@principles/pd-cli 1.119.0 → 1.121.0

package/tests/commands/console-open.test.ts

@@ -552,11 +552,13 @@ describe('CLI command wiring (pd console open)', () => {
   });
 
   it('pd console open --json (port free) returns a structured JSON object with required fields', () => {
-    const out = runPd(['console', 'open', '--workspace', tmp, '--json', '--no-browser'], workspaceRoot);
-    // The CLI will attempt to start the fake server.js; since the file is a stub, the
-    // child will exit early → we should get a structured "failed" JSON, not a crash.
-    // The required-field contract (status, url, port, host, workspaceDir, reason, nextAction, reused, browserOpened) is
-    // what we assert.
+    // The real CLI spawns a long-lived Console server process and then prints
+    // JSON *without exiting* (the child keeps running). execFileSync would
+    // block forever waiting for the child to exit. Use a short timeout so the
+    // test reads stdout before the process is killed.
+    // Vitest timeout (10s) must exceed execFileSync timeout (8s) so the child
+    // is killed by execFileSync first, allowing stdout to be read.
+    const out = runPd(['console', 'open', '--workspace', tmp, '--json', '--no-browser'], workspaceRoot, 8_000);
     const parsed = JSON.parse(out);
     expect(parsed).toHaveProperty('status');
     expect(['started', 'reused', 'failed', 'refused']).toContain(parsed.status);
@@ -565,7 +567,7 @@ describe('CLI command wiring (pd console open)', () => {
     expect(parsed).toHaveProperty('workspaceDir');
     expect(parsed).toHaveProperty('reused');
     expect(parsed).toHaveProperty('browserOpened');
-  });
+  }, 10_000);
 
   it('pd console open --port 99999 --json returns a structured failure (invalid port)', () => {
     const out = runPd(['console', 'open', '--workspace', tmp, '--port', '99999', '--json', '--no-browser'], workspaceRoot);
@@ -589,18 +591,20 @@ describe('CLI command wiring (pd console open)', () => {
   });
 
   it('pd console open --json with --no-auth and --no-browser parses options correctly', () => {
-    const out = runPd(['console', 'open', '--workspace', tmp, '--json', '--no-auth', '--no-browser'], workspaceRoot);
+    // Same as port-free test: CLI spawns a long-lived server, use timeout.
+    const out = runPd(['console', 'open', '--workspace', tmp, '--json', '--no-auth', '--no-browser'], workspaceRoot, 8_000);
     const parsed = JSON.parse(out);
     expect(parsed).toHaveProperty('status');
     expect(parsed.browserOpened).toBe(false);
-  });
+  }, 10_000);
 
   it('pd console --no-auth --json legacy path parses --no-auth correctly', () => {
-    const out = runPd(['console', '--workspace', tmp, '--json', '--no-auth'], workspaceRoot);
+    // Same: may spawn a long-lived server, use timeout.
+    const out = runPd(['console', '--workspace', tmp, '--json', '--no-auth'], workspaceRoot, 8_000);
     expect(out.trim()).not.toBe('');
     const parsed = JSON.parse(out);
     expect(parsed).toBeDefined();
-  });
+  }, 10_000);
 
   describe('openBrowser', () => {
     afterEach(() => {
@@ -746,17 +750,18 @@ describe('CLI command wiring (pd console open)', () => {
     });
 
     it('[::1] is accepted and normalized to ::1 (not refused)', () => {
-      const out = runPd(['console', 'open', '--workspace', tmp, '--host', '[::1]', '--json', '--no-browser'], workspaceRoot);
+      // May spawn a long-lived server, use timeout.
+      const out = runPd(['console', 'open', '--workspace', tmp, '--host', '[::1]', '--json', '--no-browser'], workspaceRoot, 8_000);
       const parsed = JSON.parse(out);
       // Should NOT be refused — [::1] is loopback
       expect(parsed.status).not.toBe('refused');
       // Host should be normalized to ::1 (without brackets)
       expect(parsed.host).toBe('::1');
-    });
+    }, 10_000);
   });
 });
 
