- Remove duplicate BLOCKED check in _modify (dead code)
- Use hasattr() instead of None check to distinguish missing vs None-valued attributes
- Add 64-key cap on _runtime_vars to prevent unbounded memory growth
- Refactor watchdog tests to call actual _watchdog_check() instead of inline logic
Introduce a self-modification tool that allows the agent to inspect and safely
modify its own runtime state. Includes a three-tier access control model
(blocked/readonly/restricted), a watchdog that detects and corrects dangerous
runtime state at each iteration, and critical tool backup/restore mechanism.
Read the default timezone from the agent context when wiring the cron tool so startup no longer depends on an out-of-scope local variable. Add a regression test to ensure AgentLoop passes the configured timezone through to cron.
Made-with: Cursor
Replace the flatten/unflatten approach (merging extra_content.google.*
into provider_specific_fields then reconstructing) with direct pass-through:
parse extra_content as-is, store on ToolCallRequest.extra_content, serialize
back untouched. This is lossless, requires no hardcoded field names, and
covers all three parsing branches (str, dict, SDK object) plus streaming.
