@principles/pd-cli 1.114.0 → 1.115.0

package/dist/services/demo-rule-compiler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"demo-rule-compiler.d.ts","sourceRoot":"","sources":["../../src/services/demo-rule-compiler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAKH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAepE;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,gBAAgB,CA8BnF"}
+{"version":3,"file":"demo-rule-compiler.d.ts","sourceRoot":"","sources":["../../src/services/demo-rule-compiler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAKH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAsCpE;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,gBAAgB,CA2BnF"}

package/dist/services/demo-rule-compiler.js

@@ -14,7 +14,7 @@
  * `loadRuleImplementationModule` for production code_tool_hook evaluation.
  */
 import * as vm from 'node:vm';
-import { safeStringifyPreview } from '@principles/core/runtime-v2';
+import { safeStringifyPreview, validateCorrectionProposal } from '@principles/core/runtime-v2';
 function normalizeSource(sourceCode) {
     const withoutExports = sourceCode
         .replace(/export\s+const\s+meta\s*=/, 'const meta =')
@@ -25,6 +25,29 @@ globalThis.__pdRuleModule = {
   evaluate: typeof evaluate === 'undefined' ? undefined : evaluate,
 };`;
 }
+function isRecord(value) {
+    return typeof value === 'object' && value !== null && !Array.isArray(value);
+}
+function isRuleEvaluator(value) {
+    return typeof value === 'function';
+}
+function isRuleHostResult(value) {
+    if (!isRecord(value))
+        return false;
+    const decision = Object.hasOwn(value, 'decision') ? value.decision : undefined;
+    const matched = Object.hasOwn(value, 'matched') ? value.matched : undefined;
+    const reason = Object.hasOwn(value, 'reason') ? value.reason : undefined;
+    if (decision !== 'allow' && decision !== 'block' && decision !== 'requireApproval' && decision !== 'auto_correct') {
+        return false;
+    }
+    if (typeof matched !== 'boolean' || typeof reason !== 'string')
+        return false;
+    if (decision === 'auto_correct') {
+        const proposal = Object.hasOwn(value, 'correctionProposal') ? value.correctionProposal : undefined;
+        return validateCorrectionProposal(proposal).valid;
+    }
+    return true;
+}
 /**
  * Compile rule implementation code and return a typed evaluate function.
  * Mirrors `createReplayEvaluateFromCode` in openclaw-plugin.
@@ -33,18 +56,19 @@ globalThis.__pdRuleModule = {
  */
 export function compileDemoRule(code, sourceLabel) {
     const context = vm.createContext(Object.create(null));
-    const script = new vm.Script(normalizeSource(code), { filename: sourceLabel });
+    const script = new vm.Script(normalizeSource(code), {
+        filename: sourceLabel,
+    });
     script.runInContext(context, { timeout: 1000, displayErrors: true });
-    const moduleExports = context
-        .__pdRuleModule;
+    const moduleExports = context.__pdRuleModule;
     delete context.__pdRuleModule;
-    if (!moduleExports || typeof moduleExports.evaluate !== 'function') {
+    if (!moduleExports || !isRuleEvaluator(moduleExports.evaluate)) {
         throw new Error(`[compileDemoRule] ${sourceLabel}: compiled module has no evaluate function`);
     }
     const evaluateFn = moduleExports.evaluate;
     return (input, helpers) => {
         const result = evaluateFn(input, helpers);
-        if (typeof result !== 'object' || result === null || !Object.hasOwn(result, 'decision')) {
+        if (!isRuleHostResult(result)) {
             throw new Error(`[${sourceLabel}]: evaluate returned invalid RuleHostResult (got ${typeof result === 'object' && result !== null ? safeStringifyPreview(result) : String(result)})`);
         }
         return result;

