principles-disciple 1.71.0 → 1.73.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/openclaw.plugin.json +10 -5
- package/package.json +17 -19
- package/scripts/acceptance-test.mjs +16 -73
- package/scripts/sync-plugin.mjs +382 -77
- package/src/commands/archive-impl.ts +2 -1
- package/src/commands/capabilities.ts +2 -2
- package/src/commands/context.ts +2 -2
- package/src/commands/disable-impl.ts +2 -1
- package/src/commands/evolution-status.ts +16 -16
- package/src/commands/export.ts +12 -67
- package/src/commands/pain.ts +91 -1
- package/src/commands/principle-rollback.ts +2 -1
- package/src/commands/promote-impl.ts +7 -43
- package/src/commands/rollback-impl.ts +2 -1
- package/src/commands/rollback.ts +2 -1
- package/src/commands/samples.ts +2 -1
- package/src/commands/thinking-os.ts +2 -1
- package/src/config/errors.ts +18 -2
- package/src/constants/diagnostician.ts +2 -2
- package/src/constants/tools.ts +2 -1
- package/src/core/__tests__/focus-history.test.ts +210 -0
- package/src/core/config.ts +1 -1
- package/src/core/confirm-first-gate.ts +255 -0
- package/src/core/correction-cue-learner.ts +2 -136
- package/src/core/correction-types.ts +16 -88
- package/src/core/dictionary.ts +19 -20
- package/src/core/empathy-keyword-matcher.ts +17 -289
- package/src/core/empathy-types.ts +18 -229
- package/src/core/event-log.ts +38 -132
- package/src/core/evolution-reducer.ts +21 -2
- package/src/core/evolution-types.ts +76 -464
- package/src/core/file-store.ts +80 -0
- package/src/core/focus-history.ts +228 -955
- package/src/core/local-worker-routing.ts +34 -314
- package/src/core/merge-gate-audit.ts +0 -195
- package/src/core/pain-diagnostic-gate.ts +154 -0
- package/src/core/pain-signal.ts +21 -138
- package/src/core/pain.ts +15 -88
- package/src/core/pd-task-reconciler.ts +26 -115
- package/src/core/pd-task-service.ts +9 -9
- package/src/core/pd-task-types.ts +23 -127
- package/src/core/principle-compiler/__tests__/compiler-replay-gate.test.ts +174 -0
- package/src/core/principle-compiler/code-validator.ts +15 -42
- package/src/core/principle-compiler/compiler.ts +100 -15
- package/src/core/principle-compiler/index.ts +5 -2
- package/src/core/principle-compiler/template-generator.ts +4 -104
- package/src/core/principle-injection.ts +10 -202
- package/src/core/principle-internalization/filesystem-lifecycle-datasource.ts +42 -0
- package/src/core/principle-internalization/lifecycle-read-model.ts +39 -242
- package/src/core/principle-internalization/principle-lifecycle-service.ts +12 -10
- package/src/core/principle-tree-ledger-adapter.ts +145 -0
- package/src/core/principle-tree-ledger.ts +8 -6
- package/src/core/reflection/reflection-context.ts +14 -109
- package/src/core/replay-engine.ts +8 -500
- package/src/core/rule-host-helpers.ts +5 -35
- package/src/core/rule-host-types.ts +10 -82
- package/src/core/rule-host.ts +6 -63
- package/src/core/runtime-v2-prompt-activation-reader.ts +231 -0
- package/src/core/session-tracker.ts +87 -101
- package/src/core/shadow-observation-registry.ts +19 -48
- package/src/core/trajectory.ts +3 -1
- package/src/core/workflow-funnel-loader.ts +62 -68
- package/src/core/workspace-context.ts +46 -0
- package/src/core/workspace-dir-service.ts +1 -1
- package/src/core/workspace-dir-validation.ts +18 -9
- package/src/hooks/AGENTS.md +1 -1
- package/src/hooks/gate-block-helper.ts +46 -44
- package/src/hooks/gate.ts +207 -7
- package/src/hooks/lifecycle.ts +30 -32
- package/src/hooks/llm.ts +60 -32
- package/src/hooks/pain.ts +297 -103
- package/src/hooks/prompt.ts +469 -339
- package/src/hooks/subagent.ts +2 -29
- package/src/i18n/commands.ts +2 -10
- package/src/index.ts +95 -85
- package/src/openclaw-sdk.ts +311 -0
- package/src/service/central-database.ts +8 -4
- package/src/service/evolution-queue-migration.ts +2 -1
- package/src/service/evolution-worker.ts +163 -1786
- package/src/service/internalization-trigger-adapter.ts +302 -0
- package/src/service/keyword-optimization-service.ts +4 -4
- package/src/service/monitoring-query-service.ts +1 -215
- package/src/service/queue-io.ts +60 -331
- package/src/service/runtime-summary-service.ts +115 -18
- package/src/service/subagent-workflow/index.ts +0 -41
- package/src/service/subagent-workflow/types.ts +9 -120
- package/src/service/subagent-workflow/workflow-store.ts +2 -119
- package/src/service/workflow-watchdog.ts +0 -43
- package/src/types/event-payload.ts +16 -74
- package/src/types/event-types.ts +39 -547
- package/src/types/hygiene-types.ts +7 -30
- package/src/types/principle-tree-schema.ts +20 -222
- package/src/types/queue.ts +15 -70
- package/src/types/runtime-summary.ts +5 -49
- package/src/utils/io.ts +10 -0
- package/src/utils/retry.ts +1 -1
- package/src/utils/shadow-fingerprint.ts +2 -2
- package/src/utils/workspace-resolver.ts +50 -0
- package/templates/langs/en/core/AGENTS.md +2 -2
- package/templates/langs/en/core/BOOT.md +1 -1
- package/templates/langs/en/core/HEARTBEAT.md +2 -2
- package/templates/langs/en/skills/ai-sprint-orchestration/references/agent-registry.json +1 -72
- package/templates/langs/en/skills/ai-sprint-orchestration/references/specs/bugfix-complex-template.json +6 -6
- package/templates/langs/en/skills/ai-sprint-orchestration/references/specs/feature-complex-template.json +6 -6
- package/templates/langs/en/skills/ai-sprint-orchestration/references/specs/workflow-validation-minimal-verify.json +2 -12
- package/templates/langs/en/skills/ai-sprint-orchestration/references/specs/workflow-validation-minimal.json +2 -12
- package/templates/langs/en/skills/ai-sprint-orchestration/runtime/.gitignore +2 -2
- package/templates/langs/en/skills/ai-sprint-orchestration/scripts/run.mjs +51 -15
- package/templates/langs/en/skills/evolve-task/SKILL.md +1 -1
- package/templates/langs/en/skills/pd-cli-operator/SKILL.md +67 -0
- package/templates/langs/en/skills/pd-diagnostician/SKILL.md +1 -1
- package/templates/langs/en/skills/pd-mentor/SKILL.md +1 -1
- package/templates/langs/en/skills/pd-pain-signal/SKILL.md +17 -39
- package/templates/langs/en/skills/pd-runtime-v2/SKILL.md +61 -0
