principles-disciple 1.91.0 → 1.93.0

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "principles-disciple",
   "name": "Principles Disciple",
   "description": "Evolutionary programming agent framework with strategic guardrails and reflection loops.",
-  "version": "1.91.0",
+  "version": "1.93.0",
   "activation": {
     "onCapabilities": [
       "hook"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "principles-disciple",
-  "version": "1.91.0",
+  "version": "1.93.0",
   "description": "Native OpenClaw plugin for Principles Disciple",
   "type": "module",
   "main": "./dist/bundle.js",

package/src/hooks/gate-block-helper.ts

@@ -10,11 +10,17 @@
  * had their own block persistence implementations.
  */
 
+import * as fs from 'fs';
 import { getSession, trackBlock } from '../core/session-tracker.js';
 import type { WorkspaceContext } from '../core/workspace-context.js';
 import type { PluginHookBeforeToolCallResult } from '../openclaw-sdk.js';
 import { evaluatePainDiagnosticGate } from '../core/pain-diagnostic-gate.js';
 import { emitPainDetectedEvent } from './pain.js';
+import { loadFeatureFlagFromConfig } from '../core/pd-config-loader.js';
+import { evaluateEvidenceTriage } from './triage-adapter.js';
+import { isRisky } from '../utils/io.js';
+import { normalizeProfile } from '../core/profile.js';
+import { SystemLogger } from '../core/system-logger.js';
 import {
   TRAJECTORY_GATE_BLOCK_RETRY_DELAY_MS,
   TRAJECTORY_GATE_BLOCK_MAX_RETRIES
@@ -114,38 +120,75 @@ export function recordGateBlockAndReturn(
       origin: 'system_infer',
     });
 
-    const session = getSession(sessionId);
-    const gate = evaluatePainDiagnosticGate({
-      source: 'gate_blocked',
-      score: GATE_BLOCK_PAIN_SCORE,
-      currentGfi: session?.currentGfi ?? 0,
-      consecutiveErrors: session?.consecutiveErrors ?? 0,
-      sessionId,
-      errorHash: `${toolName}:${filePath}:${reason}`,
-      thresholds: {
-        painTrigger: wctx.config.get('thresholds.pain_trigger') || 40,
-        highSeverity: wctx.config.get('severity_thresholds.high') || 70,
-      },
-    });
+    // PEAT-B1: Evidence triage (feature-flagged)
+    let triageAdmitted = true;
+    const gateBlockTriageFlag = loadFeatureFlagFromConfig(wctx.workspaceDir, 'painEvidenceAdmission');
+    if (gateBlockTriageFlag.enabled) {
+      // Load profile with 1MB size guard, matching pain.ts pattern
+      const profilePath = wctx.resolve('PROFILE');
+      let profile = normalizeProfile({});
+      if (fs.existsSync(profilePath)) {
+        try {
+          const content = fs.readFileSync(profilePath, 'utf8');
+          if (content.length > 1024 * 1024) {
+            logger.warn?.('[PD_GATE] PROFILE.json exceeds 1 MB, skipping');
+            SystemLogger.log(wctx.workspaceDir, 'PROFILE_PARSE_WARN', 'PROFILE.json exceeds 1 MB, skipping — fallback to non-risky');
+          } else {
+            profile = normalizeProfile(JSON.parse(content));
+          }
+        } catch (e) {
+          logger.warn?.(`[PD_GATE] Failed to parse PROFILE.json: ${String(e)}`);
+          SystemLogger.log(wctx.workspaceDir, 'PROFILE_PARSE_WARN', `Failed to parse PROFILE.json: ${String(e)} — fallback to non-risky`);
+        }
+      }
+      // Real judgment for rulehost blocks: if a principle blocked an action on a risky path,
+      // it IS a high-confidence unsafe action. The pain score (45) is the evidence friction
+      // weight, NOT the action risk severity. The rulehost principle already determined
+      // this action was important enough to block — that is the real signal.
+      const isUnsafe = isRisky(filePath, profile.risk_paths);
+      const triage = evaluateEvidenceTriage('rulehost_block', GATE_BLOCK_PAIN_SCORE, {
+        isUnsafeHighConfidence: isUnsafe,
+      });
+      if (triage.decision !== 'admit') {
+        triageAdmitted = false;
+        logger.info?.(`[PD_GATE] Triage ${triage.decision}: ${triage.reason}`);
+      }
+    }
 
