@openlife/cli 1.7.3

package/dist/test_runtime_profile_oauth_only.js

@@ -0,0 +1,262 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+/*
+ * Story 3.8 — OPENLIFE_RUNTIME_PROFILE=oauth-only regression test.
+ *
+ * Hardens the previously undocumented "oauth-only" runtime profile defined in
+ * `src/cli/WorldClassCommands.ts` (`doctorWorldDetailed()`). The profile is a
+ * pure SEVERITY CLASSIFIER — it downgrades four specific doctor checks from
+ * `blocker` to `info` when the operator runs OAuth-authenticated LLM CLIs
+ * (`claude`, `codex`, `gemini`) instead of API keys. It does NOT alter the
+ * Brain.ts provider chain.
+ *
+ * Asserts (4 scenarios):
+ *   a) Default profile (no env var) — failing oauth-downgrade names come back
+ *      with their non-`info` default severity (cli:ollama → blocker; the three
+ *      env:*_API_KEY → warning). In short: NONE of the four is `info`.
+ *   b) `oauth-only` set — failing names of cli:ollama / env:OPENAI_API_KEY /
+ *      env:GEMINI_API_KEY / env:ANTHROPIC_API_KEY all come back as `info`.
+ *   c) Case-insensitive — `OAuth-Only` triggers the same downgrade
+ *      (the classifier calls `.toLowerCase()`).
+ *   d) Other failing checks are unaffected — e.g. `cli:codex`, `cli:claude`,
+ *      `runtime:*` stay non-`info` even with oauth-only profile.
+ *
+ * Test seams used (per project convention — production code is strict):
+ *   - process.chdir(tempDir) because WorldClassCommands reads process.cwd().
+ *   - Mutate process.env directly and restore in finally.
+ */
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+function assert(cond, msg) {
+    if (!cond)
+        throw new Error(`ASSERTION_FAILED: ${msg}`);
+}
+const OAUTH_DOWNGRADE_NAMES = [
+    'cli:ollama',
+    'env:OPENAI_API_KEY',
+    'env:GEMINI_API_KEY',
+    'env:ANTHROPIC_API_KEY'
+];
+function makeTempDir(label) {
+    const dir = fs.mkdtempSync(path.join(os.tmpdir(), `openlife-oauth-only-${label}-`));
+    return dir;
+}
+const PROBE_KEYS = [
+    'OPENLIFE_RUNTIME_PROFILE',
+    'OPENLIFE_ENABLE_OLLAMA',
+    'OPENAI_API_KEY',
+    'GEMINI_API_KEY',
+    'ANTHROPIC_API_KEY',
+    'TELEGRAM_BOT_TOKEN'
+];
+function snapshotEnvAndCwd() {
+    const envBackup = {};
+    for (const k of PROBE_KEYS)
+        envBackup[k] = process.env[k];
+    return { cwd: process.cwd(), envBackup };
+}
+function restoreEnvAndCwd(snap) {
+    for (const k of PROBE_KEYS) {
+        const v = snap.envBackup[k];
+        if (v === undefined)
+            delete process.env[k];
+        else
+            process.env[k] = v;
+    }
+    try {
+        process.chdir(snap.cwd);
+    }
+    catch {
+        /* best effort */
+    }
+}
+function clearApiKeysAndProfile() {
+    // Force the four oauth-downgrade checks to FAIL.
+    delete process.env.OPENAI_API_KEY;
+    delete process.env.GEMINI_API_KEY;
+    delete process.env.ANTHROPIC_API_KEY;
+    // Force cli:ollama check to actually run AND fail (PATH probably has no ollama).
+    process.env.OPENLIFE_ENABLE_OLLAMA = 'true';
+    // Default: clear the profile.
+    delete process.env.OPENLIFE_RUNTIME_PROFILE;
+}
+function runDoctor() {
+    // Late require — production code only loads on demand.
+    const mod = require('../dist/cli/WorldClassCommands');
+    const wc = new mod.WorldClassCommands();
+    return wc.doctorWorldDetailed();
+}
+function findCheck(results, name) {
+    return results.find((r) => r.name === name);
+}
+// -----------------------------------------------------------------------------
+// Scenario A: default profile — failing oauth-downgrade names are NOT `info`.
+//
+// The default classifier in WorldClassCommands.ts routes:
+//   - `cli:ollama`           → blocker (cli:* branch)
+//   - `env:OPENAI_API_KEY`   → warning (no special branch, falls through)
+//   - `env:GEMINI_API_KEY`   → warning
+//   - `env:ANTHROPIC_API_KEY`→ warning
+// The contract this test pins down is: none of them is `info` by default.
+// (Scenario B verifies they ALL flip to `info` under oauth-only.)
+// -----------------------------------------------------------------------------
+function testDefaultProfileKeepsNonInfoSeverity() {
+    const tmp = makeTempDir('default');
+    const snap = snapshotEnvAndCwd();
+    try {
+        process.chdir(tmp);
+        clearApiKeysAndProfile();
+        // Explicitly NO profile set.
+        assert(!process.env.OPENLIFE_RUNTIME_PROFILE, 'precondition: OPENLIFE_RUNTIME_PROFILE must be unset');
+        const results = runDoctor();
+        const expectedDefault = {
+            'cli:ollama': 'blocker',
+            'env:OPENAI_API_KEY': 'warning',
+            'env:GEMINI_API_KEY': 'warning',
+            'env:ANTHROPIC_API_KEY': 'warning'
+        };
+        for (const name of OAUTH_DOWNGRADE_NAMES) {
+            const c = findCheck(results, name);
+            assert(c, `default-profile: doctor result must include "${name}"`);
+            // We forced these to fail (no API keys, no ollama on PATH typically).
+            assert(c.ok === false, `default-profile: "${name}" must be failing for the test to be meaningful; got ok=${c.ok}`);
