principles-disciple 1.124.0 → 1.126.0

package/tests/core/rule-host-autocorrect-vm.test.ts

@@ -0,0 +1,163 @@
+/**
+ * PRI-437 Adversarial Self-Review: Valid auto_correct from VM must be accepted
+ *
+ * PURPOSE: Verify that a valid auto_correct proposal created INSIDE the vm
+ * context is accepted by the validator (not rejected due to prototype realm
+ * mismatch).
+ *
+ * CONTEXT: validateCorrectionProposal uses isPlainObject which checks
+ * Object.getPrototypeOf() === Object.prototype. VM-created objects have
+ * prototypes from the VM realm, not the host realm, so isPlainObject
+ * returns false and rejects all VM-created proposals.
+ *
+ * ERR risk mitigation:
+ *   - ERR-001: no `as` bypass on untrusted VM output
+ *   - ERR-002: fail-closed with reason (not silent rejection)
+ */
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import * as fs from 'fs';
+import * as os from 'os';
+import * as path from 'path';
+import { SqliteConnection, SqliteActivationStateStore } from '@principles/core/runtime-v2';
+import type { RuleHostInput } from '@principles/core/runtime-v2';
+import { RuleHost } from '../../src/core/rule-host.js';
+
+let tempWorkspaceDir: string;
+let tempStateDir: string;
+let sqliteConn: SqliteConnection;
+
+function setupTempDirs(): void {
+  const baseTmp = os.tmpdir();
+  tempWorkspaceDir = fs.mkdtempSync(path.join(baseTmp, 'pd-rulehost-autocorrect-'));
+  tempStateDir = path.join(tempWorkspaceDir, '.principles');
+  fs.mkdirSync(tempStateDir, { recursive: true });
+}
+
+function insertRuleArtifact(
+  artifactId: string,
+  ruleId: string,
+  sourceTaskId: string,
+  code: string,
+): void {
+  const db = sqliteConn.getDb();
+  const now = new Date().toISOString();
+  const contentJson = JSON.stringify({
+    principleId: `P_${ruleId}`,
+    ruleId,
+    implementationCode: code,
+    goldenTrace: { traceId: `trace-${ruleId}`, cases: [], createdAt: now, version: 1 },
+    ruleHostGateDecision: 'accepted_shadow',
+    affectedTools: ['write_file'],
+    painReasonSummary: 'Test: auto_correct',
+  });
+
+  db.prepare(`
+    INSERT INTO pi_artifacts (artifact_id, artifact_kind, source_task_id, source_principle_id, source_rule_id, lineage_artifact_ids, validation_status, content_json, created_at, updated_at)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `).run(
+    artifactId, 'rule', sourceTaskId, `P_${ruleId}`, ruleId,
+    '[]', 'validated', contentJson, now, now,
+  );
+}
+
+async function insertActivation(
+  activationId: string,
+  artifactId: string,
+  ruleId: string,
+): Promise<void> {
+  const store = new SqliteActivationStateStore(sqliteConn);
+  const now = new Date().toISOString();
+  await store.recordActivation({
+    activationId,
+    idempotencyKey: `${artifactId}::code_tool_hook`,
+    artifactId,
+    channel: 'code_tool_hook',
+    action: 'code_tool_hook_shadow_activate',
+    targetRef: `impl://${ruleId}`,
+    activatedAt: now,
+    deactivatedAt: null,
+  });
+}
+
+function makeInput(normalizedPath: string): RuleHostInput {
+  return {
+    action: {
+      toolName: 'write_file',
+      normalizedPath,
+      paramsSummary: { path: normalizedPath },
+    },
+    workspace: { isRiskPath: false, planStatus: 'NONE' as const, hasPlanFile: false },
+    session: { sessionId: 'test-session-autocorrect', currentGfi: 0, recentThinking: false },
+    evolution: { epTier: 0 },
+    derived: { estimatedLineChanges: 1, bashRisk: 'safe' as const },
+  };
+}
+
+beforeEach(() => {
+  setupTempDirs();
+  sqliteConn = new SqliteConnection(tempWorkspaceDir);
+  sqliteConn.getDb();
+});
+
+afterEach(() => {
+  try { sqliteConn?.close(); } catch { /* best-effort */ }
+  try { fs.rmSync(tempWorkspaceDir, { recursive: true, force: true }); } catch { /* Windows */ }
+});
+
+describe('PRI-437 Adversarial Self-Review: Valid auto_correct from VM must be accepted', () => {
+  it('valid auto_correct proposal created inside VM is accepted (not rejected by isPlainObject)', async () => {
+    const RULE_ID = 'R_TEST_AUTOCORRECT_VALID';
+    const ARTIFACT_ID = 'art-autocorrect-valid';
+    const ACTIVATION_ID = `act_code_${RULE_ID}`;
+
+    // RuleCode that returns a valid auto_correct proposal.
