principles-disciple 1.86.0 → 1.88.0

package/tests/core/surface-guard.test.ts

@@ -6,11 +6,18 @@ import {
   guardService,
   getSurfaceIdForHook,
   getSurfaceIdForService,
+  __resetSurfaceGuardSkipLogStateForTests,
 } from '../../src/core/surface-guard.js';
 import { PLUGIN_SURFACE_REGISTRY } from '@principles/core/runtime-v2';
 import type { OpenClawPluginService } from '../../src/openclaw-sdk.js';
 
 describe('surface-guard', () => {
+  beforeEach(() => {
+    // Each test starts with a clean surface-guard skip log state so the
+    // first-fire assertions are deterministic (PRI-298).
+    __resetSurfaceGuardSkipLogStateForTests();
+    vi.clearAllMocks();
+  });
   describe('getSurfaceIdForHook', () => {
     it('generates correct surface id without label', () => {
       expect(getSurfaceIdForHook('before_tool_call')).toBe('hook:before_tool_call');
@@ -144,6 +151,39 @@ describe('surface-guard', () => {
       expect(mockHandler).not.toHaveBeenCalled();
     });
 
+    it('does not log at guardHook construction time (PRI-298 / chatgpt P2)', () => {
+      // Registering a guard for a quiet hook must not emit the SKIP line on
+      // its own; the log fires only when the returned no-op is actually
+      // invoked. Plugin startup that registers a dozen quiet hooks would
+      // otherwise log a dozen SKIP lines before any real traffic.
+      const mockLogger = { info: vi.fn(), debug: vi.fn() };
+      guardHook('hook:after_tool_call.trajectory', mockLogger, vi.fn());
+      expect(mockLogger.info).not.toHaveBeenCalled();
+    });
+
+    it('logger undefined on first fire does not consume the one-shot slot (PRI-298 / coderabbit Major)', () => {
+      // First call has no logger — the no-op still suppresses the handler,
+      // and the once-only slot is preserved for a later call that does
+      // have a logger.
+      const handler1 = guardHook('hook:after_tool_call.trajectory', undefined, vi.fn());
+      handler1({}, {});
+
+      const mockLogger = { info: vi.fn(), debug: vi.fn() };
+      const handler2 = guardHook('hook:after_tool_call.trajectory', mockLogger, vi.fn());
+      handler2({}, {});
+
+      // Only the second call (which had a logger) should have emitted a log.
+      expect(mockLogger.info).toHaveBeenCalledTimes(1);
+      expect(mockLogger.info).toHaveBeenCalledWith(
+        expect.stringContaining('[PD:surface-guard] SKIP hook:after_tool_call.trajectory'),
+      );
+
+      // A third call should now be silent (slot consumed by the second call).
+      const handler3 = guardHook('hook:after_tool_call.trajectory', mockLogger, vi.fn());
+      handler3({}, {});
+      expect(mockLogger.info).toHaveBeenCalledTimes(1);
+    });
+
     it('does not log for enabled surface', () => {
       const mockLogger = { info: vi.fn(), debug: vi.fn() };
       const mockHandler = vi.fn();
@@ -160,6 +200,45 @@ describe('surface-guard', () => {
         expect.stringContaining('not found in registry'),
       );
     });
+
+    it('logs once on first fire and stays silent on subsequent fires (PRI-298 rate-limit)', () => {
+      const mockLogger = { info: vi.fn(), debug: vi.fn() };
+      const mockHandler = vi.fn();
+      const guarded = guardHook('hook:after_tool_call.trajectory', mockLogger, mockHandler);
+
+      // First fire: log is emitted once with the disabled reason.
+      guarded({}, {});
+      expect(mockLogger.info).toHaveBeenCalledTimes(1);
+      expect(mockLogger.info).toHaveBeenCalledWith(
+        expect.stringContaining('[PD:surface-guard] SKIP hook:after_tool_call.trajectory'),
+      );
+
+      // Subsequent fires on the same surfaceId: no further log noise, but the
+      // handler is still suppressed (observability remains: the no-op returns
+      // undefined; the surface is still classified as disabled).
+      for (let i = 0; i < 5; i += 1) {
+        guarded({}, {});
+      }
+      expect(mockLogger.info).toHaveBeenCalledTimes(1);
+      expect(mockHandler).not.toHaveBeenCalled();
+    });
+
+    it('logs first fire per surfaceId independently (one log per quiet surface)', () => {
+      const mockLogger = { info: vi.fn(), debug: vi.fn() };
+      const handler1 = guardHook('hook:after_tool_call.trajectory', mockLogger, vi.fn());
+      const handler2 = guardHook('hook:llm_output.trajectory', mockLogger, vi.fn());
+      const handler3 = guardHook('hook:subagent_spawning', mockLogger, vi.fn());
+
+      handler1({}, {});
+      handler2({}, {});
+      handler3({}, {});
+
+      expect(mockLogger.info).toHaveBeenCalledTimes(3);
+      const calls = mockLogger.info.mock.calls.map(c => String(c[0]));
+      expect(calls.some(c => c.includes('hook:after_tool_call.trajectory'))).toBe(true);
+      expect(calls.some(c => c.includes('hook:llm_output.trajectory'))).toBe(true);
+      expect(calls.some(c => c.includes('hook:subagent_spawning'))).toBe(true);
+    });
   });
 