+            assert(c.severity !== 'info', `default-profile: failing "${name}" must NOT be info without oauth-only profile; got "${c.severity}"`);
+            assert(c.severity === expectedDefault[name], `default-profile: failing "${name}" must have severity="${expectedDefault[name]}" (default classifier); got "${c.severity}"`);
+        }
+    }
+    finally {
+        restoreEnvAndCwd(snap);
+        fs.rmSync(tmp, { recursive: true, force: true });
+    }
+}
+// -----------------------------------------------------------------------------
+// Scenario B: oauth-only — failing oauth-downgrade names are `info`.
+// -----------------------------------------------------------------------------
+function testOauthOnlyDowngradesToInfo() {
+    const tmp = makeTempDir('oauth');
+    const snap = snapshotEnvAndCwd();
+    try {
+        process.chdir(tmp);
+        clearApiKeysAndProfile();
+        process.env.OPENLIFE_RUNTIME_PROFILE = 'oauth-only';
+        const results = runDoctor();
+        for (const name of OAUTH_DOWNGRADE_NAMES) {
+            const c = findCheck(results, name);
+            assert(c, `oauth-only: doctor result must include "${name}"`);
+            assert(c.ok === false, `oauth-only: "${name}" must still be failing (no keys/ollama); got ok=${c.ok}`);
+            assert(c.severity === 'info', `oauth-only: failing "${name}" must be downgraded to severity=info; got "${c.severity}"`);
+        }
+    }
+    finally {
+        restoreEnvAndCwd(snap);
+        fs.rmSync(tmp, { recursive: true, force: true });
+    }
+}
+// -----------------------------------------------------------------------------
+// Scenario C: case-insensitive — `OAuth-Only` also downgrades.
+// -----------------------------------------------------------------------------
+function testOauthOnlyIsCaseInsensitive() {
+    const tmp = makeTempDir('caseins');
+    const snap = snapshotEnvAndCwd();
+    try {
+        process.chdir(tmp);
+        clearApiKeysAndProfile();
+        process.env.OPENLIFE_RUNTIME_PROFILE = 'OAuth-Only';
+        const results = runDoctor();
+        for (const name of OAUTH_DOWNGRADE_NAMES) {
+            const c = findCheck(results, name);
+            assert(c, `case-insensitive: doctor result must include "${name}"`);
+            assert(c.ok === false, `case-insensitive: "${name}" must be failing`);
+            assert(c.severity === 'info', `case-insensitive: "OAuth-Only" must downgrade "${name}" to severity=info; got "${c.severity}" — classifier .toLowerCase() contract broken?`);
+        }
+    }
+    finally {
+        restoreEnvAndCwd(snap);
+        fs.rmSync(tmp, { recursive: true, force: true });
+    }
+}
+// -----------------------------------------------------------------------------
+// Scenario D: other failing checks are unaffected (not silently demoted).
+// -----------------------------------------------------------------------------
+function testOtherChecksUnaffectedByOauthOnly() {
+    const tmp = makeTempDir('others');
+    const snap = snapshotEnvAndCwd();
+    try {
+        process.chdir(tmp);
+        clearApiKeysAndProfile();
+        process.env.OPENLIFE_RUNTIME_PROFILE = 'oauth-only';
+        // Telegram unset → env:TELEGRAM_BOT_TOKEN should fail and stay blocker.
+        delete process.env.TELEGRAM_BOT_TOKEN;
+        const results = runDoctor();
+        // We expect at LEAST one failing non-downgraded check to be present so the
+        // assertion has bite. cli:codex / cli:claude / env:TELEGRAM_BOT_TOKEN are
+        // very likely to fail inside a fresh tmp dir with cleared env.
+        const failingOthers = results.filter((r) => {
+            if (r.ok)
+                return false;
+            if (OAUTH_DOWNGRADE_NAMES.includes(r.name))
+                return false;
+            // Only consider names the classifier flags as blocker/warning — i.e. names
+            // that the classifier branches MAY have moved to blocker.
+            const looksRouted = r.name.startsWith('runtime:') ||
+                r.name.includes('TELEGRAM_BOT_TOKEN') ||
+                r.name.startsWith('cli:') ||
+                r.name.includes('promoted-assets') ||
+                r.name.includes('security-events');
+            return looksRouted;
+        });
+        assert(failingOthers.length > 0, 'precondition: at least one failing non-oauth-downgrade check must exist to make this scenario meaningful');
+        for (const c of failingOthers) {
+            assert(c.severity !== 'info', `oauth-only must NOT downgrade unrelated check "${c.name}" to info; got severity="${c.severity}"`);
+        }
+    }
+    finally {
+        restoreEnvAndCwd(snap);
+        fs.rmSync(tmp, { recursive: true, force: true });
+    }
+}
+async function main() {
+    testDefaultProfileKeepsNonInfoSeverity();
+    testOauthOnlyDowngradesToInfo();
+    testOauthOnlyIsCaseInsensitive();
+    testOtherChecksUnaffectedByOauthOnly();
+    console.log('TEST_RUNTIME_PROFILE_OAUTH_ONLY_OK');
+}
+main().catch((err) => {
+    console.error('TEST_RUNTIME_PROFILE_OAUTH_ONLY_FAIL:', err?.message || err);
+    process.exit(1);
+});

