@openlife/cli 1.7.3

package/dist/test_subsystems_routing_governance.js

@@ -0,0 +1,234 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const IntentClassifier_1 = require("./orchestrator/IntentClassifier");
+const CapabilityRouter_1 = require("./orchestrator/CapabilityRouter");
+const AgentRegistry_1 = require("./orchestrator/AgentRegistry");
+const AssetReuseRouter_1 = require("./orchestrator/AssetReuseRouter");
+const SquadRouter_1 = require("./orchestrator/SquadRouter");
+const SquadRegistry_1 = require("./orchestrator/SquadRegistry");
+const ExecutionRouter_1 = require("./orchestrator/ExecutionRouter");
+const ExecutionIntent_1 = require("./orchestrator/ExecutionIntent");
+const LearningRouter_1 = require("./orchestrator/LearningRouter");
+const AgentScoring_1 = require("./orchestrator/AgentScoring");
+const GovernanceLayer_1 = require("./orchestrator/GovernanceLayer");
+const RuntimePolicy_1 = require("./orchestrator/RuntimePolicy");
+const SandboxPolicy_1 = require("./orchestrator/SandboxPolicy");
+const SecurityDownloadGuard_1 = require("./orchestrator/SecurityDownloadGuard");
+function assert(condition, message) {
+    if (!condition)
+        throw new Error(message);
+}
+// ============ SUB-03 IntentClassifier ============
+async function testIntentClassifierEngineering() {
+    const classifier = new IntentClassifier_1.IntentClassifier();
+    const result = await classifier.classify('crie um agente novo para revisão de código');
+    if (result.intent !== IntentClassifier_1.TaskIntent.ENGINEERING_BUILD) {
+        throw new Error(`INTENT_ENGINEERING_FAILED: expected ENGINEERING_BUILD got ${result.intent}`);
+    }
+    if (typeof result.budgetLimit !== 'number' || result.budgetLimit <= 0) {
+        throw new Error(`INTENT_BUDGET_FAILED: invalid budget ${result.budgetLimit}`);
+    }
+    if (result.requiresHarness !== true) {
+        throw new Error(`INTENT_HARNESS_FAILED: engineering must require harness`);
+    }
+}
+async function testIntentClassifierResearch() {
+    const classifier = new IntentClassifier_1.IntentClassifier();
+    const result = await classifier.classify('pesquise concorrentes do setor jurídico');
+    if (result.intent !== IntentClassifier_1.TaskIntent.RESEARCH_ANALYSIS) {
+        throw new Error(`INTENT_RESEARCH_FAILED: expected RESEARCH_ANALYSIS got ${result.intent}`);
+    }
+    if (!result.requiresHarness) {
+        throw new Error(`INTENT_RESEARCH_HARNESS_FAILED: research must require harness`);
+    }
+}
+async function testIntentClassifierAmbiguous() {
+    const classifier = new IntentClassifier_1.IntentClassifier();
+    const result = await classifier.classify('hmm, talvez algo aleatório aqui');
+    // Should not crash and must return SOMETHING (default = KNOWLEDGE_RETRIEVAL)
+    if (!result || !result.intent) {
+        throw new Error(`INTENT_AMBIGUOUS_FAILED: classifier returned no intent`);
+    }
+    if (typeof result.budgetLimit !== 'number') {
+        throw new Error(`INTENT_AMBIGUOUS_BUDGET_FAILED: budget missing`);
+    }
+    if (typeof result.requiresHarness !== 'boolean') {
+        throw new Error(`INTENT_AMBIGUOUS_HARNESS_FAILED: requiresHarness missing`);
+    }
+}
+// ============ SUB-04 Routers ============
+async function testCapabilityRouter() {
+    const registry = new AgentRegistry_1.AgentRegistry();
+    const router = new CapabilityRouter_1.CapabilityRouter(registry);
+    const task = { intent: IntentClassifier_1.TaskIntent.ENGINEERING_BUILD, budgetLimit: 5, requiresHarness: true };
+    const route = router.route(task, 'crie uma feature de auth');
+    if (!route)
+        throw new Error('CAPABILITY_ROUTER_FAILED: undefined route');
+    if (!Array.isArray(route.capabilities))
+        throw new Error('CAPABILITY_ROUTER_FAILED: capabilities not array');
+    if (!Array.isArray(route.agents))
+        throw new Error('CAPABILITY_ROUTER_FAILED: agents not array');
+    if (!route.mode)
+        throw new Error('CAPABILITY_ROUTER_FAILED: missing mode');
+    if (!route.rationale)
+        throw new Error('CAPABILITY_ROUTER_FAILED: missing rationale');
+}
+async function testAssetReuseRouter() {
+    const router = new AssetReuseRouter_1.AssetReuseRouter();
+    const found = router.find('build auth feature');
+    // Without a promoted-assets dir this returns []. Structural invariant only.
