principles-disciple 1.123.0 → 1.125.0

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "principles-disciple",
   "name": "Principles Disciple",
   "description": "Evolutionary programming agent framework with strategic guardrails and reflection loops.",
-  "version": "1.123.0",
+  "version": "1.125.0",
   "activation": {
     "onCapabilities": [
       "hook"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "principles-disciple",
-  "version": "1.123.0",
+  "version": "1.125.0",
   "description": "Native OpenClaw plugin for Principles Disciple",
   "type": "module",
   "main": "./dist/bundle.js",

package/src/core/code-implementation-storage.ts

@@ -104,20 +104,6 @@ export function getImplementationAssetRoot(stateDir: string, implId: string): st
   return path.join(stateDir, 'principles', 'implementations', implId);
 }
 
-/**
- * Load manifest from disk. Returns null if not found (does not throw).
- */
-export function loadManifest(stateDir: string, implId: string): CodeImplementationManifest | null {
-  validateImplId(implId);
-  const manifestPath = path.join(getImplementationAssetRoot(stateDir, implId), MANIFEST_FILENAME);
-  if (!fs.existsSync(manifestPath)) return null;
-  try {
-    return JSON.parse(fs.readFileSync(manifestPath, 'utf-8')) as CodeImplementationManifest;
-  } catch {
-    return null;
-  }
-}
-
 /**
  * Write manifest atomically using withLock.
  */
@@ -163,23 +149,6 @@ export function deleteImplementationAssetDir(stateDir: string, implId: string):
   });
 }
 
-/**
- * Load the entry source code from disk.
- * Returns null if manifest doesn't exist or entry file is missing.
- */
-export function loadEntrySource(stateDir: string, implId: string): string | null {
-  validateImplId(implId);
-  const manifest = loadManifest(stateDir, implId);
-  if (!manifest) return null;
-  const entryPath = path.join(getImplementationAssetRoot(stateDir, implId), manifest.entryFile);
-  if (!fs.existsSync(entryPath)) return null;
-  try {
-    return fs.readFileSync(entryPath, 'utf-8');
-  } catch {
-    return null;
-  }
-}
-
 /**
  * Create the full asset directory structure for a new implementation.
  *

package/src/core/event-log.ts

@@ -28,6 +28,7 @@ import type {
   RuleHostAutoCorrectProposedEventData,
   RuleHostAutoCorrectAppliedEventData,
   RuntimeV2PromptActivationsInjectedEventData,
+  RuleHostUnhealthyEventData,
 } from '../types/event-types.js';
 import { createEmptyDailyStats } from '../types/event-types.js';
 import { atomicWriteFileSync } from '../utils/io.js';
@@ -210,6 +211,18 @@ export class EventLog {
     this.record('runtime_v2_prompt_activations_injected', 'injected', data.sessionId, data);
   }
 
+  /**
+   * PRI-437: Record that an approved rule failed to compile or load.
+   *
+   * This is NOT just a logger.warn — the unhealthy state is persisted to EventLog
+   * so it's visible to CLI (pd runtime health) and Console API.
+   *
+   * ERR-002: degradation includes a reason and nextAction (not silent).
+   */
+  recordRuleHostUnhealthy(data: RuleHostUnhealthyEventData): void {
+    this.record('rulehost_unhealthy', 'failure', undefined, data);
+  }
+
   /**
    * Redact telemetry-sensitive string values in event data before persistence.
    * Applies redactTelemetryString to known high-risk fields (filePath, command,

package/src/core/principle-tree-ledger.ts

@@ -701,19 +701,6 @@ export function transitionImplementationState(
   });
 }
 
-/**
- * Get all implementations for a specific lifecycle state across all rules.
- */
-export function listImplementationsByLifecycleState(
-  stateDir: string,
-  state: ImplementationLifecycleState
-): Implementation[] {
-  const ledger = loadLedger(stateDir);
-  return Object.values(ledger.tree.implementations).filter(
-    (impl) => impl.lifecycleState === state
-  );
-}
-
 /**
  * Get implementations in a specific lifecycle state for a given rule.
  */

