principles-disciple 1.62.0 → 1.64.0

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "principles-disciple",
   "name": "Principles Disciple",
   "description": "Evolutionary programming agent framework with strategic guardrails and reflection loops.",
-  "version": "1.62.0",
+  "version": "1.64.0",
   "skills": [
     "./skills"
   ],

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "principles-disciple",
-  "version": "1.62.0",
+  "version": "1.64.0",
   "description": "Native OpenClaw plugin for Principles Disciple",
   "type": "module",
   "main": "./dist/bundle.js",

package/src/commands/evolution-status.ts

@@ -1,5 +1,8 @@
+import * as path from 'path';
 import type { EvolutionReducerImpl } from '../core/evolution-reducer.js';
 import type { InternalizationRouteRecommendation } from '../core/principle-internalization/internalization-routing-policy.js';
+import { WorkflowFunnelLoader } from '../core/workflow-funnel-loader.js';
+import { resolvePdPath } from '../core/paths.js';
 import { WorkspaceContext } from '../core/workspace-context.js';
 import { normalizeLanguage } from '../i18n/commands.js';
 import type { PluginCommandContext } from '../openclaw-sdk.js';
@@ -175,18 +178,35 @@ export function handleEvolutionStatusCommand(ctx: PluginCommandContext): { text:
   const wctx = WorkspaceContext.fromHookContext({ workspaceDir });
   const reducer = wctx.evolutionReducer;
   const stats = reducer.getStats();
-  const summary = RuntimeSummaryService.getSummary(workspaceDir, { sessionId });
-  const recommendations = WorkspaceContext.fromHookContext({ workspaceDir })
-    .principleLifecycle
-    .recomputeAll()
-    .map((assessment) => assessment.routeRecommendation);
-  const rawLang = (ctx.config?.language as string) || 'en';
-  const lang = normalizeLanguage(rawLang);
-  const warnings = summary.metadata.warnings.slice(0, 12);
+  // D-12 / YAML-FUNNEL-02: WorkflowFunnelLoader owns funnel lifecycle per workspace
+  const stateDir = path.dirname(resolvePdPath(workspaceDir, 'WORKFLOWS_YAML'));
+  const loader = new WorkflowFunnelLoader(stateDir);
+  loader.watch();
+  try {
+    const summary = RuntimeSummaryService.getSummary(workspaceDir, { sessionId, loaderWarnings: loader.getWarnings() });
+    const recommendations = WorkspaceContext.fromHookContext({ workspaceDir })
+      .principleLifecycle
+      .recomputeAll()
+      .map((assessment) => assessment.routeRecommendation);
+    const rawLang = (ctx.config?.language as string) || 'en';
+    const lang = normalizeLanguage(rawLang);
+    const warnings = summary.metadata.warnings.slice(0, 12);
+
+    if (lang === 'zh') {
+      return {
+        text: buildChineseOutput(
+          workspaceDir,
+          summary.metadata.sessionId,
+          warnings,
+          stats,
+          summary,
+          recommendations,
+        ),
+      };
+    }
 
-  if (lang === 'zh') {
     return {
-      text: buildChineseOutput(
+      text: buildEnglishOutput(
         workspaceDir,
         summary.metadata.sessionId,
         warnings,
@@ -195,16 +215,7 @@ export function handleEvolutionStatusCommand(ctx: PluginCommandContext): { text:
         recommendations,
       ),
     };
+  } finally {
+    loader.dispose(); // YAML-FUNNEL-02: guarantee cleanup on all exit paths
   }
-
-  return {
-    text: buildEnglishOutput(
-      workspaceDir,
-      summary.metadata.sessionId,
-      warnings,
-      stats,
-      summary,
-      recommendations,
-    ),
-  };
 }

package/src/core/paths.ts

@@ -62,6 +62,7 @@ export const PD_FILES = {
     SESSION_DIR: PD_DIRS.SESSIONS,
     DICTIONARY: posixJoin(PD_DIRS.STATE, 'pain_dictionary.json'),
     PRINCIPLE_BLACKLIST: posixJoin(PD_DIRS.STATE, 'principle_blacklist.json'),
+    WORKFLOWS_YAML: posixJoin(PD_DIRS.STATE, 'workflows.yaml'),
     NOCTURNAL_SAMPLES_DIR: PD_DIRS.NOCTURNAL_SAMPLES,
     NOCTURNAL_MEMORY_DIR: PD_DIRS.NOCTURNAL_MEMORY,
     NOCTURNAL_EXPORTS_DIR: PD_DIRS.NOCTURNAL_EXPORTS,

package/src/core/workflow-funnel-loader.ts

@@ -72,6 +72,9 @@ export class WorkflowFunnelLoader {
   /** fs.watch() handle for cleanup */
   private watchHandle?: fs.FSWatcher;
 
