MervinPraison · MervinPraison · Jun 12, 2026 · Jun 10, 2026 · Jun 10, 2026 · coderabbitai
diff --git a/src/praisonai-agents/praisonaiagents/agent/chat_mixin.py b/src/praisonai-agents/praisonaiagents/agent/chat_mixin.py
@@ -1676,6 +1676,7 @@ def _chat_impl(self, prompt, temperature, tools, output_json, output_pydantic, r
                         task_id=task_id,
                         execute_tool_fn=self.execute_tool,
                         parallel_tool_calls=getattr(getattr(self, "execution", None), "parallel_tool_calls", False),
+                        max_tool_calls_per_turn=getattr(getattr(self, "execution", None), "max_tool_calls_per_turn", 10),
                         reasoning_steps=reasoning_steps,
                         stream=stream
                     )
@@ -2172,6 +2173,7 @@ async def _achat_impl(self, prompt, temperature, tools, output_json, output_pyda
                         'task_id': task_id,
                         'execute_tool_fn': self.execute_tool_async,
                         'parallel_tool_calls': getattr(getattr(self, "execution", None), "parallel_tool_calls", False),
+                        'max_tool_calls_per_turn': getattr(getattr(self, "execution", None), "max_tool_calls_per_turn", 10),
                         'reasoning_steps': reasoning_steps,
                         'stream': stream
                     }
@@ -2917,7 +2919,8 @@ def _start_stream(self, prompt: str, **kwargs) -> Generator[str, None, None]:
                         task_description=kwargs.get('task_description'),
                         task_id=kwargs.get('task_id'),
                         execute_tool_fn=self.execute_tool,
-                        parallel_tool_calls=getattr(getattr(self, "execution", None), "parallel_tool_calls", False)
+                        parallel_tool_calls=getattr(getattr(self, "execution", None), "parallel_tool_calls", False),
+                        max_tool_calls_per_turn=getattr(getattr(self, "execution", None), "max_tool_calls_per_turn", 10)
                     ):
                         response_content += chunk
                         yield chunk

diff --git a/src/praisonai-agents/praisonaiagents/config/feature_configs.py b/src/praisonai-agents/praisonaiagents/config/feature_configs.py
@@ -720,6 +720,9 @@ class ExecutionConfig:
     # Retry settings
     max_retry_limit: int = 2
 
+    # Tool call limits (loop protection)
+    max_tool_calls_per_turn: int = 10
+
     # Code execution (consolidated from allow_code_execution + code_execution_mode)
     code_execution: bool = False
     code_mode: str = "safe"  # "safe" or "unsafe"

diff --git a/src/praisonai-agents/praisonaiagents/llm/llm.py b/src/praisonai-agents/praisonaiagents/llm/llm.py
@@ -1837,6 +1837,7 @@ def get_response(
         task_id: Optional[str] = None,
         execute_tool_fn: Optional[Callable] = None,
         parallel_tool_calls: bool = False,  # Gap 2: Enable parallel tool execution
+        max_tool_calls_per_turn: int = 10,  # Loop guardrails
         stream: bool = True,
         stream_callback: Optional[Callable] = None,
         emit_events: bool = False,
@@ -1961,6 +1962,7 @@ def _prepare_return_value(text: str) -> Union[str, tuple]:
             # Sequential tool calling loop - similar to agent.py
             max_iterations = 10  # Prevent infinite loops
             iteration_count = 0
+            tool_call_count = 0  # Track total tool calls for guardrails
             final_response_text = ""
             response_text = ""  # Initialize to prevent UnboundLocalError on API errors
             stored_reasoning_content = None  # Store reasoning content from tool execution
@@ -2820,6 +2822,18 @@ def _prepare_return_value(text: str) -> Union[str, tuple]:
                         tool_results = []  # Store current iteration tool results
                         tool_result_mapping = {}  # Store function results by name for Ollama chaining
 
+                        # Guardrail: Check tool call limit to prevent infinite loops
+                        # Allow execution if we haven't reached the limit yet, but limit the batch size
+                        if tool_call_count >= max_tool_calls_per_turn:
+                            logging.warning(f"Tool call limit reached ({max_tool_calls_per_turn}). Stopping to prevent infinite loop.")
+                            final_response_text = f"Tool call limit reached ({max_tool_calls_per_turn} calls). Task may be too complex or there may be a broken tool causing repeated calls."
+                            break
+                        elif tool_call_count + len(tool_calls) > max_tool_calls_per_turn:
+                            # Limit the batch to stay within the total limit
+                            remaining_calls = max_tool_calls_per_turn - tool_call_count
+                            tool_calls = tool_calls[:remaining_calls]
+                            logging.warning(f"Limiting batch to {remaining_calls} tool calls to stay within limit of {max_tool_calls_per_turn}.")
+
                         for tool_call in tool_calls:
                             # Handle both object and dict access patterns
                             is_ollama = self._is_ollama_provider()
@@ -2840,7 +2854,8 @@ def _prepare_return_value(text: str) -> Union[str, tuple]:
 