package/dist/services/demo-rule-compiler.js.map

@@ -1 +1 @@
-{"version":3,"file":"demo-rule-compiler.js","sourceRoot":"","sources":["../../src/services/demo-rule-compiler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAI9B,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AAEnE,SAAS,eAAe,CAAC,UAAkB;IACzC,MAAM,cAAc,GAAG,UAAU;SAC9B,OAAO,CAAC,2BAA2B,EAAE,cAAc,CAAC;SACpD,OAAO,CAAC,mCAAmC,EAAE,oBAAoB,CAAC,CAAC;IAEtE,OAAO,GAAG,cAAc;;;;GAIvB,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,IAAY,EAAE,WAAmB;IAC/D,MAAM,OAAO,GAAG,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IACtD,MAAM,MAAM,GAAG,IAAI,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC;IAE/E,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAErE,MAAM,aAAa,GAAI,OAAuE;SAC3F,cAAc,CAAC;IAClB,OAAQ,OAAwC,CAAC,cAAc,CAAC;IAEhE,IAAI,CAAC,aAAa,IAAI,OAAO,aAAa,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CACb,qBAAqB,WAAW,4CAA4C,CAC7E,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,aAAa,CAAC,QAGd,CAAC;IAEpB,OAAO,CAAC,KAAoB,EAAE,OAAwB,EAAkB,EAAE;QACxE,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC1C,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,CAAC;YACxF,MAAM,IAAI,KAAK,CACb,IAAI,WAAW,oDAAoD,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CACpK,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}
+{"version":3,"file":"demo-rule-compiler.js","sourceRoot":"","sources":["../../src/services/demo-rule-compiler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAI9B,OAAO,EAAE,oBAAoB,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAC;AAE/F,SAAS,eAAe,CAAC,UAAkB;IACzC,MAAM,cAAc,GAAG,UAAU;SAC9B,OAAO,CAAC,2BAA2B,EAAE,cAAc,CAAC;SACpD,OAAO,CAAC,mCAAmC,EAAE,oBAAoB,CAAC,CAAC;IAEtE,OAAO,GAAG,cAAc;;;;GAIvB,CAAC;AACJ,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC9B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,OAAO,OAAO,KAAK,KAAK,UAAU,CAAC;AACrC,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAc;IACtC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACnC,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;IAC/E,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5E,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;IACzE,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,iBAAiB,IAAI,QAAQ,KAAK,cAAc,EAAE,CAAC;QAClH,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,OAAO,KAAK,SAAS,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC7E,IAAI,QAAQ,KAAK,cAAc,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,oBAAoB,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;QACnG,OAAO,0BAA0B,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC;IACpD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AACD;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,IAAY,EAAE,WAAmB;IAC/D,MAAM,OAAO,GAAG,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IACtD,MAAM,MAAM,GAAG,IAAI,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE;QAClD,QAAQ,EAAE,WAAW;KACtB,CAAC,CAAC;IAEH,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAErE,MAAM,aAAa,GAAI,OAAuE,CAAC,cAAc,CAAC;IAC9G,OAAQ,OAAwC,CAAC,cAAc,CAAC;IAEhE,IAAI,CAAC,aAAa,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/D,MAAM,IAAI,KAAK,CAAC,qBAAqB,WAAW,4CAA4C,CAAC,CAAC;IAChG,CAAC;IAED,MAAM,UAAU,GAAG,aAAa,CAAC,QAAQ,CAAC;IAC1C,OAAO,CAAC,KAAoB,EAAE,OAAwB,EAAkB,EAAE;QACxE,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC1C,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CACb,IAAI,WAAW,oDACb,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAC9F,GAAG,CACJ,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@principles/pd-cli",
-  "version": "1.114.0",
+  "version": "1.115.0",
   "description": "PD CLI — Pain recording, sample management, and evolution tasks",
   "type": "module",
   "bin": {

package/src/services/demo-rule-compiler.ts

@@ -18,7 +18,7 @@ import * as vm from 'node:vm';
 import type { RuleHostInput, RuleHostResult } from '@principles/core/runtime-v2';
 import type { RuleHostHelpers } from '@principles/core/runtime-v2';
 import type { ReplayEvaluateFn } from '@principles/core/runtime-v2';
-import { safeStringifyPreview } from '@principles/core/runtime-v2';
+import { safeStringifyPreview, validateCorrectionProposal } from '@principles/core/runtime-v2';
 
 function normalizeSource(sourceCode: string): string {
   const withoutExports = sourceCode
@@ -32,6 +32,29 @@ globalThis.__pdRuleModule = {
 };`;
 }
 
