fix(memory): address PR review blockers and majors for tool-scoped memory

- Gate prefetch behind `learning.enabled` so users who opt out of learning
  don't have stored rules pinned into the system prompt
- Move prefetch after tool-set resolution and pass actual agent tool names
  to `rules_for_prompt` so unrelated tool namespaces are never scanned
- Tighten "stop" edict detection: only treat "stop " as an imperative when
  it appears at a sentence boundary; remove `contains(" stop ")` from the
  per-line check to prevent false-positive captures from phrases like
  "I want to stop working on this"
- Remove body content from repeated-failure debug log to avoid PII leaking
  into log files (log body_len only, matching the edict capture path)
- Remove duplicate `is_pinned` predicate — `is_eager` already covers both
  Critical and High; update the doc-comment to explain compression semantics
- Filter `__unscoped__` sentinel from `list_tool_names` so unscoped edicts
  captured before any tool call are not injected into future prompt filters
- Add `log::debug!` entry to all six tool-memory RPC handlers per project
  convention (stable grep-able `[tool-memory]` prefix)
- Remove raw issue reference from `tool_memory_capture` registration log
- Exercise `PromptSection::build()` in `section_renders_via_prompt_section_trait`
  test — the previous version only called `is_empty()`, leaving the trait
  contract uncovered
- Extract shared `MockMemory` to `tool_memory/test_helpers.rs`; use it in
  both `store_tests.rs` and `capture.rs` to eliminate silent drift risk

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: YellowSnnowmann

src/openhuman/agent/harness/session/builder.rs

@@ -787,24 +787,6 @@ impl Agent {
             }
         }
 
-        // (#1400) Pre-fetch Critical + High priority tool-scoped memory
-        // rules so they pin into the (compression-resistant) system
-        // prompt for the whole session. Skipped silently when the
-        // current runtime cannot host a synchronous bridge — typically
-        // a single-threaded test harness — so this stays safe for every
-        // call site of `from_config_*`. The capture hook still runs in
-        // every session via [`ToolMemoryCaptureHook`] above.
-        if config.learning.tool_memory_capture_enabled {
-            let pinned = prefetch_tool_memory_rules_blocking(memory.clone());
-            if !pinned.is_empty() {
-                log::info!(
-                    "[memory::tool_memory] pinning {} tool-scoped rule(s) into system prompt",
-                    pinned.len()
-                );
-                prompt_builder = prompt_builder.with_tool_memory_rules(pinned);
-            }
-        }
-
         // Build post-turn hooks when learning is enabled
         let mut post_turn_hooks: Vec<Arc<dyn crate::openhuman::agent::hooks::PostTurnHook>> =
             Vec::new();
@@ -864,7 +846,7 @@ impl Agent {
                     crate::openhuman::memory::ToolMemoryCaptureHook::new(memory.clone(), true),
                 ));
                 log::info!(
-                    "[learning] tool_memory_capture hook registered (#1400 — durable tool rules)"
+                    "[learning] tool_memory_capture hook registered"
                 );
             }
         }
@@ -997,6 +979,28 @@ impl Agent {
                 .filter(|t| !existing_names.contains(t.name())),
         );
 
