npm - principles-disciple - Versions diffs - 1.58.0 → 1.60.0 - Mend

principles-disciple 1.58.0 → 1.60.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (46) hide show

package/openclaw.plugin.json +4 -4
package/package.json +1 -1
package/src/commands/archive-impl.ts +2 -1
package/src/commands/capabilities.ts +2 -1
package/src/commands/context.ts +3 -5
package/src/commands/disable-impl.ts +2 -1
package/src/commands/evolution-status.ts +18 -1
package/src/commands/export.ts +2 -1
package/src/commands/focus.ts +2 -5
package/src/commands/nocturnal-review.ts +2 -1
package/src/commands/nocturnal-rollout.ts +2 -1
package/src/commands/nocturnal-train.ts +2 -1
package/src/commands/pain.ts +2 -1
package/src/commands/pd-reflect.ts +5 -7
package/src/commands/principle-rollback.ts +2 -1
package/src/commands/promote-impl.ts +2 -1
package/src/commands/rollback-impl.ts +2 -1
package/src/commands/rollback.ts +2 -1
package/src/commands/samples.ts +2 -1
package/src/commands/strategy.ts +3 -2
package/src/commands/thinking-os.ts +2 -1
package/src/commands/workflow-debug.ts +2 -1
package/src/core/event-log.ts +42 -3
package/src/core/init.ts +2 -2
package/src/core/principle-compiler/ledger-registrar.ts +11 -2
package/src/core/rule-host-types.ts +4 -0
package/src/core/rule-host.ts +7 -1
package/src/hooks/gate.ts +15 -0
package/src/hooks/prompt.ts +13 -0
package/src/index.ts +13 -4
package/src/service/evolution-worker.ts +30 -0
package/src/service/runtime-summary-service.ts +38 -0
package/src/tools/critique-prompt.ts +4 -5
package/src/tools/deep-reflect.ts +4 -3
package/src/types/event-types.ts +73 -3
package/src/utils/workspace-resolver.ts +44 -3
package/tests/commands/pd-reflect.test.ts +1 -1
package/tests/core/bootstrap-rules.test.ts +14 -0
package/tests/core/evolution-reducer.compilation-retry.test.ts +2 -1
package/tests/core/ledger-registrar.test.ts +5 -2
package/tests/core/principle-compiler.test.ts +4 -2
package/tests/core/regression-v1-9-1.test.ts +2 -1
package/tests/integration/gate-real-io.e2e.test.ts +5 -8
package/tests/integration/pain-id-chain-e2e.test.ts +12 -6
package/tests/integration/principle-compiler-e2e.test.ts +28 -9
package/tests/integration/principle-lifecycle.e2e.test.ts +2 -1

package/src/index.ts CHANGED Viewed

@@ -262,8 +262,13 @@ const plugin = {
       (event: PluginHookSubagentSpawningEvent, _ctx: PluginHookSubagentContext): void | PluginHookSubagentSpawningResult => {
         try {
-          // Resolve workspace via official API, falling back to PathResolver
-          const workspaceDir = resolveWorkspaceDirFromApi(api, event.agentId) || '.';
+          // FIX (B): Never fall back to '.' — fail-fast with ERROR log if workspaceDir cannot be resolved.
+          // For subagent hooks, we use event.agentId as the target agent for workspace resolution.
+          const workspaceDir = resolveWorkspaceDirFromApi(api, event.agentId);
+          if (!workspaceDir) {
+            api.logger.error(`[PD] subagent_spawning: cannot resolve workspaceDir for agent "${event.agentId}" — skipping shadow routing`);
+            return { status: 'ok' };
+          }
           api.logger?.debug?.(`[PD] workspaceDir resolved for subagent_spawning: ${workspaceDir}`);
           const { agentId, childSessionKey } = event;
           // Only handle PD local worker profiles
@@ -301,8 +306,12 @@ const plugin = {
       'subagent_ended',
       (event: PluginHookSubagentEndedEvent, ctx: PluginHookSubagentContext): void => {
         try {
-          // Resolve workspace via official API, falling back to PathResolver
-          const workspaceDir = resolveWorkspaceDirFromApi(api, undefined) || '.';
+          // FIX (B): Never fall back to '.' — fail-fast with ERROR log if workspaceDir cannot be resolved.
+          const workspaceDir = resolveWorkspaceDirFromApi(api, undefined);
+          if (!workspaceDir) {
+            api.logger.error(`[PD] subagent_ended: cannot resolve workspaceDir — skipping shadow observation completion`);
+            return;
+          }
           api.logger?.debug?.(`[PD] workspaceDir resolved for subagent_ended: ${workspaceDir}`);
           // Complete any pending shadow observation for this subagent session
           const shadowObsId = pendingShadowObservations.get(event.targetSessionKey);