   describe('guardService', () => {
@@ -194,5 +273,68 @@ describe('surface-guard', () => {
       const result = guardService('service:nonexistent', mockService);
       expect(result).toBeNull();
     });
+
+    it('logs once per service surface on first registration (PRI-298 rate-limit)', () => {
+      const mockLogger = { info: vi.fn(), debug: vi.fn() };
+      const service: OpenClawPluginService = { id: 'test-service' };
+
+      // First registration call: the disabled reason is logged once.
+      const first = guardService('service:trajectory', service, mockLogger);
+      expect(first).toBeNull();
+      expect(mockLogger.info).toHaveBeenCalledTimes(1);
+      expect(mockLogger.info).toHaveBeenCalledWith(
+        expect.stringContaining('SKIP service service:trajectory'),
+      );
+
+      // Subsequent guardService calls for the same surfaceId stay silent.
+      guardService('service:trajectory', service, mockLogger);
+      guardService('service:trajectory', service, mockLogger);
+      expect(mockLogger.info).toHaveBeenCalledTimes(1);
+    });
+  });
+
+  describe('PRI-298 disabledReason copy', () => {
+    it('no quiet surface disabledReason references "Story A" or "Story A\'"', () => {
+      const quietOrNonCore = PLUGIN_SURFACE_REGISTRY.filter(
+        s => s.category === 'quiet' || s.category === 'gone' || s.category === 'legacy_retire',
+      );
+      expect(quietOrNonCore.length).toBeGreaterThan(0);
+      for (const surface of quietOrNonCore) {
+        expect(surface.disabledReason).toBeDefined();
+        // MVP residue that should not appear in production log copy.
+        expect(surface.disabledReason).not.toMatch(/Story A/);
+        expect(surface.disabledReason).not.toMatch(/MVP\s*验收/);
+        expect(surface.disabledReason).not.toMatch(/测试任务/);
+      }
+    });
+
+    it('trajectory hook disabledReason is opt-in and ADR-anchored (PRI-298)', () => {
+      const trajectory = PLUGIN_SURFACE_REGISTRY.find(
+        s => s.id === 'hook:after_tool_call.trajectory',
+      );
+      expect(trajectory?.disabledReason).toBeDefined();
+      const reason = trajectory!.disabledReason!.toLowerCase();
+      // Quiet hook copy is opt-in / opt-out anchored on a real ADR section
+      // (no MVP-phase residue, no promise of a feature-flag override that
+      // the production guard path does not actually consume — chatgpt P2).
+      expect(reason).toContain('opt-in');
+      expect(reason).toContain('default off');
+      expect(reason).toMatch(/adr-?0014/);
+    });
+
+    it('no quiet surface disabledReason promises a feature flag override (PRI-298 / chatgpt P2)', () => {
+      // The runtime guard path (`isSurfaceEnabled(surfaceId)` with no
+      // overrides argument) does not consume `.pd/config.yaml`, so
+      // telling operators to "enable via feature flag override" would be
+      // an impossible next action. Quiet copy must describe the surface
+      // honestly without pointing to a non-existent override path.
+      const quiet = PLUGIN_SURFACE_REGISTRY.filter(s => s.category === 'quiet');
+      expect(quiet.length).toBeGreaterThan(0);
+      for (const surface of quiet) {
+        const reason = surface.disabledReason!.toLowerCase();
+        expect(reason).not.toContain('enable via feature flag');
+        expect(reason).not.toMatch(/enable via .* override/);
+      }
+    });
   });
 });