+    // The proposal object is created INSIDE the vm context, so its prototype
+    // is the VM realm's Object.prototype, not the host's.
+    const VALID_AUTOCORRECT_CODE = `
+function evaluate(input, helpers) {
+  return {
+    decision: 'auto_correct',
+    matched: true,
+    reason: 'path should be within workspace',
+    correctionProposal: {
+      ruleId: '${RULE_ID}',
+      correctedFields: [{ field: 'file_path', original: input.action.normalizedPath, proposed: '/safe/path', reason: 'redirect to safe path' }],
+      proposedParams: { file_path: '/safe/path' },
+      applicationMode: 'shadow',
+      confidence: 0.9,
+      notifyAgent: true
+    }
+  };
+}
+var meta = { name: 'autocorrect-rule', version: '1', ruleId: '${RULE_ID}', coversCondition: 'all' };
+`;
+
+    insertRuleArtifact(ARTIFACT_ID, RULE_ID, 'task-autocorrect-valid', VALID_AUTOCORRECT_CODE);
+    await insertActivation(ACTIVATION_ID, ARTIFACT_ID, RULE_ID);
+
+    const warnCalls: string[] = [];
+    const spyLogger = {
+      warn: (message: string) => { warnCalls.push(message); },
+      error: () => {},
+      info: () => {},
+    };
+
+    const ruleHost = new RuleHost(tempStateDir, spyLogger, { workspaceDir: tempWorkspaceDir });
+    const result = ruleHost.evaluate(makeInput('/etc/passwd'));
+
+    // The valid auto_correct proposal MUST be accepted — not rejected due to
+    // VM prototype realm mismatch.
+    expect(result).toBeDefined();
+    expect(result?.decision).toBe('auto_correct');
+    expect(result?.matched).toBe(true);
+    expect(result?.correctionProposal).toBeDefined();
+    expect(result?.correctionProposal?.ruleId).toBe(RULE_ID);
+
+    // No warnings should be emitted about invalid results
+    const invalidWarn = warnCalls.find(m =>
+      m.toLowerCase().includes('invalid') ||
+      m.toLowerCase().includes('must be a plain object')
+    );
+    expect(invalidWarn).toBeUndefined();
+  });
+});

package/tests/core/rule-host-resource-bounds.test.ts

@@ -0,0 +1,231 @@
+/**
+ * PRI-437 Slice 3: Infinite loop and memory allocation terminate without taking down host
+ *
+ * PURPOSE: Verify that RuleCode with infinite loops or excessive memory allocation
+ * is terminated by the vm timeout boundary and degrades conservatively (undefined).