+  /** YAML parse warnings from last load() call */
+  private readonly warnings: string[] = [];
+
   constructor(stateDir: string) {
     // D-02: workflows.yaml in .state/ directory
     this.configPath = path.join(stateDir, 'workflows.yaml');
@@ -84,7 +87,9 @@ export class WorkflowFunnelLoader {
    * On missing file, clears to empty.
    */
   load(): void {
+    this.warnings.length = 0; // reset warnings on each load
     if (!fs.existsSync(this.configPath)) {
+      this.warnings.push('workflows.yaml file not found.');
       this.funnels.clear();
       return;
     }
@@ -96,7 +101,9 @@ export class WorkflowFunnelLoader {
 
       // Validate top-level structure
       if (!config || typeof config.version !== 'string' || !Array.isArray(config.funnels)) {
-        console.warn(`[WorkflowFunnelLoader] workflows.yaml validation failed: missing version or funnels array. Preserving last valid config.`);
+        const msg = 'workflows.yaml validation failed: missing version or funnels array. Preserving last valid config.';
+        console.warn(`[WorkflowFunnelLoader] ${msg}`);
+        this.warnings.push(msg);
         return;
       }
 
@@ -106,7 +113,9 @@ export class WorkflowFunnelLoader {
         if (funnel?.workflowId && typeof funnel.workflowId === 'string' && Array.isArray(funnel.stages)) {
           newFunnels.set(funnel.workflowId, funnel.stages);
         } else {
-          console.warn(`[WorkflowFunnelLoader] Skipping invalid funnel entry: missing workflowId or stages.`);
+          const msg = 'Skipping invalid funnel entry: missing workflowId or stages.';
+          console.warn(`[WorkflowFunnelLoader] ${msg}`);
+          this.warnings.push(msg);
         }
       }
 
@@ -117,19 +126,27 @@ export class WorkflowFunnelLoader {
       }
     } catch (err) {
       // Best-effort: preserve last known-good config on parse error
-      console.warn(`[WorkflowFunnelLoader] Failed to parse workflows.yaml: ${String(err)}. Preserving last valid config.`);
+      const msg = `Failed to parse workflows.yaml: ${String(err)}. Preserving last valid config.`;
+      console.warn(`[WorkflowFunnelLoader] ${msg}`);
+      this.warnings.push(msg);
     }
   }
 
   /**
    * Start watching workflows.yaml for changes.
    * Calls load() automatically when the file changes.
+   * No-op if the config file does not exist.
    */
   watch(): void {
+    // WATCHER-01: re-entry guard — prevent FSWatcher leak on double-watch
+    if (this.watchHandle) return;
+    // Guard: fs.watch fails with ENOENT if the path does not exist
+    if (!fs.existsSync(this.configPath)) return;
     // Debounce: only re-read after file write settles (100ms)
     let debounceTimer: ReturnType<typeof setTimeout> | undefined;
     this.watchHandle = fs.watch(this.configPath, (eventType) => {
-      if (eventType !== 'change') return;
+      // PLAT-01: handle both 'change' and 'rename' events for Windows compatibility
+      if (eventType !== 'change' && eventType !== 'rename') return;
       if (debounceTimer) clearTimeout(debounceTimer);
       debounceTimer = setTimeout(() => {
         this.load();
@@ -156,9 +173,23 @@ export class WorkflowFunnelLoader {
 