- package/templates/langs/zh/core/AGENTS.md +2 -2
- package/templates/langs/zh/core/BOOT.md +1 -1
- package/templates/langs/zh/core/HEARTBEAT.md +2 -2
- package/templates/langs/zh/skills/ai-sprint-orchestration/references/agent-registry.json +1 -72
- package/templates/langs/zh/skills/ai-sprint-orchestration/references/specs/bugfix-complex-template.json +6 -6
- package/templates/langs/zh/skills/ai-sprint-orchestration/references/specs/feature-complex-template.json +6 -6
- package/templates/langs/zh/skills/ai-sprint-orchestration/references/specs/nocturnal-trinity-quality-enhancement.json +8 -8
- package/templates/langs/zh/skills/ai-sprint-orchestration/references/specs/workflow-validation-minimal-verify.json +2 -12
- package/templates/langs/zh/skills/ai-sprint-orchestration/references/specs/workflow-validation-minimal.json +2 -12
- package/templates/langs/zh/skills/ai-sprint-orchestration/runtime/.gitignore +2 -2
- package/templates/langs/zh/skills/ai-sprint-orchestration/scripts/run.mjs +51 -15
- package/templates/langs/zh/skills/ai-sprint-orchestration/test/run.test.mjs +21 -5
- package/templates/langs/zh/skills/evolve-task/SKILL.md +2 -2
- package/templates/langs/zh/skills/pd-cli-operator/SKILL.md +67 -0
- package/templates/langs/zh/skills/pd-diagnostician/SKILL.md +1 -1
- package/templates/langs/zh/skills/pd-mentor/SKILL.md +1 -1
- package/templates/langs/zh/skills/pd-pain-signal/SKILL.md +17 -38
- package/templates/langs/zh/skills/pd-runtime-v2/SKILL.md +61 -0
- package/tests/build-artifacts.test.ts +1 -3
- package/tests/commands/evolution-status.test.ts +0 -118
- package/tests/core/bootstrap-rules.test.ts +1 -1
- package/tests/core/config.test.ts +1 -1
- package/tests/core/event-log.test.ts +35 -0
- package/tests/core/evolution-engine.test.ts +610 -0
- package/tests/core/file-store.test.ts +102 -0
- package/tests/core/focus-history.test.ts +203 -11
- package/tests/core/merge-gate-audit.test.ts +2 -169
- package/tests/core/model-deployment-registry.test.ts +7 -1
- package/tests/core/model-training-registry.test.ts +19 -0
- package/tests/core/observability.test.ts +0 -1
- package/tests/core/pain-diagnostic-gate.test.ts +498 -0
- package/tests/core/pain.test.ts +0 -1
- package/tests/core/principle-internalization/deprecated-readiness.test.ts +2 -2
- package/tests/core/principle-internalization/lifecycle-metrics.test.ts +2 -2
- package/tests/core/principle-internalization/{internalization-routing-policy.test.ts → lifecycle-routing-policy.test.ts} +6 -6
- package/tests/core/principle-internalization/lineage-source-retired.test.ts +56 -0
- package/tests/core/principle-internalization/principle-lifecycle-service.test.ts +1 -23
- package/tests/core/principle-tree-ledger-adapter.test.ts +253 -0
- package/tests/core/reflection-context.test.ts +0 -14
- package/tests/core/replay-engine.test.ts +127 -215
- package/tests/core/rule-host-helpers.test.ts +2 -2
- package/tests/core/rule-implementation-runtime.test.ts +0 -27
- package/tests/core/workflow-funnel-loader.test.ts +162 -0
- package/tests/core/workspace-dir-validation.test.ts +8 -1
- package/tests/core-anti-growth.test.ts +192 -0
- package/tests/hook-workspace-nextaction-contract.test.ts +42 -0
- package/tests/hooks/confirm-first-gate.test.ts +333 -0
- package/tests/hooks/gate-auto-correct-shadow.test.ts +310 -0
- package/tests/hooks/gate-auto-correct.test.ts +665 -0
- package/tests/hooks/gate-rule-host-pipeline.test.ts +2 -1
- package/tests/hooks/pain.test.ts +269 -12
- package/tests/hooks/prompt-characterization.test.ts +500 -0
- package/tests/hooks/prompt-size-guard.test.ts +329 -0
- package/tests/hooks/runtime-v2-prompt-activation.test.ts +869 -0
- package/tests/index.test.ts +94 -1
- package/tests/integration/auto-entry-gate.test.ts +248 -0
- package/tests/integration/internalization-trigger-guard.test.ts +69 -0
- package/tests/integration/m8-legacy-paths.test.ts +63 -0
- package/tests/integration/runtime-v2-pain-guard.test.ts +125 -0
- package/tests/plugin-config-resolution-cutover.test.ts +359 -0
- package/tests/runtime-v2-discovery-guard.test.ts +154 -0
- package/tests/service/central-database.test.ts +457 -0
- package/tests/service/evolution-worker.correction-observer.test.ts +173 -0
- package/tests/service/evolution-worker.timeout.test.ts +11 -129
- package/tests/service/internalization-trigger-adapter.test.ts +251 -0
- package/tests/service/monitoring-query-service.test.ts +1 -47
- package/tests/service/queue-io.test.ts +1 -62
- package/tests/service/runtime-summary-service.test.ts +184 -3
- package/tests/service/workflow-watchdog.test.ts +0 -91
- package/tests/utils/file-lock.test.ts +5 -3
- package/tests/utils/session-key.test.ts +52 -0
- package/tests/utils/subagent-probe.test.ts +48 -1
- package/vitest.config.ts +4 -11
- package/.planning/codebase/ARCHITECTURE.md +0 -157
- package/.planning/codebase/CONCERNS.md +0 -145
- package/.planning/codebase/CONVENTIONS.md +0 -148
- package/.planning/codebase/INTEGRATIONS.md +0 -81
- package/.planning/codebase/STACK.md +0 -87
- package/.planning/codebase/STRUCTURE.md +0 -193
- package/.planning/codebase/TESTING.md +0 -243
- package/.planning/phases/01-basic-visualization/01-GAP-CLOSURE-VERIFICATION.md +0 -113
- package/docs/COMMAND_REFERENCE.md +0 -76
- package/docs/COMMAND_REFERENCE_EN.md +0 -79
- package/scripts/build-web.mjs +0 -46
- package/scripts/diagnose-nocturnal.mjs +0 -537
- package/scripts/seed-nocturnal-scenarios.mjs +0 -384
- package/src/commands/nocturnal-review.ts +0 -322
- package/src/commands/nocturnal-rollout.ts +0 -790
- package/src/commands/nocturnal-train.ts +0 -986
- package/src/commands/pd-reflect.ts +0 -88
- package/src/core/adaptive-thresholds.ts +0 -478
- package/src/core/diagnostician-task-store.ts +0 -192
- package/src/core/nocturnal-arbiter.ts +0 -715
- package/src/core/nocturnal-artifact-lineage.ts +0 -116
- package/src/core/nocturnal-artificer.ts +0 -257
- package/src/core/nocturnal-candidate-scoring.ts +0 -530
- package/src/core/nocturnal-compliance.ts +0 -1146
- package/src/core/nocturnal-dataset.ts +0 -763