-    if (gate.shouldDiagnose) {
-      void emitPainDetectedEvent(wctx, {
-        ts: new Date().toISOString(),
-        type: 'pain_detected',
-        data: {
-          painId: `gate_${Date.now()}_${Math.random().toString(36).slice(2, 10)}`,
-          painType: 'user_frustration',
-          source: 'gate_blocked',
-          reason: `Gate blocked ${toolName} on ${filePath}: ${reason}`,
-          score: GATE_BLOCK_PAIN_SCORE,
-          sessionId,
-          agentId: 'main',
+    const session = getSession(sessionId);
+    if (triageAdmitted) {
+      const gate = evaluatePainDiagnosticGate({
+        source: 'gate_blocked',
+        score: GATE_BLOCK_PAIN_SCORE,
+        currentGfi: session?.currentGfi ?? 0,
+        consecutiveErrors: session?.consecutiveErrors ?? 0,
+        sessionId,
+        errorHash: `${toolName}:${filePath}:${reason}`,
+        thresholds: {
+          painTrigger: wctx.config.get('thresholds.pain_trigger') || 40,
+          highSeverity: wctx.config.get('severity_thresholds.high') || 70,
         },
-      }).catch((emitErr) => {
-        logWarn(`[PD_GATE] Failed to emit gate block pain event: ${String(emitErr)}`);
       });
-    } else {
-      logger.info?.(`[PD_GATE] Gate block recorded without Runtime V2 diagnosis: ${gate.detail}`);
+
+      if (gate.shouldDiagnose) {
+        void emitPainDetectedEvent(wctx, {
+          ts: new Date().toISOString(),
+          type: 'pain_detected',
+          data: {
+            painId: `gate_${Date.now()}_${Math.random().toString(36).slice(2, 10)}`,
+            painType: 'user_frustration',
+            source: 'gate_blocked',
+            reason: `Gate blocked ${toolName} on ${filePath}: ${reason}`,
+            score: GATE_BLOCK_PAIN_SCORE,
+            sessionId,
+            agentId: 'main',
+          },
+        }).catch((emitErr) => {
+          logWarn(`[PD_GATE] Failed to emit gate block pain event: ${String(emitErr)}`);
+        });
+      } else {
+        logger.info?.(`[PD_GATE] Gate block recorded without Runtime V2 diagnosis: ${gate.detail}`);
+      }
     }
   }
 

package/src/hooks/llm.ts

@@ -11,6 +11,8 @@ import { sanitizeAssistantText } from './message-sanitize.js';
 import { atomicWriteFileSync } from '../utils/io.js';
 import { emitPainDetectedEvent, buildTrajectoryEvidence } from './pain.js';
 import { evaluatePainDiagnosticGate } from '../core/pain-diagnostic-gate.js';
+import { loadFeatureFlagFromConfig } from '../core/pd-config-loader.js';
+import { resolveSourceKindFromLlmDetection, evaluateEvidenceTriage } from './triage-adapter.js';
 
 export interface EmpathySignal {
     detected: boolean;
@@ -240,26 +242,26 @@ export function handleLlmOutput(
     // GFI-triggered pain: when accumulated friction crosses highGfi threshold,
     // emit pain signal even if L1 detection didn't fire.
     const highGfiThreshold = Math.max(config.get('severity_thresholds.high') || 70, painTriggerThreshold + 30);
+    let isGfiTriggered = false;
     if (state.currentGfi >= highGfiThreshold && painScore < painTriggerThreshold) {
         painScore = Math.min(state.currentGfi, 60);
         source = 'user_empathy';
+        isGfiTriggered = true;
         matchedReason = `Accumulated GFI (${state.currentGfi.toFixed(1)}) crossed highGfi threshold (${highGfiThreshold}). Source: empathy keyword friction.`;
     }
 
     if (painScore >= painTriggerThreshold) {
-        const gate = evaluatePainDiagnosticGate({
-            source: source === 'llm_paralysis' ? 'llm_paralysis' : 'semantic',
-            score: painScore,
-            currentGfi: state.currentGfi,
-            consecutiveErrors: state.consecutiveErrors,
-            sessionId: ctx.sessionId || 'unknown',
-            errorHash: source,
-            thresholds: {
-                painTrigger: painTriggerThreshold,
-                highSeverity: config.get('severity_thresholds.high') || 70,
-                semanticPain: Math.max(painTriggerThreshold, 60),
-            },
-        });
+        // PEAT-B1: Evidence triage (feature-flagged)
+        let triageAdmitted = true;
+        const llmTriageFlag = loadFeatureFlagFromConfig(ctx.workspaceDir!, 'painEvidenceAdmission');
+        if (llmTriageFlag.enabled) {
+            const sourceKind = resolveSourceKindFromLlmDetection(source, isGfiTriggered);
+            const triage = evaluateEvidenceTriage(sourceKind, painScore);
+            if (triage.decision !== 'admit') {
+                triageAdmitted = false;
+                ctx.logger?.info?.(`[PD:LLM] Triage ${triage.decision}: ${triage.reason}`);
+            }
+        }
 
         eventLog.recordPainSignal(ctx.sessionId, {
             score: painScore,
@@ -268,25 +270,43 @@ export function handleLlmOutput(
             isRisky: false
         });
 
-        if (gate.shouldDiagnose) {
-            const evidence = buildTrajectoryEvidence(wctx, ctx.sessionId || 'unknown');
-            emitPainDetectedEvent(wctx, {
-                ts: new Date().toISOString(),
-                type: 'pain_detected',
-                data: {
-                    painId: `llm_${Date.now()}`,
-                    painType: 'user_frustration' as const,
-                    source,
-                    reason: `${matchedReason}; diagnosticGate=${gate.reason}`,
-                    score: painScore,
-                    sessionId: ctx.sessionId || 'unknown',
-                    agentId: ctx.agentId,
-                    provenance: 'openclaw_context_bound',
-                    evidence,
+        if (triageAdmitted) {
+            const gate = evaluatePainDiagnosticGate({
+                source: source === 'llm_paralysis' ? 'llm_paralysis' : 'semantic',
+                score: painScore,
+                currentGfi: state.currentGfi,
+                consecutiveErrors: state.consecutiveErrors,
+                sessionId: ctx.sessionId || 'unknown',
+                errorHash: source,
+                thresholds: {
+                    painTrigger: painTriggerThreshold,
+                    highSeverity: config.get('severity_thresholds.high') || 70,
+                    semanticPain: Math.max(painTriggerThreshold, 60),
                 },
             });
+
+            if (gate.shouldDiagnose) {
+                const evidence = buildTrajectoryEvidence(wctx, ctx.sessionId || 'unknown');
+                emitPainDetectedEvent(wctx, {
+                    ts: new Date().toISOString(),
+                    type: 'pain_detected',
+                    data: {
+                        painId: `llm_${Date.now()}`,
+                        painType: 'user_frustration' as const,
+                        source,
+                        reason: `${matchedReason}; diagnosticGate=${gate.reason}`,
+                        score: painScore,
+                        sessionId: ctx.sessionId || 'unknown',
+                        agentId: ctx.agentId,
+                        provenance: 'openclaw_context_bound',
+                        evidence,
+                    },
+                });
+            } else {
+                ctx.logger?.info?.(`[PD:LLM] Pain signal recorded without Runtime V2 diagnosis: ${gate.detail}`);
+            }
         } else {
-            ctx.logger?.info?.(`[PD:LLM] Pain signal recorded without Runtime V2 diagnosis: ${gate.detail}`);
+            ctx.logger?.info?.(`[PD:LLM] Triage evidence-only: pain signal recorded without diagnosis or gate evaluation`);
         }
     }
 