+ *
+ * ERR risk mitigation:
+ *   - ERR-002: timeout/degradation must include a reason (not silent)
+ *   - Resource boundary: RuleCode must have time AND memory limits
+ *
+ * Test approach:
+ *   - Real SQLite activation with malicious RuleCode
+ *   - Real RuleHost.evaluate() (public interface)
+ *   - Verify termination within reasonable time (not hang forever)
+ *   - Verify conservative degradation (undefined result + warn evidence)
+ */
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import * as fs from 'fs';
+import * as os from 'os';
+import * as path from 'path';
+import { SqliteConnection, SqliteActivationStateStore } from '@principles/core/runtime-v2';
+import type { RuleHostInput } from '@principles/core/runtime-v2';
+import { RuleHost } from '../../src/core/rule-host.js';
+
+// ── Test helpers ───────────────────────────────────────────────────────────
+
+const RULE_ID_INFINITE = 'R_TEST_INFINITE_003';
+const ARTIFACT_ID_INFINITE = 'art-infinite-003';
+const ACTIVATION_ID_INFINITE = `act_code_${RULE_ID_INFINITE}`;
+
+const INFINITE_LOOP_CODE = `
+function evaluate(input, helpers) {
+  // Infinite loop — must be terminated by vm timeout
+  while (true) {
+    // burn CPU forever
+  }
+  return { decision: 'block', matched: true, reason: 'never reached' };
+}
+var meta = { name: 'infinite-loop-rule', version: '1', ruleId: '${RULE_ID_INFINITE}', coversCondition: 'all' };
+`;
+
+const RULE_ID_MEMORY = 'R_TEST_MEMORY_003';
+const ARTIFACT_ID_MEMORY = 'art-memory-003';
+const ACTIVATION_ID_MEMORY = `act_code_${RULE_ID_MEMORY}`;
+
+const MEMORY_BOMB_CODE = `
+function evaluate(input, helpers) {
+  // Excessive memory allocation — must be bounded or caught
+  var arr = [];
+  for (var i = 0; i < 100000000; i++) {
+    arr.push(new Array(10000));
+  }
+  return { decision: 'block', matched: true, reason: 'memory bomb' };
+}
+var meta = { name: 'memory-bomb-rule', version: '1', ruleId: '${RULE_ID_MEMORY}', coversCondition: 'all' };
+`;
+
+let tempWorkspaceDir: string;
+let tempStateDir: string;
+let sqliteConn: SqliteConnection;
+
+function setupTempDirs(): void {
+  const baseTmp = os.tmpdir();
+  tempWorkspaceDir = fs.mkdtempSync(path.join(baseTmp, 'pd-rulehost-bounds-'));
+  tempStateDir = path.join(tempWorkspaceDir, '.principles');
+  fs.mkdirSync(tempStateDir, { recursive: true });
+}
+
+function insertRuleArtifact(
+  artifactId: string,
+  ruleId: string,
+  sourceTaskId: string,
+  code: string,
+): void {
+  const db = sqliteConn.getDb();
+  const now = new Date().toISOString();
+  const contentJson = JSON.stringify({
+    principleId: `P_${ruleId}`,
+    ruleId,
+    implementationCode: code,
+    goldenTrace: { traceId: `trace-${ruleId}`, cases: [], createdAt: now, version: 1 },
+    ruleHostGateDecision: 'accepted_shadow',
+    affectedTools: ['write_file'],
+    painReasonSummary: 'Test: resource boundary',
+  });
+
+  db.prepare(`
+    INSERT INTO pi_artifacts (artifact_id, artifact_kind, source_task_id, source_principle_id, source_rule_id, lineage_artifact_ids, validation_status, content_json, created_at, updated_at)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `).run(
+    artifactId,
+    'rule',
+    sourceTaskId,
+    `P_${ruleId}`,
+    ruleId,
+    '[]',
+    'validated',
+    contentJson,
+    now,
+    now,
+  );
+}
+
+async function insertActivation(
+  activationId: string,
+  artifactId: string,
+  ruleId: string,
+): Promise<void> {
+  const store = new SqliteActivationStateStore(sqliteConn);
+  const now = new Date().toISOString();
+  await store.recordActivation({
+    activationId,
+    idempotencyKey: `${artifactId}::code_tool_hook`,
+    artifactId,
+    channel: 'code_tool_hook',
+    action: 'code_tool_hook_shadow_activate',
+    targetRef: `impl://${ruleId}`,
+    activatedAt: now,
+    deactivatedAt: null,
+  });
+}
+
+function makeInput(): RuleHostInput {
+  return {
+    action: {
+      toolName: 'write_file',
+      normalizedPath: '/etc/passwd',
+      paramsSummary: { path: '/etc/passwd' },
+    },
+    workspace: { isRiskPath: false, planStatus: 'NONE' as const, hasPlanFile: false },
+    session: { sessionId: 'test-session-bounds', currentGfi: 0, recentThinking: false },
