principles-disciple 1.72.0 → 1.73.0

package/src/core/pd-task-types.ts

@@ -1,128 +1,24 @@
-/**
- * PD Task Manager Types
- *
- * Type definitions for the PD Task Manager — a declarative cron task
- * management system that reconciles PD task declarations with OpenClaw's
- * cron/jobs.json using safe file operations (lock + atomic write).
- */
+import type {
+  PDTaskSchedule as CorePDTaskSchedule,
+  PDTaskExecution as CorePDTaskExecution,
+  PDTaskDelivery as CorePDTaskDelivery,
+  PDTaskMeta as CorePDTaskMeta,
+  PDTaskSpec as CorePDTaskSpec,
+} from '@principles/core/runtime-v2';
+
+export type PDTaskSchedule = CorePDTaskSchedule;
+export type PDTaskExecution = CorePDTaskExecution;
+export type PDTaskDelivery = CorePDTaskDelivery;
+export type PDTaskMeta = CorePDTaskMeta;
+export type PDTaskSpec = CorePDTaskSpec;
+
+export {
+  PDTaskScheduleSchema,
+  PDTaskExecutionSchema,
+  PDTaskDeliverySchema,
+  PDTaskMetaSchema,
+  PDTaskSpecSchema,
+} from '@principles/core/runtime-v2';
+
+export const BUILTIN_PD_TASKS: PDTaskSpec[] = [];
 
-// =========================================================================
-// PDTaskSpec — Declaration Schema
-// =========================================================================
-
-/** Cron schedule for PD tasks (only "every" kind supported for now) */
-export interface PDTaskSchedule {
-  kind: 'every';
-  everyMs: number;
-}
-
-/** Execution configuration for a PD task */
-export interface PDTaskExecution {
-  /** Which prompt builder to use */
-  promptTemplate: string;
-  /** Execution timeout in seconds (default: 120) */
-  timeoutSeconds?: number;
-  /** Use lightweight context to save tokens */
-  lightContext?: boolean;
-  /** Restrict available tools */
-  toolsAllow?: string[];
-}
-
-/** Delivery configuration for task results */
-export interface PDTaskDelivery {
-  mode: 'none' | 'announce';
-  channel?: string;
-  to?: string;
-}
-
-/** Metadata — not synced to cron, used for health tracking */
-export interface PDTaskMeta {
-  /** When this task was first declared */
-  createdAtMs?: number;
-  /** Last successful reconcile timestamp */
-  lastSyncedAtMs?: number;
-  /** The cron job ID from last sync */
-  lastSyncedJobId?: string;
-  /** Last sync status */
-  lastSyncStatus?: 'ok' | 'error';
-  /** Last sync error message */
-  lastSyncError?: string;
-  /** Consecutive failure count (from CronJobState.consecutiveErrors) */
-  consecutiveFailCount?: number;
-  /** Timestamp of last failure */
-  lastFailedAtMs?: number;
-  /** Whether this task was auto-disabled due to health issues */
-  autoDisabled?: boolean;
-  /** When the task was auto-disabled */
-  autoDisabledAt?: number;
-  /** Reason for auto-disable */
-  autoDisabledReason?: string;
-  /** Last manual trigger timestamp */
-  lastTriggeredAtMs?: number;
-  /** Last manual trigger status */
-  lastTriggerStatus?: 'succeeded' | 'failed' | 'pending';
-}
-
-/**
- * PDTaskSpec — A declarative specification for a PD background task.
- *
- * This is the source of truth. The reconciler translates these into
- * CronJob entries in OpenClaw's cron/jobs.json.
- */
-export interface PDTaskSpec {
-  /** Stable unique ID — never changes across versions */
-  id: string;
-  /** Human-readable name — becomes the CronJob name (must start with "PD ") */
-  name: string;
-  /** Description shown to users */
-  description: string;
-  /** Whether this task should be active */
-  enabled: boolean;
-  /** Schema version — bumped when prompt/config changes require re-sync */
-  version: string;
-  /** Cron schedule (only "every" kind supported for now) */
-  schedule: PDTaskSchedule;
-  /** OpenClaw agent ID to run under (default: "main") */
-  agentId?: string;
-  /** Execution configuration */
-  execution: PDTaskExecution;
-  /** Delivery configuration */
-  delivery: PDTaskDelivery;
-  /** Metadata — not synced to cron */
-  meta?: PDTaskMeta;
-}
-
-// =========================================================================
-// Builtin PD Tasks
-// =========================================================================
-
-/**
- * Built-in PD tasks declared by the plugin.
- *
- * These are reconciled on plugin startup. Adding a new task here
- * automatically creates the corresponding cron job on next restart.
- */
-export const BUILTIN_PD_TASKS: PDTaskSpec[] = [
-  {
-    id: 'empathy-optimizer',
-    name: 'PD Empathy Optimizer',
-    description:
-      'Analyzes recent user messages to discover new frustration expressions and optimize keyword weights.',
-    enabled: true,
-    version: '1.0.1', // Bumped to force cron job settings update
-    schedule: {
-      kind: 'every',
-      everyMs: 5 * 60 * 1000, // 5 minutes (testing); increase to 6h once stable
-    },
-    agentId: 'main',
-    execution: {
-      promptTemplate: 'empathy-optimizer',
-      timeoutSeconds: 300, // 5 min — needs time to scan events.jsonl
-      lightContext: true,
-      toolsAllow: ['read_file', 'write_file', 'search_file_content'],
-    },
-    delivery: {
-      mode: 'none',
-    },
-  },
-];

