# How the RPI Workflow Prevents AI Hallucinations in HVE Core

> Discover how HVE Core's RPI workflow prevents AI hallucinations. Learn how structured AI agents separate research and implementation for reliable results.

- Repository: [Microsoft/hve-core](https://github.com/microsoft/hve-core)
- Tags: deep-dive
- Published: 2026-03-09

---

**The RPI (Research → Plan → Implement → Review) workflow in HVE Core eliminates AI hallucinations by structuring every AI-driven step as a separate, tightly scoped agent that never mixes research with code generation.**

The microsoft/hve-core repository implements a rigorous agent orchestration pattern that stops large language models from generating plausible but incorrect code. By enforcing strict phase separation and verifiable citations, the RPI workflow prevents AI hallucinations in HVE Core through architectural constraints rather than prompting alone.

## Explicit Phase Constraints

The RPI workflow divides AI work into four isolated phases, with each agent explicitly prohibited from performing the next phase's responsibilities. This separation stops the model from "inventing" code while still researching or planning.

### Task Researcher

The **Task Researcher** agent is forced to *only* gather evidence. According to [`docs/rpi/task-researcher.md`](https://github.com/microsoft/hve-core/blob/main/docs/rpi/task-researcher.md) lines 36-38, it cannot produce implementation code. It searches the repository and external sources, cites exact file and line numbers, and records findings in a research document. This constraint prevents the common hallucination scenario where a model writes code before confirming that required APIs or dependencies actually exist.

### Task Planner

The **Task Planner** receives verified research and builds a concrete checklist. As documented in [`docs/rpi/task-planner.md`](https://github.com/microsoft/hve-core/blob/main/docs/rpi/task-planner.md) lines 34-36, because it cannot edit code, it focuses exclusively on sequencing, dependencies, and success criteria. The planner creates `*.instructions.md` and `*.details.md` files that reference the research document, establishing a contractual boundary between planning and execution.

### Task Implementor

The **Task Implementor** reads the plan line-by-line and applies only the patterns documented in the research phase. Per [`docs/rpi/task-implementor.md`](https://github.com/microsoft/hve-core/blob/main/docs/rpi/task-implementor.md) lines 36-38, this agent logs every change while respecting stop controls like `phaseStop=true`. By restricting the implementor to executing pre-approved patterns, the workflow prevents the generation of plausible-looking but incorrect code based on hallucinated assumptions.

### Task Reviewer

Finally, the **Task Reviewer** validates the implementation against the original specifications. As noted in [`docs/rpi/why-rpi.md`](https://github.com/microsoft/hve-core/blob/main/docs/rpi/why-rpi.md) lines 58-60, this agent catches any divergence between the research, plan, and final code before anything is merged. This verification step acts as a hallucination detection mechanism that rejects changes lacking proper citations.

## Context Clearing Between Phases

Before moving to the next phase, the workflow mandates a **clear-context command (`/clear`)** or a new chat session. According to [`docs/rpi/task-implementor.md`](https://github.com/microsoft/hve-core/blob/main/docs/rpi/task-implementor.md) lines 53-57, this removes any lingering token history that could bias the model toward previous (potentially incorrect) assumptions. By starting each phase with a clean slate, the AI cannot carry over hallucinated details from earlier steps, ensuring that the Task Planner works only from the research document and the Task Implementor works only from the approved plan.

## Traceability and Citations

Research documents in the RPI workflow contain **line-referenced evidence** (e.g., "`variables.tf#L47`"). The plan and implementation files embed these references, creating a verifiable chain from *statement* → *source* → *code* as documented in [`docs/rpi/task-researcher.md`](https://github.com/microsoft/hve-core/blob/main/docs/rpi/task-researcher.md) lines 30-33. If a hallucination occurs, reviewers can instantly locate the missing citation and reject the change. This traceability requirement forces the AI to ground every claim in actual repository content rather than training data memories.

## Threat Model Acknowledgment

The HVE Core security documentation explicitly treats hallucination as a security risk. The threat model in [`docs/security/threat-model.md`](https://github.com/microsoft/hve-core/blob/main/docs/security/threat-model.md) lines 58-60 lists **LLM hallucination** as a known risk and records the mitigations implemented by the RPI workflow. By treating hallucination as a security concern rather than merely an accuracy issue, the project enforces engineering controls—including phase separation, mandatory citations, and independent review—that are continuously audited.