- package/src/core/nocturnal-executability.ts +0 -428
- package/src/core/nocturnal-export.ts +0 -499
- package/src/core/nocturnal-paths.ts +0 -240
- package/src/core/nocturnal-reasoning-deriver.ts +0 -343
- package/src/core/nocturnal-rule-implementation-validator.ts +0 -246
- package/src/core/nocturnal-snapshot-contract.ts +0 -99
- package/src/core/nocturnal-trajectory-extractor.ts +0 -512
- package/src/core/nocturnal-trinity-types.ts +0 -218
- package/src/core/nocturnal-trinity.ts +0 -2680
- package/src/core/principle-internalization/deprecated-readiness.ts +0 -93
- package/src/core/principle-internalization/internalization-routing-policy.ts +0 -208
- package/src/core/principle-internalization/lifecycle-metrics.ts +0 -152
- package/src/http/principles-console-route.ts +0 -709
- package/src/service/central-health-service.ts +0 -49
- package/src/service/central-overview-service.ts +0 -138
- package/src/service/control-ui-query-service.ts +0 -900
- package/src/service/cooldown-strategy.ts +0 -97
- package/src/service/evolution-pain-context.ts +0 -79
- package/src/service/evolution-query-service.ts +0 -407
- package/src/service/health-query-service.ts +0 -1038
- package/src/service/nocturnal-config.ts +0 -214
- package/src/service/nocturnal-runtime.ts +0 -734
- package/src/service/nocturnal-service.ts +0 -1605
- package/src/service/nocturnal-target-selector.ts +0 -545
- package/src/service/sleep-cycle.ts +0 -157
- package/src/service/startup-reconciler.ts +0 -112
- package/src/service/subagent-workflow/correction-observer-types.ts +0 -82
- package/src/service/subagent-workflow/correction-observer-workflow-manager.ts +0 -250
- package/src/service/subagent-workflow/deep-reflect-workflow-manager.ts +0 -1
- package/src/service/subagent-workflow/dynamic-timeout.ts +0 -30
- package/src/service/subagent-workflow/empathy-observer-workflow-manager.ts +0 -268
- package/src/service/subagent-workflow/nocturnal-workflow-manager.ts +0 -795
- package/src/service/subagent-workflow/runtime-direct-driver.ts +0 -268
- package/src/service/subagent-workflow/workflow-manager-base.ts +0 -580
- package/src/tools/write-pain-flag.ts +0 -215
- package/tests/commands/nocturnal-review.test.ts +0 -448
- package/tests/commands/nocturnal-train.test.ts +0 -97
- package/tests/commands/pd-reflect.test.ts +0 -49
- package/tests/core/adaptive-thresholds.test.ts +0 -261
- package/tests/core/nocturnal-arbiter.test.ts +0 -559
- package/tests/core/nocturnal-artifact-lineage.test.ts +0 -53
- package/tests/core/nocturnal-artificer.test.ts +0 -241
- package/tests/core/nocturnal-candidate-scoring.test.ts +0 -532
- package/tests/core/nocturnal-compliance-p-principles.test.ts +0 -133
- package/tests/core/nocturnal-compliance.test.ts +0 -646
- package/tests/core/nocturnal-dataset.test.ts +0 -892
- package/tests/core/nocturnal-e2e.test.ts +0 -234
- package/tests/core/nocturnal-executability.test.ts +0 -357
- package/tests/core/nocturnal-export.test.ts +0 -517
- package/tests/core/nocturnal-reasoning-deriver.test.ts +0 -372
- package/tests/core/nocturnal-reviewed-subset-comparison.test.ts +0 -428
- package/tests/core/nocturnal-rule-implementation-validator.test.ts +0 -127
- package/tests/core/nocturnal-snapshot-contract.test.ts +0 -121
- package/tests/core/nocturnal-trajectory-extractor.test.ts +0 -634
- package/tests/core/nocturnal-trinity.test.ts +0 -2053
- package/tests/core/pain-auto-repair.test.ts +0 -96
- package/tests/core/pain-integration.test.ts +0 -510
- package/tests/fixtures/nocturnal-reviewed-subset.json +0 -183
- package/tests/http/principles-console-route.test.ts +0 -162
- package/tests/integration/chaos-resilience.test.ts +0 -348
- package/tests/integration/empathy-workflow-integration.test.ts +0 -626
- package/tests/integration/pain-diagnostician-loop.e2e.test.ts +0 -380
- package/tests/service/control-ui-query-service.test.ts +0 -121
- package/tests/service/cooldown-strategy.test.ts +0 -164
- package/tests/service/data-endpoints-regression.test.ts +0 -834
- package/tests/service/empathy-observer-workflow-manager.test.ts +0 -175
- package/tests/service/evolution-worker.nocturnal.test.ts +0 -601
- package/tests/service/nocturnal-runtime-hardening.test.ts +0 -118
- package/tests/service/nocturnal-runtime.test.ts +0 -473
- package/tests/service/nocturnal-service-code-candidate.test.ts +0 -330
- package/tests/service/nocturnal-target-selector.test.ts +0 -615
- package/tests/service/startup-reconciler.test.ts +0 -148
- package/tests/tools/write-pain-flag.test.ts +0 -358
- package/ui/src/App.tsx +0 -45
- package/ui/src/api.ts +0 -220
- package/ui/src/charts.tsx +0 -955
- package/ui/src/components/ErrorState.tsx +0 -6
- package/ui/src/components/Loading.tsx +0 -13
- package/ui/src/components/ProtectedRoute.tsx +0 -12
- package/ui/src/components/Shell.tsx +0 -91
- package/ui/src/components/WorkspaceConfig.tsx +0 -178
- package/ui/src/components/index.ts +0 -5
- package/ui/src/context/auth.tsx +0 -80
- package/ui/src/context/theme.tsx +0 -66
- package/ui/src/hooks/useAutoRefresh.ts +0 -39
- package/ui/src/i18n/ui.ts +0 -473
- package/ui/src/main.tsx +0 -16
- package/ui/src/pages/EvolutionPage.tsx +0 -333
- package/ui/src/pages/FeedbackPage.tsx +0 -138
- package/ui/src/pages/GateMonitorPage.tsx +0 -136
- package/ui/src/pages/LoginPage.tsx +0 -89
- package/ui/src/pages/OverviewPage.tsx +0 -599
- package/ui/src/pages/SamplesPage.tsx +0 -174
- package/ui/src/pages/ThinkingModelsPage.tsx +0 -702
- package/ui/src/styles.css +0 -2020
- package/ui/src/types.ts +0 -384
- package/ui/src/utils/format.ts +0 -15
|
@@ -0,0 +1,192 @@
|
|
|
1
|
+
import { describe, it, expect } from 'vitest';
|
|
2
|
+
import * as fs from 'fs';
|
|
3
|
+
import * as path from 'path';
|
|
4
|
+
|
|
5
|
+
// ── PRI-212: Plugin core anti-growth architecture guard ─────────────────────
|
|
6
|
+
//
|
|
7
|
+
// Prevents new unclassified files from being added to packages/openclaw-plugin/src/core/
|
|
8
|
+
// without explicit allowlisting. New pure domain logic MUST go to @principles/core.
|
|
9
|
+
//
|
|
10
|
+
// Baseline from PRI-211 inventory (2026-05-21).