package/src/core/rule-host.ts

@@ -1,13 +1,15 @@
 /**
  * Rule Host — Constrained execution layer for active code implementations
  *
- * PURPOSE: Load active code implementations from the principle-tree ledger
- * AND from the activations table (code_tool_hook channel), execute them in a
- * constrained node:vm context, and merge their decisions.
+ * PURPOSE: Load active code implementations from the SQLite activations table
+ * (code_tool_hook channel), execute them in a constrained node:vm context,
+ * and merge their decisions.
  *
- * ARCHITECTURE:
- *   - Constructor takes stateDir to access the principle-tree ledger
- *   - Optional workspaceDir enables reading code_tool_hook activations from SQLite
+ * ARCHITECTURE (PRI-436):
+ *   - SQLite is the SOLE production source of active RuleCode
+ *   - No filesystem ledger or implementation asset reads occur during evaluation
+ *   - Constructor takes stateDir for API compatibility (no longer used for impl loading)
+ *   - workspaceDir enables reading code_tool_hook activations from SQLite
  *   - evaluate(input) loads active code implementations and runs them
  *   - Each implementation executes in an isolated vm context with minimal helpers
  *   - Decision merge: block short-circuits, requireApproval collects, allow is implicit
@@ -22,28 +24,24 @@
  *   - Never throw, never bypass downstream gates (Progressive Gate, Edit Verification)
  */
 
-import * as fs from 'fs';
-import {
-  listImplementationsByLifecycleState,
-} from './principle-tree-ledger.js';
-import { loadEntrySource } from './code-implementation-storage.js';
 import { createRuleHostHelpers } from '@principles/core/runtime-v2';
 import { mergeDecisions } from '@principles/core/runtime-v2';
+import { validateRuleHostResult } from '@principles/core/runtime-v2';
 import { SqliteConnection } from '@principles/core/runtime-v2';
 import { loadRuleImplementationModule } from './rule-implementation-runtime.js';
+import { EventLogService } from './event-log.js';
 import type {
   RuleHostInput,
   RuleHostResult,
   RuleHostMeta,
   LoadedImplementation,
 } from '@principles/core/runtime-v2';
-import type { Implementation } from '../types/principle-tree-schema.js';
 
 import type { RuleHostLogger } from '@principles/core/runtime-v2';
 export type { RuleHostLogger } from '@principles/core/runtime-v2';
 
 export interface RuleHostOptions {
-  /** Workspace directory for SQLite access. When provided, RuleHost also loads code_tool_hook activations from the activations table. */
+  /** Workspace directory for SQLite access. Required for RuleHost to load active code_tool_hook activations. */
   workspaceDir?: string;
 }
 
@@ -84,7 +82,6 @@ export class RuleHost {
    *   - { decision: 'block', ... } when any implementation returns block (short-circuits)
    *   - { decision: 'requireApproval', ... } when any implementation returns requireApproval
    */
-     
   evaluate(input: RuleHostInput): RuleHostResult | undefined {
     try {
       const activeImpls = this._loadActiveCodeImplementations();
@@ -99,70 +96,28 @@ export class RuleHost {
   }
 
   /**
-   * Load active code implementations from the ledger AND the activations table.
+   * Load active code implementations from the SQLite activations table.
    *
-   * Sources (merged, deduplicated by implId):
-   *   1. principle-tree-ledger.json: implementations with lifecycleState='active' and type='code'
-   *   2. activations table: code_tool_hook channel activations (when workspaceDir is provided)
+   * PRI-436: SQLite is the SOLE production source. The filesystem ledger
+   * (principle-tree-ledger) and implementation asset paths have been deleted.
+   * No fallback, no dual-source, no deprecated adapter.
    *
-   * This bridges the gap between RuleHostWriter (which records activation metadata in SQLite)
-   * and RuleHost enforcement (which previously only read from the ledger JSON file).
-   * See BUG-001 / ERR-011 / ERR-035.
+   * Source: activations table (code_tool_hook channel, deactivated_at IS NULL)
+   *   → JOIN pi_artifacts for content_json → extract implementationCode → compile
    */
   private _loadActiveCodeImplementations(): LoadedImplementation[] {
-    const loaded: LoadedImplementation[] = [];
-    const seenImplIds = new Set<string>();
+    if (!this.workspaceDir) {
+      return [];
+    }
 