+        // Pre-fetch Critical + High priority tool-scoped memory rules so they
+        // pin into the (compression-resistant) system prompt for the whole
+        // session. Done here — after the tool list is finalised — so we only
+        // fetch rules for tools this agent can actually use.  Skipped when
+        // `learning.enabled` is false (no new rules are written in that mode,
+        // and users who opt out of learning expect no stored rules to surface)
+        // or when the runtime cannot host a synchronous bridge (single-threaded
+        // test harnesses).
+        if config.learning.enabled && config.learning.tool_memory_capture_enabled {
+            let agent_tool_names: Vec<String> =
+                tools.iter().map(|t| t.name().to_string()).collect();
+            let pinned =
+                prefetch_tool_memory_rules_blocking(memory.clone(), &agent_tool_names);
+            if !pinned.is_empty() {
+                log::info!(
+                    "[memory::tool_memory] pinning {} tool-scoped rule(s) into system prompt",
+                    pinned.len()
+                );
+                prompt_builder = prompt_builder.with_tool_memory_rules(pinned);
+            }
+        }
+
         // Build the P-Format registry AFTER the tool list is finalised
         // (including orchestrator tools) so every tool gets a signature
         // entry. The registry is self-contained — it doesn't hold a
@@ -1198,17 +1202,19 @@ impl Agent {
 /// merely seeds the rules that exist at session start.
 fn prefetch_tool_memory_rules_blocking(
     memory: Arc<dyn Memory>,
+    tool_names: &[String],
 ) -> Vec<crate::openhuman::memory::ToolMemoryRule> {
     let Ok(handle) = tokio::runtime::Handle::try_current() else {
         return Vec::new();
     };
     if handle.runtime_flavor() != tokio::runtime::RuntimeFlavor::MultiThread {
         return Vec::new();
     }
+    let tool_names = tool_names.to_vec();
     tokio::task::block_in_place(|| {
         handle.block_on(async move {
             let store = crate::openhuman::memory::ToolMemoryStore::new(memory);
-            match store.rules_for_prompt(&[]).await {
+            match store.rules_for_prompt(&tool_names).await {
                 Ok(grouped) => {
                     let mut flat: Vec<_> = grouped.into_values().flatten().collect();
                     flat.sort_by(|a, b| {

src/openhuman/memory/ops/tool_memory.rs

@@ -69,6 +69,7 @@ async fn open_store() -> Result<ToolMemoryStore, String> {
 pub async fn tool_rule_put(
     params: ToolRulePutParams,
 ) -> Result<RpcOutcome<ToolMemoryRule>, String> {
+    log::debug!("[tool-memory] rpc tool_rule_put tool={}", params.tool_name);
     let store = open_store().await?;
     let mut rule = ToolMemoryRule::new(
         &params.tool_name,
@@ -90,6 +91,11 @@ pub async fn tool_rule_put(
 pub async fn tool_rule_get(
     params: ToolRuleRefParams,
 ) -> Result<RpcOutcome<Option<ToolMemoryRule>>, String> {
+    log::debug!(
+        "[tool-memory] rpc tool_rule_get tool={} id={}",
+        params.tool_name,
+        params.id
+    );
     let store = open_store().await?;
     let rule = store.get_rule(&params.tool_name, &params.id).await?;
     Ok(RpcOutcome::single_log(rule, "tool memory rule fetched"))
@@ -99,13 +105,19 @@ pub async fn tool_rule_get(
 pub async fn tool_rule_list(
     params: ToolRuleListParams,
 ) -> Result<RpcOutcome<Vec<ToolMemoryRule>>, String> {
+    log::debug!("[tool-memory] rpc tool_rule_list tool={}", params.tool_name);
     let store = open_store().await?;
     let rules = store.list_rules(&params.tool_name).await?;
     Ok(RpcOutcome::single_log(rules, "tool memory rules listed"))
 }
 
 /// Delete a tool-scoped rule by id.
 pub async fn tool_rule_delete(params: ToolRuleRefParams) -> Result<RpcOutcome<bool>, String> {
+    log::debug!(
+        "[tool-memory] rpc tool_rule_delete tool={} id={}",
+        params.tool_name,
+        params.id
+    );
     let store = open_store().await?;
     let deleted = store.delete_rule(&params.tool_name, &params.id).await?;
     Ok(RpcOutcome::single_log(deleted, "tool memory rule deleted"))
@@ -126,6 +138,10 @@ pub struct ToolRulesForPromptResult {
 pub async fn tool_rules_for_prompt(
     params: ToolRulesForPromptParams,
 ) -> Result<RpcOutcome<ToolRulesForPromptResult>, String> {
+    log::debug!(
+        "[tool-memory] rpc tool_rules_for_prompt tools={:?}",
+        params.tools
+    );
     let store = open_store().await?;
     let grouped = store.rules_for_prompt(&params.tools).await?;
     let mut flat: Vec<ToolMemoryRule> = grouped.into_values().flatten().collect();
@@ -148,6 +164,7 @@ pub async fn tool_rules_for_prompt(
 /// Render the raw JSON form of a tool's rules, useful for envelope
 /// consumers that want the unfiltered list.
 pub async fn tool_rules_json(params: ToolRuleListParams) -> Result<RpcOutcome<Value>, String> {
+    log::debug!("[tool-memory] rpc tool_rules_json tool={}", params.tool_name);
     let store = open_store().await?;
     let value = store.list_rules_json(&params.tool_name).await?;
     Ok(RpcOutcome::single_log(value, "tool memory rules json"))