+function isRecord(value: unknown): value is Record<string, unknown> {
+  return typeof value === 'object' && value !== null && !Array.isArray(value);
+}
+
+function isRuleEvaluator(value: unknown): value is (input: RuleHostInput, helpers: RuleHostHelpers) => unknown {
+  return typeof value === 'function';
+}
+
+function isRuleHostResult(value: unknown): value is RuleHostResult {
+  if (!isRecord(value)) return false;
+  const decision = Object.hasOwn(value, 'decision') ? value.decision : undefined;
+  const matched = Object.hasOwn(value, 'matched') ? value.matched : undefined;
+  const reason = Object.hasOwn(value, 'reason') ? value.reason : undefined;
+  if (decision !== 'allow' && decision !== 'block' && decision !== 'requireApproval' && decision !== 'auto_correct') {
+    return false;
+  }
+  if (typeof matched !== 'boolean' || typeof reason !== 'string') return false;
+  if (decision === 'auto_correct') {
+    const proposal = Object.hasOwn(value, 'correctionProposal') ? value.correctionProposal : undefined;
+    return validateCorrectionProposal(proposal).valid;
+  }
+  return true;
+}
 /**
  * Compile rule implementation code and return a typed evaluate function.
  * Mirrors `createReplayEvaluateFromCode` in openclaw-plugin.
@@ -40,30 +63,27 @@ globalThis.__pdRuleModule = {
  */
 export function compileDemoRule(code: string, sourceLabel: string): ReplayEvaluateFn {
   const context = vm.createContext(Object.create(null));
-  const script = new vm.Script(normalizeSource(code), { filename: sourceLabel });
+  const script = new vm.Script(normalizeSource(code), {
+    filename: sourceLabel,
+  });
 
   script.runInContext(context, { timeout: 1000, displayErrors: true });
 
-  const moduleExports = (context as { __pdRuleModule?: { meta?: unknown; evaluate?: unknown } })
-    .__pdRuleModule;
+  const moduleExports = (context as { __pdRuleModule?: { meta?: unknown; evaluate?: unknown } }).__pdRuleModule;
   delete (context as { __pdRuleModule?: unknown }).__pdRuleModule;
 
-  if (!moduleExports || typeof moduleExports.evaluate !== 'function') {
-    throw new Error(
-      `[compileDemoRule] ${sourceLabel}: compiled module has no evaluate function`,
-    );
+  if (!moduleExports || !isRuleEvaluator(moduleExports.evaluate)) {
+    throw new Error(`[compileDemoRule] ${sourceLabel}: compiled module has no evaluate function`);
   }
 
-  const evaluateFn = moduleExports.evaluate as (
-    input: RuleHostInput,
-    helpers: RuleHostHelpers,
-  ) => RuleHostResult;
-
+  const evaluateFn = moduleExports.evaluate;
   return (input: RuleHostInput, helpers: RuleHostHelpers): RuleHostResult => {
     const result = evaluateFn(input, helpers);
-    if (typeof result !== 'object' || result === null || !Object.hasOwn(result, 'decision')) {
+    if (!isRuleHostResult(result)) {
       throw new Error(
-        `[${sourceLabel}]: evaluate returned invalid RuleHostResult (got ${typeof result === 'object' && result !== null ? safeStringifyPreview(result) : String(result)})`,
+        `[${sourceLabel}]: evaluate returned invalid RuleHostResult (got ${
+          typeof result === 'object' && result !== null ? safeStringifyPreview(result) : String(result)
+        })`,
       );
     }
     return result;