-    // Source 1: principle-tree-ledger.json (existing path)
     try {
-      const activeAllTypes = listImplementationsByLifecycleState(
-        this.stateDir,
-        'active'
-      );
-
-      // Filter to code-type implementations only
-      const codeImpls = activeAllTypes.filter((impl) => impl.type === 'code');
-
-      for (const impl of codeImpls) {
-        try {
-          const loadedImpl = this._loadSingleImplementation(impl);
-          if (loadedImpl && !seenImplIds.has(loadedImpl.implId)) {
-            loaded.push(loadedImpl);
-            seenImplIds.add(loadedImpl.implId);
-          }
-        } catch (loadError: unknown) {
-          // Individual load failure: log and skip
-          this.logger.warn?.(
-            `[RuleHost] Failed to load implementation ${impl.id}: ${String(loadError)}`
-          );
-        }
-      }
-    } catch (ledgerError: unknown) {
-      // Ledger access failure: log and continue to activations table
+      return this._loadFromActivationsTable(this.workspaceDir);
+    } catch (activationError: unknown) {
       this.logger.warn?.(
-        `[RuleHost] Failed to access ledger: ${String(ledgerError)}`
+        `[RuleHost] Failed to load code_tool_hook activations: ${String(activationError)}`
       );
+      return [];
     }
-
-    // Source 2: activations table (code_tool_hook channel) — bridges BUG-001
-    if (this.workspaceDir) {
-      try {
-        const activationImpls = this._loadFromActivationsTable(this.workspaceDir);
-        for (const impl of activationImpls) {
-          if (!seenImplIds.has(impl.implId)) {
-            loaded.push(impl);
-            seenImplIds.add(impl.implId);
-          }
-        }
-      } catch (activationError: unknown) {
-        // Activations table access failure: log and continue with ledger-only results
-        this.logger.warn?.(
-          `[RuleHost] Failed to load code_tool_hook activations: ${String(activationError)}`
-        );
-      }
-    }
-
-    return loaded;
   }
 
   /**
@@ -170,10 +125,15 @@ export class RuleHost {
    *
    * For each activation record:
    *   1. Query the pi_artifacts table for the artifact content
-   *   2. Parse content_json to extract implementationCode
-   *   3. Compile via loadRuleImplementationModule (same vm isolation as ledger path)
+   *   2. Parse content_json to extract implementationCode (treated as unknown, EP-01)
+   *   3. Compile via loadRuleImplementationModule (isolated vm context)
+   *
+   * PRI-436 invariant: at most one active activation per rule (target_ref).
+   * Duplicate active activations for the same target_ref are ALL skipped
+   * (zero executions) and emit structured unhealthy evidence via logger.warn
+   * (Runtime Contract Rule 9: graceful degradation includes a reason).
    *
-   * This mirrors the PromptActivationReader pattern for SQLite access.
+   * All data from SQLite is treated as unknown and validated before use.
    */
   private _loadFromActivationsTable(workspaceDir: string): LoadedImplementation[] {
     const sqliteConn = new SqliteConnection(workspaceDir);
@@ -195,13 +155,58 @@ export class RuleHost {
         return [];
       }
 