+    evolution: { epTier: 1 },
+    derived: { estimatedLineChanges: 1, bashRisk: 'safe' as const },
+  };
+}
+
+// ── Setup / Teardown ───────────────────────────────────────────────────────
+
+beforeEach(() => {
+  setupTempDirs();
+  sqliteConn = new SqliteConnection(tempWorkspaceDir);
+  sqliteConn.getDb();
+});
+
+afterEach(() => {
+  try { sqliteConn?.close(); } catch { /* best-effort */ }
+  try { fs.rmSync(tempWorkspaceDir, { recursive: true, force: true }); } catch { /* Windows */ }
+});
+
+// ── Slice 3: Resource boundaries ───────────────────────────────────────────
+
+describe('PRI-437 Slice 3: Infinite loop and memory allocation terminate without taking down host', () => {
+  it('infinite loop in evaluate() is terminated by vm timeout → undefined + warn evidence', async () => {
+    insertRuleArtifact(ARTIFACT_ID_INFINITE, RULE_ID_INFINITE, 'task-infinite-003', INFINITE_LOOP_CODE);
+    await insertActivation(ACTIVATION_ID_INFINITE, ARTIFACT_ID_INFINITE, RULE_ID_INFINITE);
+
+    const warnCalls: string[] = [];
+    const spyLogger = {
+      warn: (message: string) => { warnCalls.push(message); },
+      error: () => {},
+      info: () => {},
+    };
+
+    const ruleHost = new RuleHost(tempStateDir, spyLogger, { workspaceDir: tempWorkspaceDir });
+
+    // Must terminate within 10 seconds (vm timeout is 1000ms, plus overhead)
+    const startTime = Date.now();
+    const result = ruleHost.evaluate(makeInput());
+    const elapsed = Date.now() - startTime;
+
+    // Conservative degradation: undefined (no opinion)
+    expect(result).toBeUndefined();
+
+    // Must not hang — should complete well under 10 seconds
+    expect(elapsed).toBeLessThan(10000);
+
+    // Must emit structured warn evidence (ERR-002: degradation includes reason)
+    expect(warnCalls.length).toBeGreaterThan(0);
+    const timeoutWarn = warnCalls.find(m =>
+      m.toLowerCase().includes('timeout') ||
+      m.toLowerCase().includes('timed out') ||
+      m.toLowerCase().includes('terminated')
+    );
+    expect(timeoutWarn).toBeDefined();
+  }, 15000); // 15 second test timeout (fail safe)
+
+  it('memory bomb in evaluate() is bounded or caught → undefined + warn evidence', async () => {
+    insertRuleArtifact(ARTIFACT_ID_MEMORY, RULE_ID_MEMORY, 'task-memory-003', MEMORY_BOMB_CODE);
+    await insertActivation(ACTIVATION_ID_MEMORY, ARTIFACT_ID_MEMORY, RULE_ID_MEMORY);
+
+    const warnCalls: string[] = [];
+    const spyLogger = {
+      warn: (message: string) => { warnCalls.push(message); },
+      error: () => {},
+      info: () => {},
+    };
+
+    const ruleHost = new RuleHost(tempStateDir, spyLogger, { workspaceDir: tempWorkspaceDir });
+
+    // Must terminate without crashing the host process
+    const startTime = Date.now();
+    let thrown: unknown;
+    let result: unknown;
+    try {
+      result = ruleHost.evaluate(makeInput());
+    } catch (err) {
+      thrown = err;
+    }
+    const elapsed = Date.now() - startTime;
+
+    // PRI-437 fail-closed: must NOT throw (vm timeout should catch it),
+    // and must return undefined (conservative degradation)
+    expect(thrown).toBeUndefined();
+    expect(result).toBeUndefined();
+
+    // Must not hang — should complete well under 30 seconds
+    expect(elapsed).toBeLessThan(30000);
+
+    // Must emit structured warn evidence with reason (ERR-002)
+    expect(warnCalls.length).toBeGreaterThan(0);
+    const reasonWarn = warnCalls.find(m =>
+      m.toLowerCase().includes('timeout') ||
+      m.toLowerCase().includes('timed out') ||
+      m.toLowerCase().includes('terminated') ||
+      m.toLowerCase().includes('memory') ||
+      m.toLowerCase().includes('heap') ||
+      m.toLowerCase().includes('range')
+    );
+    expect(reasonWarn).toBeDefined();
+  }, 60000); // 60 second test timeout (fail safe for memory pressure)
+});

package/tests/core/rule-host-unhealthy-visibility.test.ts

@@ -0,0 +1,261 @@
+/**
+ * PRI-437 Slice 4: Approved compile failure is visible in EventLog, CLI and Console
+ *
+ * PURPOSE: Verify that when an approved rule fails to compile/load, the failure
+ * is recorded in EventLog as an unhealthy event with reason and nextAction.