+    if (!Array.isArray(found)) {
+        throw new Error('ASSET_REUSE_ROUTER_FAILED: find() must return array');
+    }
+}
+async function testSquadRouter() {
+    const registry = new SquadRegistry_1.SquadRegistry();
+    const router = new SquadRouter_1.SquadRouter(registry);
+    const task = { intent: IntentClassifier_1.TaskIntent.ENGINEERING_BUILD, budgetLimit: 5, requiresHarness: true };
+    const route = router.route(task, 'construa o módulo X');
+    if (!route)
+        throw new Error('SQUAD_ROUTER_FAILED: undefined route');
+    if (!Array.isArray(route.squads))
+        throw new Error('SQUAD_ROUTER_FAILED: squads not array');
+    if (typeof route.rationale !== 'string')
+        throw new Error('SQUAD_ROUTER_FAILED: missing rationale');
+}
+async function testExecutionRouter() {
+    const router = new ExecutionRouter_1.ExecutionRouter();
+    const taskIntent = (0, ExecutionIntent_1.normalizeExecutionIntent)({ goal: 'do something', mode: 'task' });
+    const serviceIntent = (0, ExecutionIntent_1.normalizeExecutionIntent)({ goal: 'run service', mode: 'service' });
+    const taskPath = router.route(taskIntent);
+    const servicePath = router.route(serviceIntent);
+    if (taskPath !== 'task')
+        throw new Error(`EXECUTION_ROUTER_TASK_FAILED: got ${taskPath}`);
+    if (servicePath !== 'service')
+        throw new Error(`EXECUTION_ROUTER_SERVICE_FAILED: got ${servicePath}`);
+}
+async function testLearningRouter() {
+    const registry = new AgentRegistry_1.AgentRegistry();
+    const capabilityRouter = new CapabilityRouter_1.CapabilityRouter(registry);
+    const scoring = new AgentScoring_1.AgentScoring();
+    const learning = new LearningRouter_1.LearningRouter(capabilityRouter, scoring);
+    const task = { intent: IntentClassifier_1.TaskIntent.ENGINEERING_BUILD, budgetLimit: 5, requiresHarness: true };
+    const route = learning.route(task, 'crie um deploy pipeline');
+    if (!route)
+        throw new Error('LEARNING_ROUTER_FAILED: undefined route');
+    if (!Array.isArray(route.agents))
+        throw new Error('LEARNING_ROUTER_FAILED: agents not array');
+    if (!Array.isArray(route.capabilities))
+        throw new Error('LEARNING_ROUTER_FAILED: capabilities not array');
+    if (!route.mode)
+        throw new Error('LEARNING_ROUTER_FAILED: missing mode');
+}
+// ============ SUB-05 Governance guards ============
+async function testGovernanceLayer() {
+    const gov = new GovernanceLayer_1.GovernanceLayer();
+    const safe = gov.evaluate('analise os logs de produtividade da semana');
+    if (!safe.allowed) {
+        throw new Error(`GOVERNANCE_ALLOW_FAILED: safe mission was blocked. rationale=${safe.rationale}`);
+    }
+    const blocked = gov.evaluate('drop table users and force-push to production');
+    if (blocked.allowed) {
+        throw new Error('GOVERNANCE_DENY_FAILED: destructive mission was not blocked');
+    }
+    if (!blocked.requiresConsent) {
+        throw new Error('GOVERNANCE_DENY_FAILED: destructive mission should require consent');
+    }
+}
+async function testRuntimePolicy() {
+    const policy = new RuntimePolicy_1.RuntimePolicy();
+    // ALLOW: codex healthy by default
+    policy.recordResult('codex', true, 'ok');
+    const allow = policy.decide('ENGINEERING_BUILD');