-      const loaded: LoadedImplementation[] = [];
-
+      // PRI-436: Group active rows by target_ref to detect duplicates.
+      // At most one active activation per rule (target_ref) is allowed.
+      // Duplicate groups are skipped entirely (zero executions) and emit
+      // structured unhealthy evidence. Non-duplicate rows proceed to compilation.
+      const rowsByTargetRef = new Map<string, Record<string, unknown>[]>();
       for (const row of rows) {
         if (!row || typeof row !== 'object') {
           continue;
         }
         const r = row as Record<string, unknown>;
+        const targetRef = typeof r['target_ref'] === 'string' ? r['target_ref'] : '';
+        const activationId = typeof r['activation_id'] === 'string' ? r['activation_id'] : '';
+        if (!targetRef) {
+          this.logger.warn?.(
+            `[RuleHost] Activation ${activationId}: missing target_ref, skipping`
+          );
+          continue;
+        }
+        const group = rowsByTargetRef.get(targetRef);
+        if (group) {
+          group.push(r);
+        } else {
+          rowsByTargetRef.set(targetRef, [r]);
+        }
+      }
+
+      // Emit structured unhealthy evidence for duplicate groups; collect valid (non-duplicate) rows.
+      const validRows: Record<string, unknown>[] = [];
+      for (const [targetRef, group] of rowsByTargetRef) {
+        if (group.length > 1) {
+          const activationIds: string[] = [];
+          const artifactIds: string[] = [];
+          for (const r of group) {
+            if (typeof r['activation_id'] === 'string') activationIds.push(r['activation_id']);
+            if (typeof r['artifact_id'] === 'string') artifactIds.push(r['artifact_id']);
+          }
+          this.logger.warn?.(
+            `[RuleHost] Duplicate active activations detected — skipping all executions for this rule. ` +
+            `targetRef=${targetRef} count=${group.length} ` +
+            `activationIds=[${activationIds.join(', ')}] ` +
+            `artifactIds=[${artifactIds.join(', ')}] ` +
+            `reason=at most one active activation per rule is allowed ` +
+            `nextAction=deactivate all but one activation for this target_ref`
+          );
+        } else {
+          validRows.push(group[0]);
+        }
+      }
+
+      const loaded: LoadedImplementation[] = [];
+
+      for (const r of validRows) {
         const activationId = typeof r['activation_id'] === 'string' ? r['activation_id'] : '';
         const artifactId = typeof r['artifact_id'] === 'string' ? r['artifact_id'] : '';
         const contentJson = typeof r['content_json'] === 'string' ? r['content_json'] : '';
@@ -238,10 +243,13 @@ export class RuleHost {
           const implId = `act-impl-${activationId}`;
           const moduleExports = loadRuleImplementationModule(implementationCode, implId);
 
-          if (!moduleExports || typeof moduleExports.evaluate !== 'function') {
+          if (!moduleExports || typeof moduleExports.callEvaluate !== 'function') {
+            const reason = 'compiled module has no evaluate function';
             this.logger.warn?.(
-              `[RuleHost] Activation ${activationId}: compiled module has no evaluate function, skipping`
+              `[RuleHost] Activation ${activationId}: ${reason}, skipping`
             );
+            this._recordUnhealthy(activationId, artifactId, ruleId, reason,
+              'Fix the RuleCode to export an evaluate(input, helpers) function, then re-activate');
             continue;
           }
 
@@ -255,10 +263,10 @@ export class RuleHost {
             ? moduleExports.meta
             : fallbackMeta;
 
-          const rawEvaluate = moduleExports.evaluate as (
-            _input: RuleHostInput,
-            _helpers: ReturnType<typeof createRuleHostHelpers>
-          ) => RuleHostResult;
+          // PRI-437: Use callEvaluate (vm-context-bounded) instead of raw evaluate.
+          // callEvaluate runs the invocation INSIDE the vm context with a time
+          // boundary, terminating infinite loops and excessive computation.
+          const boundedCallEvaluate = moduleExports.callEvaluate;
 
           loaded.push({
             implId,
@@ -266,7 +274,18 @@ export class RuleHost {
             meta,
             evaluate: (input: RuleHostInput): RuleHostResult => {
               const frozenHelpers = createRuleHostHelpers(input);
-              const result = rawEvaluate(input, frozenHelpers);
+              // PRI-437: Execute inside vm context with timeout boundary.
+              // If the RuleCode infinite-loops or exceeds the time budget,
+              // vm throws an error that is caught by the caller (mergeDecisions
+              // try/catch), resulting in conservative degradation (undefined).
+              const rawResult = boundedCallEvaluate(input, frozenHelpers);
+              const validation = validateRuleHostResult(rawResult);
+              if (!validation.valid) {
+                throw new Error(
+                  `[RuleHost] Activation ${activationId} returned invalid RuleHostResult: ${validation.errors.join('; ')}`
+                );
+              }
+              const result = rawResult as RuleHostResult;
               if (result.matched && (result.decision === 'block' || result.decision === 'requireApproval')) {
                 result.ruleId = ruleId;
                 result.principleId = meta.ruleId ?? ruleId;
@@ -275,9 +294,16 @@ export class RuleHost {
             },
           });
         } catch (loadError: unknown) {
+          const reason = `compilation failed: ${String(loadError)}`;
           this.logger.warn?.(
-            `[RuleHost] Failed to load activation ${activationId}: ${String(loadError)}`
+            `[RuleHost] Failed to load activation ${activationId}: ${reason}`
           );
+          // ruleId is declared inside the try block and may not be assigned yet;
+          // fall back to sourceRuleId or artifactId (both available in scope)
+          this._recordUnhealthy(activationId, artifactId,
+            sourceRuleId ?? artifactId,
+            reason,
+            'Fix the RuleCode syntax/compilation error, then re-activate the rule');
         }
       }
 