package/src/core/principle-compiler/__tests__/compiler-replay-gate.test.ts

@@ -0,0 +1,174 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+
+// --- Mocks (hoisted for vi.mock compatibility) ---
+
+const {
+  mockCollect, mockRegister, mockCreateAssetDir,
+  mockLoadModule, mockValidate, mockGenerate,
+} = vi.hoisted(() => ({
+  mockCollect: vi.fn(),
+  mockRegister: vi.fn(),
+  mockCreateAssetDir: vi.fn(),
+  mockLoadModule: vi.fn(),
+  mockValidate: vi.fn(),
+  mockGenerate: vi.fn(),
+}));
+
+vi.mock('../code-validator.js', () => ({
+  validateGeneratedCode: mockValidate,
+}));
+
+vi.mock('../template-generator.js', () => ({
+  generateFromTemplate: mockGenerate,
+}));
+
+vi.mock('../ledger-registrar.js', () => ({
+  registerCompiledRule: mockRegister,
+}));
+
+vi.mock('../../code-implementation-storage.js', () => ({
+  createImplementationAssetDir: mockCreateAssetDir,
+}));
+
+vi.mock('../../rule-implementation-runtime.js', () => ({
+  loadRuleImplementationModule: mockLoadModule,
+}));
+
+import { PrincipleCompiler } from '../compiler.js';
+
+// --- Fixtures ---
+
+const PRINCIPLE_ID = 'P_test_001';
+
+function makeContext(overrides?: { reason?: string }) {
+  return {
+    principle: {
+      id: PRINCIPLE_ID,
+      version: 1,
+      text: 'Never delete system files via bash',
+      triggerPattern: 'bash rm',
+      action: 'block dangerous bash commands',
+      status: 'active' as const,
+      priority: 'high' as const,
+      scope: 'global' as const,
+      evaluability: 'deterministic' as const,
+      valueScore: 0.9,
+      adherenceRate: 0.8,
+      painPreventedCount: 5,
+      derivedFromPainIds: ['pain_001'],
+      ruleIds: [] as string[],
+      conflictsWithPrincipleIds: [] as string[],
+      createdAt: '2026-05-01T00:00:00Z',
+      updatedAt: '2026-05-01T00:00:00Z',
+    },
+    painEvents: [
+      {
+        reason: overrides?.reason ?? 'bash command failed on /etc/important.conf',
+        source: 'tool_failure',
+      },
+    ],
+    sessionSnapshot: null,
+    lineage: { sourcePainIds: ['pain_001'], sessionId: null as string | null },
+  };
+}
+
+// --- Tests ---
+
+describe('PrincipleCompiler replay gate (PRI-115)', () => {
+  let compiler: PrincipleCompiler;
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+
+    // Mock collector.collect directly on the instance
+    mockCollect.mockReturnValue(makeContext());
+
+    mockValidate.mockReturnValue({ valid: true, errors: [], warnings: [] });
+    mockGenerate.mockReturnValue(
+      'export function evaluate() { return { decision: "block", matched: true, reason: "test", confidence: 0.95 }; }',
+    );
+    mockRegister.mockReturnValue({ ruleId: 'R_test_auto', implementationId: 'IMPL_test_auto' });
+
+    compiler = new PrincipleCompiler('/tmp/test-state', {} as any);
+    // Override collector after construction to avoid module resolution issues