|
|
11
|
+
// Reference: docs/reviews/plugin-core-inventory-2026-05.md
|
|
12
|
+
//
|
|
13
|
+
// How to add a new file:
|
|
14
|
+
// 1. Is it pure domain logic? → add to @principles/core, NOT here
|
|
15
|
+
// 2. Is it a plugin I/O adapter/binding? → add to PLUGIN_IO_FILES
|
|
16
|
+
// with a comment explaining why it belongs in plugin core
|
|
17
|
+
// 3. NEVER add to/from FROZEN_LEGACY (ADR-0005) — those must NOT be modified
|
|
18
|
+
|
|
19
|
+
describe('PRI-212 plugin core anti-growth guard', () => {
|
|
20
|
+
// Category 1: Frozen Legacy (ADR-0005) — deleted in PRI-230
|
|
21
|
+
const FROZEN_LEGACY = [
|
|
22
|
+
] as const;
|
|
23
|
+
|
|
24
|
+
// Category 2: Pure domain logic with zero I/O imports — should migrate to @principles/core
|
|
25
|
+
const ZERO_IMPORT_CANDIDATES = [
|
|
26
|
+
'trajectory-types.ts',
|
|
27
|
+
'profile.ts',
|
|
28
|
+
'pain-signal.ts',
|
|
29
|
+
'pd-task-types.ts',
|
|
30
|
+
'evolution-types.ts',
|
|
31
|
+
'telemetry-event.ts',
|
|
32
|
+
'empathy-types.ts',
|
|
33
|
+
'correction-types.ts',
|
|
34
|
+
'principle-injection.ts',
|
|
35
|
+
'principle-compiler/template-generator.ts',
|
|
36
|
+
] as const;
|
|
37
|
+
|
|
38
|
+
// Categories 3-5: Plugin I/O adapters, Do Not Move, I/O boundary
|
|
39
|
+
const PLUGIN_IO_FILES = [
|
|
40
|
+
// Thin adapter candidates
|
|
41
|
+
'local-worker-routing.ts',
|
|
42
|
+
'principle-tree-migration.ts',
|
|
43
|
+
'principle-internalization/principle-lifecycle-service.ts',
|
|
44
|
+
'principle-tree-ledger-adapter.ts',
|
|
45
|
+
'principle-compiler/ledger-registrar.ts',
|
|
46
|
+
'principle-compiler/code-validator.ts',
|
|
47
|
+
'principle-injector.ts',
|
|
48
|
+
'pd-task-service.ts',
|
|
49
|
+
'principle-internalization/lifecycle-read-model.ts',
|
|
50
|
+
'principle-internalization/filesystem-lifecycle-datasource.ts',
|
|
51
|
+
'config-service.ts',
|
|
52
|
+
'principle-compiler/index.ts',
|
|
53
|
+
'principle-internalization/lifecycle-refresh.ts',
|
|
54
|
+
// Do Not Move
|
|
55
|
+
'event-log.ts',
|
|
56
|
+
'schema/schema-definitions.ts',
|
|
57
|
+
'path-resolver.ts',
|
|
58
|
+
'init.ts',
|
|
59
|
+
'workspace-context.ts',
|
|
60
|
+
'reflection/reflection-context.ts',
|
|
61
|
+
'bootstrap-rules.ts',
|
|
62
|
+
'schema/migration-runner.ts',
|
|
63
|
+
'rule-host.ts',
|
|
64
|
+
'principle-training-state.ts',
|
|
65
|
+
'pain-diagnostic-gate.ts',
|
|
66
|
+
'hygiene/tracker.ts',
|
|
67
|
+
'schema/migrations/002-init-central.ts',
|
|
68
|
+
'workspace-dir-service.ts',
|
|
69
|
+
'paths.ts',
|
|
70
|
+
'schema/migrations/004-add-thinking-and-gfi.ts',
|
|
71
|
+
'evolution-hook.ts',
|
|
72
|
+
'storage-adapter.ts',
|
|
73
|
+
'schema/migrations/003-init-workflow.ts',
|
|
74
|
+
'workspace-dir-validation.ts',
|
|
75
|
+
'pain-signal-adapter.ts',
|
|
76
|
+
'rule-implementation-runtime.ts',
|
|
77
|
+
'detection-service.ts',
|
|
78
|
+
'schema/migrations/index.ts',
|
|
79
|
+
'dictionary-service.ts',
|
|
80
|
+
'schema/index.ts',
|
|
81
|
+
'schema/db-types.ts',
|
|
82
|
+
'rule-host-types.ts',
|
|
83
|
+
'rule-host-helpers.ts',
|
|
84
|
+
'schema/migrations/001-init-trajectory.ts',
|
|
85
|
+
// I/O boundary
|
|
86
|
+
'trajectory.ts',
|
|
87
|
+
'evolution-reducer.ts',
|
|
88
|
+
'promotion-gate.ts',
|
|
89
|
+
'model-training-registry.ts',
|
|
90
|
+
'focus-history.ts',
|
|
91
|
+
'model-deployment-registry.ts',
|
|
92
|
+
'training-program.ts',
|
|
93
|
+
'replay-engine.ts',
|
|
94
|
+
'external-training-contract.ts',
|
|
95
|
+
'merge-gate-audit.ts',
|
|
96
|
+
'shadow-observation-registry.ts',
|
|
97
|
+
'confirm-first-gate.ts',
|
|
98
|
+
'control-ui-db.ts',
|
|
99
|
+
'thinking-models.ts',
|
|
100
|
+
'pd-task-reconciler.ts',
|
|
101
|
+
'correction-cue-learner.ts',
|
|
102
|
+
'principle-compiler/compiler.ts',
|
|
103
|
+
'pain.ts',
|
|
104
|
+
'pain-context-extractor.ts',
|
|
105
|
+
'config.ts',
|
|
106
|
+
'code-implementation-storage.ts',
|
|
107
|
+
'observability.ts',
|
|
108
|
+
'file-storage-adapter.ts',
|
|
109
|
+
'workflow-funnel-loader.ts',
|
|
110
|
+
'dictionary.ts',
|
|
111
|
+
'thinking-os-parser.ts',
|
|
112
|
+
'system-logger.ts',
|
|
113
|
+
'detection-funnel.ts',
|
|
114
|
+
'risk-calculator.ts',
|
|
115
|
+
'migration.ts',
|
|
116
|
+
'file-store.ts',
|
|
117
|
+
'pd-task-store.ts',
|
|
118
|
+
'evolution-migration.ts',
|
|
119
|
+
'empathy-keyword-matcher.ts',
|
|
120
|
+
'pain-lifecycle.ts',
|
|
121
|
+
'session-tracker.ts',
|
|
122
|
+
'principle-tree-ledger.ts',
|
|
123
|
+
'evolution-logger.ts',
|
|
124
|
+
'evolution-engine.ts',
|
|
125
|
+
'runtime-v2-prompt-activation-reader.ts',
|
|
126
|
+
] as const;
|
|
127
|
+
|
|
128
|
+
// Category 6: Test files
|
|
129
|
+
const KNOWN_TEST_FILES = [
|
|
130
|
+
'__tests__/focus-history.test.ts',
|
|
131
|
+
'principle-compiler/__tests__/compiler-replay-gate.test.ts',
|
|
132
|
+
] as const;
|
|
133
|
+
|
|
134
|
+
const ALL_KNOWN = [
|
|
135
|
+
...FROZEN_LEGACY,
|
|
136
|
+
...ZERO_IMPORT_CANDIDATES,
|
|
137
|
+
...PLUGIN_IO_FILES,
|
|
138
|
+
...KNOWN_TEST_FILES,
|
|
139
|
+
];
|
|
140
|
+
|
|
141
|
+
function enumerateFiles(dir: string, prefix = ''): string[] {
|
|
142
|
+
const entries = fs.readdirSync(dir, { withFileTypes: true });