package/src/service/evolution-worker.ts CHANGED Viewed

@@ -922,6 +922,8 @@ async function processEvolutionQueue(wctx: WorkspaceContext, logger: PluginLogge
                 if (logger) logger.info(`[PD:EvolutionWorker] Task ${task.id} completed - marker file detected`);
                 let principlesGenerated = 0;
+                // C: Track report success for event recording
+                let reportSuccess = false;
                 // Create principle from the diagnostician's JSON report.
                 const reportPath = path.join(wctx.stateDir, `.diagnostician_report_${task.id}.json`);
                 if (fs.existsSync(reportPath)) {
@@ -1023,6 +1025,14 @@ async function processEvolutionQueue(wctx: WorkspaceContext, logger: PluginLogge
                                     if (principleId) {
                                         logger.info(`[PD:EvolutionWorker] Created principle ${principleId} from marker fallback for task ${task.id}`);
                                         principlesGenerated = 1;
+                                        // C: Record principle_candidate_created event for observability
+                                        if (eventLog) {
+                                            eventLog.recordPrincipleCandidate({
+                                                principleId,
+                                                taskId: task.id,
+                                                source: 'diagnostician',
+                                            });
+                                        }
                                     } else {
                                         logger.warn(`[PD:EvolutionWorker] createPrincipleFromDiagnosis returned null for task ${task.id} (may be duplicate or blacklisted)`);
                                     }
@@ -1038,6 +1048,8 @@ async function processEvolutionQueue(wctx: WorkspaceContext, logger: PluginLogge
                     } catch (err) {
                         logger.warn(`[PD:EvolutionWorker] Failed to parse diagnostician report for task ${task.id}: ${String(err)}`);
                     }
+                    // C: Report was found and processed (try block succeeded or had non-fatal issues)
+                    reportSuccess = true;
                 } else {
                     logger.warn(`[PD:EvolutionWorker] No diagnostician report found for completed task ${task.id} (expected: .diagnostician_report_${task.id}.json)`);
                 }
@@ -1059,6 +1071,15 @@ async function processEvolutionQueue(wctx: WorkspaceContext, logger: PluginLogge
                 // FIX (#187): Remove the task from the diagnostician task store
                 await completeDiagnosticianTask(wctx.stateDir, task.id);
+                // C: Record diagnostician_report event for observability
+                if (eventLog) {
+                    eventLog.recordDiagnosticianReport({
+                        taskId: task.id,
+                        reportPath,
+                        success: reportSuccess,
+                    });
+                }
                 // Log to EvolutionLogger
                 const durationMs = task.started_at
                     ? Date.now() - new Date(task.started_at).getTime()
@@ -1349,6 +1370,15 @@ async function processEvolutionQueue(wctx: WorkspaceContext, logger: PluginLogge
                 await addDiagnosticianTask(wctx.stateDir, highestScoreTask.id, heartbeatContent);
                 if (logger) logger.info(`[PD:EvolutionWorker] Wrote diagnostician task to diagnostician_tasks.json for task ${highestScoreTask.id}`);
+                // C: Record diagnosis_task_written event for observability
+                if (eventLog) {
+                    eventLog.recordDiagnosisTask({
+                        taskId: highestScoreTask.id,
+                        painEventId: highestScoreTask.painEventId !== undefined ? String(highestScoreTask.painEventId) : undefined,
+                        sessionId: highestScoreTask.session_id,
+                    });
+                }
                 // Task store write succeeded, now mark task as in_progress
                 highestScoreTask.task = taskDescription;
                 highestScoreTask.status = 'in_progress';