+    (compiler as any).collector = { collect: mockCollect, collectBatch: vi.fn() };
+  });
+
+  it('failing replay returns degraded=true and blocks registration', () => {
+    mockCollect.mockReturnValue(makeContext());
+
+    mockLoadModule.mockReturnValue({
+      evaluate: () => ({ decision: 'allow', matched: false, reason: 'pass', confidence: 1.0 }),
+    });
+
+    const result = compiler.compileOne(PRINCIPLE_ID);
+
+    expect(result.success).toBe(false);
+    expect(result.degraded).toBe(true);
+    expect(result.reason).toBe('replay_validation_failed');
+    expect(result.replayResult).toBeDefined();
+    expect(result.replayResult!.passed).toBe(false);
+    expect(mockRegister).not.toHaveBeenCalled();
+  });
+
+  it('no asset dir created on replay failure', () => {
+    mockCollect.mockReturnValue(makeContext());
+
+    mockLoadModule.mockReturnValue({
+      evaluate: () => ({ decision: 'allow', matched: false, reason: 'pass', confidence: 1.0 }),
+    });
+
+    compiler.compileOne(PRINCIPLE_ID);
+
+    expect(mockCreateAssetDir).not.toHaveBeenCalled();
+  });
+
+  it('passing replay registers normally', () => {
+    mockCollect.mockReturnValue(makeContext());
+
+    mockLoadModule.mockReturnValue({
+      evaluate: (input: any) => {
+        const path = input?.action?.paramsSummary?.path;
+        if (path && path.includes('passwd')) {
+          return { decision: 'block', matched: true, reason: 'dangerous', confidence: 0.95 };
+        }
+        return { decision: 'allow', matched: false, reason: 'safe', confidence: 1.0 };
+      },
+    });
+
+    const result = compiler.compileOne(PRINCIPLE_ID);
+
+    expect(result.success).toBe(true);
+    expect(result.degraded).toBeUndefined();
+    expect(mockRegister).toHaveBeenCalledOnce();
+    expect(mockCreateAssetDir).toHaveBeenCalledOnce();
+  });
+
+  it('no cases (no regex qualifier) skips replay gate and registers', () => {
+    mockCollect.mockReturnValue(makeContext({ reason: 'bash failed unexpectedly' }));
+
+    mockLoadModule.mockReturnValue({
+      evaluate: () => ({ decision: 'block', matched: true, reason: 'test', confidence: 0.95 }),
+    });
+
+    const result = compiler.compileOne(PRINCIPLE_ID);
+
+    expect(result.success).toBe(true);
+    expect(result.degraded).toBeUndefined();
+    expect(mockRegister).toHaveBeenCalledOnce();
+    expect(mockLoadModule).not.toHaveBeenCalled();
+  });
+
+  it('no evaluate export returns degraded', () => {
+    mockCollect.mockReturnValue(makeContext());
+
+    mockLoadModule.mockReturnValue({});
+
+    const result = compiler.compileOne(PRINCIPLE_ID);
+
+    expect(result.success).toBe(false);
+    expect(result.degraded).toBe(true);
+    expect(result.reason).toContain('no evaluate export');
+    expect(mockRegister).not.toHaveBeenCalled();
+  });
+});