package/tests/core-anti-growth.test.ts

@@ -124,6 +124,7 @@ describe('PRI-212 plugin core anti-growth guard', () => {
     'runtime-v2-prompt-activation-reader.ts',
     'workspace-guidance-migrator.ts',
     'surface-guard.ts',
+    'pd-config-loader.ts',
   ] as const;
 
   // Category 6: Test files

package/tests/evolution-worker-quarantine.test.ts

@@ -2,8 +2,8 @@
  * PRI-288: Quarantine EvolutionWorkerService default startup behind MVP feature flag.
  *
  * Tests prove:
- * 1. Default config (no feature-flags.yaml) → EvolutionWorkerService does NOT start.
- * 2. Explicit enable in feature-flags.yaml → EvolutionWorkerService starts.
+ * 1. Default config (no config.yaml) → EvolutionWorkerService does NOT start.
+ * 2. Explicit enable in config.yaml → EvolutionWorkerService starts.
  * 3. Disabled state has structured observability from real helper, not hand-written JSON.
  * 4. api.registerService still works regardless of flag state.
  *
@@ -60,9 +60,63 @@ function createTempWorkspace(): string {
   return dir;
 }
 
-function writeFeatureFlags(workspaceDir: string, flags: Record<string, unknown>): void {
-  const configPath = path.join(workspaceDir, '.pd', 'feature-flags.yaml');
-  const content = yaml.dump(flags, { schema: yaml.JSON_SCHEMA });
+function deepMergeFeatures(
+  defaults: Record<string, unknown>,
+  overrides: Record<string, unknown>,
+): Record<string, unknown> {
+  const result: Record<string, unknown> = { ...defaults };
+  for (const [key, value] of Object.entries(overrides)) {
+    if (
+      value != null &&
+      typeof value === 'object' &&
+      !Array.isArray(value) &&
+      Object.hasOwn(result, key) &&
+      result[key] != null &&
+      typeof result[key] === 'object' &&
+      !Array.isArray(result[key])
+    ) {
+      result[key] = { ...(result[key] as Record<string, unknown>), ...(value as Record<string, unknown>) };
+    } else {
+      result[key] = value;
+    }
+  }
+  return result;
+}
+
+function writeConfigYaml(workspaceDir: string, featureOverrides: Record<string, unknown>): void {
+  const configPath = path.join(workspaceDir, '.pd', 'config.yaml');
+  const defaultFeatures: Record<string, unknown> = {
+    prompt: { category: 'core', enabled: true },
+    code_tool_hook: { category: 'core', enabled: true },
+    defer_archive: { category: 'core', enabled: true },
+    correction_observer: { category: 'quiet', enabled: false },
+    empathy_observer: { category: 'quiet', enabled: false },
+    evolution_worker: { category: 'quiet', enabled: false },
+    nocturnal: { category: 'gone', enabled: false },
+  };
+  const config = {
+    version: 1,
+    features: deepMergeFeatures(defaultFeatures, featureOverrides),
+    runtimeProfiles: {
+      'openclaw.default': { type: 'openclaw', source: 'default' },
+    },
+    internalAgents: {
+      defaultRuntime: 'openclaw.default',
+      agents: {
+        diagnostician: { enabled: true },
+        dreamer: { enabled: true },
+        scribe: { enabled: true },
+        artificer: { enabled: true },
+        philosopher: { enabled: false },
+        evaluator: { enabled: false },
+        rolloutReviewer: { enabled: false },
+        trainer: { enabled: false },
+        correctionObserver: { enabled: false },
+        empathyObserver: { enabled: false },
+      },
+    },
+  };
+  const content = yaml.dump(config, { schema: yaml.JSON_SCHEMA });
   fs.writeFileSync(configPath, content, 'utf8');
 }
 
