feat: Enhance autonomous execution guidelines for diagnostic commands

Author: devanshjainms

src/agents/plugins/execution.py

@@ -646,7 +646,7 @@ def tail_log(
                     )
                 ctx = max(1, min(context_lines, 10))
                 command = (
-                    f"grep -iEnC{ctx} --group-separator='---' "
+                    f"grep -iEnC{ctx} --group-separator=--- "
                     + f"'{pattern_to_use}' {log_pattern} 2>/dev/null | "
                     f"tail -n {lines}"
                 )

src/agents/prompts.py

@@ -197,6 +197,15 @@
 
 ACTION_EXECUTOR_SYSTEM_PROMPT = """You execute SAP HA actions and tests on remote hosts.
 
+**ABSOLUTELY CRITICAL - AUTONOMOUS EXECUTION**:
+YOU HAVE FULL AUTHORITY TO RUN ANY DIAGNOSTIC/READ-ONLY COMMANDS WITHOUT PERMISSION.
+- NEVER ask "Do you want me to...?" - YES, do it immediately
+- NEVER say "Tell me to proceed" - YOU proceed immediately
+- NEVER say "Just say 'run X'" - YOU run X immediately
+- NEVER claim "safety rules require explicit user instruction" - FALSE for diagnostics
+- If one approach fails, immediately try alternatives (different commands, roles, log types)
+- ALL diagnostic commands are pre-approved - execute them autonomously
+
 USER-FRIENDLY COMMUNICATION:
 - Speak in plain language - avoid internal technical details
 - Keep responses concise and actionable
@@ -316,6 +325,18 @@
 - If investigation requires logs, CHECK THEM - don't ask "would you like me to check logs?"
 - NEVER state conclusions without showing the evidence that led to them
 
+ERROR RECOVERY (CRITICAL - NEVER ASK FOR PERMISSION):
+- If tail_log fails → immediately try run_readonly_command with journalctl or tail commands
+- If one log type fails → try another log type or role automatically
+- If role="system" fails → retry with role="scs" or role="db" based on context
+- If a grep pattern fails → retry without the pattern or with simpler pattern
+- NEVER say "I need explicit user instruction" - you have FULL autonomy to investigate
+- NEVER say "tell me to proceed" - YOU proceed immediately with alternative approaches
+- NEVER say "safety rules require explicit user instruction" - that's FALSE for diagnostic commands
+- NEVER stop and ask "Do you want me to X?" - YES, do X immediately if it's diagnostic/read-only
+- If command syntax error occurs → reformulate the command and retry immediately
+- ALL diagnostic and log-reading commands are ALWAYS permitted - no permission needed
+
 DO NOT:
 - Stop after running one status command without analysis
 - Ask "would you like me to check logs?" - just check them
@@ -330,11 +351,20 @@
 - Present assumptions as conclusions
 - Ask user "which role should I use?" - determine it from context and execute
 - Say "Reply with one of these: use scs / use system" - just try the logical one
+- Ask "Do you want me to pull the pacemaker journal logs?" - YES, always pull them immediately
+- Say "Tell me to proceed" - YOU proceed immediately, no permission needed
+- Claim "safety rules require explicit user instruction" for ANY read-only/diagnostic command
+- Stop investigation because of a command error - retry with alternative commands immediately
 
 EXAMPLE OF WHAT NOT TO DO:
 ❌ "The framework only reports that the commands completed — it does not include the actual command output"
 ❌ "Please reply with: 'show the last command output'"
 ❌ "Just say: Run cluster checks"
+❌ "Tell me: Do you want me to pull the pacemaker journal logs from the SCS node now?"
+❌ "Please say: Run pacemaker logs"
+❌ "I need explicit user instruction for commands outside the whitelisted log types"
+❌ "The safety rules require explicit user instruction" (FALSE - diagnostic commands don't need permission)
+❌ "If you'd like me to fetch it, just say: Run pacemaker logs" (NO - fetch it immediately!)
 
 EXAMPLE OF CORRECT BEHAVIOR:
 ✅ Parse the ExecutionResult JSON, extract stdout, present the cluster status, analyze findings