|
|
143
|
+
const files: string[] = [];
|
|
144
|
+
for (const entry of entries) {
|
|
145
|
+
const relPath = prefix ? `${prefix}/${entry.name}` : entry.name;
|
|
146
|
+
const fullPath = path.resolve(dir, entry.name);
|
|
147
|
+
if (entry.isDirectory()) {
|
|
148
|
+
files.push(...enumerateFiles(fullPath, relPath));
|
|
149
|
+
} else if (entry.name.endsWith('.ts')) {
|
|
150
|
+
files.push(relPath.replace(/\\/g, '/'));
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
return files;
|
|
154
|
+
}
|
|
155
|
+
|
|
156
|
+
it('no new unclassified files in plugin core', () => {
|
|
157
|
+
const coreDir = path.resolve(__dirname, '../src/core');
|
|
158
|
+
const actualFiles = enumerateFiles(coreDir).sort();
|
|
159
|
+
const expectedFiles = [...ALL_KNOWN].sort();
|
|
160
|
+
|
|
161
|
+
const actualSet = new Set(actualFiles);
|
|
162
|
+
const knownSet = new Set(expectedFiles);
|
|
163
|
+
|
|
164
|
+
const unknownFiles = actualFiles.filter((f) => !knownSet.has(f));
|
|
165
|
+
const missingFiles = expectedFiles.filter((f) => !actualSet.has(f));
|
|
166
|
+
|
|
167
|
+
expect(unknownFiles, [
|
|
168
|
+
`\nUnclassified files detected in packages/openclaw-plugin/src/core/:`,
|
|
169
|
+
...unknownFiles.map((f) => ` + ${f}`),
|
|
170
|
+
``,
|
|
171
|
+
`New pure domain logic MUST go to @principles/core (packages/principles-core/).`,
|
|
172
|
+
`Plugin I/O adapter additions must be explicitly allowlisted in`,
|
|
173
|
+
`packages/openclaw-plugin/tests/core-anti-growth.test.ts`,
|
|
174
|
+
`ADR-0005 frozen files must NOT be modified.`,
|
|
175
|
+
`Reference: docs/reviews/plugin-core-inventory-2026-05.md (PRI-211)`,
|
|
176
|
+
].join('\n')).toEqual([]);
|
|
177
|
+
|
|
178
|
+
expect(missingFiles, [
|
|
179
|
+
`\nBaseline files missing from packages/openclaw-plugin/src/core/:`,
|
|
180
|
+
...missingFiles.map((f) => ` - ${f}`),
|
|
181
|
+
``,
|
|
182
|
+
`Missing baseline files may indicate:`,
|
|
183
|
+
` - File was moved or deleted (update inventory if intentional)`,
|
|
184
|
+
` - Stale-main rollback (ERR-012): rebase on latest origin/main`,
|
|
185
|
+
` - File was renamed (update inventory with new name)`,
|
|
186
|
+
].join('\n')).toEqual([]);
|
|
187
|
+
});
|
|
188
|
+
|
|
189
|
+
it('zero-import candidates are tracked for migration awareness', () => {
|
|
190
|
+
expect(ZERO_IMPORT_CANDIDATES.length).toBeGreaterThan(0);
|
|
191
|
+
});
|
|
192
|
+
});
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
import { describe, it, expect } from 'vitest';
|
|
2
|
+
import * as fs from 'fs';
|
|
3
|
+
import * as path from 'path';
|
|
4
|
+
|
|
5
|
+
const INDEX_TS = fs.readFileSync(
|
|
6
|
+
path.resolve(__dirname, '../src/index.ts'),
|
|
7
|
+
'utf-8',
|
|
8
|
+
);
|
|
9
|
+
|
|
10
|
+
describe('Hook workspace resolution NextAction contract', () => {
|
|
11
|
+
const FORBIDDEN_NEXT_ACTION_PATTERNS = [
|
|
12
|
+
/PD_WORKSPACE_DIR/,
|
|
13
|
+
/principles-disciple\.json/,
|
|
14
|
+
];
|
|
15
|
+
|
|
16
|
+
it('does not claim PD_WORKSPACE_DIR env var as recovery in NextAction', () => {
|
|
17
|
+
const matches = INDEX_TS.match(/NextAction:[^`]*PD_WORKSPACE_DIR/g);
|
|
18
|
+
expect(matches).toBeNull();
|
|
19
|
+
});
|
|
20
|
+
|
|
21
|
+
it('does not claim principles-disciple.json as recovery in NextAction', () => {
|
|
22
|
+
const matches = INDEX_TS.match(/NextAction:[^`]*principles-disciple\.json/g);
|
|
23
|
+
expect(matches).toBeNull();
|
|
24
|
+
});
|
|
25
|
+
|
|
26
|
+
it('all hook failure NextActions reference canonical workspace migration', () => {
|
|
27
|
+
const nextActionLines = INDEX_TS.match(/NextAction: \${HOOK_WORKSPACE_RESOLUTION_NEXT_ACTION}/g);
|
|
28
|
+
expect(nextActionLines).not.toBeNull();
|
|
29
|
+
expect(nextActionLines!.length).toBeGreaterThanOrEqual(7);
|
|
30
|
+
});
|
|
31
|
+
|
|
32
|
+
it('HOOK_WORKSPACE_RESOLUTION_NEXT_ACTION constant exists and does not contain forbidden patterns', () => {
|
|
33
|
+
const constantMatch = INDEX_TS.match(
|
|
34
|
+
/const HOOK_WORKSPACE_RESOLUTION_NEXT_ACTION\s*=\s*'([^']+)'/,
|
|
35
|
+
);
|
|
36
|
+
expect(constantMatch).not.toBeNull();
|
|
37
|
+
const constantValue = constantMatch![1];
|
|
38
|
+
for (const pattern of FORBIDDEN_NEXT_ACTION_PATTERNS) {
|
|
39
|
+
expect(pattern.test(constantValue)).toBe(false);
|
|
40
|
+
}
|
|
41
|
+
});
|
|
42
|
+
});
|
|
@@ -0,0 +1,333 @@
|
|
|
1
|
+
import { describe, it, expect, beforeEach, afterEach } from 'vitest';
|
|
2
|
+
import * as os from 'os';
|
|
3
|
+
import * as path from 'path';
|
|
4
|
+
import * as fs from 'fs';
|
|
5
|
+
import {
|
|
6
|
+
evaluateConfirmFirstGateSync,
|
|
7
|
+
detectApprovalMarker,
|
|
8
|
+
setConfirmFirstDirective,
|
|
9
|
+
setConfirmFirstApproval,
|
|
10
|
+
resetConfirmFirst,
|
|
11
|
+
isSessionApproved,
|
|
12
|
+
hasActiveDirective,
|
|
13
|
+
clearAllConfirmFirstState,
|
|
14
|
+
setConfirmFirstStore,
|
|
15
|
+
hydrateFromStore,
|
|
16
|
+
} from '../../src/core/confirm-first-gate.js';
|
|
17
|
+
import { SqliteConnection } from '@principles/core/runtime-v2';
|
|
18
|
+
import { SqliteConfirmFirstStateStore } from '@principles/core/runtime-v2';
|
|
19
|
+
|
|
20
|
+
describe('Confirm-First Gate', () => {