package/src/service/runtime-summary-service.ts CHANGED Viewed

@@ -5,6 +5,7 @@ import { listSessions } from '../core/session-tracker.js';
 import { WorkspaceContext } from '../core/workspace-context.js';
 import { evaluatePhase3Inputs } from './phase3-input-filter.js';
 import { TrajectoryRegistry } from '../core/trajectory.js';
+import { getPendingDiagnosticianTasks } from '../core/diagnostician-task-store.js';
 import type { RuntimeTruth, AnalyticsTruth } from '../types/runtime-summary.js';
 export type RuntimeDataQuality = 'authoritative' | 'partial';
@@ -60,6 +61,19 @@ export interface RuntimeSummary {
     };
     dataQuality: RuntimeDataQuality;
   };
+  // D: Heartbeat Diagnostician chain — separate from evolution/nocturnal chain
+  heartbeatDiagnosis: {
+    /** Tasks pending in diagnostician_tasks.json (not yet processed by heartbeat) */
+    pendingTasks: number;
+    /** Total diagnosis tasks written by evolution worker (today from event log) */
+    tasksWrittenToday: number;
+    /** Total diagnostician reports written (today from event log) */
+    reportsWrittenToday: number;
+    /** Total principle candidates created from heartbeat chain (today from event log) */
+    candidatesCreatedToday: number;
+    /** Heartbeats that injected diagnostician tasks (today from event log) */
+    heartbeatsInjectedToday: number;
+  };
   phase3: {
     queueTruthReady: boolean;
     phase3ShadowEligible: boolean;
@@ -177,6 +191,14 @@ export class RuntimeSummaryService {
       toolCalls?: number;
       painSignals?: number;
       evolutionTasks?: number;
+      evolution?: {
+        diagnosisTasksWritten?: number;
+        diagnosticianReportsWritten?: number;
+        principleCandidatesCreated?: number;
+        heartbeatsInjected?: number;
+        [key: string]: unknown;
+      };
+      [key: string]: unknown;
     }>>(
       path.join(wctx.stateDir, 'logs', 'daily-stats.json'),
       warnings,
@@ -233,6 +255,20 @@ export class RuntimeSummaryService {
     const gfiSources = this.buildGfiSources(events, selectedSessionId);
     const gateStats = this.buildGateStats(events, selectedSessionId, warnings);
+    // D: Heartbeat Diagnostician chain — separate from evolution/nocturnal chain
+    // Read pending tasks from the diagnostician task store
+    const pendingDiagTasks = getPendingDiagnosticianTasks(wctx.stateDir);
+    // Read heartbeat diagnosis stats from daily event log
+    const todayStr = generatedAt.slice(0, 10);
+    const diagDailyStats = dailyStats?.[todayStr]?.evolution;
+    const heartbeatDiagnosis = {
+      pendingTasks: pendingDiagTasks.length,
+      tasksWrittenToday: diagDailyStats?.diagnosisTasksWritten ?? 0,
+      reportsWrittenToday: diagDailyStats?.diagnosticianReportsWritten ?? 0,
+      candidatesCreatedToday: diagDailyStats?.principleCandidatesCreated ?? 0,
+      heartbeatsInjectedToday: diagDailyStats?.heartbeatsInjected ?? 0,
+    };
     // Read trajectory analytics data (historical data, NOT runtime truth)
     const trajectoryStats = this.readTrajectoryStats(workspaceDir, warnings);
@@ -310,6 +346,8 @@ export class RuntimeSummaryService {
         lastSignal: lastPainSignal,
       },
       gate: gateStats,
+      // D: Heartbeat Diagnostician chain — separate from evolution/nocturnal
+      heartbeatDiagnosis,
       metadata: {
         generatedAt,
         workspaceDir,

package/src/tools/critique-prompt.ts CHANGED Viewed

@@ -29,11 +29,10 @@ export function buildCritiquePromptV2(
 ): string {
     const { context, depth = 2, workspaceDir, api } = params;
-    // 1. 确定工作区目录 (优先级：显式传入 > api.config > official API)
-    const effectiveWorkspaceDir = workspaceDir
-        || (api?.config?.workspaceDir as string)
-        || resolveWorkspaceDirFromApi(api);
+    // FIX (B): Priority: explicitly passed workspaceDir > official API resolution
+    // Do NOT chain through api.config?.workspaceDir which may be stale.
+    const effectiveWorkspaceDir = workspaceDir || resolveWorkspaceDirFromApi(api);
     if (!effectiveWorkspaceDir) {
         throw new Error('Workspace directory is required for deep reflection.');
     }