-function runPd(args: string[], cwd: string): string {
+function runPd(args: string[], cwd: string, timeoutMs?: number): string {
   try {
     const env: Record<string, string> = { ...process.env };
     if (!args.includes('--workspace') && !args.includes('--help') && !args.includes('-h')) {
@@ -770,6 +775,7 @@ function runPd(args: string[], cwd: string): string {
       encoding: 'utf8',
       cwd,
       env,
+      timeout: timeoutMs,
     });
   } catch (err: unknown) {
     if (err && typeof err === 'object' && Object.hasOwn(err, 'stdout')) {

package/tests/e2e/cli-full-flow.test.ts

@@ -0,0 +1,198 @@
+/**
+ * CLI Full-Flow E2E — drives the real compiled pd binary.
+ *
+ * Every other test in this package imports handler functions directly. This
+ * file validates the actual user path: spawning `node dist/index.js <args>`
+ * via child_process.execFile and asserting on exit code / stdout / stderr.
+ *
+ * Uses Node.js built-in child_process (not execa) to avoid vitest forks-pool
+ * compatibility issues.
+ *
+ * ERR checklist:
+ * - EP-04 (CLI and Operator Contract): verifies --json emits exactly one
+ *   parseable JSON object (Rule 1), invalid commands exit non-zero (Rule 2),
+ *   and JSON-mode stdout is not polluted with banners.
+ * - EP-09 (Test Reality Gap): drives the real compiled binary, not imported
+ *   helpers — proves the Commander wiring, dependency loading (including
+ *   better-sqlite3), and workspace resolution all work end-to-end.
+ * - EP-02 (Production Path Wiring): exercises the production entry point
+ *   (dist/index.js), confirming commands are registered and reachable.
+ * - ERR-001: error fields from execFile are validated with type guards, not `as`.
+ * - ERR-071: all temp workspaces are tracked and cleaned in afterEach.
+ *
+ * Note: pd-cli has no `pd init` command. `runtime activation list` is the
+ * closest production path that bootstraps `.pd/state.db` on a fresh workspace
+ * (SqliteConnection constructor creates the directory and DB file).
+ */
+
+import { describe, it, expect, afterEach, beforeAll } from 'vitest';
+import { execFile } from 'node:child_process';
+import { promisify } from 'node:util';
+import * as path from 'node:path';
+import * as fs from 'node:fs';
+import * as os from 'node:os';
+import { getBuiltPdCliPath } from '../helpers/pd-cli-path.js';
+
+const execFileAsync = promisify(execFile);
+const PD_BIN = getBuiltPdCliPath();
+
+const WORKSPACES: string[] = [];
+
+afterEach(() => {
+  while (WORKSPACES.length > 0) {
+    const ws = WORKSPACES.pop();
+    if (ws) {
+      try {
+        fs.rmSync(ws, { recursive: true, force: true });
+      } catch (err) {
+        console.warn(
+          `[afterEach] Failed to clean ${ws}: ${err instanceof Error ? err.message : String(err)}`,
+        );
+      }
+    }
+  }
+});
+
+beforeAll(() => {
+  // ERR-009/ERR-010: fail loud if the compiled binary is missing.
+  if (!fs.existsSync(PD_BIN)) {
+    throw new Error(
+      `[cli-full-flow] Compiled binary not found at ${PD_BIN}. ` +
+        `Run "npm run build --workspace=@principles/pd-cli" before running this test.`,
+    );
+  }
+});
+
+function makeWorkspace(): string {
+  const ws = fs.mkdtempSync(path.join(os.tmpdir(), 'pd-cli-e2e-'));
+  WORKSPACES.push(ws);
+  return ws;
+}
+
+interface RunResult {
+  stdout: string;
+  stderr: string;
+  exitCode: number;
+}
+
+function requireRecord(value: unknown, label: string): Record<string, unknown> {
+  if (typeof value !== 'object' || value === null || Array.isArray(value)) {
+    throw new Error(`${label} must be a JSON object`);
+  }
+  return value;
+}
+
+/**
+ * Type guard: extract a string field from an unknown error object.
+ * ERR-001: no `as` casts on untrusted error data — use Reflect.get + typeof.
+ */
+function readStringField(obj: unknown, field: string): string {
+  if (typeof obj !== 'object' || obj === null) return '';
+  if (!Object.hasOwn(obj, field)) return '';