package/dist/test_runtime_registry.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const RuntimeRegistry_1 = require("./orchestrator/RuntimeRegistry");
+const rr = new RuntimeRegistry_1.RuntimeRegistry('testws');
+const probed = rr.probe();
+if (!probed.length)
+    throw new Error('runtime probe should return entries');
+const listed = rr.list();
+if (!listed.length)
+    throw new Error('runtime list should return entries');
+console.log('TEST_RUNTIME_REGISTRY_OK');

package/dist/test_security_download_and_scan.js

@@ -0,0 +1,103 @@
+"use strict";
+/**
+ * test_security_download_and_scan.ts — Stories 9.1 + 9.2
+ *
+ * Asserts:
+ *   1. SecurityDownloadGuard.downloadAndScan() refuses untrusted URLs
+ *   2. downloadAndScan() returns errors for unreachable hosts
+ *   3. downloadAndScan() rejects blocked filename patterns (e.g. .exe)
+ *   4. ExternalCatalogRegistry.import() returns policy decision (no fetch)
+ *   5. ExternalCatalogRegistry.importAndFetch() reports network failure
+ *      gracefully (we can't actually reach github.com in test env)
+ *
+ * NOTE: No live network calls expected on CI; all assertions verify
+ * graceful failure modes, never success-with-network.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const fs = __importStar(require("fs"));
+const os = __importStar(require("os"));
+const path = __importStar(require("path"));
+const SecurityDownloadGuard_1 = require("./orchestrator/SecurityDownloadGuard");
+const ExternalCatalogRegistry_1 = require("./orchestrator/ExternalCatalogRegistry");
+function assertTrue(cond, label) {
+    if (!cond)
+        throw new Error(`ASSERT_FAILED[${label}]`);
+}
+async function main() {
+    const guard = new SecurityDownloadGuard_1.SecurityDownloadGuard();
+    const tmp = fs.mkdtempSync(path.join(os.tmpdir(), 'dl-scan-'));
+    try {
+        // 1. Untrusted URL rejected before fetch
+        const r1 = await guard.downloadAndScan('https://evil.example/foo.md', tmp, { timeoutMs: 1000 });
+        assertTrue(!r1.ok, 'untrusted url rejected');
+        assertTrue(r1.errors.includes('untrusted_url'), 'errors include untrusted_url');
+        console.log('[9.1] untrusted URL rejected ✓');
+        // 2. Trusted URL but unreachable host → fetch_exception or timeout
+        const r2 = await guard.downloadAndScan('https://github.com/this/does/not/exist/12345.md', tmp, { timeoutMs: 3000 });
+        assertTrue(!r2.ok, 'unreachable/404 yields not ok');
+        console.log(`[9.1] trusted URL but unreachable rejected (${r2.errors[0]}) ✓`);
+        // 3. Filename blocked pattern — simulate by passing a URL ending in .exe.
+        // We won't actually reach it because the URL is trusted but unreachable,
+        // but we verify the scan path is wired.
+        const r3 = await guard.downloadAndScan('https://github.com/x/y/blob/main/bad.exe', tmp, { timeoutMs: 3000 });
+        assertTrue(!r3.ok, 'blocked filename pattern rejected');
+        console.log(`[9.1] blocked filename rejected (${r3.errors[0]}) ✓`);
+        // 4. ExternalCatalogRegistry.import — policy-only
+        const reg = new ExternalCatalogRegistry_1.ExternalCatalogRegistry();
+        const i1 = reg.import('github', 'somepack');
+        assertTrue(i1.ok, 'import-allowed source returns ok');
+        assertTrue(!('downloadedTo' in i1), 'no downloadedTo on policy-only path');
+        console.log('[9.2] ExternalCatalogRegistry.import policy-only ✓');
+        // 5. importAndFetch reports failure gracefully
+        const i2 = await reg.importAndFetch('github', 'somepack', 'https://github.com/this/does/not/exist/12345.md', tmp);
+        assertTrue(!i2.ok, 'importAndFetch reports failure');
+        assertTrue(i2.error === 'download_or_scan_failed', `error code matches (got ${i2.error})`);
+        console.log('[9.2] ExternalCatalogRegistry.importAndFetch graceful failure ✓');
+        // 6. importAndFetch refuses reference-only source
+        const i3 = await reg.importAndFetch('skills-sh', 'somepack', 'https://github.com/foo/bar.md', tmp);
+        assertTrue(!i3.ok, 'reference-only source refused');
+        assertTrue(i3.error === 'source_is_reference_only', `reference rejection (got ${i3.error})`);
+        console.log('[9.2] reference-only source refused by importAndFetch ✓');
+    }
+    finally {
+        fs.rmSync(tmp, { recursive: true, force: true });
+    }
+    console.log('TEST_SECURITY_DOWNLOAD_AND_SCAN_OK');
+}
+main().catch((err) => {
+    console.error('[download-and-scan] FAILED:', err instanceof Error ? err.message : err);
+    process.exit(1);
+});

package/dist/test_security_download_guard.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const SecurityDownloadGuard_1 = require("./orchestrator/SecurityDownloadGuard");
+const g = new SecurityDownloadGuard_1.SecurityDownloadGuard();
+const good = g.validateUrl('https://skills.sh/');
+if (!good.ok)
+    throw new Error('skills.sh should be allowed reference');
+const bad = g.validateUrl('https://evil.example.com/dropper.zip');
+if (bad.ok)
+    throw new Error('untrusted should be blocked');
+const scan = g.scanFileList(['pack/SKILL.md', 'pack/.env', 'pack/run.exe']);
+if (scan.ok)
+    throw new Error('malicious files should be blocked');
+console.log('TEST_SECURITY_DOWNLOAD_GUARD_OK');

package/dist/test_service_command_surface.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const ServiceState_1 = require("./orchestrator/ServiceState");
+function assert(condition, message) {
+    if (!condition)
+        throw new Error(message);
+}
+const store = new ServiceState_1.ServiceStateStore();
+const serviceId = `test_service_${Date.now()}`;
+const missing = store.getById(serviceId);
+assert(missing === null, 'new service should be null before promotion');
+console.log('TEST_SERVICE_COMMAND_SURFACE_OK');