package/src/tools/deep-reflect.ts CHANGED Viewed

@@ -148,10 +148,11 @@ export function createDeepReflectTool(api: OpenClawPluginApi) {
  * Resolve workspace directory for deep reflection tool.
  */
 function resolveReflectionWorkspace(api: OpenClawPluginApi): string {
-    const dir = (api.config?.workspaceDir as string)
-        || resolveWorkspaceDirFromApi(api);
+    // FIX (B): Only use resolveWorkspaceDirFromApi — do not chain through api.config?.workspaceDir
+    // which may be stale. Fail-fast if workspace cannot be resolved.
+    const dir = resolveWorkspaceDirFromApi(api);
     if (!dir) {
-        throw new WorkspaceNotFoundError('deep-reflect: workspace directory could not be resolved via API or config');
+        throw new WorkspaceNotFoundError('deep-reflect: workspace directory could not be resolved via API');
     }
     return dir;
 }

package/src/types/event-types.ts CHANGED Viewed

@@ -15,10 +15,15 @@ export type EventType =
   | 'plan_approval'
   | 'evolution_task'
   | 'deep_reflection'
   | 'empathy_rollback'
   | 'error'
-  | 'warn';
+  | 'warn'
+  // C: Diagnostician heartbeat chain events
+  | 'diagnosis_task'        // Diagnostician task written to task store
+  | 'heartbeat_diagnosis'  // Heartbeat injected diagnostician tasks
+  | 'diagnostician_report' // Diagnostician completed and wrote report
+  | 'principle_candidate'  // Principle candidate created from report
+  | 'rule_enforced';       // Rule enforced (matched) during tool call
 export type EventCategory =
   | 'success'
@@ -32,7 +37,12 @@ export type EventCategory =
   | 'promoted'
   | 'passed'
   | 'changed'
-  | 'rolled_back';
+  | 'rolled_back'
+  // C: New categories for diagnostician heartbeat chain
+  | 'written'
+  | 'injected'
+  | 'created'
+  | 'matched';
 /**
  * Base event structure for JSONL logging.
@@ -174,6 +184,54 @@ export interface EmpathyRollbackEventData {
   triggeredBy: 'user_command' | 'natural_language' | 'system';
 }
+/**
+ * C: New event data types for diagnostician heartbeat chain observability.
+ * Maps heartbeat_injected -> when prompt.ts injects diagnostician tasks into heartbeat
+ */
+export interface HeartbeatDiagnosisEventData {
+  taskCount: number;
+  taskIds: string[];
+  trigger: 'heartbeat' | 'immediate';
+}
+/**
+ * Maps diagnosis_task_written -> when evolution-worker writes to diagnostician_tasks.json
+ */
+export interface DiagnosisTaskEventData {
+  taskId: string;
+  painEventId?: string;
+  sessionId?: string;
+}
+/**
+ * Maps diagnostician_report_written -> when diagnostician completes and writes report
+ */
+export interface DiagnosticianReportEventData {
+  taskId: string;
+  reportPath: string;
+  success: boolean;
+}
+/**
+ * Maps principle_candidate_created -> when evolution-worker extracts principle from report
+ */
+export interface PrincipleCandidateEventData {
+  principleId: string;
+  taskId: string;
+  source: 'diagnostician' | 'nocturnal' | 'manual';
+}
+/**
+ * Maps rule_enforced -> when RuleHost evaluate() returns matched during tool call
+ */
+export interface RuleEnforcedEventData {
+  ruleId: string;
+  principleId: string;
+  enforcement: 'warn' | 'block' | 'requireApproval';
+  toolName: string;
+  filePath: string;
+}
 // ============== Daily Statistics ==============
 export interface ToolCallStats {
@@ -264,6 +322,12 @@ export interface EvolutionStats {
   tasksEnqueued: number;
   tasksCompleted: number;
   rulesPromoted: number;
+  // C: Diagnostician heartbeat chain counters
+  diagnosisTasksWritten: number;
+  heartbeatsInjected: number;
+  diagnosticianReportsWritten: number;
+  principleCandidatesCreated: number;
+  rulesEnforced: number;
 }
 export interface HookStats {
@@ -422,6 +486,12 @@ export function createEmptyDailyStats(date: string): DailyStats {
       tasksEnqueued: 0,
       tasksCompleted: 0,
       rulesPromoted: 0,
+      // C: Diagnostician heartbeat chain counters
+      diagnosisTasksWritten: 0,
+      heartbeatsInjected: 0,
+      diagnosticianReportsWritten: 0,
+      principleCandidatesCreated: 0,
+      rulesEnforced: 0,
     },
     hooks: {
       total: 0,