   /**
    * Get the full WORKFLOW_FUNNELS table.
+   * Returns a deep clone — consumer mutations do not affect internal state.
    */
   getAllFunnels(): Map<string, WorkflowStage[]> {
-    return new Map(this.funnels);
+    const result = new Map<string, WorkflowStage[]>();
+    for (const [k, v] of this.funnels) {
+      // WATCHER-03: deep-clone arrays and stage objects
+      result.set(k, v.map(stage => ({ ...stage })));
+    }
+    return result;
+  }
+
+  /**
+   * Returns warnings from the last load() call.
+   * Callers can inspect these and propagate them to metadata.warnings.
+   */
+  getWarnings(): string[] {
+    return [...this.warnings];
   }
 
   /**

package/src/hooks/gate-block-helper.ts

@@ -3,7 +3,7 @@
  *
  * PURPOSE: Provide ONE authoritative implementation for gate block persistence.
  *
- * All gate modules (progressive-trust-gate, gfi-gate, etc.) must use this
+ * All gate sources (rule-host) must use this
  * helper to ensure consistent block tracking, event logging, and retry behavior.
  *
  * This eliminates the "multi-truth source" problem where different modules

package/src/hooks/gate.ts

@@ -1,45 +1,27 @@
 /**
- * Security Gate Hook - Orchestration Layer
+ * Security Gate Hook - Rule Host Only
  *
- * HOOK CHAIN PRIORITY (short-circuits on first block):
+ * This is the SINGLE AUTHORITATIVE orchestration path.
+ * All blocking logic is now dynamic via Rule Host — no hardcoded gates remain.
  *
+ * Flow:
  * 1. Early Return: Skip if not write/bash/agent tool or no workspace
- * 2. Thinking OS Checkpoint (P-10): Deep reflection enforcement
- * 3. GFI Gate: Fatigue index-based blocking
- * 4. Bash Mutation Detection: Heuristic for bash file modifications
- * 4.5. Rule Host: Active code implementation evaluation (Phase 12)
- * 5. Progressive Gate: EP tier-based access control
- * 6. Edit Verification (P-03): Exact/fuzzy match for edit operations
- *
- * IMPORTANT: This is the SINGLE AUTHORITATIVE orchestration path.
- * All policy modules (gfi-gate, progressive-trust-gate, rule-host) use the shared
- * `recordGateBlockAndReturn` helper to ensure consistent block persistence.
- *
- * Zero-width character detection is handled in bash-risk.ts.
+ * 2. Rule Host: Dynamic principle-based evaluation (sole gate)
  */
 
 import * as fs from 'fs';
 import * as path from 'path';
-import { isRisky, normalizePath, planStatus as getPlanStatus } from '../utils/io.js';
-import { normalizeProfile } from '../core/profile.js';
-import { estimateLineChanges } from '../core/risk-calculator.js';
+import { normalizePath, planStatus } from '../utils/io.js';
 import { WorkspaceContext } from '../core/workspace-context.js';
-import { checkThinkingCheckpoint } from './thinking-checkpoint.js';
-import { handleEditVerification } from './edit-verification.js';
-import { checkGfiGate } from './gfi-gate.js';
-import { checkProgressiveTrustGate } from './progressive-trust-gate.js';
 import { recordGateBlockAndReturn } from './gate-block-helper.js';
 import { RuleHost } from '../core/rule-host.js';
 import type { RuleHostInput } from '../core/rule-host-types.js';
 import type { PluginHookBeforeToolCallEvent, PluginHookToolContext, PluginHookBeforeToolCallResult, PluginLogger } from '../openclaw-sdk.js';
-import {
-  AGENT_TOOLS,
-  BASH_TOOLS_SET,
-  WRITE_TOOLS,
-} from '../constants/tools.js';
+import { AGENT_TOOLS, BASH_TOOLS_SET, WRITE_TOOLS } from '../constants/tools.js';
 import { getSession, hasRecentThinking } from '../core/session-tracker.js';
 import { getEvolutionEngine } from '../core/evolution-engine.js';
 import { EventLogService } from '../core/event-log.js';
+import { estimateLineChanges } from '../core/risk-calculator.js';
 
 export function handleBeforeToolCall(
   event: PluginHookBeforeToolCallEvent,
@@ -58,154 +40,57 @@ export function handleBeforeToolCall(
 
   const wctx = WorkspaceContext.fromHookContext(ctx);
 