src/openhuman/memory/tool_memory/capture.rs

@@ -77,8 +77,14 @@ impl ToolMemoryCaptureHook {
             return Vec::new();
         }
         let lower = trimmed.to_lowercase();
+        // Only treat "stop" as an imperative edict when it appears at a
+        // sentence boundary (start of message or after ". "/"\n"), so routine
+        // phrases like "I want to stop working" don't trigger false captures.
+        let stop_imperative = lower.starts_with("stop ")
+            || lower.contains(". stop ")
+            || lower.contains("\nstop ");
         if !(lower.contains("never ") || lower.contains("don't ") || lower.contains("do not "))
-            && !lower.contains("stop ")
+            && !stop_imperative
         {
             return Vec::new();
         }
@@ -105,8 +111,7 @@ impl ToolMemoryCaptureHook {
                 || lower_line.starts_with("stop ")
                 || lower_line.contains(" never ")
                 || lower_line.contains(" don't ")
-                || lower_line.contains(" do not ")
-                || lower_line.contains(" stop ");
+                || lower_line.contains(" do not ");
             if !is_edict {
                 continue;
             }
@@ -195,8 +200,8 @@ impl PostTurnHook for ToolMemoryCaptureHook {
 
         for (tool, body) in Self::extract_repeated_failures(&ctx.tool_calls) {
             log::debug!(
-                "[tool-memory] capturing repeated failure tool={tool} body=\"{}\"",
-                truncate_for_log(&body)
+                "[tool-memory] capturing repeated failure tool={tool} body_len={}",
+                body.len()
             );
             if let Err(err) = self
                 .store
@@ -286,103 +291,7 @@ mod tests {
     use super::*;
     use crate::openhuman::agent::hooks::ToolCallRecord;
     use crate::openhuman::memory::tool_memory::store::ToolMemoryStore;
-    use crate::openhuman::memory::{MemoryCategory, MemoryEntry, NamespaceSummary, RecallOpts};
-    use async_trait::async_trait;
-    use parking_lot::Mutex;
-    use std::collections::HashMap;
-
-    #[derive(Default)]
-    struct MockMemory {
-        entries: Mutex<HashMap<(String, String), MemoryEntry>>,
-    }
-
-    #[async_trait]
-    impl Memory for MockMemory {
-        fn name(&self) -> &str {
-            "mock"
-        }
-        async fn store(
-            &self,
-            namespace: &str,
-            key: &str,
-            content: &str,
-            category: MemoryCategory,
-            session_id: Option<&str>,
-        ) -> anyhow::Result<()> {
-            self.entries.lock().insert(
-                (namespace.to_string(), key.to_string()),
-                MemoryEntry {
-                    id: format!("{namespace}/{key}"),
-                    key: key.to_string(),
-                    content: content.to_string(),
-                    namespace: Some(namespace.to_string()),
-                    category,
-                    timestamp: "now".into(),
-                    session_id: session_id.map(str::to_string),
-                    score: None,
-                },
-            );
-            Ok(())
-        }
-        async fn recall(
-            &self,
-            _query: &str,
-            _limit: usize,
-            _opts: RecallOpts<'_>,
-        ) -> anyhow::Result<Vec<MemoryEntry>> {
-            Ok(Vec::new())
-        }
-        async fn get(&self, namespace: &str, key: &str) -> anyhow::Result<Option<MemoryEntry>> {
-            Ok(self
-                .entries
-                .lock()
-                .get(&(namespace.to_string(), key.to_string()))
-                .cloned())
-        }
-        async fn list(
-            &self,
-            namespace: Option<&str>,
-            _category: Option<&MemoryCategory>,
-            _session_id: Option<&str>,
-        ) -> anyhow::Result<Vec<MemoryEntry>> {
-            let lock = self.entries.lock();
-            let iter = lock.iter();
-            Ok(match namespace {
-                Some(ns) => iter
-                    .filter(|((n, _), _)| n == ns)
-                    .map(|(_, v)| v.clone())
-                    .collect(),
-                None => iter.map(|(_, v)| v.clone()).collect(),
-            })
-        }
-        async fn forget(&self, namespace: &str, key: &str) -> anyhow::Result<bool> {
-            Ok(self
-                .entries
-                .lock()
-                .remove(&(namespace.to_string(), key.to_string()))
-                .is_some())
-        }
-        async fn namespace_summaries(&self) -> anyhow::Result<Vec<NamespaceSummary>> {
-            let mut counts: HashMap<String, usize> = HashMap::new();
-            for ((ns, _), _) in self.entries.lock().iter() {
-                *counts.entry(ns.clone()).or_default() += 1;
-            }
-            Ok(counts
-                .into_iter()
-                .map(|(namespace, count)| NamespaceSummary {
-                    namespace,
-                    count,
-                    last_updated: None,
-                })
-                .collect())
-        }
-        async fn count(&self) -> anyhow::Result<usize> {
-            Ok(self.entries.lock().len())
-        }
-        async fn health_check(&self) -> bool {
-            true
-        }
-    }
+    use crate::openhuman::memory::tool_memory::test_helpers::MockMemory;
 