package/src/core/principle-compiler/code-validator.ts

@@ -1,45 +1,18 @@
 /**
  * Code Validator — Validates LLM-generated rule implementation code
  *
- * PURPOSE: Ensure generated code is safe, syntactically correct, and exports
- * the expected shape before it is stored as a rule implementation.
- *
  * CHECKS:
- * 1. Syntax: code parses without errors
- * 2. Forbidden patterns: no require, import, fetch, eval, Function, process, globalThis
- * 3. Export check: sandbox loads and exports evaluate + meta
- * 4. Return shape: evaluate(mockInput) returns { matched: boolean }
+ * 1. Syntax: code parses without errors (VM)
+ * 2. Forbidden patterns: delegates to core checkForbiddenPatterns (PRI-44)
+ * 3. Export check: sandbox loads and exports evaluate + meta (VM)
+ * 4. Return shape: evaluate(mockInput) returns { matched: boolean } (VM)
  *
- * Reuses loadRuleImplementationModule for sandbox execution (node:vm isolation).
+ * PRI-44: Forbidden pattern detection extracted to @principles/core.
  */
 
 import { nodeVm } from '../../utils/node-vm-polyfill.js';
 import { loadRuleImplementationModule } from '../rule-implementation-runtime.js';
-
-export interface ValidationResult {
-  valid: boolean;
-  errors: string[];
-  warnings: string[];
-}
-
-const FORBIDDEN_PATTERNS: { pattern: RegExp; label: string }[] = [
-  { pattern: /\brequire\s*\(/, label: 'require' },
-  { pattern: /\bimport\s+/, label: 'import' },
-  { pattern: /\bfetch\s*\(/, label: 'fetch' },
-  { pattern: /\beval\s*\(/, label: 'eval' },
-  { pattern: /\bFunction\s*\(/, label: 'Function' },
-  { pattern: /\bprocess\b/, label: 'process' },
-  { pattern: /\bglobalThis\b/, label: 'globalThis' },
-  { pattern: /\bglobal\b/, label: 'global' },
-  { pattern: /\bReflect\b/, label: 'Reflect' },
-  { pattern: /\bProxy\b/, label: 'Proxy' },
-  { pattern: /\bconstructor\b/, label: 'constructor' },
-  { pattern: /\bBuffer\b/, label: 'Buffer' },
-  { pattern: /\bsetTimeout\b/, label: 'setTimeout' },
-  { pattern: /\bsetInterval\b/, label: 'setInterval' },
-  // Bracket notation access to globals
-  { pattern: /\[\s*['"](require|import|fetch|eval|process|globalThis|global|Reflect|Proxy|Buffer|Function)\s*['"]\s*\]/, label: 'bracket access to forbidden global' },
-];
+import { checkForbiddenPatterns, type ValidationResult } from '@principles/core/runtime-v2';
 
 const MOCK_INPUT = {
   action: {
@@ -53,12 +26,13 @@ const MOCK_INPUT = {
   derived: { estimatedLineChanges: 0, bashRisk: 'safe' },
 };
 
+export type { ValidationResult } from '@principles/core/runtime-v2';
+
 export function validateGeneratedCode(code: string): ValidationResult {
   const errors: string[] = [];
   const warnings: string[] = [];
 
   // --- Check 1: Syntax ---
-  // Normalize export keywords so vm.Script can parse ES module source
   const normalized = code
     .replace(/export\s+const\s+/g, 'const ')
     .replace(/export\s+function\s+/g, 'function ');
@@ -69,11 +43,10 @@ export function validateGeneratedCode(code: string): ValidationResult {
     return { valid: false, errors, warnings };
   }
 
-  // --- Check 2: Forbidden patterns ---
-  for (const { pattern, label } of FORBIDDEN_PATTERNS) {
-    if (pattern.test(code)) {
-      errors.push(`Forbidden pattern: ${label}`);
-    }
+  // --- Check 2: Forbidden patterns (delegated to core) ---
+  const forbiddenLabels = checkForbiddenPatterns(code);
+  for (const label of forbiddenLabels) {
+    errors.push(`Forbidden pattern: ${label}`);
   }
 
   if (errors.length > 0) {
@@ -102,6 +75,9 @@ export function validateGeneratedCode(code: string): ValidationResult {
   }
 