-  // 2. Load Profile
-  const profilePath = wctx.resolve('PROFILE');
-  let profile = {
-    risk_paths: [] as string[],
-    gate: { require_plan_for_risk_paths: true },
-    progressive_gate: {
-      enabled: true,
-      plan_approvals: {
-        enabled: false,
-        max_lines_override: -1,
-        allowed_patterns: [] as string[],
-        allowed_operations: [] as string[],
-      }
-    },
-    edit_verification: {
-      enabled: true,
-      max_file_size_bytes: 10 * 1024 * 1024,
-      fuzzy_match_enabled: true,
-      fuzzy_match_threshold: 0.8,
-      skip_large_file_action: 'warn' as 'warn' | 'block',
-    },
-    thinking_checkpoint: {
-      enabled: false,  // Default OFF
-      window_ms: 5 * 60 * 1000,
-      high_risk_tools: ['run_shell_command', 'delete_file', 'move_file'],
-    }
-  };
-
-  if (fs.existsSync(profilePath)) {
-    try {
-      const rawProfile = JSON.parse(fs.readFileSync(profilePath, 'utf8'));
-      profile = normalizeProfile(rawProfile);
-    } catch (e) {
-      logger?.error?.(`[PD_GATE] Failed to parse PROFILE.json: ${String(e)}`);
-    }
-  }
-
-  // ─────────────────────────────────────────────────────────────────────────────
-  // POLICY STEP 1: Thinking OS Checkpoint (P-10)
-  // ─────────────────────────────────────────────────────────────────────────────
-  // Only enforced when thinking_checkpoint.enabled = true in PROFILE.json
-  const thinkingResult = checkThinkingCheckpoint(
-    event,
-    profile.thinking_checkpoint || {},
-    ctx.sessionId,
-    logger
-  );
-  if (thinkingResult) {
-    return thinkingResult;
-  }
-
-  // ─────────────────────────────────────────────────────────────────────────────
-  // POLICY STEP 2: GFI Gate - Hard Intercept
-  // ─────────────────────────────────────────────────────────────────────────────
-  // 根据 GFI (疲劳指数) 精细化拦截工具调用
-  // 注意：TIER 0 (只读工具) 已在早期过滤中放行，此处不检查
-  const gfiGateConfig = wctx.config.get('gfi_gate');
-  const gfiResult = checkGfiGate(event, wctx, ctx.sessionId, gfiGateConfig, logger);
-  if (gfiResult) {
-    return gfiResult;
-  }
-
-  // Merge pluginConfig (OpenClaw UI settings)
-  const configRiskPaths = (ctx.pluginConfig?.riskPaths as string[] | undefined) ?? [];
-  if (configRiskPaths.length > 0) {
-    profile.risk_paths = [...new Set([...profile.risk_paths, ...configRiskPaths])];
-  }
-
-  // 3. Resolve the target file path
+  // 2. Resolve the target file path
   let filePath = event.params.file_path || event.params.path || event.params.file || event.params.target;
 
   // Heuristic for bash mutation detection
   if (isBash && !filePath) {
-    const command = String(event.params.command || event.params.args || "");
+    const command = String(event.params.command || event.params.args || '');
     const mutationMatch = /(?:>|>>|sed\s+-i|rm|mv|mkdir|touch|cp)\s+(?:-[a-zA-Z]+\s+)*([^\s;&|<>]+)/.exec(command);
 
     if (mutationMatch) {
-       
-       
       filePath = mutationMatch[1];
     } else {
-      const hasRiskPath = profile.risk_paths.some(rp => command.includes(rp));
-      const isMutation = /(?:>|>>|sed|rm|mv|mkdir|touch|cp|npm|yarn|pnpm|pip|cargo)/.test(command);
-
-      if (hasRiskPath && isMutation) {
-        filePath = command;
-      } else {
-        return;
-      }
+      // Bash command without a clear file target — let it through to Rule Host
+      filePath = command;
     }
   }
 
   if (typeof filePath !== 'string') return;
 
   const relPath = normalizePath(filePath, ctx.workspaceDir);
-  const risky = (isBash && filePath.includes(' '))
-    ? profile.risk_paths.some(rp => filePath.includes(rp))
-    : isRisky(relPath, profile.risk_paths);
 