## Automation with Hand-Off Buttons

When using the **rpi-agent** autonomous orchestrator, the same constraints are enforced automatically. The agent calls each sub-agent via `runSubagent`, ensuring that the *research → plan → implement → review* order is never violated, as implemented in [`docs/rpi/why-rpi.md`](https://github.com/microsoft/hve-core/blob/main/docs/rpi/why-rpi.md) lines 56-66. This automation prevents human operators from accidentally skipping phases or allowing agents to mix concerns, maintaining the architectural safeguards that keep AI-generated code trustworthy.

## Practical Implementation Examples

The following examples demonstrate the strict phase boundaries that prevent AI hallucinations in HVE Core workflows.

Start the research phase with no code generation allowed:

```text
/task-research Add Azure Blob Storage support to the Python pipeline

```

The Task Researcher returns a markdown file with citations such as `src/pipeline/writers/azure_blob.py#L12-L27`, grounding all subsequent work in verified facts.

Clear the context before planning to prevent bias from the research conversation:

```text
/clear
/task-plan

```

The planner creates instruction files referencing the research document, establishing the implementation contract.

Implement the plan with stop-points to enforce incremental verification:

```text
/clear
/task-implement phaseStop=true taskStop=false

```

The implementor follows the checklist exactly, logging each change in `.copilot-tracking/changes/…-changes.md`.

Run the reviewer to catch any missed hallucination:

```text
/clear
/task-review

```

The reviewer compares the final code against the original research and plan, flagging any mismatches before merge.

## Summary

- **Phase isolation** prevents agents from mixing research, planning, implementation, and review responsibilities, eliminating the scenario where models write code before verifying facts.
- **Context clearing** via `/clear` commands removes token history that could propagate hallucinated assumptions between workflow stages.
- **Line-referenced citations** create a verifiable chain from evidence to implementation, allowing reviewers to instantly detect missing sources.
- **Security threat modeling** treats hallucination as a formal risk, enforcing continuous auditing of the RPI workflow's protective controls.
- **Automated orchestration** via `runSubagent` ensures hand-off order is never violated, even in autonomous mode.

## Frequently Asked Questions

### How does the RPI workflow stop AI from generating fake API signatures?

The **Task Researcher** agent is architecturally constrained to only search and cite existing code, as defined in [`docs/rpi/task-researcher.md`](https://github.com/microsoft/hve-core/blob/main/docs/rpi/task-researcher.md). It cannot generate implementation code, so it must find actual API definitions and record their exact file paths and line numbers. The **Task Implementor** is then restricted to using only those documented patterns, preventing the invention of non-existent signatures.

### What happens if an AI agent hallucinates during the planning phase?

If the **Task Planner** introduces hallucinated requirements, the **Task Reviewer** detects the divergence during final validation. Because the plan must reference specific research citations (per [`docs/rpi/task-researcher.md`](https://github.com/microsoft/hve-core/blob/main/docs/rpi/task-researcher.md) lines 30-33), any plan item lacking a corresponding research citation is flagged. The review process in [`docs/rpi/why-rpi.md`](https://github.com/microsoft/hve-core/blob/main/docs/rpi/why-rpi.md) lines 58-60 explicitly validates implementation against the original specifications.

### Why is the `/clear` command necessary between phases?

The `/clear` command removes the conversation's token history, which might contain subtle biases or incorrect assumptions from previous phases. According to [`docs/rpi/task-implementor.md`](https://github.com/microsoft/hve-core/blob/main/docs/rpi/task-implementor.md) lines 53-57, starting each phase with a clean slate prevents the model from carrying over hallucinated details, ensuring that the **Task Implementor** works exclusively from the approved plan rather than remembered but unverified context.

### Can the RPI workflow run autonomously without human supervision?

Yes, the **rpi-agent** orchestrator automates the workflow using `runSubagent` calls, as documented in [`docs/rpi/why-rpi.md`](https://github.com/microsoft/hve-core/blob/main/docs/rpi/why-rpi.md) lines 56-66. This automation enforces the same phase constraints and hand-off order programmatically, ensuring that the **Task Researcher**, **Task Planner**, **Task Implementor**, and **Task Reviewer** execute sequentially without mixing concerns, even without manual `/clear` commands.