+ * NOT just a logger.warn that's silently skipped.
+ *
+ * ERR risk mitigation:
+ *   - ERR-002: degradation must include a reason (not silent logger.warn)
+ *   - Observability: unhealthy state must be persisted and queryable
+ *
+ * Test approach:
+ *   - Real SQLite activation with broken code (syntax error)
+ *   - Real RuleHost.evaluate() (public interface)
+ *   - Read real EventLog JSONL file to verify unhealthy record
+ */
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import * as fs from 'fs';
+import * as os from 'os';
+import * as path from 'path';
+import { SqliteConnection, SqliteActivationStateStore } from '@principles/core/runtime-v2';
+import type { RuleHostInput } from '@principles/core/runtime-v2';
+import { RuleHost } from '../../src/core/rule-host.js';
+import { EventLogService } from '../../src/core/event-log.js';
+
+// ── Test helpers ───────────────────────────────────────────────────────────
+
+const RULE_ID_BROKEN = 'R_TEST_BROKEN_004';
+const ARTIFACT_ID_BROKEN = 'art-broken-004';
+const ACTIVATION_ID_BROKEN = `act_code_${RULE_ID_BROKEN}`;
+
+// Code with a syntax error that will cause compilation failure
+const BROKEN_CODE = `
+function evaluate(input, helpers) {
+  // Syntax error: unclosed brace
+  return { decision: 'block', matched: true, reason: 'broken'
+// Missing closing brace for function and return object
+var meta = { name: 'broken-rule', version: '1', ruleId: '${RULE_ID_BROKEN}', coversCondition: 'all' };
+`;
+
+let tempWorkspaceDir: string;
+let tempStateDir: string;
+let sqliteConn: SqliteConnection;
+
+function setupTempDirs(): void {
+  const baseTmp = os.tmpdir();
+  tempWorkspaceDir = fs.mkdtempSync(path.join(baseTmp, 'pd-rulehost-unhealthy-'));
+  tempStateDir = path.join(tempWorkspaceDir, '.principles');
+  fs.mkdirSync(tempStateDir, { recursive: true });
+}
+
+function insertRuleArtifact(): void {
+  const db = sqliteConn.getDb();
+  const now = new Date().toISOString();
+  const contentJson = JSON.stringify({
+    principleId: 'P_TEST_BROKEN_004',
+    ruleId: RULE_ID_BROKEN,
+    implementationCode: BROKEN_CODE,
+    goldenTrace: { traceId: 'trace-broken-004', cases: [], createdAt: now, version: 1 },
+    ruleHostGateDecision: 'accepted_shadow',
+    affectedTools: ['write_file'],
+    painReasonSummary: 'Test: broken code compilation',
+  });
+
+  db.prepare(`
+    INSERT INTO pi_artifacts (artifact_id, artifact_kind, source_task_id, source_principle_id, source_rule_id, lineage_artifact_ids, validation_status, content_json, created_at, updated_at)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `).run(
+    ARTIFACT_ID_BROKEN,
+    'rule',
+    'task-broken-004',
+    'P_TEST_BROKEN_004',
+    RULE_ID_BROKEN,
+    '[]',
+    'validated',
+    contentJson,
+    now,
+    now,
+  );
+}
+
+async function insertActivation(): Promise<void> {
+  const store = new SqliteActivationStateStore(sqliteConn);
+  const now = new Date().toISOString();
+  await store.recordActivation({
+    activationId: ACTIVATION_ID_BROKEN,
+    idempotencyKey: `${ARTIFACT_ID_BROKEN}::code_tool_hook`,
+    artifactId: ARTIFACT_ID_BROKEN,
+    channel: 'code_tool_hook',
+    action: 'code_tool_hook_shadow_activate',
+    targetRef: `impl://${RULE_ID_BROKEN}`,
+    activatedAt: now,
+    deactivatedAt: null,
+  });
+}
+
+function makeInput(): RuleHostInput {
+  return {