package/src/utils/workspace-resolver.ts CHANGED Viewed

@@ -4,7 +4,7 @@
  * Shared helpers for resolving workspace directories across commands and hooks.
  */
-import type { OpenClawPluginApi } from '../openclaw-sdk.js';
+import type { OpenClawPluginApi, PluginCommandContext } from '../openclaw-sdk.js';
 import { validateWorkspaceDir, type WorkspaceResolutionContext } from '../core/workspace-dir-validation.js';
 import { resolveWorkspaceDir } from '../core/workspace-dir-service.js';
 import { resolveWorkspaceDirFromApi } from '../core/path-resolver.js';
@@ -25,7 +25,10 @@ export function resolveCommandWorkspaceDir(
   if (ctx.workspaceDir) {
     const issue = validateWorkspaceDir(ctx.workspaceDir);
     if (!issue) return ctx.workspaceDir;
-    api.logger.error(`[PD:Command] ctx.workspaceDir="${ctx.workspaceDir}" is invalid: ${issue}`);
+    // Validation failed — fail immediately, do not silently fall back
+    const errorMsg = `[PD:Command] ctx.workspaceDir="${ctx.workspaceDir}" is invalid: ${issue}`;
+    api.logger.error(errorMsg);
+    throw new Error(errorMsg);
   }
   // 2. Official OpenClaw API → env vars → config file
@@ -34,13 +37,51 @@ export function resolveCommandWorkspaceDir(
   // CRITICAL FAILURE: Cannot determine workspace directory
   const errorMsg = `[PD:Command] CRITICAL: Cannot resolve workspace directory. ` +
-    `ctx.workspaceDir="${ctx.workspaceDir}" is invalid, and all fallbacks failed. ` +
+    `ctx.workspaceDir="${ctx.workspaceDir ?? ''}" is invalid, and all fallbacks failed. ` +
     `Commands will NOT execute to prevent data corruption.`;
   api.logger.error(errorMsg);
   throw new Error(errorMsg);
 }
+/**
+ * Resolve workspace directory for plugin command execution.
+ *
+ * Chain: ctx.workspaceDir (canonical) → ctx.config.workspaceDir (dispatcher fallback)
+ *
+ * CRITICAL: Throws if workspaceDir cannot be resolved. Commands must NEVER silently
+ * fall back to process.cwd() as this masks configuration errors and can corrupt
+ * the wrong workspace.
+ *
+ * @param ctx - Plugin command context (has workspaceDir + config properties)
+ * @param source - Source label for error messages (e.g. 'evolution-status', 'pain')
+ */
+export function resolvePluginCommandWorkspaceDir(
+  ctx: PluginCommandContext,
+  source: string,
+): string {
+  // 1. Canonical workspaceDir field (set by OpenClaw command dispatcher)
+  if (ctx.workspaceDir) {
+    const issue = validateWorkspaceDir(ctx.workspaceDir);
+    if (!issue) return ctx.workspaceDir;
+    throw new Error(`[PD:Command:${source}] ctx.workspaceDir="${ctx.workspaceDir}" is invalid: ${issue}`);
+  }
+  // 2. Dispatcher may also put workspaceDir in config (legacy/alternative path)
+  const configWorkspaceDir = ctx.config?.workspaceDir as string | undefined;
+  if (configWorkspaceDir) {
+    const issue = validateWorkspaceDir(configWorkspaceDir);
+    if (!issue) return configWorkspaceDir;
+    throw new Error(`[PD:Command:${source}] ctx.config.workspaceDir="${configWorkspaceDir}" is invalid: ${issue}`);
+  }
+  // CRITICAL FAILURE: No workspace directory available
+  throw new Error(
+    `[PD:Command:${source}] CRITICAL: workspaceDir is not set in ctx.workspaceDir or ctx.config.workspaceDir. ` +
+    `Commands cannot execute without a valid workspace. Set OPENCLAW_WORKSPACE_DIR env var or ensure the workspace is properly initialized.`,
+  );
+}
 /**
  * Resolve workspace directory for tool hook execution (safe version).
  * Returns undefined instead of throwing if resolution fails.