@@ -112,32 +166,32 @@ describe('PRI-288: EvolutionWorkerService quarantine', () => {
   // ── 2. loadFeatureFlagFromWorkspace ──
 
   describe('loadFeatureFlagFromWorkspace', () => {
-    it('returns enabled=false when no feature-flags.yaml exists', () => {
+    it('returns enabled=false when no config.yaml exists', () => {
       const logger = createMockLogger();
       const result = loadFeatureFlagFromWorkspace(workspaceDir, 'evolution_worker', logger);
       expect(result.enabled).toBe(false);
       expect(result.source).toBe('defaults');
     });
 
-    it('returns enabled=false when feature-flags.yaml has no evolution_worker entry', () => {
-      writeFeatureFlags(workspaceDir, { prompt: { enabled: true } });
+    it('returns enabled=false when config.yaml has no evolution_worker entry', () => {
+      writeConfigYaml(workspaceDir, { prompt: { enabled: true } });
       const logger = createMockLogger();
       const result = loadFeatureFlagFromWorkspace(workspaceDir, 'evolution_worker', logger);
       expect(result.enabled).toBe(false);
     });
 
-    it('returns enabled=true when feature-flags.yaml explicitly enables evolution_worker', () => {
-      writeFeatureFlags(workspaceDir, {
+    it('returns enabled=true when config.yaml explicitly enables evolution_worker', () => {
+      writeConfigYaml(workspaceDir, {
         evolution_worker: { enabled: true },
       });
       const logger = createMockLogger();
       const result = loadFeatureFlagFromWorkspace(workspaceDir, 'evolution_worker', logger);
       expect(result.enabled).toBe(true);
-      expect(result.source).toBe('workspace_file');
+      expect(result.source).toBe('user_config');
     });
 
     it('returns enabled=false when YAML is malformed and warning includes error detail', () => {
-      const configPath = path.join(workspaceDir, '.pd', 'feature-flags.yaml');
+      const configPath = path.join(workspaceDir, '.pd', 'config.yaml');
       fs.writeFileSync(configPath, '  bad: [yaml: content', 'utf8');
       const logger = createMockLogger();
       const result = loadFeatureFlagFromWorkspace(workspaceDir, 'evolution_worker', logger);
@@ -152,7 +206,7 @@ describe('PRI-288: EvolutionWorkerService quarantine', () => {
 
     it('returns defaults when file is unreadable', () => {
       // Create a directory where a file should be — causes read error
-      const configPath = path.join(workspaceDir, '.pd', 'feature-flags.yaml');
+      const configPath = path.join(workspaceDir, '.pd', 'config.yaml');
       fs.mkdirSync(configPath, { recursive: true });
       const logger = createMockLogger();
       const result = loadFeatureFlagFromWorkspace(workspaceDir, 'evolution_worker', logger);
@@ -162,7 +216,7 @@ describe('PRI-288: EvolutionWorkerService quarantine', () => {
 