+    action: {
+      toolName: 'write_file',
+      normalizedPath: '/etc/passwd',
+      paramsSummary: { path: '/etc/passwd' },
+    },
+    workspace: { isRiskPath: false, planStatus: 'NONE' as const, hasPlanFile: false },
+    session: { sessionId: 'test-session-unhealthy', currentGfi: 0, recentThinking: false },
+    evolution: { epTier: 1 },
+    derived: { estimatedLineChanges: 1, bashRisk: 'safe' as const },
+  };
+}
+
+function readTodayEvents(stateDir: string): string {
+  const today = new Date().toISOString().slice(0, 10);
+  const eventsFile = path.join(stateDir, 'logs', `events_${today}.jsonl`);
+  if (!fs.existsSync(eventsFile)) {
+    return '';
+  }
+  return fs.readFileSync(eventsFile, 'utf-8');
+}
+
+// ── Setup / Teardown ───────────────────────────────────────────────────────
+
+beforeEach(() => {
+  setupTempDirs();
+  EventLogService.disposeAll();
+  sqliteConn = new SqliteConnection(tempWorkspaceDir);
+  sqliteConn.getDb();
+});
+
+afterEach(() => {
+  EventLogService.disposeAll();
+  try { sqliteConn?.close(); } catch { /* best-effort */ }
+  try { fs.rmSync(tempWorkspaceDir, { recursive: true, force: true }); } catch { /* Windows */ }
+});
+
+// ── Slice 4: Compile failure visible in EventLog ───────────────────────────
+
+describe('PRI-437 Slice 4: Approved compile failure is visible in EventLog', () => {
+  it('broken code compilation → EventLog records rulehost_unhealthy with reason and nextAction', async () => {
+    insertRuleArtifact();
+    await insertActivation();
+
+    const warnCalls: string[] = [];
+    const spyLogger = {
+      warn: (message: string) => { warnCalls.push(message); },
+      error: () => {},
+      info: () => {},
+    };
+
+    const ruleHost = new RuleHost(tempStateDir, spyLogger, { workspaceDir: tempWorkspaceDir });
+
+    // Evaluate — should attempt to compile the broken code and fail
+    const result = ruleHost.evaluate(makeInput());
+
+    // Conservative degradation: undefined (no opinion)
+    expect(result).toBeUndefined();
+
+    // Flush EventLog to ensure events are written to disk
+    const eventLog = EventLogService.get(tempStateDir);
+    eventLog.flush();
+
+    // Read the EventLog JSONL file and verify unhealthy record exists
+    const eventsContent = readTodayEvents(tempStateDir);
+
+    // Must contain a rulehost_unhealthy event (NOT just logger.warn)
+    expect(eventsContent).toContain('rulehost_unhealthy');
+
+    // Structured validation: parse JSONL lines and find the unhealthy event
+    const lines = eventsContent.trim().split('\n').filter(l => l.trim());
+    const unhealthyEvents = lines
+      .map(line => { try { return JSON.parse(line); } catch { return null; } })
+      .filter(evt => evt?.type === 'rulehost_unhealthy');
+
+    expect(unhealthyEvents.length).toBeGreaterThanOrEqual(1);
+
+    // Verify the unhealthy event has all required fields in the same record
+    const unhealthy = unhealthyEvents[0];
+    expect(unhealthy.data.activationId).toBe(ACTIVATION_ID_BROKEN);
+    expect(unhealthy.data.ruleId).toBe(RULE_ID_BROKEN);
+    expect(typeof unhealthy.data.reason).toBe('string');
+    expect(unhealthy.data.reason.length).toBeGreaterThan(0);
+    expect(typeof unhealthy.data.nextAction).toBe('string');
+    expect(unhealthy.data.nextAction.length).toBeGreaterThan(0);
+  });
+
+  it('valid rule does NOT produce rulehost_unhealthy event', async () => {