package/tests/commands/run-rulehost-handler.test.ts

@@ -0,0 +1,253 @@
+/**
+ * handleRunRuleHost behaviour tests (PRI-429) — input validation gates,
+ * dry-run output, and capability branches.
+ *
+ * The existing flag-wiring test only proves Commander parses the flags.
+ * This file verifies the handler's behavioural gates:
+ *   - mutual exclusivity of --dry-run and --confirm
+ *   - required pain-id (and whitespace-only forms)
+ *   - channel allowlist enforcement
+ *   - --max-rounds / --timeout-ms positive-integer validation
+ *   - default dry-run output (both plain-text and JSON)
+ *   - --json output parses as a single JSON object
+ *
+ * These gates are the CLI-gate contract for run-rulehost. If any of them
+ * regress, operators silently get undefined behaviour instead of a clear
+ * error + next-action recommendation.
+ */
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import * as yaml from 'js-yaml';
+import { handleRunRuleHost } from '../../src/commands/runtime-internalization-run-rulehost.js';
+
+// ── workspace helpers ─────────────────────────────────────────────────────
+
+function mkTmpDir(): string {
+  return fs.mkdtempSync(path.join(os.tmpdir(), 'pd-rulehost-handler-'));
+}
+
+function writeMinimalValidConfig(workspaceDir: string): void {
+  const configDir = path.join(workspaceDir, '.pd');
+  fs.mkdirSync(configDir, { recursive: true });
+  const cfg = {
+    version: 1,
+    features: {
+      prompt: { category: 'core', enabled: true },
+      code_tool_hook: { category: 'core', enabled: true },
+      defer_archive: { category: 'core', enabled: true },
+    },
+    workspace: { default: workspaceDir },
+    runtimeProfiles: {
+      'pi-ai.default': { type: 'pi-ai', provider: 'anthropic', model: 'claude-sonnet', apiKeyEnv: 'ANTHROPIC_API_KEY' },
+    },
+    internalAgents: {
+      defaultRuntime: 'pi-ai.default',
+      agents: {
+        dreamer: { enabled: true, runtimeProfile: 'pi-ai.default' },
+        philosopher: { enabled: true, runtimeProfile: 'pi-ai.default' },
+        scribe: { enabled: true, runtimeProfile: 'pi-ai.default' },
+        evaluator: { enabled: true, runtimeProfile: 'pi-ai.default' },
+      },
+    },
+  };
+  fs.writeFileSync(path.join(configDir, 'config.yaml'), yaml.dump(cfg), 'utf8');
+}
+
+// ── stdout/stderr capture helpers ──────────────────────────────────────
+
+interface StdIoState {
+  stdout: string;
+  stderr: string;
+  exitCode: number | undefined;
+}
+
+function parseJsonObject(text: string): Record<string, unknown> {
+  const parsed: unknown = JSON.parse(text);
+  if (typeof parsed !== 'object' || parsed === null || Array.isArray(parsed)) {
+    throw new Error('stdout is not a JSON object');
+  }
+  return parsed;
+}
+
+function captureStdio(fn: () => Promise<void>): Promise<StdIoState> {
+  return new Promise((resolve, reject) => {
+    const origExitCode = process.exitCode;
+    process.exitCode = undefined;
+    let stdout = '';
+    let stderr = '';
+    const stdoutSpy = vi.spyOn(process.stdout, 'write').mockImplementation((chunk: string | Uint8Array) => {
+      stdout += typeof chunk === 'string' ? chunk : chunk.toString();
+      return true;
+    });
+    const stderrSpy = vi.spyOn(process.stderr, 'write').mockImplementation((chunk: string | Uint8Array) => {
+      stderr += typeof chunk === 'string' ? chunk : chunk.toString();