package/tests/commands/pd-reflect.test.ts CHANGED Viewed

@@ -20,7 +20,7 @@ describe('pd-reflect command', () => {
   it('requires an explicit resolved workspace directory', async () => {
     const result = await handlePdReflect.handler({} as any);
     expect(result.isError).toBe(true);
-    expect(result.text).toContain('Cannot determine workspace directory');
+    expect(result.text).toContain('workspaceDir is not set');
   });
   it('enqueues into the provided active workspace', async () => {

package/tests/core/bootstrap-rules.test.ts CHANGED Viewed

@@ -235,6 +235,20 @@ describe('bootstrap-rules', () => {
       // Act & Assert: Should throw
       expect(() => selectPrinciplesForBootstrap(stateDir, 3)).toThrow('No deterministic principles');
     });
+    // Regression test for Issue #356
+    it('T-01..T-10 as deterministic — no crash on fresh workspace', () => {
+      const trainingStates = [
+        { principleId: 'T-01', evaluability: 'deterministic', applicableOpportunityCount: 0, observedViolationCount: 0, complianceRate: 1, violationTrend: 0, generatedSampleCount: 0, approvedSampleCount: 0, includedTrainRunIds: [], deployedCheckpointIds: [], internalizationStatus: 'needs_training' },
+        { principleId: 'T-02', evaluability: 'deterministic', applicableOpportunityCount: 0, observedViolationCount: 0, complianceRate: 1, violationTrend: 0, generatedSampleCount: 0, approvedSampleCount: 0, includedTrainRunIds: [], deployedCheckpointIds: [], internalizationStatus: 'needs_training' },
+      ];
+      const principles = trainingStates.map((s) => createLedgerPrinciple(s.principleId, { evaluability: s.evaluability }));
+      setupLedger(trainingStates, principles);
+      const selected = selectPrinciplesForBootstrap(stateDir, 3);
+      expect(selected).toHaveLength(2);
+      expect(selected).toContain('T-01');
+      expect(selected).toContain('T-02');
+    });
   });
   describe('bootstrapRules', () => {

package/tests/core/evolution-reducer.compilation-retry.test.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import * as path from 'path';
 import { afterEach, describe, expect, it } from 'vitest';
 import { EvolutionReducerImpl } from '../../src/core/evolution-reducer.js';
 import { loadLedger } from '../../src/core/principle-tree-ledger.js';
+import { safeRmDir } from '../test-utils.js';
 const tempDirs: string[] = [];
@@ -29,7 +30,7 @@ function makeStateDir(workspace: string): string {
 afterEach(() => {
   for (const dir of tempDirs.splice(0)) {
-    fs.rmSync(dir, { recursive: true, force: true });
+    safeRmDir(dir);
   }
 });

package/tests/core/ledger-registrar.test.ts CHANGED Viewed

@@ -106,7 +106,10 @@ describe('ledger-registrar', () => {
       expect(rule).toBeDefined();
       expect(rule.id).toBe('R_P_001_auto');
       expect(rule.type).toBe('gate');
-      expect(rule.enforcement).toBe('block');
+      // FIX: Auto-generated rules default to 'warn' enforcement (not 'block')
+      // to prevent false positives like P_001 mis-blocking normal edits.
+      // They also start as 'candidate' lifecycle until replay evaluation passes.
+      expect(rule.enforcement).toBe('warn');
       expect(rule.status).toBe('proposed');
       expect(rule.principleId).toBe('P_001');
       expect(rule.implementationIds).toContain('IMPL_P_001_auto');
@@ -118,7 +121,7 @@ describe('ledger-registrar', () => {
       expect(impl.ruleId).toBe('R_P_001_auto');
       expect(impl.type).toBe('code');
       expect(impl.coversCondition).toBe('file_write');
-      expect(impl.lifecycleState).toBe('active');
+      expect(impl.lifecycleState).toBe('candidate');
       // Verify principle linked to rule
       const principle = ledger.tree.principles['P_001'];

package/tests/core/principle-compiler.test.ts CHANGED Viewed

@@ -127,12 +127,14 @@ describe('PrincipleCompiler', () => {
     const rule = ledger.tree.rules['R_P_066_auto'];
     expect(rule).toBeDefined();
     expect(rule.type).toBe('gate');
-    expect(rule.enforcement).toBe('block');
+    // FIX: Auto-generated rules default to 'warn' enforcement
+    expect(rule.enforcement).toBe('warn');
     expect(rule.status).toBe('proposed');
     const impl = ledger.tree.implementations['IMPL_P_066_auto'];
     expect(impl).toBeDefined();
-    expect(impl.lifecycleState).toBe('active');
+    // FIX: Auto-generated implementations start as 'candidate' (not 'active')
+    expect(impl.lifecycleState).toBe('candidate');
   });
   // -----------------------------------------------------------------------