package/src/hooks/message-sanitize.ts

@@ -1,4 +1,11 @@
 import type { PluginHookBeforeMessageWriteEvent, PluginHookBeforeMessageWriteResult } from '../openclaw-sdk.js';
+import {
+  sanitizeString as coreSanitizeString,
+  sanitizeValue as coreSanitizeValue,
+  sanitizeToolParams as coreSanitizeToolParams,
+  convergePath,
+  MAX_EVIDENCE_VALUE_CHARS,
+} from '@principles/core/runtime-v2';
 
 const INTERNAL_TAG_PATTERNS = [
   /\[EMOTIONAL_DAMAGE_DETECTED(?::(?:mild|moderate|severe))?\]/gi,
@@ -21,6 +28,41 @@ function isAssistantMessageWithContent(
   );
 }
 
+// Re-export core constants and functions for backward compatibility
+export { MAX_EVIDENCE_VALUE_CHARS, convergePath };
+
+/**
+ * Sanitize a single string value for evidence storage.
+ * Delegates to core sanitizer with optional workspaceDir for path convergence.
+ */
+export function sanitizeForEvidence(value: unknown, workspaceDir?: string): string {
+  if (value === null || value === undefined) return '';
+  return coreSanitizeString(String(value), workspaceDir);
+}
+
+/**
+ * Recursively sanitize any value for evidence storage.
+ * Delegates to core sanitizer.
+ */
+export function sanitizeValueForEvidence(value: unknown, workspaceDir?: string): unknown {
+  return coreSanitizeValue(value, 0, workspaceDir);
+}
+
+/**
+ * Sanitize tool-call params for evidence/trajectory storage.
+ * Delegates to core sanitizer — accepts unknown, runtime-validates.
+ *
+ * ERR-001: no `as` casts on input
+ * ERR-055: ANY-segment sensitive field matching
+ * ERR-056: token redaction on ALL strings via recursive sanitizeValue
+ */
+export function sanitizeToolParamsForEvidence(
+  params: unknown,
+  workspaceDir?: string,
+): Record<string, unknown> {
+  return coreSanitizeToolParams(params, workspaceDir);
+}
+
 export function sanitizeAssistantText(text: string): string {
   let result = text;
   for (const pattern of INTERNAL_TAG_PATTERNS) {

package/src/hooks/pain.ts

@@ -13,8 +13,9 @@ import type { PluginHookAfterToolCallEvent, PluginHookToolContext, OpenClawPlugi
 import { resolveWorkspaceDirForRuntimeV2 } from '../utils/workspace-resolver.js';
 import { PainToPrincipleService, PrincipleTreeLedgerAdapter, type PainDetectedData, type PainEvidenceEntry, MAX_EVIDENCE_ENTRIES, MAX_EVIDENCE_NOTE_CHARS } from '@principles/core/runtime-v2';
 import { evaluatePainDiagnosticGate } from '../core/pain-diagnostic-gate.js';
-import { sanitizeAssistantText } from './message-sanitize.js';
-import { loadPdConfigForPlugin } from '../core/pd-config-loader.js';
+import { sanitizeAssistantText, sanitizeForEvidence, sanitizeToolParamsForEvidence } from './message-sanitize.js';
+import { loadPdConfigForPlugin, loadFeatureFlagFromConfig } from '../core/pd-config-loader.js';
+import { resolveSourceKindFromToolFailure, evaluateEvidenceTriage } from './triage-adapter.js';
 
 /**
  * Interface for tool parameters to avoid 'any'
@@ -348,7 +349,7 @@ export function handleAfterToolCall(
       errorMessage: event.error ? String(event.error) : undefined,
       gfiBefore,
       gfiAfter: updatedState.currentGfi,
-      paramsJson: event.params,
+      paramsJson: sanitizeToolParamsForEvidence(event.params, effectiveWorkspaceDir),
     });
 
     const injectedProbationIds = getInjectedProbationIds(sessionId, effectiveWorkspaceDir);
@@ -409,7 +410,7 @@ export function handleAfterToolCall(
       exitCode,
       gfiBefore,
       gfiAfter: resetState.currentGfi,
-      paramsJson: event.params,
+      paramsJson: sanitizeToolParamsForEvidence(event.params, effectiveWorkspaceDir),
     });
     