package/dist/test_service_completion_policy.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const ServiceCompletionPolicy_1 = require("./orchestrator/ServiceCompletionPolicy");
+const ExecutionState_1 = require("./orchestrator/ExecutionState");
+function assert(condition, message) {
+    if (!condition)
+        throw new Error(message);
+}
+async function main() {
+    const policy = new ServiceCompletionPolicy_1.ServiceCompletionPolicy();
+    const criteria = policy.enforceCriteria(['Resultado útil']);
+    assert(criteria.includes('Provisionamento concluído'), 'must enforce provisioning criterion');
+    assert(criteria.includes('Operação real documentada'), 'must enforce operational criterion');
+    const incomplete = (0, ExecutionState_1.createExecutionState)('t1', 'goal', 'u1');
+    incomplete.plan = ['a', 'b'];
+    incomplete.successCriteria = ['x'];
+    const reportIncomplete = policy.evaluate(incomplete);
+    assert(reportIncomplete.complete === false, 'should detect incomplete service');
+    const complete = (0, ExecutionState_1.createExecutionState)('t2', 'goal', 'u1');
+    complete.plan = ['analisar', 'executar', 'validar'];
+    complete.successCriteria = policy.enforceCriteria(['resultado']);
+    complete.attempts.push({ role: 'executor', summary: 'exec ok', status: 'success', at: new Date().toISOString(), artifactPath: '.artifacts/a.txt' });
+    complete.attempts.push({ role: 'reviewer', summary: 'review ok', status: 'success', at: new Date().toISOString() });
+    complete.artifacts.push('.artifacts/a.txt');
+    const reportComplete = policy.evaluate(complete);
+    assert(reportComplete.complete === true, 'should pass complete service report');
+    console.log('TEST_SERVICE_COMPLETION_POLICY_OK');
+}
+main().catch((error) => {
+    console.error(error.message || error);
+    process.exit(1);
+});

package/dist/test_service_guardrails_delete.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const GovernanceLayer_1 = require("./orchestrator/GovernanceLayer");
+function assert(condition, message) {
+    if (!condition)
+        throw new Error(message);
+}
+const governance = new GovernanceLayer_1.GovernanceLayer();
+const deletionRequest = governance.evaluate('please delete all user files now');
+assert(deletionRequest.allowed === false, 'delete requests must be blocked by default');
+assert(deletionRequest.requiresConsent === true, 'delete requests must require explicit consent');
+console.log('TEST_SERVICE_GUARDRAILS_DELETE_OK');