   // --- Check 4: Return shape ---
+  // evaluate() throwing on mock input is acceptable — the function exists and has the
+  // right signature, it just can't handle our generic mock data.
+  // Track as a non-blocking warning so operators know the rule may be fragile.
   try {
     const result = (moduleExports.evaluate as (input: unknown) => unknown)(MOCK_INPUT);
     if (!result || typeof result !== 'object') {
@@ -110,9 +86,6 @@ export function validateGeneratedCode(code: string): ValidationResult {
       errors.push('evaluate must return { matched: boolean }');
     }
   } catch (evalWarning) {
-    // evaluate throwing on mock input is acceptable — the function exists and
-    // has the right signature, it just can't handle our generic mock data.
-    // Track as a non-blocking warning so operators know the rule may be fragile.
     warnings.push(`evaluate() threw on mock input: ${(evalWarning as Error).message}`);
   }
 

package/src/core/principle-compiler/compiler.ts

@@ -3,12 +3,13 @@
  *
  * Orchestrates the full compilation flow:
  *   ReflectionContextCollector.collect() → extract patterns → generateFromTemplate()
- *   → validateGeneratedCode() → registerCompiledRule()
+ *   → validateGeneratedCode() → [replay validation] → registerCompiledRule()
  *
  * DESIGN DECISIONS:
  * - extractPatterns infers toolName from pain event reasons and session tool calls
  * - Groups by toolName into PainPattern objects
  * - If no patterns can be extracted, returns a 'no patterns' failure
+ * - PRI-115: Replay validation gate runs after code validation, before registration
  */
 
 import { ReflectionContextCollector } from '../reflection/reflection-context.js';
@@ -17,19 +18,13 @@ import { generateFromTemplate, type PainPattern } from './template-generator.js'
 import { registerCompiledRule } from './ledger-registrar.js';
 import { createImplementationAssetDir } from '../code-implementation-storage.js';
 import type { TrajectoryDatabase } from '../trajectory.js';
+import type { CompileResult } from '@principles/core/runtime-v2';
+import { loadRuleImplementationModule } from '../rule-implementation-runtime.js';
+import { createGoldenTraceFixture, type GoldenTraceCase } from '@principles/core/runtime-v2';
+import { replayGoldenTrace, type ReplayEvaluateFn } from '@principles/core/runtime-v2';
 
-// ---------------------------------------------------------------------------
-// Types
-// ---------------------------------------------------------------------------
-
-export interface CompileResult {
-  success: boolean;
-  principleId: string;
-  ruleId?: string;
-  implementationId?: string;
-  code?: string;
-  reason?: string;
-}
+// Re-export CompileResult from core
+export type { CompileResult } from '@principles/core/runtime-v2';
 
 // ---------------------------------------------------------------------------
 // Constants
@@ -119,13 +114,20 @@ function extractPatterns(context: {
 /**
  * Infer tool name from text by checking for known tool names.
  * Returns the first matching known tool name, or null if none found.
+ *
+ * Uses negative lookbehind to avoid matching natural-language uses:
+ * - "please read the error" → read is a verb, not a tool reference
+ * - "could write to file" → write is a verb, not a tool reference
+ * Tool references in pain events typically appear near words like
+ * "tool", "call", "command", "failed", "via", "using", etc.
  */
 function inferToolName(text: string): string | null {
   const lower = text.toLowerCase();
   for (const tool of KNOWN_TOOLS) {
-    // Match as a standalone word to avoid false positives
+    // Match as a standalone word but exclude common natural-language patterns
     // e.g., "bash" in "bash" or "bash command" but not in "ambush"
-    const regex = new RegExp(`\\b${tool}\\b`);
+    // and not in "please read" or "could write" where it's a verb
+    const regex = new RegExp(`(?<!please |could |should |would )\\b${tool}\\b`);
     if (regex.test(lower)) {
       return tool;
     }
@@ -173,6 +175,7 @@ export class PrincipleCompiler {
    * 2. Extract pain patterns
    * 3. Generate code from template
    * 4. Validate generated code
+   * 4.5. Replay validation against GoldenTrace (PRI-115)
    * 5. Register in ledger
    */
   compileOne(principleId: string): CompileResult {
@@ -205,6 +208,49 @@ export class PrincipleCompiler {
       };
     }
 