+      return true;
+    });
+    const consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation((...args: unknown[]) => {
+      stderr += args.map((a) => (typeof a === 'string' ? a : String(a))).join(' ') + '\n';
+    });
+    fn()
+      .then(() => {
+        const captured = { stdout, stderr, exitCode: process.exitCode };
+        stdoutSpy.mockRestore();
+        stderrSpy.mockRestore();
+        consoleErrorSpy.mockRestore();
+        process.exitCode = origExitCode;
+        resolve(captured);
+      })
+      .catch((err) => {
+        stdoutSpy.mockRestore();
+        stderrSpy.mockRestore();
+        consoleErrorSpy.mockRestore();
+        process.exitCode = origExitCode;
+        reject(err);
+      });
+  });
+}
+
+describe('handleRunRuleHost — input validation gates', () => {
+  it('sets exitCode=1 and emits an error when both --dry-run and --confirm are passed (plain text)', async () => {
+    const { stdout, stderr, exitCode } = await captureStdio(() =>
+      handleRunRuleHost({ painId: 'pain-1', dryRun: true, confirm: true }),
+    );
+    expect(exitCode).toBe(1);
+    // plain-text mode: error on stderr includes 'mutually exclusive'
+    expect(stderr).toMatch(/mutually exclusive/i);
+    // stdout must not contain JSON object (handler writes to stderr).
+    expect(stdout.trim()).toBe('');
+  });
+
+  it('sets exitCode=1 and emits a JSON object when both --dry-run and --confirm are passed with --json', async () => {
+    const { stdout, exitCode } = await captureStdio(() =>
+      handleRunRuleHost({ painId: 'pain-1', dryRun: true, confirm: true, json: true }),
+    );
+    expect(exitCode).toBe(1);
+    const payload = parseJsonObject(stdout.trim());
+    expect(payload.status).toBe('failed');
+    expect(payload.nextAction).toBeDefined();
+    expect(typeof payload.reason).toBe('string');
+  });
+
+  it('sets exitCode=1 when --pain-id is missing (falsy string)', async () => {
+    const { exitCode } = await captureStdio(() => handleRunRuleHost({ painId: '' }));
+    expect(exitCode).toBe(1);
+  });
+
+  it('sets exitCode=1 when --pain-id is whitespace-only', async () => {
+    const { exitCode } = await captureStdio(() => handleRunRuleHost({ painId: '   \t ' }));
+    expect(exitCode).toBe(1);
+  });
+
+  it('sets exitCode=1 for unsupported channels (plain-text mode)', async () => {
+    const { exitCode, stderr } = await captureStdio(() =>
+      handleRunRuleHost({ painId: 'pain-1', channel: 'wizard' }),
+    );
+    expect(exitCode).toBe(1);
+    expect(stderr).toMatch(/wizard/);
+  });
+
+  it('sets exitCode=1 for unsupported channels (JSON mode)', async () => {
+    const { stdout, exitCode } = await captureStdio(() =>
+      handleRunRuleHost({ painId: 'pain-1', channel: 'wizard', json: true }),
+    );
+    expect(exitCode).toBe(1);
+    const payload = parseJsonObject(stdout.trim());
+    expect(payload.status).toBe('failed');
+    expect(payload.reason).toMatch(/wizard/);
+  });
+
+  it('sets exitCode=1 when --max-rounds is zero', async () => {
+    const { exitCode } = await captureStdio(() =>
+      handleRunRuleHost({ painId: 'pain-1', maxRounds: 0, dryRun: true }));
+    expect(exitCode).toBe(1);
+  });
+
+  it('sets exitCode=1 when --max-rounds is negative', async () => {
+    const { exitCode } = await captureStdio(() =>