+    // Insert a VALID rule (not broken)
+    const VALID_CODE = `
+function evaluate(input, helpers) {
+  var p = input.action.normalizedPath || '';
+  if (p.indexOf('/etc/') === 0) {
+    return { decision: 'block', matched: true, reason: 'valid block' };
+  }
+  return { decision: 'allow', matched: false, reason: 'not matched' };
+}
+var meta = { name: 'valid-rule', version: '1', ruleId: '${RULE_ID_BROKEN}', coversCondition: 'all' };
+`;
+
+    const db = sqliteConn.getDb();
+    const now = new Date().toISOString();
+    const contentJson = JSON.stringify({
+      principleId: 'P_TEST_VALID_004',
+      ruleId: RULE_ID_BROKEN,
+      implementationCode: VALID_CODE,
+      goldenTrace: { traceId: 'trace-valid-004', cases: [], createdAt: now, version: 1 },
+      ruleHostGateDecision: 'accepted_shadow',
+      affectedTools: ['write_file'],
+      painReasonSummary: 'Test: valid code',
+    });
+
+    db.prepare(`
+      INSERT INTO pi_artifacts (artifact_id, artifact_kind, source_task_id, source_principle_id, source_rule_id, lineage_artifact_ids, validation_status, content_json, created_at, updated_at)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `).run(
+      ARTIFACT_ID_BROKEN, 'rule', 'task-valid-004', 'P_TEST_VALID_004', RULE_ID_BROKEN,
+      '[]', 'validated', contentJson, now, now,
+    );
+
+    await insertActivation();
+
+    const ruleHost = new RuleHost(tempStateDir, { warn: () => {}, error: () => {}, info: () => {} }, { workspaceDir: tempWorkspaceDir });
+    const result = ruleHost.evaluate(makeInput());
+
+    // Valid rule should block (not undefined)
+    expect(result).toBeDefined();
+    expect(result?.decision).toBe('block');
+
+    // Flush and verify NO unhealthy event
+    const eventLog = EventLogService.get(tempStateDir);
+    eventLog.flush();
+
+    const eventsContent = readTodayEvents(tempStateDir);
+    expect(eventsContent).not.toContain('rulehost_unhealthy');
+  });
+
+  it('runtime-invalid result is persisted as rulehost_unhealthy and never executes', async () => {
+    const invalidResultCode = `
+function evaluate() {
+  return { decision: 'block', matched: 'yes', reason: 'invalid matched type' };
+}
+var meta = { name: 'invalid-result-rule', version: '1', ruleId: '${RULE_ID_BROKEN}', coversCondition: 'all' };
+`;
+    const now = new Date().toISOString();
+    sqliteConn.getDb().prepare(`
+      INSERT INTO pi_artifacts (artifact_id, artifact_kind, source_task_id, source_principle_id, source_rule_id, lineage_artifact_ids, validation_status, content_json, created_at, updated_at)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `).run(
+      ARTIFACT_ID_BROKEN, 'rule', 'task-invalid-result', 'P_TEST_INVALID_RESULT', RULE_ID_BROKEN,
+      '[]', 'validated', JSON.stringify({ ruleId: RULE_ID_BROKEN, implementationCode: invalidResultCode }), now, now,
+    );
+    await insertActivation();
+
+    const ruleHost = new RuleHost(tempStateDir, { warn: () => {} }, { workspaceDir: tempWorkspaceDir });
+    expect(ruleHost.evaluate(makeInput())).toBeUndefined();
+    EventLogService.get(tempStateDir).flush();
+
+    const events = readTodayEvents(tempStateDir);
+    expect(events).toContain('rulehost_unhealthy');
+    expect(events).toContain('invalid RuleHostResult');
+    expect(events).toContain(ACTIVATION_ID_BROKEN);
+  });
+});