@@ -292,81 +318,40 @@ export class RuleHost {
   }
 
   /**
-   * Load and compile a single implementation from its code asset path.
+   * PRI-437: Record an unhealthy activation state to EventLog.
    *
-   * The implementation file is expected to export:
-   *   - meta: { name, version, ruleId, coversCondition }
-   *   - evaluate(input: RuleHostInput): RuleHostResult
+   * This makes compile/load failures visible to CLI (pd runtime health) and
+   * Console API — NOT just a logger.warn that's silently skipped.
    *
-   * Uses the shared isolated runtime loader so candidate code does not execute
-   * in the host global realm.
+   * ERR-002: degradation includes a reason and nextAction (not silent).
+   * Failures in EventLog recording are caught and logged (never throw).
    */
-     
-  private _loadSingleImplementation(
-    impl: Implementation
-  ): LoadedImplementation | null {
-    let sourceCode = loadEntrySource(this.stateDir, impl.id);
-    if (!sourceCode) {
-      const assetPath = impl.path;
-      if (!assetPath || !fs.existsSync(assetPath)) {
-        return null;
-      }
-
-      try {
-        sourceCode = fs.readFileSync(assetPath, 'utf-8');
-      } catch {
-        return null;
-      }
-    }
-
+  private _recordUnhealthy(
+    activationId: string,
+    artifactId: string,
+    ruleId: string,
+    reason: string,
+    nextAction: string,
+  ): void {
     try {
-      const moduleExports = loadRuleImplementationModule(sourceCode, impl.id);
-
-      if (!moduleExports || typeof moduleExports.evaluate !== 'function') {
-        return null;
-      }
-
-      const fallbackMeta: RuleHostMeta = {
-        name: impl.id,
-        version: impl.version,
-        ruleId: impl.ruleId,
-        coversCondition: impl.coversCondition,
-      };
-      const meta: RuleHostMeta =
-        moduleExports.meta && typeof moduleExports.meta === 'object'
-          ? (moduleExports.meta as RuleHostMeta)
-          : fallbackMeta;
-
-      // Return a loaded implementation that wraps the compiled evaluate
-      // with the actual helpers from the input at evaluation time
-       
-      const rawEvaluate = moduleExports.evaluate as (
-        _input: RuleHostInput,
-        _helpers: ReturnType<typeof createRuleHostHelpers>
-      ) => RuleHostResult;
-       
-
-      return {
-        implId: impl.id,
-        ruleId: impl.ruleId,
-        meta,
-        evaluate: (input: RuleHostInput): RuleHostResult => {
-          const frozenHelpers = createRuleHostHelpers(input);
-          const result = rawEvaluate(input, frozenHelpers);
-          // C: Enrich result with rule/principle IDs for observability
-          if (result.matched && (result.decision === 'block' || result.decision === 'requireApproval')) {
-            result.ruleId = impl.ruleId;
-            result.principleId = meta.ruleId ?? impl.ruleId;
-          }
-          return result;
-        },
-      };
-    } catch (compileError: unknown) {
-      // Compilation failure: log and skip
+      // Pass undefined as logger: RuleHostLogger only has warn(), but EventLog
+      // calls this.logger.error() without optional chaining. Passing the
+      // RuleHostLogger directly would cause TypeError if EventLog tried to
+      // log an internal error. EventLog's logger is optional; RuleHost already
+      // logs its own warnings for the unhealthy event.
+      const eventLog = EventLogService.get(this.stateDir);
+      eventLog.recordRuleHostUnhealthy({
+        activationId,
+        artifactId,
+        ruleId,
+        reason,
+        nextAction,
+      });
+    } catch (recordError: unknown) {
+      // EventLog recording must never break RuleHost evaluation
       this.logger.warn?.(
-        `[RuleHost] Failed to compile implementation ${impl.id}: ${String(compileError)}`
+        `[RuleHost] Failed to record unhealthy event for activation ${activationId}: ${String(recordError)}`
       );
-      return null;
     }
   }
 }