     fn ctx_with(message: &str, tool_calls: Vec<ToolCallRecord>) -> TurnContext {
         TurnContext {

src/openhuman/memory/tool_memory/mod.rs

@@ -35,6 +35,8 @@ pub mod capture;
 pub mod prompt;
 pub mod store;
 pub mod types;
+#[cfg(test)]
+pub mod test_helpers;
 
 pub use capture::ToolMemoryCaptureHook;
 pub use prompt::{render_tool_memory_rules, ToolMemoryRulesSection, TOOL_MEMORY_HEADING};

src/openhuman/memory/tool_memory/prompt.rs

@@ -144,6 +144,7 @@ fn priority_marker(priority: ToolMemoryPriority) -> &'static str {
 #[cfg(test)]
 mod tests {
     use super::*;
+    use crate::openhuman::agent::prompts::types::{LearnedContextData, PromptContext, ToolCallFormat};
     use crate::openhuman::memory::tool_memory::types::ToolMemorySource;
 
     fn rule(tool: &str, body: &str, priority: ToolMemoryPriority) -> ToolMemoryRule {
@@ -214,14 +215,34 @@ mod tests {
 
     #[test]
     fn section_renders_via_prompt_section_trait() {
-        // We construct a minimal context-independent test: build() must
-        // not depend on PromptContext fields and must surface the
-        // section's snapshot verbatim.
+        // build() must not depend on PromptContext fields — it returns
+        // the at-construction snapshot verbatim. We call it here to
+        // exercise the trait contract directly.
         let section = ToolMemoryRulesSection::new(vec![rule(
             "email",
             "never email Sarah",
             ToolMemoryPriority::Critical,
         )]);
         assert!(!section.is_empty());
+        let visible = std::collections::HashSet::new();
+        let ctx = PromptContext {
+            workspace_dir: std::path::Path::new("."),
+            model_name: "test",
+            agent_id: "test",
+            tools: &[],
+            skills: &[],
+            dispatcher_instructions: "",
+            learned: LearnedContextData::default(),
+            visible_tool_names: &visible,
+            tool_call_format: ToolCallFormat::PFormat,
+            connected_integrations: &[],
+            connected_identities_md: String::new(),
+            include_profile: false,
+            include_memory_md: false,
+            curated_snapshot: None,
+            user_identity: None,
+        };
+        let built = section.build(&ctx).unwrap();
+        assert!(built.contains("never email Sarah"));
     }
 }

src/openhuman/memory/tool_memory/store.rs

@@ -205,7 +205,11 @@ impl ToolMemoryStore {
         let mut out = Vec::new();
         for summary in summaries {
             if let Some(tool) = summary.namespace.strip_prefix("tool-") {
-                if !tool.is_empty() {
+                // Exclude empty names and the sentinel used for unscoped
+                // edicts captured before any tool call ran — those rules are
+                // not permanently associated with a real tool and must not be
+                // injected into prompt filtering for arbitrary sessions.
+                if !tool.is_empty() && tool != "__unscoped__" {
                     out.push(tool.to_string());
                 }
             }