
Key facts.
- HammerBench documented significant parameter hallucination rates across tested models when function arguments are partially missing or ambiguous, showing models default to confident action rather than clarification (HammerBench, arXiv:2412.16516).
- tau2-bench (arXiv:2506.07982) exposes agents to realistic tool interaction errors including partial results and retry-eligible failures; models lacking explicit error taxonomy fail to distinguish these from terminal errors.
- PALADIN (arXiv:2509.25238) identified that tool failure modes include not just hard errors but "inconsistent outputs" that appear successful but carry embedded failure signals in response bodies.
- HTTP 207 Multi-Status, 206 Partial Content, vendor-specific warning fields inside 200 responses, all common sources of silent failure. Agent scaffolding matches on status code class only and never inspects the body.
- Enterprise CRM and ERP integrations: partial sync responses often hide failed record updates inside a 200. The agent checks the top-level code, sees success, moves on.
The anatomy of a yellow-light failure
CRM integration, customer record update, HTTP 200, JSON body with"warnings": ["email_validation_failed"]. Tool call succeeded. Record partially updated. Email field: still wrong. The agent got its 200, sent the confirmation, closed the ticket. Three days later the email bounced.
This isn't a model hallucination. The model wasn't asked to interpret the warning field. The scaffolding that passed the response to the model never extracted it. The parsing gap is in the tool wrapper, not the model - and that makes it more insidious, because teams hunting for "model problems" never find it.
Why taxonomy matters more than individual handling
The fix isn't to write a special case for every warning variant. it's to build a response taxonomy in the tool wrapper layer: success (proceed), recoverable warning (proceed with flag), unrecoverable warning (escalate), partial success (log and verify downstream), deprecation notice (alert ops), rate limit soft cap (backoff). Each category routes differently. The model receives a normalized signal, not a raw response it must interpret under pressure.
tau2-bench's dual-control environment - where both agent and simulated user have separate tool states - makes this taxonomy issue explicit: when one side's tool returns a partial result, the overall session outcome degrades in ways that are hard to trace without per-field response validation. That architecture change forces a useful habit: the team reasons about response states, not just status codes.

Response taxonomy: what your tool wrappers should distinguish
| Response type | HTTP status example | Agent default behavior | Correct behavior |
|---|---|---|---|
| Full success | 200, 201, 204 | Proceed | Proceed |
| Partial success | 200 with warnings, 206, 207 | Proceed (wrong) | Flag and verify downstream |
| Soft rate limit | 200 with X-RateLimit-Remaining: 1 | Proceed (wrong) | Backoff signal to orchestrator |
| Retryable error | 429, 503, 504 | Retry or abort (inconsistent) | Structured retry with backoff |
| Terminal error | 400, 401, 403 | Abort | Abort and escalate |
VibeModel's Pattern Intelligence Layer learns which response patterns in a specific tool integration historically precede downstream business failures. A partial-sync warning that the development team dismisses as benign might show up in the pattern data as a consistent precursor to customer escalations four hours later. That connection - invisible to status-code monitoring - surfaces in the pattern layer and becomes the basis for a routing rule that catches the class of failure before it reaches production impact.
Frequently asked questions
Should my agent parse every field of every tool response?
Not every field, but the response taxonomy should be complete. Define the expected response structure for each tool, identify which fields signal non-success states, and extract those explicitly in the wrapper before the response reaches the model.
How common are vendor APIs that embed warnings in 200 responses?
Very common. Salesforce, ServiceNow, SAP, and most enterprise APIs use this pattern extensively. Any integration with an enterprise system should be treated as having embedded warning signals until proven otherwise.
Does this require changing the model, or is it an infrastructure fix?
Infrastructure. The model receives whatever the tool wrapper gives it. Enrich the wrapper's output with normalized response classification and the model gets a clear signal rather than a raw blob it must interpret under uncertainty.