     const filePath = params.file_path || params.path || params.file;
@@ -463,6 +464,25 @@ export function handleAfterToolCall(
   const isRisk = isRisky(relPath, profile.risk_paths);
   const painScore = computePainScore(1, false, false, isRisk ? 20 : 0, effectiveWorkspaceDir);
   const traceId = createTraceId();
+
+  // PEAT-B1: Evidence triage (feature-flagged)
+  const painTriageFlag = loadFeatureFlagFromConfig(effectiveWorkspaceDir, 'painEvidenceAdmission');
+  if (painTriageFlag.enabled) {
+    const sourceKind = resolveSourceKindFromToolFailure(event.toolName, failureSource);
+    const triage = evaluateEvidenceTriage(sourceKind, painScore);
+    if (triage.decision !== 'admit') {
+      SystemLogger.log(effectiveWorkspaceDir, 'TRIAGE_EVIDENCE_ONLY', JSON.stringify({
+        sourceKind: triage.sourceKind,
+        decision: triage.decision,
+        reason: triage.reason,
+        nextAction: triage.nextAction,
+        tool: event.toolName,
+        path: relPath,
+      }));
+      return;
+    }
+  }
+
   const diagnosticGate = evaluatePainDiagnosticGate({
     source: failureSource,
     score: painScore,
@@ -512,7 +532,7 @@ export function handleAfterToolCall(
     reason: `Tool ${event.toolName} failed on ${relPath}`,
     severity: painScore >= 70 ? 'severe' : painScore >= 40 ? 'moderate' : 'mild',
     origin: 'system_infer',
-    text: params.text ?? params.content ?? undefined,
+    text: sanitizeForEvidence(params.text ?? params.content, effectiveWorkspaceDir) || undefined,
   });
 
   // Pain signal emitted via emitPainDetectedEvent below — no .pain_flag file written (M8: single-path chain)

package/src/hooks/prompt.ts

@@ -30,6 +30,7 @@ import {
   extractMessageContent,
   isMinimalTrigger,
 } from '@principles/core/prompt-builder';
+import { sanitizeForEvidence } from './message-sanitize.js';
 
 // ---------------------------------------------------------------------------
 // Static file cache — avoids re-reading rarely-changing files every message
@@ -574,7 +575,7 @@ The empathy observer subagent handles pain detection independently.
                     confidence: result.confidence,
                     detection_mode: 'structured',
                     deduped: false,
-                    trigger_text_excerpt: latestUserMessage.substring(0, 120),
+                    trigger_text_excerpt: sanitizeForEvidence(latestUserMessage, workspaceDir).substring(0, 120),
                     raw_score: painScore,
                     calibrated_score: painScore,
                     eventId,
@@ -589,7 +590,7 @@ The empathy observer subagent handles pain detection independently.
                       severity: result.severity,
                       origin: 'system_infer',
                       confidence: result.confidence,
-                      text: latestUserMessage,
+                      text: sanitizeForEvidence(latestUserMessage, workspaceDir),
                     });
                   } catch (error) {
                     logger?.warn?.(`[PD:Empathy] Failed to persist trajectory: ${String(error)}`);