package/dist/test_service_mode_explicit_only.js

@@ -0,0 +1,174 @@
+"use strict";
+/**
+ * test_service_mode_explicit_only.ts — Stories 2.3 + 2.4
+ *
+ * Asserts the v1.3 explicit-only service-mode contract:
+ *   - WorkflowEngine.run() throws if workflow.mode='service' and caller
+ *     did not pass allowServiceMode=true.
+ *   - WorkflowEngine.run() succeeds for the same workflow when caller
+ *     explicitly opts in.
+ *   - ServiceState.promoteTaskToService() refuses silent promotion
+ *     (no actor, system actor, missing consent scope).
+ *   - ServiceState.promoteTaskToService() succeeds with explicit human
+ *     actor + consentScope='task_promotion'.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const WorkflowEngine_1 = require("./orchestrator/workflow/WorkflowEngine");
+const ServiceState_1 = require("./orchestrator/ServiceState");
+function assertTrue(cond, label) {
+    if (!cond)
+        throw new Error(`ASSERT_FAILED[${label}]`);
+}
+async function main() {
+    const tmp = fs.mkdtempSync(path.join(os.tmpdir(), 'service-mode-explicit-'));
+    const stateDir = path.join(tmp, '.openlife');
+    fs.mkdirSync(stateDir, { recursive: true });
+    try {
+        // ── Scenario 1: WorkflowEngine refuses service mode without opt-in ──
+        const serviceWf = {
+            id: 'svc-wf',
+            name: 'Service workflow',
+            type: 'custom',
+            version: '1.0',
+            mode: 'service',
+            sequence: [{ id: 'step-1', agent: 'dev', action: 'do' }],
+        };
+        const engine = new WorkflowEngine_1.WorkflowEngine({ stateDir });
+        let threwOnImplicit = false;
+        let errCode;
+        try {
+            await engine.run(serviceWf, {});
+        }
+        catch (e) {
+            threwOnImplicit = true;
+            errCode = e.code;
+        }
+        assertTrue(threwOnImplicit, 'scenario 1: implicit service run rejected');
+        assertTrue(errCode === 'service_mode_requires_explicit_opt_in', `scenario 1: error code (got ${errCode})`);
+        console.log('[2.3] scenario 1 (implicit service run refused) ✓');
+        // ── Scenario 2: WorkflowEngine accepts service mode with opt-in ─────
+        const state = await engine.run(serviceWf, {}, { allowServiceMode: true });
+        assertTrue(state.status === 'completed' || state.status === 'awaiting_input' || state.status === 'failed', 'scenario 2: service run executes');
+        assertTrue(state.context?.__mode === 'service', 'scenario 2: mode plumbed to context');
+        console.log('[2.3] scenario 2 (explicit service run accepted) ✓');
+        // ── Scenario 3: task workflow runs without any flag ────────────────
+        const taskWf = {
+            id: 'task-wf',
+            name: 'Task workflow',
+            type: 'custom',
+            version: '1.0',
+            sequence: [{ id: 'step-1', agent: 'dev', action: 'do' }],
+        };
+        const taskState = await engine.run(taskWf, {});
+        assertTrue(taskState.context?.__mode === 'task', 'scenario 3: defaults to task mode');
+        console.log('[2.3] scenario 3 (task is default) ✓');
+        // ── Scenario 4: promoteTaskToService refuses missing actor ─────────