+  const value: unknown = Reflect.get(obj, field);
+  return typeof value === 'string' ? value : '';
+}
+
+/**
+ * Type guard: extract a numeric exit code from an unknown error object.
+ * ERR-001: no `as` casts on untrusted error data — use Reflect.get + typeof.
+ */
+function readExitCode(obj: unknown): number {
+  if (typeof obj !== 'object' || obj === null) return 1;
+  if (!Object.hasOwn(obj, 'code')) return 1;
+  const code: unknown = Reflect.get(obj, 'code');
+  return typeof code === 'number' ? code : 1;
+}
+
+async function runPd(
+  args: string[],
+  options: { timeout?: number } = {},
+): Promise<RunResult> {
+  try {
+    const { stdout, stderr } = await execFileAsync('node', [PD_BIN, ...args], {
+      timeout: options.timeout ?? 30_000,
+      maxBuffer: 10 * 1024 * 1024,
+    });
+    return { stdout, stderr, exitCode: 0 };
+  } catch (err: unknown) {
+    return {
+      stdout: readStringField(err, 'stdout'),
+      stderr: readStringField(err, 'stderr'),
+      exitCode: readExitCode(err),
+    };
+  }
+}
+
+describe('CLI full flow', () => {
+  it('pd --help exits 0 and lists main commands', async () => {
+    const { stdout, exitCode } = await runPd(['--help']);
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain('Usage: pd');
+    // Verify key command groups are registered and visible to users
+    expect(stdout).toContain('pain');
+    expect(stdout).toContain('runtime');
+    expect(stdout).toContain('diagnose');
+    expect(stdout).toContain('candidate');
+  });
+
+  it('pd --version exits 0 and prints version', async () => {
+    const { stdout, exitCode } = await runPd(['--version']);
+    expect(exitCode).toBe(0);
+    expect(stdout.trim()).toMatch(/^\d+\.\d+\.\d+/);
+  });
+
+  it('pd runtime features --json on fresh workspace returns valid JSON with defaults', async () => {
+    const workspace = makeWorkspace();
+    const { stdout, exitCode } = await runPd([
+      'runtime',
+      'features',
+      '--workspace',
+      workspace,
+      '--json',
+    ]);
+    expect(exitCode).toBe(0);
+    // EP-04 Rule 1: --json stdout must be exactly one parseable JSON object
+    const parsed: unknown = JSON.parse(stdout);
+    const result = requireRecord(parsed, 'runtime features output');
+    expect(result).toHaveProperty('status');
+    expect(result).toHaveProperty('source');
+    expect(result).toHaveProperty('features');
+    expect(Array.isArray(result.features)).toBe(true);
+    expect(result).toHaveProperty('enabledMvpChannels');
+    expect(Array.isArray(result.enabledMvpChannels)).toBe(true);
+    // Fresh workspace with no .pd/config.yaml falls back to defaults
+    expect(result.source).toBe('defaults');
+  });
+
+  it('pd runtime activation list --json on fresh workspace returns empty list and bootstraps .pd/', async () => {
+    const workspace = makeWorkspace();
+    const { stdout, exitCode } = await runPd([
+      'runtime',
+      'activation',
+      'list',
+      '--workspace',
+      workspace,
+      '--json',
+    ]);
+    expect(exitCode).toBe(0);
+    // EP-04 Rule 1: --json stdout must be exactly one parseable JSON object
+    const parsed: unknown = JSON.parse(stdout);
+    const result = requireRecord(parsed, 'activation list output');
+    expect(result).toHaveProperty('activations');
+    const activations = result.activations;
+    expect(Array.isArray(activations)).toBe(true);
+    expect(activations).toEqual([]);
+    // SqliteConnection constructor creates .pd/ and state.db on first access
+    expect(fs.existsSync(path.join(workspace, '.pd'))).toBe(true);
+    expect(fs.existsSync(path.join(workspace, '.pd', 'state.db'))).toBe(true);
+  });
+
+  it('pd <invalid-command> exits non-zero with non-empty stderr', async () => {
+    const { stderr, exitCode } = await runPd([
+      'this-command-does-not-exist',
+    ]);
+    expect(exitCode).not.toBe(0);
+    expect(stderr.length).toBeGreaterThan(0);
+    expect(stderr).toContain('unknown command');
+  });
+});

