fix(agent): inject user-provided value into fillForm observe results

[tiwalayo]

Summary

• Fixes the fillForm agent tool dropping the value parameter, which caused LLMs to hallucinate placeholder values
• Injects the user-provided value into observe results before calling act()

Problem

The fillForm tool receives fields with both action and value:

fillForm({ action: "type email into the textbox", value: "user@example.com" })

But the execute function only used action when calling observe(), causing the LLM to guess what value to fill in. This resulted in hallucinated placeholders like test@example.com instead of the actual user-provided value.

This bug caused flaky behavior in:

• Login forms
• Search queries
• Data entry
• 2FA/OTP flows (when using custom tools that return codes)

Solution

After receiving observe results, inject the user-provided value into the result's arguments array for fill operations:

if (res.method === "fill" && fields[i]?.value) {
  res.arguments = [fields[i].value];
}

This ensures the correct value is passed to act() rather than the LLM-hallucinated placeholder.

Test plan

• Test fillForm with explicit values (e.g., email/password fields)
• Verify custom tool results (e.g., TOTP codes) are correctly filled
• Confirm no regression in cases where values are embedded in the action string

Fixes #1789

---

Generated with Claude Code

---

Summary by cubic

Ensure fillForm uses the user-provided value for fill actions instead of guessing placeholders. We align observe results with input fields by index and inject the field’s value into “fill” arguments before act(), so forms type exactly what was supplied.

^{Written for commit a458c2f. Summary will update on new commits. Review in cubic}

[changeset-bot]

⚠️ No Changeset found

Latest commit: a458c2f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[greptile-apps]

Greptile Summary

This PR fixes a real bug in fillFormTool where user-provided value fields were being silently dropped, causing the LLM to hallucinate placeholder values (e.g., test@example.com) instead of using the actual values passed by the caller.

Key changes:

• Converts from a for...of loop to an indexed for loop to correlate observeResults[i] with fields[i]
• Injects fields[i].value into res.arguments when res.method === "fill" to override any LLM-hallucinated value before act() is called
• Adds a clear inline comment explaining the intent

This fix directly addresses the reported issue and enables the LLM to correctly fill forms with user-provided values rather than guessing at placeholder content.

Confidence Score: 4/5

• Safe to merge. Fix correctly addresses the reported hallucination bug with clear logic and appropriate safety guards.
• The PR fixes a concrete bug where user-provided form values were being dropped, causing LLM hallucination of placeholder content. The fix uses indexed iteration to correlate observeResults with the input fields array and injects the correct value before act() is called. The optional chaining guard (fields[i]?.value) safely handles any array length mismatch. The change is focused, low-risk, and includes clear explanatory comments. No identified issues with the implementation.
• No files require special attention

_{Last reviewed commit: 1dcf323}

[cubic-dev-ai]

1 issue found across 1 file

Confidence score: 3/5

• There is a concrete user-impacting behavior in packages/core/lib/v3/agent/tools/fillform.ts: a truthy check on fields[i]?.value drops valid empty-string ("") inputs, so some intended fill actions are skipped.
• Given the medium severity (6/10) and high confidence (9/10), this introduces a real regression risk in form-filling behavior, which is why the merge confidence is moderate rather than high.
• Pay close attention to packages/core/lib/v3/agent/tools/fillform.ts - ensure empty-string values are treated as valid inputs instead of being filtered out by truthiness checks.

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="packages/core/lib/v3/agent/tools/fillform.ts">

<violation number="1" location="packages/core/lib/v3/agent/tools/fillform.ts:64">
P2: Truthy check on `fields[i]?.value` skips valid empty-string inputs, so user-provided `""` values are not injected into fill actions.</violation>
</file>

---

Since this is your first cubic review, here's how it works:

• cubic automatically reviews your code and comments on bugs and improvements
• Teach cubic by replying to its comments. cubic learns from your replies and gets better over time
• Add one-off context when rerunning by tagging @cubic-dev-ai with guidance or docs links (including llms.txt)
• Ask questions if you need clarification on any suggestion

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}