package/src/hooks/triage-adapter.ts

@@ -0,0 +1,156 @@
+/**
+ * Triage Adapter — PEAT-B1
+ *
+ * Plugin-side adapter that maps OpenClaw hook context to evidence triage input.
+ * Calls the pure triage policy from principles-core.
+ *
+ * This file lives in openclaw-plugin because it:
+ * - Maps hook-specific context (source strings, session state) to SourceKind
+ * - Wraps evaluatePainDiagnosticGate as a compatibility sub-policy
+ * - Knows about OpenClaw hook conventions (sessionId, toolName, etc.)
+ *
+ * It does NOT expose evaluatePainDiagnosticGate to core.
+ * Core only sees SourceKind and TriageResult.
+ *
+ * ERR checklist:
+ * - ERR-001: Source kind derived from runtime values with guards, not `as` casts.
+ * - ERR-002: Every triage result carries reason + nextAction.
+ * - ERR-024/025/048: Production-path tests cover this adapter.
+ */
+
+import {
+  evaluateTriage,
+  type TriageInput,
+  type TriageResult,
+  type SourceKind,
+} from '@principles/core/runtime-v2';
+
+// ── Source Kind Resolution ───────────────────────────────────────────────────
+
+/**
+ * Map after_tool_call hook context to SourceKind.
+ *
+ * Classifies based on:
+ * - toolName: 'pain' or 'skill:pain' → agent_on_owner_request
+ * - failureSource: 'dispatch_error' vs 'tool_failure'
+ * - isRisky + score: only used for rulehost_block upgrade, not for kind resolution
+ */
+export function resolveSourceKindFromToolFailure(
+  toolName: string | undefined,
+  failureSource: 'tool_failure' | 'dispatch_error',
+  provenance?: 'openclaw_context_bound' | 'owner_reported_no_host_trace' | 'automatic_hook',
+): SourceKind {
+  // Manual pain via agent tool call
+  if (toolName === 'pain' || toolName === 'skill:pain') {
+    return provenance === 'openclaw_context_bound' ? 'agent_on_owner_request' : 'owner_reported';
+  }
+
+  // Dispatch errors (tool not found, unknown tool)
+  if (failureSource === 'dispatch_error') {
+    return 'dispatch_error';
+  }
+
+  // Regular tool failure
+  return 'tool_failure';
+}
+
+/**
+ * Map empathy/semantic detection context to SourceKind.
+ *
+ * Classifies based on detection source prefix:
+ * - 'llm_paralysis' → llm_paralysis
+ * - 'llm_*' (detection rule) → semantic
+ * - 'user_empathy' or empathy keyword match → empathy_inferred
+ * - GFI threshold crossed → gfi_threshold
+ */
+export function resolveSourceKindFromLlmDetection(
+  detectionSource: string,
+  isGfiTriggered: boolean,
+): SourceKind {
+  if (isGfiTriggered) return 'gfi_threshold';
+  if (detectionSource === 'llm_paralysis') return 'llm_paralysis';
+  if (detectionSource.startsWith('llm_')) return 'semantic';
+  if (detectionSource === 'user_empathy') return 'empathy_inferred';
+  return 'unknown';
+}
+
+/**
+ * Map gate-block context to SourceKind.
+ */
+export function resolveSourceKindFromGateBlock(): SourceKind {
+  return 'rulehost_block';
+}
+
+/**
+ * Map /pd-pain command to SourceKind.
+ */
+export function resolveSourceKindFromCommand(): SourceKind {
+  return 'owner_reported';
+}
+
+/**
+ * Map provider/rate-limit failure to SourceKind.
+ */
+export function resolveSourceKindFromProvider(
+  isRateLimit: boolean,
+): SourceKind {
+  return isRateLimit ? 'rate_limit' : 'provider_failure';
+}
+
+/**
+ * Map subagent error to SourceKind.
+ */
+export function resolveSourceKindFromSubagent(): SourceKind {
+  return 'subagent_error';
+}
+
+// ── Triage Evaluation ───────────────────────────────────────────────────────
+
+/**
+ * Evaluate evidence triage for a given source kind and context.
+ *
+ * This is the main entry point for hooks. It calls the pure triage policy
+ * from principles-core and returns the result.
+ *
+ * The caller (hook) is responsible for:
+ * - Checking the painEvidenceAdmission feature flag
+ * - Acting on the triage result (proceed to diagnosis, store evidence, etc.)
+ * - Falling back to existing behavior when the flag is off
+ */
+export function evaluateEvidenceTriage(
+  sourceKind: SourceKind,
+  score: number,
+  options?: {
+    isUnsafeHighConfidence?: boolean;
+    provenance?: 'openclaw_context_bound' | 'owner_reported_no_host_trace' | 'automatic_hook';
+  },
+): TriageResult {
+  const input: TriageInput = {
+    sourceKind,
+    score,
+    isUnsafeHighConfidence: options?.isUnsafeHighConfidence,
+    provenance: options?.provenance,
+  };
+
+  return evaluateTriage(input);
+}
+
+// ── High-Confidence Unsafe Action Detection ──────────────────────────────────
+
+/**
+ * Determine if a gate-blocked action is a high-confidence unsafe action.
+ *
+ * This is a heuristic that the plugin adapter owns. Core does not know about
+ * these heuristics — it only receives the boolean flag.
+ *
+ * Criteria for high-confidence unsafe:
+ * - Score >= 70 (high severity)
+ * - Tool is in the risky write set
+ * - Action would be irreversible (file deletion, force push, etc.)
+ */
+export function isHighConfidenceUnsafeAction(
+  score: number,
+  isRisky: boolean,
+): boolean {
+  return isRisky && score >= 70;
+}