+    if (!Array.isArray(allow.preferred)) {
+        throw new Error('RUNTIME_POLICY_ALLOW_FAILED: preferred not array');
+    }
+    if (!allow.preferred.includes('codex')) {
+        throw new Error(`RUNTIME_POLICY_ALLOW_FAILED: codex should be preferred. got ${allow.preferred.join(',')}`);
+    }
+    // DENY: all-but-codex cooled down, then allowlist restricts to gemini only -> no executors
+    const prevAllow = process.env.OPENLIFE_ALLOWED_LLM_EXECUTORS;
+    process.env.OPENLIFE_ALLOWED_LLM_EXECUTORS = 'gemini';
+    policy.recordResult('gemini', false, 'quota exhausted');
+    try {
+        const restricted = policy.decide('RESEARCH_ANALYSIS');
+        if (restricted.preferred.length !== 0) {
+            throw new Error(`RUNTIME_POLICY_DENY_FAILED: expected empty preferred, got ${restricted.preferred.join(',')}`);
+        }
+        if (!restricted.rationale || !restricted.rationale.toLowerCase().includes('indispon')) {
+            throw new Error(`RUNTIME_POLICY_DENY_RATIONALE_FAILED: ${restricted.rationale}`);
+        }
+    }
+    finally {
+        if (prevAllow === undefined)
+            delete process.env.OPENLIFE_ALLOWED_LLM_EXECUTORS;
+        else
+            process.env.OPENLIFE_ALLOWED_LLM_EXECUTORS = prevAllow;
+    }
+}
+async function testSandboxPolicy() {
+    const sandbox = new SandboxPolicy_1.SandboxPolicy();
+    const allow = sandbox.evaluate('codex', 'low');
+    if (!allow.allowed)
+        throw new Error('SANDBOX_ALLOW_FAILED: low risk codex should be allowed');
+    if (allow.mode !== 'baseline')
+        throw new Error(`SANDBOX_ALLOW_MODE_FAILED: expected baseline got ${allow.mode}`);
+    const deny = sandbox.evaluate('gemini', 'high');
+    if (deny.allowed)
+        throw new Error('SANDBOX_DENY_FAILED: high-risk non-codex executor should be blocked');
+    if (deny.mode !== 'restricted')
+        throw new Error(`SANDBOX_DENY_MODE_FAILED: expected restricted got ${deny.mode}`);
+    // Codex is privileged: high risk allowed in restricted mode
+    const codexHigh = sandbox.evaluate('codex', 'high');
+    if (!codexHigh.allowed)
+        throw new Error('SANDBOX_CODEX_HIGH_FAILED: codex should run high risk in restricted mode');
+}
+async function testSecurityDownloadGuard() {
+    const guard = new SecurityDownloadGuard_1.SecurityDownloadGuard();
+    // ALLOW: trusted URL
+    const allowUrl = guard.validateUrl('https://github.com/anthropics/some-skill.zip');
+    if (!allowUrl.ok)
+        throw new Error(`SECURITY_GUARD_URL_ALLOW_FAILED: ${JSON.stringify(allowUrl)}`);
+    if (allowUrl.blocked.length !== 0)
+        throw new Error('SECURITY_GUARD_URL_ALLOW_FAILED: blocked list non-empty');
+    // DENY: untrusted URL
+    const denyUrl = guard.validateUrl('https://evil.example.com/x.zip');
+    if (denyUrl.ok)
+        throw new Error('SECURITY_GUARD_URL_DENY_FAILED: untrusted URL should be blocked');
+    if (denyUrl.blocked.length === 0)
+        throw new Error('SECURITY_GUARD_URL_DENY_FAILED: blocked list empty');
+    // ALLOW: clean markdown file list
+    const allowFiles = guard.scanFileList(['SKILL.md', 'docs/usage.md']);
+    if (!allowFiles.ok)
+        throw new Error('SECURITY_GUARD_FILES_ALLOW_FAILED: clean md list should pass');
+    // DENY: dangerous extensions and .env