-  // ─────────────────────────────────────────────────────────────────────────────
-  // POLICY STEP 2.5: Rule Host Evaluation (Phase 12, D-01/D-03)
-  // ─────────────────────────────────────────────────────────────────────────────
-  // Inserted between GFI gate and Progressive Gate so principle rules can act
-  // before the capability-boundary fallback. Active code implementations run
-  // through a constrained vm context with minimal helpers only.
+  // 3. Rule Host Evaluation — sole gate
   try {
     const ruleHost = new RuleHost(wctx.stateDir, logger);
     const hostInput: RuleHostInput = {
       action: {
         toolName: event.toolName,
         normalizedPath: relPath,
-         
-         
         paramsSummary: _extractParamsSummary(event.params),
       },
       workspace: {
-        isRiskPath: risky,
-         
-         
+        isRiskPath: false, // Rule Host determines risk dynamically
         planStatus: _getPlanStatus(ctx.workspaceDir),
-         
-         
         hasPlanFile: _hasPlanFile(ctx.workspaceDir),
       },
       session: {
         sessionId: ctx.sessionId,
-         
-         
         currentGfi: _getCurrentGfi(ctx.sessionId),
-         
-         
         recentThinking: _hasRecentThinking(ctx.sessionId),
       },
       evolution: {
-         
-         
         epTier: _getEpTier(wctx.workspaceDir),
       },
       derived: {
         estimatedLineChanges: estimateLineChanges({ toolName: event.toolName, params: event.params }),
-         
-         
-        bashRisk: _getBashRisk(event, profile),
+        bashRisk: _getBashRisk(event),
       },
     };
 
     const hostResult = ruleHost.evaluate(hostInput);
-    // PD-FUNNEL-2.4: Always emit rulehost_evaluated on evaluate()
+
+    // Always emit rulehost_evaluated
     try {
       const eventLog = EventLogService.get(wctx.stateDir, logger as PluginLogger | undefined);
       eventLog.recordRuleHostEvaluated({
@@ -218,8 +103,8 @@ export function handleBeforeToolCall(
     } catch (evErr) {
       logger?.warn?.(`[PD_GATE] Failed to record rulehost_evaluated: ${String(evErr)}`);
     }
+
     if (hostResult?.decision === 'block') {
-      // C: Record rule_enforced event for matched rules
       try {
         const eventLog = EventLogService.get(wctx.stateDir, logger as PluginLogger | undefined);
         eventLog.recordRuleEnforced({
@@ -236,18 +121,18 @@ export function handleBeforeToolCall(
           ruleId: hostResult.ruleId,
         });
       } catch (evErr) {
-        logger?.warn?.(`[PD_GATE] Failed to record rule_enforced/rulehost_blocked event: ${String(evErr)}`);
+        logger?.warn?.(`[PD_GATE] Failed to record rule_enforced/rulehost_blocked: ${String(evErr)}`);
       }
 