package/tests/hooks/gate-block-helper-profile.test.ts

@@ -0,0 +1,186 @@
+/**
+ * Gate Block Helper — PROFILE loading resilience tests
+ *
+ * Verifies that recordGateBlockAndReturn handles malformed/oversized PROFILE
+ * gracefully: try/catch, 1MB size guard, fallback to non-risky, no crash.
+ *
+ * ERR checklist:
+ * - ERR-026: All PROFILE loads have try/catch (gate-block-helper.ts matches pain.ts)
+ * - ERR-024/025: Production-path tests for the edge case
+ */
+
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
+import { WorkspaceContext } from '../../src/core/workspace-context.js';
+import { EventLogService } from '../../src/core/event-log.js';
+import { clearSession } from '../../src/core/session-tracker.js';
+import { resetPainDiagnosticGateForTest } from '../../src/core/pain-diagnostic-gate.js';
+
+vi.mock('fs');
+vi.mock('../../src/utils/io.js', () => ({
+  isRisky: vi.fn(() => false),
+}));
+vi.mock('../../src/core/evolution-engine.js', () => ({
+  recordEvolutionSuccess: vi.fn(),
+  recordEvolutionFailure: vi.fn(),
+}));
+vi.mock('../../src/core/evolution-logger.js', () => ({
+  createTraceId: vi.fn(() => 'trace-123'),
+  getEvolutionLogger: vi.fn(() => ({
+    logPainDetected: vi.fn(),
+  })),
+}));
+vi.mock('../../src/core/pd-config-loader.js', () => ({
+  loadPdConfigForPlugin: vi.fn(() => ({ ok: true, source: 'mock', effective: {}, errors: [] })),
+  loadFeatureFlagFromConfig: vi.fn(() => ({ enabled: true, source: 'test' })),
+}));
+
+const mockEmitSync = vi.fn();
+const mockRecordProbationFeedback = vi.fn();
+const mockUpdatePrincipleValueMetrics = vi.fn();
+
+function makeTestWctx(overrides: Record<string, unknown> = {}) {
+  return {
+    workspaceDir: '/mock/workspace',
+    stateDir: '/mock/state',
+    config: { get: vi.fn().mockReturnValue(40) },
+    eventLog: {
+      recordGateBlock: vi.fn(),
+      recordPainSignal: vi.fn(),
+    },
+    trajectory: {
+      recordGateBlock: vi.fn(),
+      recordPainEvent: vi.fn(),
+      recordToolCall: vi.fn(),
+    },
+    principleTreeLedger: {
+      updatePrincipleValueMetrics: mockUpdatePrincipleValueMetrics,
+    },
+    evolutionReducer: {
+      emitSync: mockEmitSync,
+      recordProbationFeedback: mockRecordProbationFeedback,
+      getPrincipleById: vi.fn(),
+    },
+    resolve: vi.fn().mockImplementation((key: string) => {
+      if (key === 'PROFILE') return '/mock/workspace/PROFILE.json';
+      return '';
+    }),
+    ...overrides,
+  };
+}
+
+describe('Gate Block Helper — PROFILE Resilience', () => {
+  const sessionId = 's-profile-test';
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+    mockEmitSync.mockReset();
+    mockRecordProbationFeedback.mockReset();
+    mockUpdatePrincipleValueMetrics.mockReset();
+    vi.spyOn(WorkspaceContext, 'fromHookContext').mockReturnValue(makeTestWctx() as any);
+    vi.spyOn(EventLogService, 'get').mockReturnValue({} as any);
+    clearSession(sessionId);
+    resetPainDiagnosticGateForTest();
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  it('malformed PROFILE.json does not throw, returns block result with non-risky fallback', async () => {
+    // Arrange: PROFILE exists but contains invalid JSON
+    vi.mocked(fs.existsSync).mockReturnValue(true);
+    vi.mocked(fs.readFileSync).mockReturnValue('{ invalid json }');
+
+    // Dynamic import AFTER mocks are set up
+    const { recordGateBlockAndReturn } = await import('../../src/hooks/gate-block-helper.js');
+
+    // Act & Assert: does NOT throw
+    const result = recordGateBlockAndReturn(
+      makeTestWctx() as any,
+      {
+        filePath: 'src/danger.ts',
+        reason: 'Test block reason',
+        toolName: 'write',
+        sessionId,
+      },
+      { warn: vi.fn(), error: vi.fn(), info: vi.fn() },
+    );
+
+    expect(result).toBeDefined();
+    expect(result.block).toBe(true);
+    expect(result.blockReason).toContain('Security Gate Blocked');
+    // verify emitPainDetectedEvent was NOT called (triage fell back to non-risky)
+    expect(mockEmitSync).not.toHaveBeenCalled();
+  });
+
+  it('oversized PROFILE (>1MB) falls back to non-risky without crash', async () => {
+    // Arrange: PROFILE > 1MB
+    vi.mocked(fs.existsSync).mockReturnValue(true);
+    vi.mocked(fs.readFileSync).mockReturnValue('x'.repeat(1024 * 1024 + 1));
+
+    const { recordGateBlockAndReturn } = await import('../../src/hooks/gate-block-helper.js');
+
+    const result = recordGateBlockAndReturn(
+      makeTestWctx() as any,
+      {
+        filePath: 'src/danger.ts',
+        reason: 'Test block reason',
+        toolName: 'write',
+        sessionId,
+      },
+      { warn: vi.fn(), error: vi.fn(), info: vi.fn() },
+    );
+
+    expect(result).toBeDefined();
+    expect(result.block).toBe(true);
+    expect(mockEmitSync).not.toHaveBeenCalled();
+  });
+
+  it('missing PROFILE.json defaults to non-risky without error', async () => {
+    // Arrange: PROFILE does not exist
+    vi.mocked(fs.existsSync).mockReturnValue(false);
+
+    const { recordGateBlockAndReturn } = await import('../../src/hooks/gate-block-helper.js');
+
+    const result = recordGateBlockAndReturn(
+      makeTestWctx() as any,
+      {
+        filePath: 'src/danger.ts',
+        reason: 'Test block',
+        toolName: 'edit',
+        sessionId,
+      },
+      { warn: vi.fn(), error: vi.fn(), info: vi.fn() },
+    );
+
+    expect(result).toBeDefined();
+    expect(result.block).toBe(true);
+  });
+
+  it('fs.readFileSync permission error falls back gracefully', async () => {
+    // Arrange: existsSync returns true but readFileSync throws
+    vi.mocked(fs.existsSync).mockReturnValue(true);
+    vi.mocked(fs.readFileSync).mockImplementation(() => {
+      throw new Error('EACCES: permission denied');
+    });
+
+    const { recordGateBlockAndReturn } = await import('../../src/hooks/gate-block-helper.js');
+
+    const result = recordGateBlockAndReturn(
+      makeTestWctx() as any,
+      {
+        filePath: 'src/danger.ts',
+        reason: 'Test block',
+        toolName: 'write',
+        sessionId,
+      },
+      { warn: vi.fn(), error: vi.fn(), info: vi.fn() },
+    );
+
+    expect(result).toBeDefined();
+    expect(result.block).toBe(true);
+  });
+});

package/tests/hooks/message-sanitize.test.ts

@@ -1,5 +1,12 @@
 import { describe, it, expect } from 'vitest';
-import { handleBeforeMessageWrite, sanitizeAssistantText } from '../../src/hooks/message-sanitize';
+import {
+  handleBeforeMessageWrite,
+  sanitizeAssistantText,
+  sanitizeForEvidence,
+  sanitizeToolParamsForEvidence,
+  sanitizeValueForEvidence,
+  MAX_EVIDENCE_VALUE_CHARS,
+} from '../../src/hooks/message-sanitize';
 