+        // ServiceStateStore reads .artifacts/workspaces/<wsId>/... via process.cwd(),
+        // so run the test from within tmp.
+        const origCwd = process.cwd();
+        process.chdir(tmp);
+        const svcStore = new ServiceState_1.ServiceStateStore('test-ws');
+        // Minimal MissionState — ServiceStateStore.promoteTaskToService only
+        // reads .taskId, .goal, and optional .consequenceThoughtTrace.
+        const mission = {
+            taskId: 'mission-1',
+            goal: 'test goal',
+        };
+        let threw1 = false;
+        let err1;
+        try {
+            svcStore.promoteTaskToService(mission, 'svc-from-missing-actor', undefined);
+        }
+        catch (e) {
+            threw1 = true;
+            err1 = e.code;
+        }
+        assertTrue(threw1, 'scenario 4: missing actor refused');
+        assertTrue(err1 === 'task_promotion_requires_human_actor', `scenario 4: error code (got ${err1})`);
+        console.log('[2.4] scenario 4 (missing actor refused) ✓');
+        // ── Scenario 5: promoteTaskToService refuses system actor ──────────
+        let threw2 = false;
+        let err2;
+        try {
+            svcStore.promoteTaskToService(mission, 'svc-from-system', undefined, { actor: 'system', consentScope: 'task_promotion' });
+        }
+        catch (e) {
+            threw2 = true;
+            err2 = e.code;
+        }
+        assertTrue(threw2, 'scenario 5: system actor refused');
+        assertTrue(err2 === 'task_promotion_requires_human_actor', `scenario 5: error code (got ${err2})`);
+        console.log('[2.4] scenario 5 (system actor refused) ✓');
+        // ── Scenario 6: promoteTaskToService refuses missing consent scope ─
+        let threw3 = false;
+        let err3;
+        try {
+            svcStore.promoteTaskToService(mission, 'svc-no-scope', undefined, { actor: 'rafa' });
+        }
+        catch (e) {
+            threw3 = true;
+            err3 = e.code;
+        }
+        assertTrue(threw3, 'scenario 6: missing consent scope refused');
+        assertTrue(err3 === 'task_promotion_requires_consent_scope', `scenario 6: error code (got ${err3})`);
+        console.log('[2.4] scenario 6 (missing consent scope refused) ✓');
+        // ── Scenario 7: explicit human actor + scope succeeds ──────────────
+        const svc = svcStore.promoteTaskToService(mission, 'svc-ok', 'real promotion', {
+            actor: 'rafa',
+            consentScope: 'task_promotion',
+            reason: 'long-running research',
+        });
+        assertTrue(svc.serviceId === 'svc-ok', 'scenario 7: service created');
+        assertTrue(svc.missionIds.includes('mission-1'), 'scenario 7: mission attached');
+        console.log('[2.4] scenario 7 (explicit promotion succeeds) ✓');
+        process.chdir(origCwd);
+        console.log('TEST_SERVICE_MODE_EXPLICIT_ONLY_OK');
+    }
+    finally {
+        try {
+            process.chdir(path.dirname(tmp));
+        }
+        catch { /* ignore */ }
+        fs.rmSync(tmp, { recursive: true, force: true });
+    }
+}
+main().catch((err) => {
+    console.error('[service-mode-explicit] FAILED:', err instanceof Error ? err.message : err);
+    process.exit(1);
+});