package/tests/core/regression-v1-9-1.test.ts CHANGED Viewed

@@ -21,6 +21,7 @@ import {
 } from '../../src/core/principle-training-state.js';
 import { isExpectedSubagentError } from '../../src/service/subagent-workflow/subagent-error-utils.js';
 import { WorkspaceContext } from '../../src/core/workspace-context.js';
+import { safeRmDir } from '../test-utils.js';
 const tempDirs: string[] = [];
@@ -32,7 +33,7 @@ function makeTempDir(): string {
 afterEach(() => {
   for (const dir of tempDirs.splice(0)) {
-    fs.rmSync(dir, { recursive: true, force: true });
+    safeRmDir(dir);
   }
 });

package/tests/integration/gate-real-io.e2e.test.ts CHANGED Viewed

@@ -16,6 +16,7 @@ import * as os from 'os';
 import * as path from 'path';
 import { TrajectoryDatabase } from '../../src/core/trajectory.js';
 import { EventLog } from '../../src/core/event-log.js';
+import { safeRmDir } from '../test-utils.js';
 // ─────────────────────────────────────────────────────────────────────
 // Helper functions
@@ -83,12 +84,8 @@ function createTestWorkspace(): TestWorkspace {
 function cleanupWorkspace(ws: TestWorkspace | null): void {
   if (!ws) return;
-  try {
-    ws.trajectory?.dispose();
-    fs.rmSync(ws.workspaceDir, { recursive: true, force: true });
-  } catch {
-    // ignore
-  }
+  ws.trajectory?.dispose();
+  safeRmDir(ws.workspaceDir);
 }
 // ─────────────────────────────────────────────────────────────────────
@@ -237,8 +234,8 @@ describe('Gate: Resilience', () => {
   describe('RESILIENCE: Missing state directory', () => {
     it('EventLog MUST handle missing logs directory', () => {
-      // Remove state directory
-      fs.rmSync(ws!.stateDir, { recursive: true, force: true });
+      // Remove state directory (safeRmDir handles Windows EPERM from held handles)
+      safeRmDir(ws!.stateDir);
       // Attempt to create event log
       // Should recreate the directory

package/tests/integration/pain-id-chain-e2e.test.ts CHANGED Viewed

@@ -5,8 +5,9 @@
  *   1. recordPainEvent() returns AUTOINCREMENT row ID as number
  *   2. createPrincipleFromDiagnosis(painId: String(painEventId))
  *   3. derivedFromPainIds stores the stringified numeric ID
- *   4. PrincipleCompiler.compileOne() succeeds (registers active implementation)
- *   5. RuleHost.evaluate(matching input) → block
+ *   4. PrincipleCompiler.compileOne() succeeds (registers candidate implementation)
+ *   5. Promote to active
+ *   6. RuleHost.evaluate(matching input) → block
  *   6. RuleHost.evaluate(non-matching input) → undefined (passthrough)
  *
  * Pain ID chain fixed in commits 4b0dce59 and 0146bbb7:
@@ -25,7 +26,9 @@ import { RuleHost } from '../../src/core/rule-host.js';
 import { EvolutionReducerImpl } from '../../src/core/evolution-reducer.js';
 import {
   loadLedger,
+  transitionImplementationState,
 } from '../../src/core/principle-tree-ledger.js';
+import { safeRmDir } from '../test-utils.js';
 import type { RuleHostInput } from '../../src/core/rule-host-types.js';
 // ---------------------------------------------------------------------------
@@ -52,7 +55,7 @@ function createTestWorkspace(): TestWorkspace {
 function disposeTestWorkspace(ws: TestWorkspace): void {
   ws.trajectory.dispose();
-  fs.rmSync(ws.workspaceDir, { recursive: true, force: true });
+  safeRmDir(ws.workspaceDir);
 }
 // ---------------------------------------------------------------------------
@@ -131,12 +134,15 @@ describe('Pain ID Chain E2E: pain event → principle → compile → RuleHost',
     expect(compileResult.ruleId).toBeDefined();
     expect(compileResult.implementationId).toBeDefined();
-    // Verify implementation is active
+    // Verify implementation is candidate (not active — must be promoted before enforcing)
     const updatedLedger = loadLedger(ws.stateDir);
     const impl = updatedLedger.tree.implementations[compileResult.implementationId!];
-    expect(impl.lifecycleState).toBe('active');
+    expect(impl.lifecycleState).toBe('candidate');
-    // ── Step 5: RuleHost.evaluate(matching input) → block ──
+    // ── Step 5: Promote to active so RuleHost will enforce ──
+    transitionImplementationState(ws.stateDir, compileResult.implementationId!, 'active');
+    // ── Step 6: RuleHost.evaluate(matching input) → block ──
     const host = new RuleHost(ws.stateDir, { warn: () => {} });
     const matchingInput: RuleHostInput = {