-      const reason = hostResult.reason;
       return recordGateBlockAndReturn(wctx, {
         filePath: relPath,
-        reason,
+        reason: hostResult.reason,
         toolName: event.toolName,
         sessionId: ctx.sessionId,
         blockSource: 'rule-host',
       }, logger);
     }
+
     if (hostResult?.decision === 'requireApproval') {
       try {
         const eventLog = EventLogService.get(wctx.stateDir, logger as PluginLogger | undefined);
@@ -265,68 +150,12 @@ export function handleBeforeToolCall(
           ruleId: hostResult.ruleId,
         });
       } catch (evErr) {
-        logger?.warn?.(`[PD_GATE] Failed to record rule_enforced/rulehost_requireApproval event: ${String(evErr)}`);
+        logger?.warn?.(`[PD_GATE] Failed to record rule_enforced/rulehost_requireApproval: ${String(evErr)}`);
       }
     }
   } catch (hostError: unknown) {
-    // D-08: Conservative degradation — log and continue to Progressive Gate
-    logger.warn?.(`[PD_GATE:RULE_HOST] Host evaluation failed, degrading conservatively: ${String(hostError)}`);
-  }
-
-  // ─────────────────────────────────────────────────────────────────────────────
-  // POLICY STEP 3: Progressive Trust Gate (Stage 1-4 access control)
-  // ─────────────────────────────────────────────────────────────────────────────
-  // IMPORTANT: This step does NOT return early on allow.
-  // We must continue to edit verification for ALL allowed operations.
-  if (profile.progressive_gate?.enabled) {
-    const lineChanges = estimateLineChanges({ toolName: event.toolName, params: event.params });
-    const progressiveGateResult = checkProgressiveTrustGate(
-      event,
-      wctx,
-      relPath,
-      risky,
-      lineChanges,
-      logger,
-      ctx,
-      profile
-    );
-    if (progressiveGateResult) {
-      return progressiveGateResult;
-    }
-    // NOTE: Do NOT return here! Continue to edit verification.
-    // All allowed operations (regardless of EP tier) should still run edit verification.
-  } else {
-    // FALLBACK: Legacy Gate Logic (when progressive gate is disabled)
-    if (risky && profile.gate?.require_plan_for_risk_paths) {
-      const planStatus = getPlanStatus(ctx.workspaceDir);
-      if (planStatus !== 'READY') {
-        return recordGateBlockAndReturn(wctx, {
-          filePath: relPath,
-          reason: `No READY plan found in PLAN.md.`,
-          toolName: event.toolName,
-          sessionId: ctx.sessionId,
-          blockSource: 'gate-legacy',
-        }, logger);
-      }
-    }
-  }
-
-  // ─────────────────────────────────────────────────────────────────────────────
-  // POLICY STEP 4: Edit Tool Verification (P-03)
-  // ─────────────────────────────────────────────────────────────────────────────
-  // This MUST run after all other gate checks for ALL tools.
-  // Edit verification ensures oldText matches the actual file content.
-  if (event.toolName === 'edit' && profile.edit_verification?.enabled !== false) {
-    const verifyResult = handleEditVerification(event, wctx, ctx, {
-      enabled: profile.edit_verification.enabled,
-      max_file_size_bytes: profile.edit_verification.max_file_size_bytes,
-      fuzzy_match_enabled: profile.edit_verification.fuzzy_match_enabled,
-      fuzzy_match_threshold: profile.edit_verification.fuzzy_match_threshold,
-      skip_large_file_action: profile.edit_verification.skip_large_file_action as 'warn' | 'block' | undefined,
-    });
-    if (verifyResult) {
-      return verifyResult; // Block or modify params
-    }
+    // D-08: Conservative degradation — log and allow on Rule Host failure
+    logger.warn?.(`[PD_GATE:RULE_HOST] Host evaluation failed, allowing conservatively: ${String(hostError)}`);
   }
 
   // All checks passed - allow the operation
@@ -334,9 +163,7 @@ export function handleBeforeToolCall(
 }
 
 // ---------------------------------------------------------------------------
-// Private helpers for building RuleHostInput snapshot
-// These are NOT passed to hosted implementations — they only populate the
-// frozen snapshot that implementations receive.
+// Private helpers
 // ---------------------------------------------------------------------------
 
 function _extractParamsSummary(params: Record<string, unknown>): Record<string, unknown> {
@@ -352,7 +179,7 @@ function _extractParamsSummary(params: Record<string, unknown>): Record<string,
 
 function _getPlanStatus(workspaceDir: string): 'NONE' | 'DRAFT' | 'READY' | 'UNKNOWN' {
   try {
-    const status = getPlanStatus(workspaceDir);
+    const status = planStatus(workspaceDir);
     if (status === 'READY') return 'READY';
     if (status === 'DRAFT') return 'DRAFT';
     if (status === '') return 'NONE';
@@ -397,12 +224,7 @@ function _getEpTier(workspaceDir: string): number {
   }
 }
 