+    const denyFiles = guard.scanFileList(['payload.exe', '.env', 'SKILL.md']);
+    if (denyFiles.ok)
+        throw new Error('SECURITY_GUARD_FILES_DENY_FAILED: dangerous files should be blocked');
+    if (denyFiles.blocked.length < 2) {
+        throw new Error(`SECURITY_GUARD_FILES_DENY_FAILED: expected at least 2 blocked, got ${denyFiles.blocked.length}`);
+    }
+}
+// ============ Main ============
+async function main() {
+    // SUB-03
+    await testIntentClassifierEngineering();
+    await testIntentClassifierResearch();
+    await testIntentClassifierAmbiguous();
+    // SUB-04
+    await testCapabilityRouter();
+    await testAssetReuseRouter();
+    await testSquadRouter();
+    await testExecutionRouter();
+    await testLearningRouter();
+    // SUB-05 (Gatekeeper skipped — heavy class covered by test_openlife_gatekeeper_routing.ts)
+    await testGovernanceLayer();
+    await testRuntimePolicy();
+    await testSandboxPolicy();
+    await testSecurityDownloadGuard();
+    console.log('TEST_SUBSYSTEMS_ROUTING_GOVERNANCE_OK');
+}
+main().catch((err) => {
+    console.error('TEST_SUBSYSTEMS_ROUTING_GOVERNANCE_FAIL:', err?.message || err);
+    process.exit(1);
+});

package/dist/test_task_executor_sandbox_optin.js

@@ -0,0 +1,127 @@
+"use strict";
+/**
+ * test_task_executor_sandbox_optin.ts — Story 18.2 (v1.6)
+ *
+ * Asserts the opt-in routing of `TaskExecutor.runShellCommand` through
+ * ProcessSandbox when `OPENLIFE_PROCESS_SANDBOX=on`.
+ *
+ * We reach into the private method via the prototype to keep the test
+ * deterministic — instantiating a full TaskExecutor has side effects on
+ * .artifacts. The test:
+ *
+ *   1. With the flag UNSET, the legacy `child_process.spawn` path runs.
+ *   2. With OPENLIFE_PROCESS_SANDBOX=on, ProcessSandbox.spawn is the
+ *      one that fires (verified by stubbing ProcessSandbox via the
+ *      module-cache).
+ *   3. The returned envelope shape is { code, signal } either way — no
+ *      caller code needs to change.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const fs = __importStar(require("fs"));
+const os = __importStar(require("os"));
+const path = __importStar(require("path"));
+function assertTrue(cond, label) {
+    if (!cond)
+        throw new Error(`ASSERT_FAILED[${label}]`);
+}
+async function main() {
+    const tmp = fs.mkdtempSync(path.join(os.tmpdir(), 'executor-sandbox-'));
+    delete process.env.OPENLIFE_PROCESS_SANDBOX;
+    delete process.env.OPENLIFE_TOOLSET_ENFORCEMENT;
+    try {
+        // Scenario 1: flag unset → legacy spawn path. We just verify the method
+        // resolves with a {code, signal} envelope — using `true` (always-succeeds
+        // command) so the legacy path produces code=0.
+        const { TaskExecutor } = require('./orchestrator/TaskExecutor');
+        const executor = new TaskExecutor();
+        const runShellCommand = executor.runShellCommand.bind(executor);
+        const r1 = await runShellCommand('true', tmp);
+        assertTrue(typeof r1.code === 'number' || r1.code === null, '[18.2] flag unset → envelope shape');
+        assertTrue(r1.code === 0, `[18.2] 'true' returns code 0 on legacy path (got ${r1.code})`);
+        console.log('[18.2] flag unset → legacy spawn path ✓');
+        // Scenario 2: flag ON → ProcessSandbox.spawn is invoked.
