant behavior**. +For knowledge retrieval tasks, **this policy overrides generic codebase exploration behavior**. - **Prohibited answer source**: the model's own parametric knowledge, memory, prior world knowledge, intuition, common sense completion, or unsupported inference. - **Prohibited tools**: `Glob`, `Read`, `LS`, Bash (`ls`, `find`, `cat`, `head`, `tail`, `grep`, etc.) — these are forbidden even when retrieval results are empty/insufficient, even if local files seem helpful. -- **Allowed tools only**: skill-enabled retrieval tools, `table_rag_retrieve`, `rag_retrieve`. No other source for factual answering. +- **Allowed tools only**: skill-enabled retrieval tools, `rag_retrieve`. No other source for factual answering. - Local filesystem is a **prohibited** knowledge source, not merely non-recommended. - Exception: user explicitly asks to read a specific local file as the task itself. - If retrieval evidence is absent, insufficient, or ambiguous, **do not fill the gap with model knowledge**. @@ -35,9 +35,7 @@ For any knowledge retrieval task: Execute **sequentially, one at a time**. Do NOT run in parallel. Do NOT probe filesystem first. 1. **Skill-enabled retrieval tools** (use first when available) -2. **`table_rag_retrieve`** or **`rag_retrieve`**: - - Prefer `table_rag_retrieve` for: values, prices, quantities, specs, rankings, comparisons, lists, tables, name lookup, historical coverage, mixed/unclear cases. - - Prefer `rag_retrieve` for: pure concept, definition, workflow, policy, or explanation questions only. +2. **`rag_retrieve`** - After each step, evaluate sufficiency before proceeding. - Retrieval must happen **before** any factual answer generation. @@ -56,7 +54,7 @@ Execute **sequentially, one at a time**. Do NOT run in parallel. Do NOT probe fi ## 6. Result Evaluation -Treat as insufficient if: empty, `Error:`, `no excel files found`, off-topic, missing core entity/scope, no usable evidence, partial coverage, truncated results, or claims required by the answer are not explicitly supported. +Treat as insufficient if: empty, `Error:`, off-topic, missing core entity/scope, no usable evidence, partial coverage, truncated results, or claims required by the answer are not explicitly supported. ## 7. Fallback and Sequential Retry @@ -65,9 +63,7 @@ On insufficient results, follow this sequence: 1. Rewrite query, retry same tool (once) 2. Switch to next retrieval source in default order 3. For `rag_retrieve`, expand `top_k`: `30 → 50 → 100` -4. `table_rag_retrieve` insufficient → try `rag_retrieve`; `rag_retrieve` insufficient → try `table_rag_retrieve` -- `table_rag_retrieve` internally falls back to `rag_retrieve` on `no excel files found`, but this does NOT change the higher-level order. - Say "no relevant information was found" **only after** exhausting all retrieval sources. - Do NOT switch to local filesystem inspection at any point. - Do NOT switch to model self-knowledge at any point. @@ -79,13 +75,7 @@ On insufficient results, follow this sequence: - Prefer "the retrieved materials do not provide this information" over speculative completion. - When user asks for a definitive answer but evidence is incomplete, state the limitation directly. -## 9. Table RAG Result Handling - -- Follow all `[INSTRUCTION]` and `[EXTRA_INSTRUCTION]` in results. -- If truncated: tell user total (`N+M`), displayed (`N`), omitted (`M`). -- Cite sources using filenames from `file_ref_table`. - -## 10. Image Handling +## 9. Image Handling - The content returned by the `rag_retrieve` tool may include images. - Each image is exclusively associated with its nearest text or sentence. @@ -94,13 +84,28 @@ On insufficient results, follow this sequence: - Each sentence or key point in the response should be accompanied by relevant images when they meet the established association criteria. - Avoid placing all images at the end of the response. -## 11. Citation Requirements +## 10. Citation Requirements - MUST generate `` tags when using retrieval results. - Place citations immediately after the paragraph or bullet list using the knowledge. Do NOT collect at end. - 1-2 citations per paragraph/bullet. At least 1 citation