- 
-function _getBashRisk(
-  event: PluginHookBeforeToolCallEvent,
-  _profile: { risk_paths: string[] }
-): 'safe' | 'normal' | 'dangerous' | 'unknown' {
- 
+function _getBashRisk(event: PluginHookBeforeToolCallEvent): 'safe' | 'normal' | 'dangerous' | 'unknown' {
   if (!BASH_TOOLS_SET.has(event.toolName)) return 'unknown';
   try {
     const command = String(event.params.command || event.params.args || '');

package/src/service/runtime-summary-service.ts

@@ -170,10 +170,14 @@ function pushWarning(warnings: string[], message: string): void {
 export class RuntimeSummaryService {
   static getSummary(
     workspaceDir: string,
-    options?: { sessionId?: string | null }
+    options?: { sessionId?: string | null; loaderWarnings?: string[] }
   ): RuntimeSummary {
     const generatedAt = new Date().toISOString();
     const warnings: string[] = [];
+    // ERR-01: surface loader warnings (YAML parse failures) into metadata.warnings
+    if (options?.loaderWarnings) {
+      warnings.push(...options.loaderWarnings);
+    }
     const wctx = WorkspaceContext.fromHookContext({ workspaceDir });
 
     const sessions = this.mergeSessionSnapshots(

package/templates/langs/en/skills/pd-pain-signal/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: pd-pain-signal
-description: Manually inject a pain signal into the evolution system. TRIGGER CONDITIONS: (1) User reports agent stuck/looping/unresponsive (2) User says "record this issue", "force reflection", "trigger pain" (3) Tool failure with no follow-up action (4) User provides human intervention feedback.
-disable-model-invocation: true
+description: Manually inject a pain signal into the evolution system. Trigger conditions: (1) User reports agent stuck/looping/unresponsive (2) User says "record this issue", "force reflection", "trigger pain", "create pain signal", "人工注入 pain", "创建一个痛苦信号" (3) Tool failure with no follow-up action (4) User provides human intervention feedback. Mandatory enforcement: any manual pain flag creation scenario MUST use this skill, no bypassing allowed.
+disable-model-invocation: false
 ---
 
 # Pain Signal (Force Pain Signal)
@@ -12,28 +12,21 @@ You are now the "Manual Intervention Pain" component.
 1. Record the user's feedback `$ARGUMENTS` as a **high-priority** pain signal.
 2. Inform the user that the signal has been injected, and suggest waiting for the next Hook trigger (e.g., Stop or PreCompact) or manually running `/reflection-log`.
 
-**⚠️ Write Rules (MUST follow)**
+**Mandatory Enforcement**:
 
-**The ONLY correct way**: Use the `write_pain_flag` tool.
-
-```
-write_pain_flag({
-  reason: "User feedback or error description",
-  score: 80,
-  source: "human_intervention",
-  is_risky: false
-})
-```
+When you need to create, write, or manually create a pain flag, you **MUST** use this skill via the `write_pain_flag` tool. Any bypassing of this skill to directly operate on files violates the mandatory constraint of this skill.
 
 **Absolutely forbidden**:
 - ❌ Writing to `.state/.pain_flag` directly (any method)
 - ❌ Using bash heredoc (`cat <<EOF > .pain_flag`)
 - ❌ Using `echo "..." > .pain_flag`
+- ❌ Using `Set-Content` / `Out-File` or other PowerShell file-writing cmdlets
 - ❌ Using `node -e` to call `writePainFlag` or `buildPainFlag`
 - ❌ Any method that `toString()` a JavaScript object to the file
+- ❌ Using `exec` tool to invoke shell commands to write the pain_flag file
 
 **Why use the tool?**
-The `write_pain_flag` tool encapsulates correct KV-format serialization, ensuring `.pain_flag` is never corrupted. Historically, direct file writes caused `[object Object]` corruption multiple times.
+The `write_pain_flag` tool encapsulates correct KV-format serialization, ensuring `.pain_flag` is never corrupted. Historically, direct file writes caused `[object Object]` corruption and field loss (painScore → score mapping failure). Using the tool is the only safe path.
 
 **Parameters**:
 - `reason` (required): The reason for the pain signal — describe what went wrong
@@ -50,3 +43,10 @@ write_pain_flag({
   is_risky: false
 })
 ```
+
+**Workflow**:
+1. Recognize trigger condition → read this skill
+2. Call `write_pain_flag` tool with `reason` and other parameters
+3. Confirm tool executed successfully (returns ✅)
+4. Inform user the pain signal has been injected; evolution system will process it on next heartbeat
+5. Do NOT perform any direct file write operations after this