                             logging.debug(f"[TOOL_EXEC_DEBUG] About to execute tool {function_name} with args: {arguments}")
                             tool_result = execute_tool_fn(function_name, arguments, tool_call_id=tool_call_id)
-                            logging.debug(f"[TOOL_EXEC_DEBUG] Tool execution result: {tool_result}")
+                            tool_call_count += 1  # Increment tool call counter for guardrails
+                            logging.debug(f"[TOOL_EXEC_DEBUG] Tool execution result: {tool_result} (call #{tool_call_count})")
                             tool_results.append(tool_result)  # Store the result
                             accumulated_tool_results.append(tool_result)  # Accumulate across iterations
 
@@ -3352,6 +3367,7 @@ def get_response_stream(
         task_id: Optional[str] = None,
         execute_tool_fn: Optional[Callable] = None,
         parallel_tool_calls: bool = False,  # Gap 2: Enable parallel tool execution
+        max_tool_calls_per_turn: int = 10,  # Loop guardrails
         **kwargs
     ):
         """Generator that yields real-time response chunks from the LLM.
@@ -3498,6 +3514,13 @@ def get_response_stream(
 
                     # After streaming completes, handle tool calls if present
                     if tool_calls and execute_tool_fn:
+                        # Guardrail: Check tool call limit to prevent infinite loops
+                        if len(tool_calls) > max_tool_calls_per_turn:
+                            logging.warning(f"Tool call limit reached ({max_tool_calls_per_turn}). Stopping to prevent infinite loop.")
+                            error_message = f"Tool call limit reached ({max_tool_calls_per_turn} calls). Task may be too complex or there may be a broken tool causing repeated calls."
+                            yield error_message
+                            return
+
                         # Add assistant message with tool calls to conversation
                         if self._is_ollama_provider():
                             messages.append({
@@ -3674,6 +3697,7 @@ async def get_response_async(
         task_description: Optional[str] = None,
         task_id: Optional[str] = None,
         execute_tool_fn: Optional[Callable] = None,
+        max_tool_calls_per_turn: int = 10,  # Loop guardrails
         stream: bool = True,
         **kwargs
     ) -> str:
@@ -3752,6 +3776,7 @@ async def get_response_async(
             # Initialize variables for iteration loop
             max_iterations = 50  # Prevent infinite loops
             iteration_count = 0
+            tool_call_count = 0  # Track total tool calls for guardrails
             final_response_text = ""
             stored_reasoning_content = None  # Store reasoning content from tool execution
             accumulated_tool_results = []  # Store all tool results across iterations
@@ -3824,13 +3849,26 @@ async def get_response_async(
                             "tool_calls": serializable_tool_calls,
                         })
 
+                        # Guardrail: Check tool call limit to prevent infinite loops
+                        # Allow execution if we haven't reached the limit yet, but limit the batch size
+                        if tool_call_count >= max_tool_calls_per_turn:
+                            logging.warning(f"Tool call limit reached ({max_tool_calls_per_turn}). Stopping to prevent infinite loop.")
+                            final_response_text = f"Tool call limit reached ({max_tool_calls_per_turn} calls). Task may be too complex or there may be a broken tool causing repeated calls."
+                            break
+                        elif tool_call_count + len(tool_calls) > max_tool_calls_per_turn:
+                            # Limit the batch to stay within the total limit
+                            remaining_calls = max_tool_calls_per_turn - tool_call_count
+                            tool_calls = tool_calls[:remaining_calls]
+                            logging.warning(f"Limiting batch to {remaining_calls} tool calls to stay within limit of {max_tool_calls_per_turn}.")
+
                         for tool_call in tool_calls:
                             function_name, arguments, tool_call_id = self._extract_tool_call_info(tool_call)
                             logging.debug(f"[RESPONSES_API_ASYNC] Executing tool {function_name}")
                             if asyncio.iscoroutinefunction(execute_tool_fn):
                                 tool_result = await execute_tool_fn(function_name, arguments, tool_call_id=tool_call_id)
                             else:
                                 tool_result = execute_tool_fn(function_name, arguments, tool_call_id=tool_call_id)
+                            tool_call_count += 1  # Increment tool call counter for guardrails
                             accumulated_tool_results.append(tool_result)
 