+      handleRunRuleHost({ painId: 'pain-1', maxRounds: -5, dryRun: true }));
+    expect(exitCode).toBe(1);
+  });
+
+  it('sets exitCode=1 when --timeout-ms is zero', async () => {
+    const { exitCode } = await captureStdio(() =>
+      handleRunRuleHost({ painId: 'pain-1', timeoutMs: 0, dryRun: true }));
+    expect(exitCode).toBe(1);
+  });
+
+  it('sets exitCode=1 when --timeout-ms is negative', async () => {
+    const { exitCode } = await captureStdio(() =>
+      handleRunRuleHost({ painId: 'pain-1', timeoutMs: -100, dryRun: true }));
+    expect(exitCode).toBe(1);
+  });
+
+  it.each([
+    ['NaN maxRounds', { maxRounds: Number.NaN }],
+    ['fractional maxRounds', { maxRounds: 1.5 }],
+    ['NaN timeoutMs', { timeoutMs: Number.NaN }],
+    ['fractional timeoutMs', { timeoutMs: 1.5 }],
+  ])('sets exitCode=1 for %s', async (_label, invalidOption) => {
+    const { exitCode } = await captureStdio(() =>
+      handleRunRuleHost({ painId: 'pain-1', dryRun: true, ...invalidOption }),
+    );
+    expect(exitCode).toBe(1);
+  });
+});
+
+describe('handleRunRuleHost — dry-run mode output shape (with minimal pd-config.yaml', () => {
+  let workspaceDir: string;
+  let savedEnv: NodeJS.ProcessEnv;
+
+  beforeEach(() => {
+    workspaceDir = mkTmpDir();
+    writeMinimalValidConfig(workspaceDir);
+    savedEnv = { ...process.env };
+    process.env.ANTHROPIC_API_KEY = 'sk-ant-test-key';
+  });
+
+  afterEach(() => {
+    process.env = savedEnv;
+    try { fs.rmSync(workspaceDir, { recursive: true, force: true }); } catch { /* ignore */ }
+  });
+
+  it('emits a single JSON object in --json dry-run mode', async () => {
+    const { stdout, exitCode } = await captureStdio(() =>
+      handleRunRuleHost({ painId: 'pain-1', dryRun: true, json: true, workspace: workspaceDir }),
+    );
+    const payload = parseJsonObject(stdout.trim());
+    expect(payload.status).toBe('dry_run');
+    expect(typeof payload.capabilityStatus).toBe('string');
+    expect(typeof payload.nextAction).toBe('string');
+    expect(payload.painId).toBe('pain-1');
+    // Must not be error-exit for a valid dry-run.
+    expect(exitCode).toBeUndefined();
+  });
+
+  it('does NOT emit JSON on stdout in plain-text dry-run mode', async () => {
+    const { stdout } = await captureStdio(() =>
+      handleRunRuleHost({ painId: 'pain-1', dryRun: true, workspace: workspaceDir }),
+    );
+    expect(stdout).toMatch(/RuleHost Pipeline/);
+    // Plain text output should not start with '{'
+    expect(() => JSON.parse(stdout.trim())).toThrow();
+  });
+
+  it('defaults to dry-run behaviour when neither --dry-run nor --confirm is passed', async () => {
+    const { stdout } = await captureStdio(() =>
+      handleRunRuleHost({ painId: 'pain-1', json: true, workspace: workspaceDir }),
+    );
+    const payload = parseJsonObject(stdout.trim());
+    expect(payload.status).toBe('dry_run');
+  });
+
+  it('accepts the three supported channels and passes config', async () => {
+    for (const channel of ['prompt', 'code_tool_hook', 'defer_archive'] as const) {
+      const { exitCode } = await captureStdio(() =>
+        handleRunRuleHost({ painId: 'pain-1', channel, dryRun: true, workspace: workspaceDir }),
+      );
+      // Channel gate passed — exitCode should not be 1 for supported channels.
+      expect(exitCode).toBeUndefined();
+    }
+  });
+});