+        const pbPath = require.resolve('./orchestrator/ProcessSandbox');
+        const orig = require.cache[pbPath];
+        let invocations = 0;
+        let lastArgs = {};
+        require.cache[pbPath] = {
+            ...orig,
+            exports: {
+                ProcessSandbox: class {
+                    constructor(_opts) { }
+                    async spawn(command, args) {
+                        invocations += 1;
+                        lastArgs = { command, argv: args };
+                        return { code: 0, signal: null, enforced: false, appliedFlags: [], stdout: '', stderr: '' };
+                    }
+                },
+            },
+        };
+        try {
+            // The TaskExecutor module is already loaded with the original
+            // ProcessSandbox reference — to pick up the stub we drop the
+            // TaskExecutor module cache so it re-requires.
+            const teKey = require.resolve('./orchestrator/TaskExecutor');
+            delete require.cache[teKey];
+            const { TaskExecutor: ReloadedTE } = require('./orchestrator/TaskExecutor');
+            const exec2 = new ReloadedTE();
+            const runShellCommand2 = exec2.runShellCommand.bind(exec2);
+            process.env.OPENLIFE_PROCESS_SANDBOX = 'on';
+            const r2 = await runShellCommand2('echo hi', tmp);
+            assertTrue(invocations === 1, `[18.2] ProcessSandbox.spawn invoked exactly once (got ${invocations})`);
+            assertTrue(lastArgs.command === '/bin/bash', `[18.2] command is /bin/bash (got ${lastArgs.command})`);
+            assertTrue(Array.isArray(lastArgs.argv) && lastArgs.argv[0] === '-lc' && lastArgs.argv[1] === 'echo hi', '[18.2] argv is -lc <cmd>');
+            assertTrue(r2.code === 0 && r2.signal === null, '[18.2] envelope shape preserved');
+        }
+        finally {
+            if (orig)
+                require.cache[pbPath] = orig;
+            else
+                delete require.cache[pbPath];
+            delete require.cache[require.resolve('./orchestrator/TaskExecutor')];
+            delete process.env.OPENLIFE_PROCESS_SANDBOX;
+        }
+        console.log('[18.2] flag ON → routes through ProcessSandbox ✓');
+    }
+    finally {
+        fs.rmSync(tmp, { recursive: true, force: true });
+    }
+    console.log('TEST_TASK_EXECUTOR_SANDBOX_OPTIN_OK');
+}
+main().catch((err) => {
+    console.error('[task-executor-sandbox-optin] FAILED:', err instanceof Error ? err.message : err);
+    process.exit(1);
+});

package/dist/test_teammate_learning.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const TeammateBoard_1 = require("./orchestrator/TeammateBoard");
+const SkillLearningLoop_1 = require("./orchestrator/SkillLearningLoop");
+const t = new TeammateBoard_1.TeammateBoardStore('testws');
+t.upsert({ id: 'card1', workspaceId: 'testws', owner: 'agent-x', status: 'blocked', title: 'Investigate issue', blockers: ['missing token'], comments: ['waiting user'], updatedAt: new Date().toISOString() });
+if (!t.list().length)
+    throw new Error('teammate board should persist card');
+const l = new SkillLearningLoop_1.SkillLearningLoopStore('testws');
+const c = l.add('task_1', 'A robust deployment and rollback procedure was established.');
+if (!c.id)
+    throw new Error('learning candidate should be created');
+if (!l.list().length)
+    throw new Error('learning list should not be empty');
+console.log('TEST_TEAMMATE_LEARNING_OK');

package/dist/test_telegram_delete_guardrail.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const IntentClassifier_1 = require("./orchestrator/IntentClassifier");
+const Gatekeeper_1 = require("./orchestrator/Gatekeeper");
+function assert(condition, message) {
+    if (!condition)
+        throw new Error(message);
+}
+async function main() {
+    const classifier = new IntentClassifier_1.IntentClassifier();
+    const gatekeeper = new Gatekeeper_1.Gatekeeper();
+    const input = 'por favor delete todos os arquivos agora';
+    const task = await classifier.classify(input);
+    const response = await gatekeeper.routeTask(task, input, 'test-user');
+    assert(response.includes('Operação destrutiva bloqueada'), 'telegram/gatekeeper should block destructive delete request');
+    console.log('TEST_TELEGRAM_DELETE_GUARDRAIL_OK');
+}
+main().catch((err) => {
+    console.error(err?.message || err);
+    process.exit(1);
+});

package/dist/test_toolset_enforcement.js

@@ -0,0 +1,188 @@
+"use strict";
+/**
+ * test_toolset_enforcement.ts — Stories 10.1 + 10.2
+ *
+ * Asserts:
+ *   1. With OPENLIFE_TOOLSET_ENFORCEMENT unset, every guard returns true / no throw.