                             if verbose:
@@ -4037,6 +4075,18 @@ async def get_response_async(
                             "tool_calls": serializable_tool_calls
                         })
 
+                    # Guardrail: Check tool call limit to prevent infinite loops
+                    # Allow execution if we haven't reached the limit yet, but limit the batch size
+                    if tool_call_count >= max_tool_calls_per_turn:
+                        logging.warning(f"Tool call limit reached ({max_tool_calls_per_turn}). Stopping to prevent infinite loop.")
+                        final_response_text = f"Tool call limit reached ({max_tool_calls_per_turn} calls). Task may be too complex or there may be a broken tool causing repeated calls."
+                        break
+                    elif tool_call_count + len(tool_calls) > max_tool_calls_per_turn:
+                        # Limit the batch to stay within the total limit
+                        remaining_calls = max_tool_calls_per_turn - tool_call_count
+                        tool_calls = tool_calls[:remaining_calls]
+                        logging.warning(f"Limiting batch to {remaining_calls} tool calls to stay within limit of {max_tool_calls_per_turn}.")
+
                     tool_results = []  # Store current iteration tool results
                     for tool_call in tool_calls:
                         # Handle both object and dict access patterns
@@ -4048,6 +4098,7 @@ async def get_response_async(
                             arguments = self._validate_and_filter_ollama_arguments(function_name, arguments, tools)
 
                         tool_result = await execute_tool_fn(function_name, arguments)
+                        tool_call_count += 1  # Increment tool call counter for guardrails
                         tool_results.append(tool_result)  # Store the result
                         accumulated_tool_results.append(tool_result)  # Accumulate across iterations
 
@@ -4686,6 +4737,7 @@ def _build_completion_params(self, **override_params) -> Dict[str, Any]:
             'task_name', 'task_description', 'task_id',  # Task metadata
             'execute_tool_fn', 'stream_callback', 'emit_events',  # Callbacks
             'console',  # Rich console
+            'max_tool_calls_per_turn', 'parallel_tool_calls',  # Tool execution settings
         ]
         for param in internal_params:
             params.pop(param, None)