package/tests/e2e/cross-package-acceptance.test.ts

@@ -174,6 +174,7 @@ function artificerV2(taskId: string, priorId?: string): unknown {
     taskId, sourceScribeArtifactId: requireLineage(priorId, 'sourceScribeArtifactId'),
     implementationPlan: { summary: 'Block /etc writes', targetSurface: 'rule-host', changes: ['matcher'], tests: ['unit'], rolloutNotes: ['shadow'], confidence: 0.85 },
     implementationCode: 'function evaluate(input, helpers) { const p = String(input?.action?.paramsSummary?.path ?? input?.action?.normalizedPath ?? ""); return p.startsWith("/etc") ? { decision: "block", matched: true, reason: "system path" } : { decision: "allow", matched: false, reason: "ok" }; }',
+    implementationSummary: 'Block system path writes',
     goldenTraceCases: [
       { caseId: 'pos-1', kind: 'positive', toolName: 'write_file', params: { path: '/project/f.txt' }, expectedDecision: 'allow' },
       { caseId: 'neg-1', kind: 'negative', toolName: 'write_file', params: { path: '/etc/passwd' }, expectedDecision: 'block' },

package/tests/services/rulehost-pipeline-runner.test.ts

@@ -16,10 +16,10 @@ import { describe, it, expect, afterEach, vi } from 'vitest';
 import * as os from 'node:os';
 import * as path from 'node:path';
 import * as fs from 'node:fs';
-import { createSandboxGateDeps, runRuleHostPipeline } from '../../src/services/rulehost-pipeline-runner.js';
+import { runRuleHostPipeline } from '../../src/services/rulehost-pipeline-runner.js';
 import type { CodeRuleCapability } from '../../src/services/rulehost-pipeline-runner.js';
 import type { PDRuntimeAdapter, RunHandle, RunStatus, PIArtifactStore, RuntimeCapabilities, RuntimeHealth, RuntimeArtifactRef, ContextItem, StructuredRunOutput, StartRunInput } from '@principles/core/runtime-v2';
-import { ArtificerL2Adapter, DefaultArtificerValidator, RuntimeStateManager, createPITaskDiagnosticJson } from '@principles/core/runtime-v2';
+import { RuntimeStateManager, createPITaskDiagnosticJson } from '@principles/core/runtime-v2';
 
 type StageFactory = (taskId: string, priorArtifactId?: string) => unknown;
 type EvaluatorFactory = (taskId: string, artificerArtifactId: string) => unknown;
@@ -138,6 +138,7 @@ function artificerV2(taskId: string, priorId?: string): unknown {
     taskId, sourceScribeArtifactId: requireLineage(priorId, 'sourceScribeArtifactId'),
     implementationPlan: { summary: 'Block /etc writes', targetSurface: 'rule-host', changes: ['matcher'], tests: ['unit'], rolloutNotes: ['shadow'], confidence: 0.85 },
     implementationCode: 'function evaluate(input, helpers) { const p = String(input?.action?.paramsSummary?.path ?? input?.action?.normalizedPath ?? ""); return p.startsWith("/etc") ? { decision: "block", matched: true, reason: "system path" } : { decision: "allow", matched: false, reason: "ok" }; }',
+    implementationSummary: 'Block system path writes',
     goldenTraceCases: [
       { caseId: 'pos-1', kind: 'positive', toolName: 'write_file', params: { path: '/project/f.txt' }, expectedDecision: 'allow' },
       { caseId: 'neg-1', kind: 'negative', toolName: 'write_file', params: { path: '/etc/passwd' }, expectedDecision: 'block' },
@@ -172,6 +173,18 @@ function evaluatorRejected(taskId: string, artificerArtifactId: string): unknown
   };
 }
 
+function evaluatorNeedsRevision(taskId: string, artificerArtifactId: string): unknown {
+  return {
+    taskId, sourceArtificerArtifactId: artificerArtifactId,
+    evaluation: { decision: 'needs_revision', summary: 'needs revision: adversarial replay failed', score: 0.4, strengths: [], concerns: ['adversarial case failed'], requiredChanges: ['fix matcher'] },
+    sourceTrace: { artificerArtifactId },
+    risks: [], generatedAt: new Date().toISOString(),
+    codeReview: { intentConsistency: { aligned: false, explanation: 'misses system paths' }, scopePrecision: { verdict: 'too_narrow' as const, explanation: 'narrow' }, traceCoverage: { sufficient: false, gaps: [], explanation: 'missing' } },
+    adversarialCases: [{ caseId: 'adv-1', attackType: 'boundary' as const, toolName: 'write_file', params: { path: '/etc/shadow' }, expectedDecision: 'block' as const, rationale: 'system path' }],
+    adversarialResult: { passed: false, failedCases: [{ caseId: 'adv-1', attackType: 'boundary' as const, actualDecision: 'allow', expectedDecision: 'block', rationale: 'system path' }] },
+  };
+}
+
 // ── Helpers ──────────────────────────────────────────────────────────────────
 
 let tmpDir = '';
@@ -247,51 +260,59 @@ describe('runRuleHostPipeline (PRI-429) — atomic capability + exact pain match
     expect(result.approvalId).not.toBeNull();
   }, 60_000);
 