|
|
21
|
+
beforeEach(() => {
|
|
22
|
+
clearAllConfirmFirstState();
|
|
23
|
+
});
|
|
24
|
+
|
|
25
|
+
describe('detectApprovalMarker', () => {
|
|
26
|
+
it('detects Chinese approval markers', () => {
|
|
27
|
+
expect(detectApprovalMarker('确认')).toBe(true);
|
|
28
|
+
expect(detectApprovalMarker('批准')).toBe(true);
|
|
29
|
+
expect(detectApprovalMarker('按计划执行')).toBe(true);
|
|
30
|
+
expect(detectApprovalMarker('可以执行')).toBe(true);
|
|
31
|
+
expect(detectApprovalMarker('就这么做')).toBe(true);
|
|
32
|
+
expect(detectApprovalMarker('去执行')).toBe(true);
|
|
33
|
+
expect(detectApprovalMarker('开始执行')).toBe(true);
|
|
34
|
+
expect(detectApprovalMarker('执行吧')).toBe(true);
|
|
35
|
+
expect(detectApprovalMarker('同意')).toBe(true);
|
|
36
|
+
});
|
|
37
|
+
|
|
38
|
+
it('detects English approval markers', () => {
|
|
39
|
+
expect(detectApprovalMarker('approved')).toBe(true);
|
|
40
|
+
expect(detectApprovalMarker('go ahead')).toBe(true);
|
|
41
|
+
expect(detectApprovalMarker('lgtm')).toBe(true);
|
|
42
|
+
expect(detectApprovalMarker('yes, do it')).toBe(true);
|
|
43
|
+
expect(detectApprovalMarker('do it')).toBe(true);
|
|
44
|
+
expect(detectApprovalMarker('yes, proceed')).toBe(true);
|
|
45
|
+
expect(detectApprovalMarker('yes, execute')).toBe(true);
|
|
46
|
+
expect(detectApprovalMarker('proceed with the plan')).toBe(true);
|
|
47
|
+
expect(detectApprovalMarker('execute the plan')).toBe(true);
|
|
48
|
+
expect(detectApprovalMarker('please proceed with the plan')).toBe(true);
|
|
49
|
+
});
|
|
50
|
+
|
|
51
|
+
it('rejects vague text', () => {
|
|
52
|
+
expect(detectApprovalMarker('看看')).toBe(false);
|
|
53
|
+
expect(detectApprovalMarker('继续想想')).toBe(false);
|
|
54
|
+
expect(detectApprovalMarker('你决定')).toBe(false);
|
|
55
|
+
expect(detectApprovalMarker('hello world')).toBe(false);
|
|
56
|
+
expect(detectApprovalMarker('')).toBe(false);
|
|
57
|
+
});
|
|
58
|
+
|
|
59
|
+
it('rejects negated Chinese approval', () => {
|
|
60
|
+
expect(detectApprovalMarker('不同意')).toBe(false);
|
|
61
|
+
expect(detectApprovalMarker('不确认')).toBe(false);
|
|
62
|
+
expect(detectApprovalMarker('先不执行')).toBe(false);
|
|
63
|
+
expect(detectApprovalMarker('还没准备好确认')).toBe(false);
|
|
64
|
+
expect(detectApprovalMarker('暂不批准')).toBe(false);
|
|
65
|
+
});
|
|
66
|
+
|
|
67
|
+
it('rejects negated English approval', () => {
|
|
68
|
+
expect(detectApprovalMarker("don't proceed")).toBe(false);
|
|
69
|
+
expect(detectApprovalMarker("don't do it")).toBe(false);
|
|
70
|
+
expect(detectApprovalMarker("not ready to confirm")).toBe(false);
|
|
71
|
+
expect(detectApprovalMarker("can't approve yet")).toBe(false);
|
|
72
|
+
expect(detectApprovalMarker("won't proceed")).toBe(false);
|
|
73
|
+
expect(detectApprovalMarker("stop")).toBe(false);
|
|
74
|
+
});
|
|
75
|
+
|
|
76
|
+
it('rejects ambiguous English phrases without explicit approval context', () => {
|
|
77
|
+
expect(detectApprovalMarker('please confirm requirements before proceeding')).toBe(false);
|
|
78
|
+
expect(detectApprovalMarker('how should we proceed?')).toBe(false);
|
|
79
|
+
expect(detectApprovalMarker('confirm the requirement first')).toBe(false);
|
|
80
|
+
expect(detectApprovalMarker('should I proceed?')).toBe(false);
|
|
81
|
+
expect(detectApprovalMarker('I need to confirm something')).toBe(false);
|
|
82
|
+
expect(detectApprovalMarker('let me confirm the plan')).toBe(false);
|
|
83
|
+
});
|
|
84
|
+
});
|
|
85
|
+
|
|
86
|
+
describe('evaluateConfirmFirstGateSync', () => {
|
|
87
|
+
it('skips when no sessionId', () => {
|
|
88
|
+
const result = evaluateConfirmFirstGateSync(undefined, 'write', {});
|
|
89
|
+
expect(result.action).toBe('skip');
|
|
90
|
+
});
|
|
91
|
+
|
|
92
|
+
it('skips when no confirm-first directive active', () => {
|
|
93
|
+
const result = evaluateConfirmFirstGateSync('session-1', 'write', {});
|
|
94
|
+
expect(result.action).toBe('skip');
|
|
95
|
+
});
|
|
96
|
+
|
|
97
|
+
it('allows non-mutating tools even with active directive', () => {
|
|
98
|
+
setConfirmFirstDirective('session-1', true, 'princ-mvp-acceptance-confirm-first');
|
|
99
|
+
const result = evaluateConfirmFirstGateSync('session-1', 'read', {});
|
|
100
|
+
expect(result.action).toBe('allow');
|
|
101
|
+
});
|
|
102
|
+
|
|
103
|
+
it('blocks write tool when directive active and not approved', () => {
|
|
104
|
+
setConfirmFirstDirective('session-1', true, 'princ-mvp-acceptance-confirm-first');
|
|
105
|
+
const result = evaluateConfirmFirstGateSync('session-1', 'write', { path: 'test.json' });
|
|
106
|
+
expect(result.action).toBe('block');
|
|
107
|
+
expect(result.reason).toBe('confirm_first_required');
|
|
108
|
+
expect(result.principleId).toBe('princ-mvp-acceptance-confirm-first');
|
|
109
|
+
expect(result.nextAction).toContain('owner approval');
|
|
110
|
+
});
|
|
111
|
+
|
|
112
|
+
it('blocks edit tool when directive active and not approved', () => {
|
|
113
|
+
setConfirmFirstDirective('session-1', true, 'princ-mvp-acceptance-confirm-first');
|
|
114
|
+
const result = evaluateConfirmFirstGateSync('session-1', 'edit', { file_path: 'test.ts' });
|
|
115
|
+
expect(result.action).toBe('block');
|
|