 describe('message-sanitize hook', () => {
   it('removes empathy control tags from assistant text', () => {
@@ -9,28 +16,229 @@ describe('message-sanitize hook', () => {
 
   it('returns modified message for assistant role', () => {
     const result = handleBeforeMessageWrite({
-      message: {
-        role: 'assistant',
-        content: 'hello [EMOTIONAL_DAMAGE_DETECTED] world'
-      }
+      message: { role: 'assistant', content: 'hello [EMOTIONAL_DAMAGE_DETECTED] world' }
     } as any);
-
     expect(result).toEqual({
-      message: {
-        role: 'assistant',
-        content: 'hello  world'
-      }
+      message: { role: 'assistant', content: 'hello  world' }
     });
   });
 
   it('ignores non-assistant messages', () => {
     const result = handleBeforeMessageWrite({
-      message: {
-        role: 'user',
-        content: '[EMOTIONAL_DAMAGE_DETECTED]'
-      }
+      message: { role: 'user', content: '[EMOTIONAL_DAMAGE_DETECTED]' }
     } as any);
-
     expect(result).toBeUndefined();
   });
+
+  // ── sanitizeForEvidence ──
+
+  it('binds long string values to MAX_EVIDENCE_VALUE_CHARS', () => {
+    const segment = ' data ';
+    const long = segment.repeat(100);
+    const result = sanitizeForEvidence(long);
+    expect(result).toMatch(/___TRUNCATED___$/);
+    expect(result.length).toBeLessThanOrEqual(MAX_EVIDENCE_VALUE_CHARS + 20);
+  });
+
+  it('redacts OpenAI-style secret keys (sk-*)', () => {
+    const token = 'sk-proj-' + 'a'.repeat(30);
+    const result = sanitizeForEvidence(`token is ${token}`);
+    expect(result).toContain('___REDACTED___');
+    expect(result).not.toContain(token);
+  });
+
+  it('redacts JWT-like patterns (eyJ*)', () => {
+    const jwt = 'eyJ' + 'a'.repeat(30) + '.bc';
+    const result = sanitizeForEvidence(`Bearer ${jwt}`);
+    expect(result).toContain('___REDACTED___');
+    expect(result).not.toContain(jwt);
+  });
+
+  it('redacts long base64-like strings', () => {
+    const token = 'A'.repeat(50);
+    const result = sanitizeForEvidence(`hash: ${token}`);
+    expect(result).toContain('___REDACTED___');
+    expect(result).not.toContain(token);
+  });
+
+  it('redacts GitHub PATs (ghp_*)', () => {
+    const token = 'ghp_' + 'a'.repeat(40);
+    const result = sanitizeForEvidence(token);
+    expect(result).toContain('___REDACTED___');
+  });
+
+  it('strips internal PD tags from evidence', () => {
+    const result = sanitizeForEvidence('[EMOTIONAL_DAMAGE_DETECTED:severe] something went wrong');
+    expect(result).not.toContain('EMOTIONAL_DAMAGE_DETECTED');
+    expect(result).toContain('something went wrong');
+  });
+
+  it('returns safe string for non-string values', () => {
+    expect(sanitizeForEvidence(42)).toBe('42');
+    expect(sanitizeForEvidence(null)).toBe('');
+    expect(sanitizeForEvidence(undefined)).toBe('');
+  });
+
+  it('converges absolute paths to basename when no workspaceDir', () => {
+    const result = sanitizeForEvidence('/home/user/secrets/token.json');
+    expect(result).toBe('<path:token.json>');
+  });
+
+  it('converges absolute paths to repo-relative when workspaceDir matches', () => {
+    const result = sanitizeForEvidence('/workspace/my-repo/src/index.ts', '/workspace/my-repo');
+    expect(result).toBe('src/index.ts');
+  });
+
+  // ── Path substring sanitization ──
+
+  it('replaces Windows absolute path in command with basename', () => {
+    const result = sanitizeForEvidence('cd D:\\Code\\principles && git status');
+    expect(result).not.toContain('D:\\Code\\principles');
+    expect(result).toContain('principles');
+  });
+
+  it('replaces Windows absolute path in reason with basename', () => {
+    const result = sanitizeForEvidence('error in C:\\Users\\Administrator\\secret.txt');
+    expect(result).not.toContain('C:\\Users\\Administrator');
+    expect(result).not.toContain('Administrator');
+    expect(result).toContain('secret.txt');
+  });
+
+  it('replaces POSIX absolute path in string', () => {
+    const result = sanitizeForEvidence('failed to read /home/user/project/src/config.ts');
+    expect(result).not.toContain('/home/user/project');
+    expect(result).toContain('config.ts');
+  });
+
+  it('converges workspace-internal path in string to repo-relative', () => {
+    const result = sanitizeForEvidence(
+      'edit failed on D:\\Code\\principles\\src\\index.ts',
+      'D:\\Code\\principles',
+    );
+    expect(result).not.toContain('D:\\Code\\principles');
+    expect(result).toContain('src\\index.ts');
+  });
+
+  // ── sanitizeToolParamsForEvidence ──
+
+  it('redacts long content/text/input/new_string fields', () => {
+    const params = {
+      file_path: 'src/file.ts',
+      content: ' data chunk '.repeat(60),
+      text: ' report line '.repeat(60),
+    };
+    const result = sanitizeToolParamsForEvidence(params);
+    expect(result.file_path).toBe('src/file.ts');
+    expect(result.content).toMatch(/___TRUNCATED___$/);