-  it('runs the real ArtificerL2Adapter through fail-feedback-fix before creating a candidate', async () => {
+  it('adversarial feedback loop drives a second artificer round before creating a candidate', async () => {
     tmpDir = makeTmpDir();
     const sm = new RuntimeStateManager({ workspaceDir: tmpDir });
     await sm.initialize();
-    await seedDreamerWithId(sm, 'dreamer-l2-001', 'pain-l2-001');
+    await seedDreamerWithId(sm, 'dreamer-feedback-001', 'pain-feedback-001');
     await sm.close();
 
-    const baseAdapter = makeAdapter();
-    const prompts: string[] = [];
-    let sourceScribeArtifactId: string | null = null;
-    const l2Adapter = new ArtificerL2Adapter({
-      validator: new DefaultArtificerValidator(),
-      gateDeps: createSandboxGateDeps(),
-      generateCode: async (prompt) => {
-        prompts.push(prompt);
-        if (sourceScribeArtifactId === null) {
-          const parsed: unknown = JSON.parse(prompt);
-          if (parsed === null || typeof parsed !== 'object') throw new Error('Artificer prompt must be an object');
-          const sourceId = Reflect.get(parsed, 'sourceScribeArtifactId');
-          if (typeof sourceId !== 'string') throw new Error('sourceScribeArtifactId missing from prompt');
-          sourceScribeArtifactId = sourceId;
+    let adapter: ScriptedAdapter;
+    let artificerCallCount = 0;
+    const artificerPrompts: string[] = [];
+    adapter = new ScriptedAdapter({
+      dreamer: (taskId) => dreamerOut(taskId, 'pain-feedback-001'),
+      philosopher: philosopherOut,
+      scribe: scribeOut,
+      artificer: (taskId, priorId) => {
+        artificerCallCount++;
+        const runId = `run-${taskId}`;
+        const inputPayload = adapter.startRunInputs.get(runId)?.inputPayload;
+        if (typeof inputPayload === 'string') artificerPrompts.push(inputPayload);
+
+        const base = artificerV2(taskId, priorId);
+        if (artificerCallCount === 1) {
+          // Round 1: code fails the adversarial replay, forcing needs_revision.
+          return {
+            ...base,
+            implementationCode: 'function evaluate() { return { decision: "allow", matched: false, reason: "bug" }; }',
+          };
         }
-        const candidate = artificerV2('', sourceScribeArtifactId);
-        if (candidate === null || typeof candidate !== 'object') throw new Error('candidate fixture invalid');
-        Reflect.deleteProperty(candidate, 'taskId');
-        if (prompts.length === 1) {
-          Reflect.set(candidate, 'implementationCode', 'function evaluate() { return { decision: "allow", matched: false, reason: "bug" }; }');
+        // Round 2: fixed code passes the evaluator.
+        return base;
+      },
+      evaluator: (taskId, artificerArtifactId) => {
+        if (artificerCallCount === 1) {
+          return evaluatorNeedsRevision(taskId, artificerArtifactId);
         }
-        return candidate;
+        return evaluatorApproved(taskId, artificerArtifactId);
       },
     });
 
     const result = await runRuleHostPipeline({
       workspaceDir: tmpDir,
-      painId: 'pain-l2-001',
-      runtimeAdapter: baseAdapter,
-      codeRuleCapability: { enabled: true, artificerAdapter: l2Adapter },
+      painId: 'pain-feedback-001',
+      runtimeAdapter: adapter,
+      codeRuleCapability: { enabled: true, artificerAdapter: adapter },
       channel: 'code_tool_hook',
       pollIntervalMs: 5,
       timeoutMs: 1000,
-      onStoreReady: (store) => { baseAdapter.artifactStore = store; },
+      onStoreReady: (store) => { adapter.artifactStore = store; },
     });
 
-    expect(prompts).toHaveLength(2);
-    expect(prompts[1]).toContain('Previous sandbox replay failures');
+    expect(artificerCallCount).toBe(2);
+    expect(artificerPrompts).toHaveLength(2);
+    expect(artificerPrompts[1]).toContain('Prior adversarial replay failures');
     expect(result.decision, JSON.stringify(result)).toBe('candidate_ready_for_owner_review');
     expect(result.ruleArtifactId).toMatch(/^pi-rule-/);
     // P1 #1 fix: candidate should be auto-enqueued into the ApprovalQueue