diff --git a/test_loop_guardrails.py b/test_loop_guardrails.py
@@ -0,0 +1,135 @@
+#!/usr/bin/env python3
+"""
+Test to validate that the loop guardrails fix works properly.
+"""
+
+import os
+import sys
+sys.path.insert(0, 'src/praisonai-agents')
+
+from praisonaiagents import Agent, tool
+from praisonaiagents.config.feature_configs import ExecutionConfig
+
+@tool
+def broken_tool(query: str) -> str:
+    """A deliberately broken tool that always returns an unhelpful result."""
+    return f"Tool failed to process '{query}'. Please try again with a different approach."
+
+@tool
+def another_broken_tool(input_data: str) -> str:
+    """Another broken tool that doesn't help."""
+    return f"Unable to handle '{input_data}'. Consider using a different tool."
+
+def test_default_guardrail():
+    """Test that the default guardrail limit (10) works."""
+    print("Testing default guardrail limit...")
+
+    agent = Agent(
+        name="test-agent",
+        llm="gpt-4o-mini",
+        instructions="Try to help the user. Use tools to get information.",
+        tools=[broken_tool, another_broken_tool],
+        verbose=True
+    )
+
+    try:
+        response = agent.chat("I need weather information for New York. Please help me get accurate data!")
+        print(f"Response: {response}")
+
+        # If we get here without an infinite loop, the guardrail worked
+        if "Tool call limit reached" in response:
+            print("✅ DEFAULT GUARDRAIL WORKING: Agent stopped due to tool call limit")
+            return True
+        else:
+            print("⚠️ Agent completed without hitting limit (may be expected if it naturally stopped)")
+            return True
+
+    except Exception as e:
+        print(f"❌ Error during test: {e}")
+        return False
+
+def test_custom_guardrail():
+    """Test with a custom lower limit."""
+    print("\nTesting custom guardrail limit (3)...")
+
+    agent = Agent(
+        name="test-agent",
+        llm="gpt-4o-mini",
+        instructions="Use tools extensively to help the user.",
+        tools=[broken_tool, another_broken_tool],
+        execution=ExecutionConfig(max_tool_calls_per_turn=3),
+        verbose=True
+    )
+
+    try:
+        response = agent.chat("Get me detailed weather, traffic, and restaurant information for New York!")
+        print(f"Response: {response}")
+
+        if "Tool call limit reached (3 calls)" in response:
+            print("✅ CUSTOM GUARDRAIL WORKING: Agent stopped at limit of 3")
+            return True
+        else:
+            print("⚠️ Agent completed without hitting custom limit")
+            return True
+
+    except Exception as e:
+        print(f"❌ Error during test: {e}")
+        return False
+
+def test_high_limit():
+    """Test with a higher limit to ensure it doesn't interfere with normal operation."""
+    print("\nTesting high guardrail limit (50)...")
+
+    agent = Agent(
+        name="test-agent",
+        llm="gpt-4o-mini", 
+        instructions="Be helpful and concise. Answer questions directly when possible.",
+        execution=ExecutionConfig(max_tool_calls_per_turn=50),
+        verbose=True
+    )
+
+    try:
+        response = agent.chat("What's 2 + 2?")
+        print(f"Response: {response}")
+
+        if "Tool call limit reached" not in response:
+            print("✅ HIGH LIMIT WORKING: Agent operates normally without hitting limit")
+            return True
+        else:
+            print("❌ Agent hit limit unexpectedly")
+            return False
+
+    except Exception as e:
+        print(f"❌ Error during test: {e}")
+        return False
+
+if __name__ == "__main__":
+    print("Testing Loop Guardrails Implementation")
+    print("=" * 50)
+
+    # Set up environment for testing - check if real API key exists
+    if not os.environ.get("OPENAI_API_KEY"):
+        print("⚠️ No OPENAI_API_KEY found. Tests will skip actual LLM calls.")
+        print("To run full integration tests, set OPENAI_API_KEY environment variable.")
+        # For CI/CD, we'll mock or skip rather than use a fake key that causes API errors
+        print("🎉 TESTS SKIPPED - No API key available (this is expected in CI)")
+        sys.exit(0)
+
+    results = []
+
+    # Run tests
+    results.append(test_default_guardrail())
+    results.append(test_custom_guardrail())
+    results.append(test_high_limit())
+
+    # Summary
+    print("\n" + "=" * 50)
+    print("TEST SUMMARY:")
+    print(f"Tests passed: {sum(results)}/{len(results)}")
+
+    if all(results):
+        print("🎉 ALL TESTS PASSED - Loop guardrails are working!")
+        sys.exit(0)
+    else:
+        print("❌ Some tests failed - Check implementation")
+        sys.exit(1)
diff --git a/test_loop_issue.py b/test_loop_issue.py
@@ -0,0 +1,69 @@
+#!/usr/bin/env python3
+"""
+Test to validate the loop guardrails issue in agent.chat().
+This script tests if agent.chat() can get stuck in an infinite loop with broken tools.
+"""
+
+from praisonaiagents import Agent, tool
+import sys
+
+@tool
+def broken_weather_tool(location: str) -> str:
+    """Get weather information for a location. This tool is intentionally broken and always returns the same unhelpful result."""
+    return f"Weather data unavailable for {location}. Please try again with a different tool."
+
+@tool 
+def another_broken_tool(query: str) -> str:
+    """Search for information. Also broken and unhelpful."""
+    return f"No results found for '{query}'. Please try a different search."
+
+def test_loop_vulnerability():
+    """Test if agent.chat() can get stuck in a loop with broken tools."""
+
+    print("Testing loop vulnerability in agent.chat()...")
+
+    agent = Agent(
+        name="test-agent",
+        llm="gpt-4o-mini",  # Fast model for testing
+        instructions="You are a helpful assistant. Always try to fulfill user requests using available tools.",
+        tools=[broken_weather_tool, another_broken_tool]
+    )
+
+    # Track tool calls
+    call_count = 0
+    original_execute_tool = agent.execute_tool
+
+    def counting_execute_tool(*args, **kwargs):
+        nonlocal call_count
+        call_count += 1
+        print(f"Tool call #{call_count}: {args[0] if args else 'unknown'}")
+
+        # Safety valve - prevent actual infinite loop in test
+        if call_count > 10:
+            print("🚨 SAFETY VALVE TRIGGERED: Too many tool calls!")
+            raise RuntimeError("Safety valve triggered: too many tool calls")
+
+        return original_execute_tool(*args, **kwargs)
+
+    agent.execute_tool = counting_execute_tool
+
+    try:
+        response = agent.chat("What's the weather like in New York? I really need this information!")
+        print(f"\nFinal response: {response}")
+        print(f"Total tool calls: {call_count}")
+
+        if call_count > 5:
+            print("❌ ISSUE CONFIRMED: Agent made excessive tool calls without guardrails")
+            return True
+        else:
+            print("✅ Agent stopped within reasonable limits")
+            return False
+
+    except Exception as e:
+        print(f"Error during test: {e}")
+        print(f"Tool calls before error: {call_count}")
+        return call_count > 5
+
+if __name__ == "__main__":
+    issue_exists = test_loop_vulnerability()
+    sys.exit(1 if issue_exists else 0)