     it('rejects dangerous keys (__proto__) and does not enable via prototype pollution', () => {
       // Write raw YAML with __proto__ to test dangerous key rejection on raw parsed output
-      writeFeatureFlags(workspaceDir, {
+      writeConfigYaml(workspaceDir, {
         __proto__: { enabled: true },
         evolution_worker: { enabled: false },
       });
@@ -175,7 +229,7 @@ describe('PRI-288: EvolutionWorkerService quarantine', () => {
   // ── 3. shouldStartEvolutionWorker — real helper, real output ──
 
   describe('shouldStartEvolutionWorker gate helper', () => {
-    it('returns shouldStart=false by default (no feature-flags.yaml)', () => {
+    it('returns shouldStart=false by default (no config.yaml)', () => {
       const logger = createMockLogger();
       const gate = shouldStartEvolutionWorker(workspaceDir, logger);
       expect(gate.shouldStart).toBe(false);
@@ -184,13 +238,13 @@ describe('PRI-288: EvolutionWorkerService quarantine', () => {
     });
 
     it('returns shouldStart=true when explicitly enabled', () => {
-      writeFeatureFlags(workspaceDir, {
+      writeConfigYaml(workspaceDir, {
         evolution_worker: { enabled: true },
       });
       const logger = createMockLogger();
       const gate = shouldStartEvolutionWorker(workspaceDir, logger);
       expect(gate.shouldStart).toBe(true);
-      expect(gate.flagSource).toBe('workspace_file');
+      expect(gate.flagSource).toBe('user_config');
       expect(gate.disabledInfo).toBeNull();
     });
 
@@ -248,18 +302,18 @@ describe('PRI-288: EvolutionWorkerService quarantine', () => {
 
   describe('explicit enable: worker starts', () => {
     it('shouldStartEvolutionWorker returns true when enabled in config', () => {
-      writeFeatureFlags(workspaceDir, {
+      writeConfigYaml(workspaceDir, {
         evolution_worker: { enabled: true },
       });
 
       const logger = createMockLogger();
       const gate = shouldStartEvolutionWorker(workspaceDir, logger);
       expect(gate.shouldStart).toBe(true);
-      expect(gate.flagSource).toBe('workspace_file');
+      expect(gate.flagSource).toBe('user_config');
     });
 
     it('EvolutionWorkerService.start actually runs when gate is true', () => {
-      writeFeatureFlags(workspaceDir, {
+      writeConfigYaml(workspaceDir, {
         evolution_worker: { enabled: true },
       });
 
@@ -292,17 +346,18 @@ describe('PRI-288: EvolutionWorkerService quarantine', () => {
     });
 
     it('computeEffectiveFlags preserves core flags even with evolution_worker override', () => {
-      writeFeatureFlags(workspaceDir, {
+      writeConfigYaml(workspaceDir, {
         evolution_worker: { enabled: true },
       });
 
-      const configPath = path.join(workspaceDir, '.pd', 'feature-flags.yaml');
+      const configPath = path.join(workspaceDir, '.pd', 'config.yaml');
       const raw = fs.readFileSync(configPath, 'utf8');
       const parsed: unknown = yaml.load(raw, { schema: yaml.JSON_SCHEMA });
 
       // Use isRecord type guard instead of `as`
       expect(isRecord(parsed)).toBe(true);
-      const flags = computeEffectiveFlags(parsed as Record<string, unknown>, DEFAULT_FEATURE_FLAGS, configPath);
+      const features = (parsed as Record<string, unknown>).features;
+      const flags = computeEffectiveFlags(features as Record<string, unknown>, DEFAULT_FEATURE_FLAGS, configPath);
       expect(flags.flags['prompt']?.enabled).toBe(true);
       expect(flags.flags['code_tool_hook']?.enabled).toBe(true);
       expect(flags.flags['defer_archive']?.enabled).toBe(true);
@@ -310,17 +365,18 @@ describe('PRI-288: EvolutionWorkerService quarantine', () => {
     });
 
     it('core flags cannot be disabled by user override', () => {
-      writeFeatureFlags(workspaceDir, {
+      writeConfigYaml(workspaceDir, {
         prompt: { enabled: false },
         code_tool_hook: { enabled: false },
       });
 