116
|
+
expect(result.reason).toBe('confirm_first_required');
|
|
117
|
+
});
|
|
118
|
+
|
|
119
|
+
it('blocks delete_file when directive active and not approved', () => {
|
|
120
|
+
setConfirmFirstDirective('session-1', true, 'princ-mvp-acceptance-confirm-first');
|
|
121
|
+
const result = evaluateConfirmFirstGateSync('session-1', 'delete_file', { path: 'test.txt' });
|
|
122
|
+
expect(result.action).toBe('block');
|
|
123
|
+
});
|
|
124
|
+
|
|
125
|
+
it('blocks mutating exec when directive active and not approved', () => {
|
|
126
|
+
setConfirmFirstDirective('session-1', true, 'princ-mvp-acceptance-confirm-first');
|
|
127
|
+
const result = evaluateConfirmFirstGateSync('session-1', 'exec', { command: 'rm -rf /tmp/test' });
|
|
128
|
+
expect(result.action).toBe('block');
|
|
129
|
+
});
|
|
130
|
+
|
|
131
|
+
it('allows non-mutating exec when directive active and not approved', () => {
|
|
132
|
+
setConfirmFirstDirective('session-1', true, 'princ-mvp-acceptance-confirm-first');
|
|
133
|
+
const result = evaluateConfirmFirstGateSync('session-1', 'exec', { command: 'ls -la' });
|
|
134
|
+
expect(result.action).toBe('allow');
|
|
135
|
+
});
|
|
136
|
+
|
|
137
|
+
it('allows bash with undefined params when directive active', () => {
|
|
138
|
+
setConfirmFirstDirective('session-1', true, 'princ-mvp-acceptance-confirm-first');
|
|
139
|
+
const result = evaluateConfirmFirstGateSync('session-1', 'bash', undefined);
|
|
140
|
+
expect(result.action).toBe('allow');
|
|
141
|
+
});
|
|
142
|
+
|
|
143
|
+
it('allows read tool when directive active and not approved', () => {
|
|
144
|
+
setConfirmFirstDirective('session-1', true, 'princ-mvp-acceptance-confirm-first');
|
|
145
|
+
const result = evaluateConfirmFirstGateSync('session-1', 'read', { file_path: 'test.ts' });
|
|
146
|
+
expect(result.action).toBe('allow');
|
|
147
|
+
});
|
|
148
|
+
|
|
149
|
+
it('allows write after approval', () => {
|
|
150
|
+
setConfirmFirstDirective('session-1', true, 'princ-mvp-acceptance-confirm-first');
|
|
151
|
+
setConfirmFirstApproval('session-1');
|
|
152
|
+
const result = evaluateConfirmFirstGateSync('session-1', 'write', { path: 'test.json' });
|
|
153
|
+
expect(result.action).toBe('allow');
|
|
154
|
+
expect(isSessionApproved('session-1')).toBe(true);
|
|
155
|
+
});
|
|
156
|
+
|
|
157
|
+
it('approval is session-scoped', () => {
|
|
158
|
+
setConfirmFirstDirective('session-1', true, 'princ-mvp-acceptance-confirm-first');
|
|
159
|
+
setConfirmFirstDirective('session-2', true, 'princ-mvp-acceptance-confirm-first');
|
|
160
|
+
setConfirmFirstApproval('session-1');
|
|
161
|
+
|
|
162
|
+
expect(evaluateConfirmFirstGateSync('session-1', 'write', {}).action).toBe('allow');
|
|
163
|
+
expect(evaluateConfirmFirstGateSync('session-2', 'write', {}).action).toBe('block');
|
|
164
|
+
});
|
|
165
|
+
|
|
166
|
+
it('blocks apply_patch with no path when directive active', () => {
|
|
167
|
+
setConfirmFirstDirective('session-1', true, 'princ-mvp-acceptance-confirm-first');
|
|
168
|
+
const result = evaluateConfirmFirstGateSync('session-1', 'apply_patch', { patch: '@@ -1 +1 @@\n-old\n+new' });
|
|
169
|
+
expect(result.action).toBe('block');
|
|
170
|
+
expect(result.reason).toBe('confirm_first_required');
|
|
171
|
+
});
|
|
172
|
+
|
|
173
|
+
it('allows apply_patch after approval', () => {
|
|
174
|
+
setConfirmFirstDirective('session-1', true, 'princ-mvp-acceptance-confirm-first');
|
|
175
|
+
setConfirmFirstApproval('session-1');
|
|
176
|
+
const result = evaluateConfirmFirstGateSync('session-1', 'apply_patch', { patch: '@@ -1 +1 @@\n-old\n+new' });
|
|
177
|
+
expect(result.action).toBe('allow');
|
|
178
|
+
});
|
|
179
|
+
|
|
180
|
+
it('reset clears both directive and approval state', () => {
|
|
181
|
+
setConfirmFirstDirective('session-1', true, 'princ-mvp-acceptance-confirm-first');
|
|
182
|
+
setConfirmFirstApproval('session-1');
|
|
183
|
+
resetConfirmFirst('session-1');
|
|
184
|
+
|
|
185
|
+
expect(hasActiveDirective('session-1')).toBe(false);
|
|
186
|
+
expect(isSessionApproved('session-1')).toBe(false);
|
|
187
|
+
expect(evaluateConfirmFirstGateSync('session-1', 'write', {}).action).toBe('skip');
|
|
188
|
+
});
|
|
189
|
+
});
|
|
190
|
+
});
|
|
191
|
+
|
|
192
|
+
describe('Cross-restart persistence', () => {
|
|
193
|
+
let tmpDir: string;
|
|
194
|
+
let connection: SqliteConnection;
|
|
195
|
+
let store: SqliteConfirmFirstStateStore;
|
|
196
|
+
|
|
197
|
+
beforeEach(() => {
|
|
198
|
+
clearAllConfirmFirstState();
|
|
199
|
+
setConfirmFirstStore(null);
|
|
200
|
+
tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'pd-cf-test-'));
|
|
201
|
+
connection = new SqliteConnection(tmpDir);
|
|
202
|
+
store = new SqliteConfirmFirstStateStore(connection);
|
|
203
|
+
});
|
|
204
|
+
|
|
205
|
+
afterEach(() => {
|
|
206
|
+
setConfirmFirstStore(null);
|
|
207
|
+
clearAllConfirmFirstState();
|
|
208
|
+
try {
|
|
209
|
+
connection.close();
|
|
210
|
+
} catch {}
|
|
211
|
+
try {
|
|
212
|
+
fs.rmSync(tmpDir, { recursive: true, force: true });
|
|
213
|
+
} catch {}
|
|
214
|
+
});
|
|
215
|
+
|
|
216
|
+
it('directive + approval survive restart', () => {