package/tests/services/demo-rule-compiler.test.ts

@@ -0,0 +1,242 @@
+/**
+ * compileDemoRule unit tests (PRI-429).
+ *
+ * The demo rule compiler is the sandbox adapter for run-rulehost's
+ * adversarial loop. It parses TypeScript rule implementations, extracts
+ * evaluate(), and validates the returned rule host result shape.
+ *
+ * Missing coverage would allow silent regression in the
+ * RefinerSandbox contract (evaluate output shape, invalid rule bodies,
+ * meta export shapes, polluted globals, etc.).
+ *
+ * ERR refs:
+ *   - ERR-021: vm.Script runInContext must not leak globals
+ *   - ERR-025: Object.hasOwn for untrusted output shape validation
+ *   - ERR-037: non-object evaluate() return must throw loudly
+ */
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+import { compileDemoRule } from '../../src/services/demo-rule-compiler.js';
+import { createRuleHostHelpers } from '@principles/core/runtime-v2';
+import type { ReplayEvaluateFn, RuleHostInput, RuleHostResult } from '@principles/core/runtime-v2';
+
+const VALID_RULE = `
+export const meta = {
+  id: 'r1',
+  version: '1.0.0',
+  purpose: 'unit test',
+};
+export function evaluate(input, helpers) {
+  return { decision: 'allow', matched: false, reason: 'ok' };
+}
+`;
+
+const NO_EVALUATE = `
+export const meta = { id: 'r1' };
+`;
+
+const THROWING_EVALUATE = `
+export function evaluate(input, helpers) {
+  throw new Error('boom');
+}
+`;
+
+const INVALID_RETURN_WRONG_DECISION = `
+export function evaluate() {
+  return { decision: 'accepted', matched: false, reason: 'wrong decision enum' };
+}
+`;
+
+const INVALID_RETURN_NO_MATCHED = `
+export function evaluate() {
+  return { decision: 'allow', reason: 'missing matched' };
+}
+`;
+
+const INVALID_RETURN_NO_DECISION = `
+export function evaluate(input, helpers) {
+  return { reason: 'no-decision-field' };
+}
+`;
+
+const INVALID_RETURN_PRIMITIVE = `
+export function evaluate(input, helpers) {
+  return 42;
+}
+`;
+
+const INVALID_RETURN_NULL = `
+export function evaluate(input, helpers) {
+  return null;
+}
+`;
+
+const INVALID_RETURN_UNDEF = `
+export function evaluate(input, helpers) {
+  return undefined;
+}
+`;
+
+const INVALID_RETURN_STRING = `
+export function evaluate(input, helpers) {
+  return 'accepted';
+}
+`;
+
+const RULE_WITH_EVIDENCE = `
+export const meta = { id: 'r-evidence' };
+export function evaluate(input, helpers) {
+  const count = input.derived.estimatedLineChanges;
+  const matched = count > 0;
+  return { decision: matched ? 'block' : 'allow', matched, reason: 'based on changes', diagnostics: { count } };
+}
+`;
+
+const RULE_WITH_HASOWN_POISON_PAYLOAD = `
+export function evaluate(input, helpers) {
+  const poisoned = Object.create(null);
+  poisoned.decision = 'allow';
+  poisoned.matched = false;
+  poisoned.reason = 'ok';
+  return poisoned;
+}
+`;
+
+function makeRuleHostInput(estimatedLineChanges = 0): RuleHostInput {
+  return {
+    action: {
+      toolName: 'write_file',
+      normalizedPath: '/workspace/a.ts',
+      paramsSummary: {},
+    },
+    workspace: { isRiskPath: false, planStatus: 'READY', hasPlanFile: true },
+    session: { currentGfi: 0, recentThinking: true },
+    evolution: { epTier: 0 },
+    derived: { estimatedLineChanges, bashRisk: 'safe' },
+  };
+}
+
+function evaluateRule(evaluate: ReplayEvaluateFn, input: RuleHostInput = makeRuleHostInput()): RuleHostResult {
+  return evaluate(input, createRuleHostHelpers(input));
+}
+
+describe('compileDemoRule', () => {
+  describe('source normalization', () => {
+    it('compiles a syntactically valid rule module', () => {
+      const fn = compileDemoRule(VALID_RULE, 'valid-rule.ts');
+      expect(typeof fn).toBe('function');
+    });
+
+    it('throws on code missing evaluate function', () => {
+      expect(() => compileDemoRule(NO_EVALUATE, 'no-evaluate.ts')).toThrow(/evaluate/);
+    });
+
+    it('propagates syntax errors from vm.Script', () => {
+      expect(() => compileDemoRule('this is not valid {{{', 'bad.ts')).toThrow();
+    });
+  });
+
+  describe('evaluate output shape validation', () => {
+    it('returns a fully validated RuleHostResult', () => {
+      const fn = compileDemoRule(VALID_RULE, 'valid-rule.ts');
+      const result = evaluateRule(fn);
+      expect(result).toEqual({