-      const configPath = path.join(workspaceDir, '.pd', 'feature-flags.yaml');
+      const configPath = path.join(workspaceDir, '.pd', 'config.yaml');
       const raw = fs.readFileSync(configPath, 'utf8');
       const parsed: unknown = yaml.load(raw, { schema: yaml.JSON_SCHEMA });
 
       expect(isRecord(parsed)).toBe(true);
-      const flags = computeEffectiveFlags(parsed as Record<string, unknown>, DEFAULT_FEATURE_FLAGS, configPath);
+      const features = (parsed as Record<string, unknown>).features;
+      const flags = computeEffectiveFlags(features as Record<string, unknown>, DEFAULT_FEATURE_FLAGS, configPath);
       expect(flags.flags['prompt']?.enabled).toBe(true); // core cannot be disabled
       expect(flags.flags['code_tool_hook']?.enabled).toBe(true); // core cannot be disabled
       expect(flags.warnings.length).toBeGreaterThan(0); // warnings about core override attempt
@@ -331,7 +387,7 @@ describe('PRI-288: EvolutionWorkerService quarantine', () => {
 
   describe('no confirm-first gate regression', () => {
     it('no PLAN.md or confirm-first files are created in workspace', () => {
-      writeFeatureFlags(workspaceDir, {
+      writeConfigYaml(workspaceDir, {
         evolution_worker: { enabled: false },
       });
 

package/tests/evolution-worker-slimming.test.ts

@@ -28,9 +28,63 @@ function createTempWorkspace(): string {
   return dir;
 }
 
-function writeFeatureFlags(workspaceDir: string, flags: Record<string, unknown>): void {
-  const configPath = path.join(workspaceDir, '.pd', 'feature-flags.yaml');
-  const content = yaml.dump(flags, { schema: yaml.JSON_SCHEMA });
+function deepMergeFeatures(
+  defaults: Record<string, unknown>,
+  overrides: Record<string, unknown>,
+): Record<string, unknown> {
+  const result: Record<string, unknown> = { ...defaults };
+  for (const [key, value] of Object.entries(overrides)) {
+    if (
+      value != null &&
+      typeof value === 'object' &&
+      !Array.isArray(value) &&
+      Object.hasOwn(result, key) &&
+      result[key] != null &&
+      typeof result[key] === 'object' &&
+      !Array.isArray(result[key])
+    ) {
+      result[key] = { ...(result[key] as Record<string, unknown>), ...(value as Record<string, unknown>) };
+    } else {
+      result[key] = value;
+    }
+  }
+  return result;
+}
+
+function writeConfigYaml(workspaceDir: string, featureOverrides: Record<string, unknown>): void {
+  const configPath = path.join(workspaceDir, '.pd', 'config.yaml');
+  const defaultFeatures: Record<string, unknown> = {
+    prompt: { category: 'core', enabled: true },
+    code_tool_hook: { category: 'core', enabled: true },
+    defer_archive: { category: 'core', enabled: true },
+    correction_observer: { category: 'quiet', enabled: false },
+    empathy_observer: { category: 'quiet', enabled: false },
+    evolution_worker: { category: 'quiet', enabled: false },
+    nocturnal: { category: 'gone', enabled: false },
+  };
+  const config = {
+    version: 1,
+    features: deepMergeFeatures(defaultFeatures, featureOverrides),
+    runtimeProfiles: {
+      'openclaw.default': { type: 'openclaw', source: 'default' },
+    },
+    internalAgents: {
+      defaultRuntime: 'openclaw.default',
+      agents: {
+        diagnostician: { enabled: true },
+        dreamer: { enabled: true },
+        scribe: { enabled: true },
+        artificer: { enabled: true },
+        philosopher: { enabled: false },
+        evaluator: { enabled: false },
+        rolloutReviewer: { enabled: false },
+        trainer: { enabled: false },
+        correctionObserver: { enabled: false },
+        empathyObserver: { enabled: false },
+      },
+    },
+  };
+  const content = yaml.dump(config, { schema: yaml.JSON_SCHEMA });
   fs.writeFileSync(configPath, content, 'utf8');
 }
 