package/tests/integration/principle-compiler-e2e.test.ts CHANGED Viewed

@@ -4,9 +4,11 @@
  * Tests the full chain:
  *   1. Set up principle in ledger with derivedFromPainIds
  *   2. Record tool call (bash, failure) and pain event in trajectory DB
- *   3. Compile principle via PrincipleCompiler (registers as active + persists code)
- *   4. RuleHost.evaluate(matching input) → block
- *   5. RuleHost.evaluate(non-matching input) → undefined (passthrough)
+ *   3. Compile principle via PrincipleCompiler (registers as 'candidate' — NOT 'active')
+ *   4. RuleHost.evaluate(matching input) → NO block yet (candidate not loaded)
+ *   5. Promote implementation to 'active'
+ *   6. RuleHost.evaluate(matching input) → block
+ *   7. RuleHost.evaluate(non-matching input) → undefined (passthrough)
  */
 import { describe, it, expect, beforeEach, afterEach } from 'vitest';
@@ -19,6 +21,7 @@ import { RuleHost } from '../../src/core/rule-host.js';
 import {
   loadLedger,
   saveLedger,
+  transitionImplementationState,
 } from '../../src/core/principle-tree-ledger.js';
 import type { RuleHostInput } from '../../src/core/rule-host-types.js';
@@ -132,15 +135,14 @@ describe('Principle Compiler E2E: compile → promote → RuleHost blocks', () =
     const implId = result.implementationId!;
-    // Verify the implementation was registered as active (not candidate)
+    // Verify the implementation was registered as 'candidate' (not 'active')
+    // FIX: Auto-generated implementations start as 'candidate' until explicitly promoted
+    // after replay evaluation and human approval. This prevents false-positive blocks.
     const ledger = loadLedger(ws.stateDir);
     const impl = ledger.tree.implementations[implId];
-    expect(impl.lifecycleState).toBe('active');
+    expect(impl.lifecycleState).toBe('candidate');
-    // ── Step 4: Create RuleHost and evaluate with matching input ──
-    const host = new RuleHost(ws.stateDir, { warn: () => {} });
-    // Matching input: bash tool with a heartbeat command
+    // Define matching input for RuleHost evaluation (used in both Step 4 and Step 6)
     const matchingInput: RuleHostInput = {
       action: {
         toolName: 'bash',
@@ -166,6 +168,23 @@ describe('Principle Compiler E2E: compile → promote → RuleHost blocks', () =
       },
     };
+    // ── Step 4: RuleHost should NOT block yet (candidate not loaded) ──
+    const hostBeforePromote = new RuleHost(ws.stateDir, { warn: () => {} });
+    const noBlockResult = hostBeforePromote.evaluate(matchingInput);
+    expect(noBlockResult).toBeUndefined(); // candidate not loaded → no block
+    // ── Step 5: Promote to 'active' so RuleHost will enforce ──
+    transitionImplementationState(ws.stateDir, implId, 'active');
+    // Verify promotion
+    const ledgerAfterPromote = loadLedger(ws.stateDir);
+    const implAfterPromote = ledgerAfterPromote.tree.implementations[implId];
+    expect(implAfterPromote.lifecycleState).toBe('active');
+    // ── Step 6: Create RuleHost and evaluate with matching input ──
+    const host = new RuleHost(ws.stateDir, { warn: () => {} });
+    // Matching input: bash tool with a heartbeat command (defined in Step 4)
     const blockResult = host.evaluate(matchingInput);
     // Verify RuleHost blocks the matching input