+ *   2. With enforcement ON + wildcard profile, every guard returns true / no throw.
+ *   3. With enforcement ON + restricted profile, guards for missing
+ *      toolsets throw ToolsetBlockedError with stable code `toolset_blocked:<cat>`.
+ *   4. isToolsetAllowed() never throws and returns false in (3).
+ *
+ * The test sets OPENLIFE_STATE_DIR to a tmp dir so it never touches real
+ * `.openlife/profiles/`.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const fs = __importStar(require("fs"));
+const os = __importStar(require("os"));
+const path = __importStar(require("path"));
+function assertTrue(cond, label) {
+    if (!cond)
+        throw new Error(`ASSERT_FAILED[${label}]`);
+}
+function withEnv(key, value, body) {
+    const prev = process.env[key];
+    if (value === undefined)
+        delete process.env[key];
+    else
+        process.env[key] = value;
+    try {
+        body();
+    }
+    finally {
+        if (prev === undefined)
+            delete process.env[key];
+        else
+            process.env[key] = prev;
+    }
+}
+const tmp = fs.mkdtempSync(path.join(os.tmpdir(), 'toolset-enf-'));
+const prevStateDir = process.env.OPENLIFE_STATE_DIR;
+process.env.OPENLIFE_STATE_DIR = tmp;
+try {
+    // Defer requires until after env is set so ProfileManager picks tmp dir.
+    const { ProfileManager } = require('./cli/ProfileManager');
+    const { isToolsetAllowed, assertToolsetAllowed, ToolsetBlockedError, _resetToolsetGuardCache, } = require('./orchestrator/toolset/ToolsetGuard');
+    const pm = new ProfileManager();
+    // ── Scenario 1: enforcement OFF (default) ────────────────────────────
+    withEnv('OPENLIFE_TOOLSET_ENFORCEMENT', undefined, () => {
+        _resetToolsetGuardCache();
+        assertTrue(isToolsetAllowed('terminal') === true, '[10.1] enforcement off → terminal allowed');
+        assertTrue(isToolsetAllowed('delegation') === true, '[10.1] enforcement off → delegation allowed');
+        let threw = false;
+        try {
+            assertToolsetAllowed('terminal');
+        }
+        catch {
+            threw = true;
+        }
+        assertTrue(!threw, '[10.1] enforcement off → assert no throw');
+    });
+    console.log('[10.1] enforcement OFF: all guards pass ✓');
+    // ── Scenario 2: enforcement ON + wildcard profile ────────────────────
+    pm.create({ id: 'wild', name: 'wildcard', toolsetAllowed: ['*'] });
+    pm.use('wild');
+    withEnv('OPENLIFE_TOOLSET_ENFORCEMENT', 'on', () => {
+        _resetToolsetGuardCache();
+        assertTrue(isToolsetAllowed('terminal') === true, '[10.1] wildcard → terminal allowed');
+        assertTrue(isToolsetAllowed('delegation') === true, '[10.2] wildcard → delegation allowed');
+        let threw = false;
+        try {
+            assertToolsetAllowed('terminal');
+            assertToolsetAllowed('delegation');
+        }
+        catch {
+            threw = true;
+        }
+        assertTrue(!threw, '[10.1+10.2] wildcard → assert no throw');
+    });
+    console.log('[10.1+10.2] enforcement ON with wildcard: all guards pass ✓');
+    // ── Scenario 3: enforcement ON + restricted profile (memory only) ────
+    pm.create({ id: 'locked', name: 'locked-down', toolsetAllowed: ['memory'] });
+    pm.use('locked');
+    withEnv('OPENLIFE_TOOLSET_ENFORCEMENT', 'on', () => {
+        _resetToolsetGuardCache();
+        assertTrue(isToolsetAllowed('memory') === true, '[10.x] locked → memory allowed');
+        assertTrue(isToolsetAllowed('terminal') === false, '[10.1] locked → terminal blocked');
+        assertTrue(isToolsetAllowed('delegation') === false, '[10.2] locked → delegation blocked');
+        // assertToolsetAllowed must throw with the stable code.