+    // Step 4.5: Replay validation against GoldenTrace (PRI-115)
+    const replayCases = this.buildGoldenTraceCases(patterns, context);
+    if (replayCases.length > 0) {
+      let moduleExports: { evaluate?: unknown };
+      try {
+        moduleExports = loadRuleImplementationModule(code, `replay-${principleId}.js`);
+      } catch (err) {
+        return {
+          success: false,
+          principleId,
+          reason: `module_load_error: ${(err as Error).message}`,
+          code,
+          degraded: true,
+        };
+      }
+
+      if (typeof moduleExports.evaluate !== 'function') {
+        return { success: false, principleId, reason: 'replay: no evaluate export', degraded: true };
+      }
+
+      try {
+        const evaluateFn = moduleExports.evaluate as ReplayEvaluateFn;
+        const replayResult = replayGoldenTrace(evaluateFn, replayCases);
+        if (!replayResult.passed) {
+          return {
+            success: false,
+            principleId,
+            reason: 'replay_validation_failed',
+            code,
+            replayResult,
+            degraded: true,
+          };
+        }
+      } catch (err) {
+        return {
+          success: false,
+          principleId,
+          reason: `replay_error: ${(err as Error).message}`,
+          code,
+          degraded: true,
+        };
+      }
+    }
     // Step 5: Register
     const registration = registerCompiledRule(this.stateDir, {
       principleId,
@@ -226,6 +272,43 @@ export class PrincipleCompiler {
     };
   }
 
+  /**
+   * Build GoldenTrace test cases from extracted pain patterns.
+   *
+   * Generates synthetic negative/positive parameter pairs based on whether
+   * the pattern targets commands (commandRegex) or paths (pathRegex).
+   * Returns an empty array when no patterns are available.
+   */
+  private buildGoldenTraceCases(
+    patterns: PainPattern[],
+    _context: { painEvents: Array<{ reason: string | null; source: string }> },
+  ): GoldenTraceCase[] {
+    if (patterns.length === 0) return [];
+
+    const pattern = patterns[0];
+    // Skip replay when the pattern has no regex qualifier -- the generated template
+    // blocks ALL calls to the tool, making it impossible to construct a passing
+    // positive case. Replay is only meaningful when the template is selective.
+    // Also skip contentRegex-only patterns: synthetic content params are not meaningful.
+    if (!pattern.commandRegex && !pattern.pathRegex) return [];
+    const negativeParams: Record<string, unknown> = {};
+    if (pattern.commandRegex) negativeParams.command = 'rm -rf /';
+    else negativeParams.path = '/etc/passwd';
+
+    const positiveParams: Record<string, unknown> = {};
+    if (pattern.commandRegex) positiveParams.command = 'echo hello';
+    else positiveParams.path = '/tmp/safe.txt';
+
+    const fixture = createGoldenTraceFixture({
+      toolName: pattern.toolName,
+      negativeParams,
+      positiveParams,
+      expectedDecision: 'block',
+    });
+
+    return fixture.cases;
+  }
+
   /**
    * Compile all eligible principles (those with derivedFromPainIds).
    */
@@ -235,6 +318,8 @@ export class PrincipleCompiler {
       try {
         return this.compileOne(ctx.principle.id);
       } catch (e) {
+        // Log for operator visibility — catch-return is intentional for batch容错
+        console.warn(`[PrincipleCompiler] compileAll failed for ${ctx.principle.id}: ${(e as Error).message}`);
         return { success: false, principleId: ctx.principle.id, reason: `unhandled: ${(e as Error).message}` };
       }
     });

package/src/core/principle-compiler/index.ts

@@ -2,9 +2,12 @@
  * Principle Compiler — Barrel Export
  *
  * Re-exports all principle-compiler components for convenient importing.
+ * PRI-44: Types and pure logic re-exported from @principles/core.
  */
 
-export { PrincipleCompiler, type CompileResult } from './compiler.js';
-export { validateGeneratedCode, type ValidationResult } from './code-validator.js';
+export { PrincipleCompiler } from './compiler.js';
+export type { CompileResult } from './compiler.js';
+export { validateGeneratedCode } from './code-validator.js';
+export type { ValidationResult } from './code-validator.js';
 export { generateFromTemplate, type PainPattern } from './template-generator.js';
 export { registerCompiledRule, type RegisterInput, type RegisterResult } from './ledger-registrar.js';