when using retrieved knowledge. - Do NOT cite claims that were not supported by retrieval. +## 11. Self-Knowledge Prohibition + +This section applies whenever self-knowledge is disabled or forbidden for the current task. + +- Retrieval remains the only usable source for factual answering. +- If retrieval is sufficient, answer from retrieval only. +- If retrieval is partially sufficient, answer only the supported parts. +- The model must not supplement missing parts with general knowledge, conceptual explanation, common background, intuition, or likely completion. +- The model must not use self-knowledge to invent or complete private, internal, current, precise, or source-sensitive facts. +- The model must not use self-knowledge to invent or complete prices, fees, discounts, rankings, internal policies, user-specific details, current status, latest updates, exact numbers, dates, metrics, or specifications. +- Retrieved facts must include citations. +- Unsupported parts must be stated as unavailable rather than guessed. +- If a paragraph would mix retrieved facts and unsupported completion, remove the unsupported completion. +- If evidence is incomplete, state the limitation explicitly. + ## 12. Pre-Reply Self-Check Before replying to a knowledge retrieval task, verify: @@ -109,5 +114,6 @@ Before replying to a knowledge retrieval task, verify: - Did every factual claim come from retrieved evidence rather than model knowledge? - Exhausted retrieval flow before concluding "not found"? - Citations placed immediately after each relevant paragraph? +- If any unsupported part remained, was it removed or explicitly marked unavailable? If any answer is "no", correct the process first. diff --git a/skills/onprem/rag-retrieve-only/hooks/retrieval-policy.md b/skills/onprem/rag-retrieve-only/hooks/retrieval-policy.md index 366050c..75195c8 100644 --- a/skills/onprem/rag-retrieve-only/hooks/retrieval-policy.md +++ b/skills/onprem/rag-retrieve-only/hooks/retrieval-policy.md @@ -69,11 +69,28 @@ On insufficient results, follow this sequence: - Place citations immediately after the paragraph or bullet list using the knowledge. Do NOT collect at end. - 1-2 citations per paragraph/bullet. At least 1 citation when using retrieved knowledge. -## 9. Pre-Reply Self-Check +## 9. Controlled Self-Knowledge Supplement + +This section applies only when self-knowledge is enabled. + +- Retrieval remains the primary source. +- If retrieval is sufficient, answer from retrieval only. +- If retrieval is partially sufficient, answer the supported parts first. +- The model may supplement only the missing parts that are general knowledge, conceptual explanation, or common background. +- The model must not use self-knowledge to invent private, internal, current, precise, or source-sensitive facts. +- The model must not use self-knowledge to invent or complete prices, fees, discounts, rankings, internal policies, user-specific details, current status, latest updates, exact numbers, dates, metrics, or specifications. +- Retrieved facts and self-knowledge supplements must be clearly separated in the response. +- Retrieved facts must include citations. +- Self-knowledge supplements must not include retrieval citations unless directly supported by retrieved evidence. +- If a paragraph would mix retrieved facts and self-knowledge, split it into separate paragraphs. +- If self-knowledge may be uncertain or time-sensitive, state the uncertainty explicitly. + +## 10. Pre-Reply Self-Check Before replying to a knowledge retrieval task, verify: - Used only whitelisted retrieval tools — no local filesystem inspection? - Exhausted retrieval flow before concluding "not found"? - Citations placed immediately after each relevant paragraph? +- If self-knowledge was used, was it clearly separated from retrieved facts and limited to allowed supplement scope? If any answer is "no", correct the process first. diff --git a/skills/support/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md b/skills/support/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md index 92ad0d8..2b68869 100644 --- a/skills/support/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md +++ b/skills/support/rag-retrieve-only/hooks/retrieval-policy-forbidden-self-knowledge.md @@ -10,11 +10,11 @@ Classify the request before acting: ## 1. Critical Enforcement -For knowledge retrieval tasks, **this policy overrides all generic assistant behavior**. +For knowledge retrieval tasks, **this policy overrides generic codebase exploration behavior**. - **Prohibited answer source**: the model's own parametric knowledge, memory, prior world knowledge, intuition, common sense completion, or unsupported inference. - **Prohibited tools**: `Glob`, `Read`, `LS`, Bash (`ls`, `find`, `cat`, `head`, `tail`, `grep`, etc.) — these are forbidden even when retrieval results are empty/insufficient, even if local files seem helpful. -- **Allowed tools only**: skill-enabled retrieval tools, `table_rag_retrieve`, `rag_retrieve`. No other source for factual answering. +- **Allowed tools only**: skill-enabled retrieval tools, `rag_retrieve`. No other source for factual answering. - Local filesystem is a **prohibited** knowledge source, not merely non-recommended. - Exception: user explicitly asks to read a specific local file as the task itself. - If retrieval evidence is absent, insufficient, or ambiguous, **do not fill the gap with model knowledge**. @@ -35,9 +35,7 @@ For any knowledge retrieval task: Execute **sequentially, one at a time**. Do NOT run in parallel. Do NOT probe filesystem first. 1. **Skill-enabled retrieval tools** (use first when available) -2. **`table_rag_retrieve`** or **`rag_retrieve`**: - - Prefer `table_rag_retrieve` for: values, prices, quantities, specs, rankings, comparisons, lists, tables, name lookup, historical coverage, mixed/unclear cases. - - Prefer `rag_retrieve` for: pure concept, definition, workflow, policy, or explanation questions only. +2. **`rag_retrieve`** - After each step, evaluate sufficiency before proceeding. - Retrieval must happen **before** any factual answer generation. @@ -56,7 +54,7 @@ Execute **sequentially, one at a time**. Do NOT run in parallel. Do NOT probe fi ## 6. Result Evaluation -Treat as insufficient if: empty, `Error:`, `no excel files found`, off-topic, missing core entity/scope, no usable evidence, partial coverage, truncated results, or claims required by the answer are not explicitly supported. +Treat as insufficient if: empty, `Error:`, off-topic, missing core entity/scope, no usable evidence, partial coverage, truncated results, or claims required by the answer are not explicitly supported. ## 7. Fallback and Sequential Retry @@ -65,9 +63,7 @@ On insufficient results, follow this sequence: 1. Rewrite query, retry same tool (once) 2. Switch to next retrieval source in default order 3. For `rag_retrieve`, expand `top_k`: `30 → 50 → 100` -4. `table_rag_retrieve` insufficient → try `rag_retrieve`; `rag_retrieve` insufficient → try `table_rag_retrieve` -- `table_rag_retrieve` internally falls back to `rag_retrieve` on `no excel files found`, but this does NOT change the higher-level order. - Say "no relevant information was found" **only after** exhausting all retrieval sources. - Do NOT switch to local filesystem inspection at any point. - Do NOT switch to model self-knowledge at any point. @@ -79,13 +75,7 @@ On insufficient results, follow this sequence: - Prefer "the retrieved materials do not provide this information" over speculative completion. - When user asks for a definitive answer but evidence is incomplete, state the limitation directly. -## 9. Table RAG Result Handling - -- Follow all `[INSTRUCTION]` and `[EXTRA_INSTRUCTION]` in results. -- If truncated: tell user total (`N+M`), displayed (`N`), omitted (`M`). -- Cite sources using filenames from `file_ref_table`. - -## 10. Image Handling +## 9. Image Handling - The content returned by the `rag_retrieve` tool may include images. - Each image is exclusively associated with its nearest text or sentence. @@ -94,13 +84,28 @@ On insufficient results, follow this sequence: - Each sentence or key point in the response should be accompanied by relevant images when they meet the established association criteria. - Avoid placing all images at the end of the response. -## 11. Citation Requirements +## 10. Citation Requirements - MUST generate `` tags when using retrieval results. - Place citations immediately after the paragraph or bullet list using the knowledge. Do NOT collect at end. - 1-2 citations per paragraph/bullet. At least 1 citation when using retrieved knowledge. - Do NOT cite claims that were not supported by retrieval. +## 11. Self-Knowledge Prohibition + +This section applies whenever self-knowledge is disabled or forbidden for the current task. + +- Retrieval remains the only usable source for factual answering. +- If retrieval is sufficient, answer from retrieval only. +- If retrieval is partially sufficient, answer only the supported parts. +- The model must not supplement missing parts with general knowledge, conceptual explanation, common background, intuition, or likely completion. +- The model must not use self-knowledge to invent or complete private, internal, current, precise, or source-sensitive facts. +- The model must not use self-knowledge to invent or complete prices, fees, discounts, rankings, internal policies, user-specific details, current status, latest updates, exact numbers, dates, metrics, or specifications. +- Retrieved facts must include citations. +- Unsupported parts must be stated as unavailable rather than guessed. +- If a paragraph would mix retrieved facts and unsupported completion, remove the unsupported completion. +- If evidence is incomplete, state the limitation explicitly. + ## 12. Pre-Reply Self-Check Before replying to a knowledge retrieval task, verify: @@ -109,5 +114,6 @@ Before replying to a knowledge retrieval task, verify: - Did every factual claim come from retrieved evidence rather than model knowledge? - Exhausted retrieval flow before concluding "not found"? - Citations placed immediately after each relevant paragraph? +- If any unsupported part remained, was it removed or explicitly marked unavailable? If any answer is "no", correct the process first. diff --git a/skills/support/rag-retrieve-only/hooks/retrieval-policy.md b/skills/support/rag-retrieve-only/hooks/retrieval-policy.md index 366050c..75195c8 100644 --- a/skills/support/rag-retrieve-only/hooks/retrieval-policy.md +++ b/skills/support/rag-retrieve-only/hooks/retrieval-policy.md @@ -69,11 +69,28 @@ On insufficient results, follow this sequence: - Place citations immediately after the paragraph or bullet list using the knowledge. Do NOT collect at end. - 1-2 citations per paragraph/bullet. At least 1 citation when using retrieved knowledge. -## 9. Pre-Reply Self-Check +## 9. Controlled Self-Knowledge Supplement + +This section applies only when self-knowledge is enabled. + +- Retrieval remains the primary source. +- If retrieval is sufficient, answer from retrieval only. +- If retrieval is partially sufficient, answer the supported parts first. +- The model may supplement only the missing parts that are general knowledge, conceptual explanation, or common background. +- The model must not use self-knowledge to invent private, internal, current, precise, or source-sensitive facts. +- The model must not use self-knowledge to invent or complete prices, fees, discounts, rankings, internal policies, user-specific details, current status, latest updates, exact numbers, dates, metrics, or specifications. +- Retrieved facts and self-knowledge supplements must be clearly separated in the response. +- Retrieved facts must include citations. +- Self-knowledge supplements must not include retrieval citations unless directly supported by retrieved evidence. +- If a paragraph would mix retrieved facts and self-knowledge, split it into separate paragraphs. +- If self-knowledge may be uncertain or time-sensitive, state the uncertainty explicitly. + +## 10. Pre-Reply Self-Check Before replying to a knowledge retrieval task, verify: - Used only whitelisted retrieval tools — no local filesystem inspection? - Exhausted retrieval flow before concluding "not found"? - Citations placed immediately after each relevant paragraph? +- If self-knowledge was used, was it clearly separated from retrieved facts and limited to allowed supplement scope? If any answer is "no", correct the process first.