+        decision: 'allow',
+        matched: false,
+        reason: 'ok',
+      });
+    });
+
+    it('throws when evaluate returns an object without a decision field (ERR-037)', () => {
+      const fn = compileDemoRule(INVALID_RETURN_NO_DECISION, 'no-decision.ts');
+      expect(() => evaluateRule(fn)).toThrow(/invalid RuleHostResult/);
+    });
+
+    it('rejects objects using a non-RuleHost decision enum', () => {
+      const fn = compileDemoRule(INVALID_RETURN_WRONG_DECISION, 'wrong-decision.ts');
+      expect(() => evaluateRule(fn)).toThrow(/invalid RuleHostResult/);
+    });
+
+    it('rejects objects missing the required matched flag', () => {
+      const fn = compileDemoRule(INVALID_RETURN_NO_MATCHED, 'missing-matched.ts');
+      expect(() => evaluateRule(fn)).toThrow(/invalid RuleHostResult/);
+    });
+
+    it('throws when evaluate returns a number (non-object)', () => {
+      const fn = compileDemoRule(INVALID_RETURN_PRIMITIVE, 'primitive.ts');
+      expect(() => evaluateRule(fn)).toThrow(/invalid RuleHostResult/);
+    });
+
+    it('throws when evaluate returns null', () => {
+      const fn = compileDemoRule(INVALID_RETURN_NULL, 'null-return.ts');
+      expect(() => evaluateRule(fn)).toThrow(/invalid RuleHostResult/);
+    });
+
+    it('throws when evaluate returns undefined', () => {
+      const fn = compileDemoRule(INVALID_RETURN_UNDEF, 'undef-return.ts');
+      expect(() => evaluateRule(fn)).toThrow(/invalid RuleHostResult/);
+    });
+
+    it('throws when evaluate returns a string', () => {
+      const fn = compileDemoRule(INVALID_RETURN_STRING, 'string-return.ts');
+      expect(() => evaluateRule(fn)).toThrow(/invalid RuleHostResult/);
+    });
+
+    it('handles Object.create(null) output (no prototype) via Object.hasOwn (ERR-025)', () => {
+      const fn = compileDemoRule(RULE_WITH_HASOWN_POISON_PAYLOAD, 'hasown-poison.ts');
+      const result = evaluateRule(fn);
+      expect(result.decision).toBe('allow');
+    });
+  });
+
+  describe('evaluate behaviour', () => {
+    it('propagates evaluate() exceptions to the caller (fail loud)', () => {
+      const fn = compileDemoRule(THROWING_EVALUATE, 'throwing.ts');
+      expect(() => evaluateRule(fn)).toThrow(/boom/);
+    });
+
+    it('reads real RuleHostInput fields and returns different decisions', () => {
+      const fn = compileDemoRule(RULE_WITH_EVIDENCE, 'evidence-rule.ts');
+      const withChanges = evaluateRule(fn, makeRuleHostInput(3));
+      const withoutChanges = evaluateRule(fn);
+      expect(withChanges.decision).toBe('block');
+      expect(withoutChanges.decision).toBe('allow');
+    });
+  });
+
+  describe('vm sandbox isolation', () => {
+    it('does not pollute Node.js globalThis between invocations (ERR-021)', () => {
+      const polluter = `
+      export function evaluate() {
+        globalThis.__pd_leaked_test = 1;
+        return { decision: 'block', matched: true, reason: 'polluting' };
+      }
+      `;
+      expect(Reflect.get(globalThis, '__pd_leaked_test')).toBeUndefined();
+      const fn = compileDemoRule(polluter, 'polluter.ts');
+      evaluateRule(fn);
+      const leakedValue = Reflect.get(globalThis, '__pd_leaked_test');
+      // The sandboxed __pdRuleModule temporary assignment must not leak
+      // arbitrary user-defined globals.
+      expect(leakedValue).toBeUndefined();
+    });
+
+    it('removes the __pdRuleModule helper from the sandbox after compilation', () => {
+      // This indirectly asserts the cleanup path — a second compilation
+      // that does not export evaluate still throws rather than returning
+      // a stale value from the first run.
+      compileDemoRule(VALID_RULE, 'first.ts');
+      expect(() => compileDemoRule(NO_EVALUATE, 'second.ts')).toThrow(/evaluate/);
+    });
+  });
+
+  describe('sourceLabel is threaded into error messages', () => {
+    it('includes sourceLabel when evaluate() returns invalid output', () => {
+      const fn = compileDemoRule(INVALID_RETURN_PRIMITIVE, 'labeled-42.ts');
+      expect(() => evaluateRule(fn)).toThrow(/labeled-42\.ts/);
+    });
+
+    it('includes sourceLabel when evaluate export is missing', () => {
+      expect(() => compileDemoRule(NO_EVALUATE, 'no-eval-source-label.ts')).toThrow(/no-eval-source-label\.ts/);
+    });
+  });
+});