@@ -151,6 +205,9 @@ describe('PRI-294: CorrectionObserver independence from EvolutionWorker', () =>
   });
 
   it('CorrectionObserver starts when EvolutionWorker is disabled (default)', () => {
+    writeConfigYaml(workspaceDir, {
+      correction_observer: { enabled: true },
+    });
     const logger = createMockLogger();
 
     // Verify EvolutionWorker is disabled
@@ -164,8 +221,9 @@ describe('PRI-294: CorrectionObserver independence from EvolutionWorker', () =>
   });
 
   it('CorrectionObserver starts when EvolutionWorker is explicitly enabled', () => {
-    writeFeatureFlags(workspaceDir, {
+    writeConfigYaml(workspaceDir, {
       evolution_worker: { enabled: true },
+      correction_observer: { enabled: true },
     });
     const logger = createMockLogger();
 
@@ -177,7 +235,7 @@ describe('PRI-294: CorrectionObserver independence from EvolutionWorker', () =>
   });
 
   it('CorrectionObserver can be independently disabled', () => {
-    writeFeatureFlags(workspaceDir, {
+    writeConfigYaml(workspaceDir, {
       correction_observer: { enabled: false },
     });
     const logger = createMockLogger();

package/tests/hooks/runtime-v2-prompt-activation.test.ts

@@ -494,9 +494,11 @@ describe('Runtime V2 prompt activation — additional guard tests', () => {
 
   it('malformed DB/config input fails loud with warning', async () => {
     const pdDir = path.join(tempWorkspaceDir, '.pd');
+    // PRI-305/PRI-307: Write a malformed .pd/config.yaml with dangerous keys
+    // The core validator rejects __proto__ and constructor as dangerous keys
     fs.writeFileSync(
-      path.join(pdDir, 'feature-flags.yaml'),
-      '__proto__:\n  enabled: true\nprompt:\n  enabled: true\nconstructor:\n  enabled: false\n',
+      path.join(pdDir, 'config.yaml'),
+      'version: 1\nfeatures:\n  __proto__:\n    category: core\n    enabled: true\n  prompt:\n    category: core\n    enabled: true\n  constructor:\n    category: core\n    enabled: false\nruntimeProfiles:\n  openclaw.default:\n    type: openclaw\n    source: default\ninternalAgents:\n  defaultRuntime: openclaw.default\n  agents:\n    diagnostician:\n      enabled: true\n    dreamer:\n      enabled: true\n    scribe:\n      enabled: true\n    artificer:\n      enabled: true\n    philosopher:\n      enabled: false\n    evaluator:\n      enabled: false\n    rolloutReviewer:\n      enabled: false\n    trainer:\n      enabled: false\n    correctionObserver:\n      enabled: false\n    empathyObserver:\n      enabled: false\n',
       'utf8',
     );
 
@@ -507,10 +509,14 @@ describe('Runtime V2 prompt activation — additional guard tests', () => {
     const result = await reader.readActivatedPrinciples();
 
     const warnCalls = warnSpy.mock.calls.map((c: unknown[]) => String(c[0]));
+    // PRI-305/PRI-307: Core validator rejects dangerous keys as errors.
+    // The plugin config loader logs config errors as warnings.
     const hasDangerousKeyWarning = warnCalls.some(
-      (c: string) => c.includes('dangerous key') || c.includes('__proto__') || c.includes('constructor'),
+      (c: string) => c.includes('dangerous key') || c.includes('__proto__') || c.includes('constructor') || c.includes('Config error'),
     );
     expect(hasDangerousKeyWarning).toBe(true);
+    // With malformed config, defaults are used (prompt enabled by default),
+    // but no DB data exists, so principles should be empty
     expect(result.principles).toEqual([]);
   });