Clamp all remaining score leak paths: /state, step_rewards, demo SSE

- ep.step_rewards now stores clamped task_score instead of raw RL reward
(compute_reward can return exact 1.0 or negative values)
- /state endpoint returns clamped step_rewards and total_reward
- Removed info.rl_reward from /step response (leaked unclamped reward)
- demo.py SSE chat/benchmark endpoints now clamp task_score
- Added .dockerignore excluding backend/data/ so persisted bandit state
from prior runs can't leak unclamped values into the image

Single source of truth: _clamp_score() in sql_env.py → [0.05, 0.95]

.dockerignore

@@ -0,0 +1,18 @@
+__pycache__/
+*.pyc
+*.pyo
+*.pyd
+.git/
+.gitignore
+.venv/
+venv/
+node_modules/
+.DS_Store
+*.log
+
+# Exclude persisted bandit/GEPA state so the image starts with a clean slate.
+# Any historical rewards stored on disk could contain unclamped values and
+# leak into validator runs.
+backend/data/rl_experiences.json
+backend/data/gepa_prompt.json
+frontend/node_modules/

backend/api/demo.py

@@ -42,7 +42,7 @@ _DIFFICULTY_MAP = {
     "hard": "complex_queries",
 }
 from env.tasks import TASKS, get_task
-from env.sql_env import SQLAgentEnv, Action, get_env, BASE_SYSTEM_PROMPT, get_system_prompt, _clean_sql
+from env.sql_env import SQLAgentEnv, Action, get_env, BASE_SYSTEM_PROMPT, get_system_prompt, _clean_sql, _clamp_score
 from rl.environment import get_bandit_state
 from rl.types import RepairAction, REPAIR_ACTION_NAMES, REPAIR_ACTION_BY_NAME
 from rl.error_classifier import classify_error, extract_offending_token
@@ -275,7 +275,7 @@ async def execute_query_stream(req: ExecuteQueryRequest):
 
             # For free-form chat, success = no SQL error (not task grader)
             attempt_success = (error is None)
-            task_score = 1.0 if attempt_success else 0.0
+            task_score = _clamp_score(1.0 if attempt_success else 0.0)
 
             current_error_class = None
             error_class_name = None
@@ -544,7 +544,7 @@ async def run_benchmark(req: BenchmarkRequest):
             attempt = 0
             sql = ""
             success = False
-            task_score = 0.0
+            task_score = _clamp_score(0.0)
             max_attempts = env.MAX_ATTEMPTS
             ep = env._episode  # type: ignore[union-attr]
 

backend/env/sql_env.py

@@ -72,6 +72,27 @@ _MODEL = os.environ.get("MODEL_NAME", "Qwen/Qwen2.5-72B-Instruct")
 HF_TOKEN = os.environ.get("HF_TOKEN")  # no default — must be set explicitly
 
 
+# ─── Score clamping (strictly in (0, 1)) ─────────────────────────
+
+_SCORE_MIN = 0.05
+_SCORE_MAX = 0.95
+
+
+def _clamp_score(x) -> float:
+    """Coerce any value into strictly (0, 1). None/NaN/invalid → _SCORE_MIN."""
+    try:
+        if x is None:
+            return _SCORE_MIN
+        if isinstance(x, bool):
+            return _SCORE_MAX if x else _SCORE_MIN
+        v = float(x)
+        if v != v or v == float("inf") or v == float("-inf"):
+            return _SCORE_MIN if v != float("inf") else _SCORE_MAX
+    except (TypeError, ValueError):
+        return _SCORE_MIN
+    return max(_SCORE_MIN, min(_SCORE_MAX, v))
+
+
 def _make_client() -> AsyncOpenAI:
     return AsyncOpenAI(
         api_key=HF_TOKEN,
@@ -316,7 +337,8 @@ class SQLAgentEnv:
             )
             ep.steps.append(step_obj)
 
-        ep.step_rewards.append(grader_out.reward)
+        # Store clamped reward so /state never returns raw RL values
+        ep.step_rewards.append(_clamp_score(task_score))
         ep.current_sql = generated_sql
         ep.error_message = error
         ep.error_class = error_class_name
@@ -331,20 +353,14 @@ class SQLAgentEnv:
             ep.success = success
 
         obs = self._build_observation()
+        safe_task_score = _clamp_score(task_score)
         reward_info = RewardInfo(
-            value=task_score,  # always in (eps, 1-eps) per OpenEnv spec
+            value=safe_task_score,  # strictly in (0, 1) per OpenEnv spec
             success=success,
             done=done,
             info={
-                "task_score": task_score,
-                "rl_reward": grader_out.reward,
+                "task_score": safe_task_score,
                 "attempt": ep.attempt_number,
-                "breakdown": {
-                    "base": grader_out.breakdown.base,
-                    "attempt_penalty": grader_out.breakdown.attempt_penalty,
-                    "severity_bonus": grader_out.breakdown.severity_bonus,
-                    "change_bonus": grader_out.breakdown.change_bonus,
-                },
                 "rows": rows[:5] if rows else [],
                 "row_count": len(rows),
                 "sql": generated_sql,
@@ -458,7 +474,7 @@ class SQLAgentEnv:
             ep.steps.append(step_obj)
             self._bandit.update(ep.current_features, repair_action_enum, grader_out.reward)
 
-        ep.step_rewards.append(grader_out.reward)
+        ep.step_rewards.append(_clamp_score(task_score))
         ep.current_sql = generated_sql
         ep.error_message = error
         ep.error_class = error_class_name
@@ -500,6 +516,8 @@ class SQLAgentEnv:
         if self._episode is None:
             return {"active": False}
         ep = self._episode
+        safe_rewards = [_clamp_score(r) for r in ep.step_rewards]
+        total = sum(safe_rewards) / max(len(safe_rewards), 1) if safe_rewards else _SCORE_MIN
         return {
             "active": True,
             "task_id": ep.task_id,
@@ -512,8 +530,8 @@ class SQLAgentEnv:
             "error_class": ep.error_class,
             "done": ep.done,
             "success": ep.success,
-            "step_rewards": ep.step_rewards,
-            "total_reward": compute_episode_reward(ep.step_rewards, ep.success),
+            "step_rewards": safe_rewards,
+            "total_reward": _clamp_score(total),
         }
 
     # ─── Private Helpers ──────────────────────────────────────────