|
|
217
|
+
setConfirmFirstStore(store);
|
|
218
|
+
setConfirmFirstDirective('sess-restart', true, 'princ-123');
|
|
219
|
+
setConfirmFirstApproval('sess-restart');
|
|
220
|
+
|
|
221
|
+
expect(evaluateConfirmFirstGateSync('sess-restart', 'write', {}).action).toBe('allow');
|
|
222
|
+
|
|
223
|
+
setConfirmFirstStore(null);
|
|
224
|
+
clearAllConfirmFirstState();
|
|
225
|
+
setConfirmFirstStore(store);
|
|
226
|
+
hydrateFromStore('sess-restart');
|
|
227
|
+
|
|
228
|
+
expect(evaluateConfirmFirstGateSync('sess-restart', 'write', {}).action).toBe('allow');
|
|
229
|
+
expect(hasActiveDirective('sess-restart')).toBe(true);
|
|
230
|
+
expect(isSessionApproved('sess-restart')).toBe(true);
|
|
231
|
+
});
|
|
232
|
+
|
|
233
|
+
it('directive without approval survives restart', () => {
|
|
234
|
+
setConfirmFirstStore(store);
|
|
235
|
+
setConfirmFirstDirective('sess-restart', true, 'princ-456');
|
|
236
|
+
|
|
237
|
+
expect(evaluateConfirmFirstGateSync('sess-restart', 'write', {}).action).toBe('block');
|
|
238
|
+
|
|
239
|
+
setConfirmFirstStore(null);
|
|
240
|
+
clearAllConfirmFirstState();
|
|
241
|
+
setConfirmFirstStore(store);
|
|
242
|
+
hydrateFromStore('sess-restart');
|
|
243
|
+
|
|
244
|
+
expect(evaluateConfirmFirstGateSync('sess-restart', 'write', {}).action).toBe('block');
|
|
245
|
+
expect(hasActiveDirective('sess-restart')).toBe(true);
|
|
246
|
+
expect(isSessionApproved('sess-restart')).toBe(false);
|
|
247
|
+
});
|
|
248
|
+
|
|
249
|
+
it('no directive survives restart', () => {
|
|
250
|
+
setConfirmFirstStore(store);
|
|
251
|
+
|
|
252
|
+
setConfirmFirstStore(null);
|
|
253
|
+
clearAllConfirmFirstState();
|
|
254
|
+
setConfirmFirstStore(store);
|
|
255
|
+
hydrateFromStore('sess-noexist');
|
|
256
|
+
|
|
257
|
+
expect(evaluateConfirmFirstGateSync('sess-noexist', 'write', {}).action).toBe('skip');
|
|
258
|
+
expect(hasActiveDirective('sess-noexist')).toBe(false);
|
|
259
|
+
});
|
|
260
|
+
});
|
|
261
|
+
|
|
262
|
+
describe('Store degradation (ERR-002)', () => {
|
|
263
|
+
afterEach(() => {
|
|
264
|
+
setConfirmFirstStore(null);
|
|
265
|
+
clearAllConfirmFirstState();
|
|
266
|
+
});
|
|
267
|
+
|
|
268
|
+
it('store write failure degrades gracefully to cache-only', () => {
|
|
269
|
+
const throwingStore = {
|
|
270
|
+
upsertDirective: () => { throw new Error('DB unavailable'); },
|
|
271
|
+
upsertApproval: () => { throw new Error('DB unavailable'); },
|
|
272
|
+
getState: () => null,
|
|
273
|
+
deleteState: () => { throw new Error('DB unavailable'); },
|
|
274
|
+
deleteAllState: () => { throw new Error('DB unavailable'); },
|
|
275
|
+
pruneStaleRows: () => 0,
|
|
276
|
+
getAllState: () => [],
|
|
277
|
+
} as unknown as SqliteConfirmFirstStateStore;
|
|
278
|
+
|
|
279
|
+
setConfirmFirstStore(throwingStore);
|
|
280
|
+
setConfirmFirstDirective('sess-degrade', true, 'princ-123');
|
|
281
|
+
|
|
282
|
+
expect(hasActiveDirective('sess-degrade')).toBe(true);
|
|
283
|
+
|
|
284
|
+
setConfirmFirstApproval('sess-degrade');
|
|
285
|
+
expect(isSessionApproved('sess-degrade')).toBe(true);
|
|
286
|
+
expect(evaluateConfirmFirstGateSync('sess-degrade', 'write', {}).action).toBe('allow');
|
|
287
|
+
});
|
|
288
|
+
});
|
|
289
|
+
|
|
290
|
+
describe('Stale directive cleared on reset (PRI-266)', () => {
|
|
291
|
+
beforeEach(() => {
|
|
292
|
+
clearAllConfirmFirstState();
|
|
293
|
+
});
|
|
294
|
+
|
|
295
|
+
it('resetConfirmFirst clears directive and approval from cache and store', () => {
|
|
296
|
+
const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'pd-cf-stale-'));
|
|
297
|
+
try {
|
|
298
|
+
const connection = new SqliteConnection(tmpDir);
|
|
299
|
+
const store = new SqliteConfirmFirstStateStore(connection);
|
|
300
|
+
setConfirmFirstStore(store);
|
|
301
|
+
|
|
302
|
+
setConfirmFirstDirective('sess-stale', true, 'princ-stale');
|
|
303
|
+
setConfirmFirstApproval('sess-stale');
|
|
304
|
+
|
|
305
|
+
expect(hasActiveDirective('sess-stale')).toBe(true);
|
|
306
|
+
expect(isSessionApproved('sess-stale')).toBe(true);
|
|
307
|
+
|
|
308
|
+
resetConfirmFirst('sess-stale');
|
|
309
|
+
|
|
310
|
+
expect(hasActiveDirective('sess-stale')).toBe(false);
|
|
311
|
+
expect(isSessionApproved('sess-stale')).toBe(false);
|
|
312
|
+
expect(evaluateConfirmFirstGateSync('sess-stale', 'write', {}).action).toBe('skip');
|
|
313
|
+
|
|
314
|
+
connection.close();
|
|
315
|
+
} finally {
|
|
316
|
+
setConfirmFirstStore(null);
|
|
317
|
+
fs.rmSync(tmpDir, { recursive: true, force: true });
|
|
318
|
+
}
|
|
319
|
+
});
|
|
320
|
+
|
|
321
|
+
it('resetConfirmFirst without store clears in-memory cache only', () => {
|
|
322
|
+
setConfirmFirstDirective('sess-nostore', true, 'princ-nostore');
|
|
323
|
+
setConfirmFirstApproval('sess-nostore');
|
|
324
|
+
|
|
325
|
+
expect(hasActiveDirective('sess-nostore')).toBe(true);
|
|
326
|
+
expect(isSessionApproved('sess-nostore')).toBe(true);
|
|
327
|
+
|
|
328
|
+
resetConfirmFirst('sess-nostore');
|
|
329
|
+
|
|
330
|
+
expect(hasActiveDirective('sess-nostore')).toBe(false);
|
|
331
|
+
expect(isSessionApproved('sess-nostore')).toBe(false);
|
|
332
|
+
});
|
|
333
|
+
});
|