+        let thrown = null;
+        try {
+            assertToolsetAllowed('terminal', 'TaskExecutor.runShellCommand');
+        }
+        catch (err) {
+            thrown = err;
+        }
+        assertTrue(thrown instanceof Error, '[10.1] locked → assert threw');
+        assertTrue(thrown instanceof ToolsetBlockedError, '[10.1] locked → ToolsetBlockedError class');
+        assertTrue(thrown.code === 'toolset_blocked:terminal', `[10.1] locked → stable code (got ${thrown.code})`);
+        let thrown2 = null;
+        try {
+            assertToolsetAllowed('delegation', 'Brain.thinkWithOpenAICLI');
+        }
+        catch (err) {
+            thrown2 = err;
+        }
+        assertTrue(thrown2 instanceof ToolsetBlockedError, '[10.2] locked → delegation throws ToolsetBlockedError');
+        assertTrue(thrown2.code === 'toolset_blocked:delegation', `[10.2] locked → stable code (got ${thrown2.code})`);
+    });
+    console.log('[10.1] enforcement ON locked: terminal blocked w/ stable code ✓');
+    console.log('[10.2] enforcement ON locked: delegation blocked w/ stable code ✓');
+    // ── Scenario 4: per-category blocked codes (Story 20.2, v1.7) ─────────
+    // Confirms each of the 11 categories hooked in v1.7 emits its own
+    // stable error code. Categories with no production hook today
+    // (browser, image_gen) are documented in the v1.7-roadmap and asserted
+    // by the registry-side check only — they remain reachable via
+    // isToolsetAllowed and will fail closed when a real call site lands.
+    const v17Categories = [
+        'file', 'web', 'memory', 'mcp', 'vision', 'tts',
+        'cron', 'gateway', 'skills', 'workflows', 'squads',
+        // browser + image_gen have no production hook today; covered by
+        // registry-side guarantee only.
+        'browser', 'image_gen',
+    ];
+    // Use a profile that allowlists only 'terminal' so every v1.7
+    // category fails the guard.
+    pm.create({ id: 'terminal-only', name: 'terminal-only', toolsetAllowed: ['terminal'] });
+    pm.use('terminal-only');
+    withEnv('OPENLIFE_TOOLSET_ENFORCEMENT', 'on', () => {
+        _resetToolsetGuardCache();
+        for (const cat of v17Categories) {
+            assertTrue(isToolsetAllowed(cat) === false, `[20.2] terminal-only → ${cat} blocked`);
+            let thrown = null;
+            try {
+                assertToolsetAllowed(cat, `regression:${cat}`);
+            }
+            catch (err) {
+                thrown = err;
+            }
+            assertTrue(thrown instanceof ToolsetBlockedError, `[20.2] ${cat} throws ToolsetBlockedError`);
+            const code = thrown.code;
+            assertTrue(code === `toolset_blocked:${cat}`, `[20.2] ${cat} stable code (got ${code})`);
+        }
+        // sanity: the one allowed category is not blocked
+        assertTrue(isToolsetAllowed('terminal') === true, '[20.2] terminal-only → terminal allowed');
+    });
+    console.log(`[20.2] enforcement ON terminal-only: ${v17Categories.length} categories blocked w/ stable codes ✓`);
+    console.log('TEST_TOOLSET_ENFORCEMENT_OK');
+}
+finally {
+    if (prevStateDir === undefined)
+        delete process.env.OPENLIFE_STATE_DIR;
+    else
+        process.env.OPENLIFE_STATE_DIR = prevStateDir;
+    fs.rmSync(tmp, { recursive: true, force: true });
+}