package/src/core/rule-implementation-runtime.ts

@@ -3,8 +3,27 @@ import { nodeVm } from '../utils/node-vm-polyfill.js';
 export interface RuleImplementationModuleExports {
   meta?: unknown;
   evaluate?: unknown;
+  /**
+   * Call evaluate(input, helpers) INSIDE the vm context with a time boundary.
+   *
+   * PRI-437: The evaluate() function extracted from a vm context executes in
+   * the vm realm, but a direct host-realm call has NO timeout protection —
+   * an infinite loop in RuleCode would hang the host process forever.
+   *
+   * callEvaluate runs the invocation inside the vm context via
+   * Script.runInContext({ timeout }), which terminates infinite loops.
+   *
+   * Throws on timeout, compilation error, or if evaluate is missing.
+   */
+  callEvaluate?: (input: unknown, helpers: unknown) => unknown;
 }
 
+/** Timeout (ms) for compiling RuleCode (defining evaluate + meta). */
+const COMPILE_TIMEOUT_MS = 1000;
+
+/** Timeout (ms) for executing evaluate(input, helpers) inside the vm. */
+const EVALUATE_TIMEOUT_MS = 1000;
+
 function normalizeImplementationSource(sourceCode: string): string {
   const withoutExports = sourceCode
     .replace(/export\s+const\s+meta\s*=/, 'const meta =')
@@ -26,13 +45,56 @@ export function loadRuleImplementationModule(
     filename,
   });
 
+  // Compile phase: define evaluate + meta (timeout-bounded)
   script.runInContext(context, {
-    timeout: 1000,
+    timeout: COMPILE_TIMEOUT_MS,
     displayErrors: true,
   });
 
   const moduleExports = (context as { __pdRuleModule?: RuleImplementationModuleExports }).__pdRuleModule;
-  delete (context as { __pdRuleModule?: RuleImplementationModuleExports }).__pdRuleModule;
+  // Note: keep __pdRuleModule on the context so callEvaluate can reference it.
+  // We do NOT delete it here — it's needed for subsequent evaluate calls.
+
+  const hasEvaluate = typeof moduleExports?.evaluate === 'function';
+  const meta = moduleExports?.meta;
+
+  if (!hasEvaluate) {
+    // No evaluate function — return early with no callEvaluate
+    return { meta, evaluate: moduleExports?.evaluate };
+  }
+
+  // PRI-437: Create a context-aware caller that runs evaluate INSIDE the vm
+  // context with a time boundary. This terminates infinite loops and
+  // excessive computation that would otherwise hang the host process.
+  //
+  // The callEvaluate function:
+  //   1. Sets input and helpers as context globals (sandboxed)
+  //   2. Compiles a tiny call script
+  //   3. Runs it in the context with EVALUATE_TIMEOUT_MS
+  //   4. Cleans up globals
+  //   5. Returns the raw result (validation happens in the caller)
+  const callScript = new nodeVm.Script(
+    '__pdRuleModule.evaluate(__pdCallInput, __pdCallHelpers)',
+    { filename: `${filename}.call` },
+  );
+
+  const callEvaluate = (input: unknown, helpers: unknown): unknown => {
+    (context as { __pdCallInput?: unknown }).__pdCallInput = input;
+    (context as { __pdCallHelpers?: unknown }).__pdCallHelpers = helpers;
+    try {
+      return callScript.runInContext(context, {
+        timeout: EVALUATE_TIMEOUT_MS,
+        displayErrors: true,
+      });
+    } finally {
+      try { delete (context as { __pdCallInput?: unknown }).__pdCallInput; } catch { /* noop */ }
+      try { delete (context as { __pdCallHelpers?: unknown }).__pdCallHelpers; } catch { /* noop */ }
+    }
+  };
 
-  return moduleExports ?? {};
+  return {
+    meta,
+    evaluate: moduleExports?.evaluate,
+    callEvaluate,
+  };
 }

package/src/types/event-types.ts

@@ -23,6 +23,7 @@ export type {
   RuleHostAutoCorrectProposedEventData,
   RuleHostAutoCorrectAppliedEventData,
   RuntimeV2PromptActivationsInjectedEventData,
+  RuleHostUnhealthyEventData,
   ToolCallStats,
   ErrorStats,
   PainStats,