+    expect(result.text).toMatch(/___TRUNCATED___$/);
+    expect(result.content.length).toBeLessThan(500);
+  });
+
+  it('keeps short normal fields intact', () => {
+    const params = { file_path: 'src/index.ts', content: 'short-content', query: 'SELECT * FROM users' };
+    const result = sanitizeToolParamsForEvidence(params);
+    expect(result.file_path).toBe('src/index.ts');
+    expect(result.content).toBe('short-content');
+    expect(result.query).toBe('SELECT * FROM users');
+  });
+
+  it('redacts token-like strings inside content/text fields', () => {
+    const token = 'sk-proj-' + 'a'.repeat(30);
+    const params = { content: `key is ${token}` };
+    const result = sanitizeToolParamsForEvidence(params);
+    expect(result.content).toContain('___REDACTED___');
+    expect(result.content).not.toContain(token);
+  });
+
+  // ── edit params: nested edits array ──
+
+  it('sanitizes edit params with nested edits[].oldText/newText', () => {
+    const secretToken = 'sk-proj-' + 'a'.repeat(30);
+    const params = {
+      file_path: '/repo/src/config.ts',
+      edits: [
+        { oldText: secretToken, newText: 'safe-value' },
+        { oldText: 'const x = 1;', newText: ' data '.repeat(200) },
+      ],
+    };
+    const result = sanitizeToolParamsForEvidence(params, '/repo') as Record<string, unknown>;
+    const edits = result.edits as Array<Record<string, unknown>>;
+    // Token in oldText redacted
+    expect(edits[0].oldText).toContain('___REDACTED___');
+    expect(edits[0].oldText).not.toContain(secretToken);
+    // Short value preserved
+    expect(edits[0].newText).toBe('safe-value');
+    // Long newText truncated
+    expect(edits[1].newText).toMatch(/___TRUNCATED___$/);
+    // file_path converged to relative (workspaceDir provided)
+    expect(result.file_path).toBe('src/config.ts');
+  });
+
+  // ── command/query: token redaction ──
+
+  it('redacts tokens in command and query fields', () => {
+    const jwt = 'eyJ' + 'a'.repeat(30) + '.bc';
+    const skToken = 'sk-proj-' + 'a'.repeat(30);
+    const params = {
+      command: `curl -H "Authorization: Bearer ${jwt}" https://api.example.com`,
+      query: `SELECT * FROM users WHERE api_key = "${skToken}"`,
+    };
+    const result = sanitizeToolParamsForEvidence(params);
+    expect(result.command).toContain('___REDACTED___');
+    expect(result.command).not.toContain(jwt);
+    expect(result.query).toContain('___REDACTED___');
+    expect(result.query).not.toContain(skToken);
+  });
+
+  // ── null/array/string input: no throw ──
+
+  it('handles null input without throwing', () => {
+    expect(() => sanitizeToolParamsForEvidence(null)).not.toThrow();
+    expect(sanitizeToolParamsForEvidence(null)).toEqual({});
+  });
+
+  it('handles array input without throwing', () => {
+    const result = sanitizeToolParamsForEvidence(['a', 'b', 'c']);
+    expect(result['<array-input>']).toBeDefined();
+  });
+
+  it('handles string input without throwing', () => {
+    const result = sanitizeToolParamsForEvidence('raw string input');
+    expect(result['<string-input>']).toBeDefined();
+  });
+
+  it('handles undefined input without throwing', () => {
+    expect(sanitizeToolParamsForEvidence(undefined)).toEqual({});
+  });
+
+  it('handles number input without throwing', () => {
+    expect(sanitizeToolParamsForEvidence(42)).toEqual({});
+  });
+
+  // ── sanitizeValueForEvidence: recursive ──
+
+  it('recursively sanitizes nested objects', () => {
+    const token = 'sk-proj-' + 'a'.repeat(30);
+    const input = { a: { b: { c: token } } };
+    const result = sanitizeValueForEvidence(input) as Record<string, unknown>;
+    const nested = (result.a as Record<string, unknown>).b as Record<string, unknown>;
+    expect(nested.c).toContain('___REDACTED___');
+  });
+
+  it('respects max array items limit', () => {
+    const input = { items: Array.from({ length: 100 }, (_, i) => `item-${i}`) };
+    const result = sanitizeValueForEvidence(input) as Record<string, unknown>;
+    const items = result.items as unknown[];
+    expect(items.length).toBeLessThanOrEqual(22);
+  });
+
+  it('respects max depth limit', () => {
+    const deep: any = { a: { b: { c: { d: { e: 'too deep' } } } } };
+    const result = sanitizeValueForEvidence(deep, 0) as Record<string, unknown>;
+    const a = result.a as Record<string, unknown>;
+    const b = a.b as Record<string, unknown>;
+    const c = b.c as Record<string, unknown>;
+    const d = c.d as Record<string, unknown>;
+    expect(d.e).toBe('<max-depth>');
+  });
 });

package/tests/hooks/pain.test.ts

@@ -8,9 +8,14 @@ import { WorkspaceContext } from '../../src/core/workspace-context.js';
 import { EventLogService } from '../../src/core/event-log.js';
 import { setInjectedProbationIds, clearSession } from '../../src/core/session-tracker.js';
 import { resetPainDiagnosticGateForTest } from '../../src/core/pain-diagnostic-gate.js';
+import { loadFeatureFlagFromConfig } from '../../src/core/pd-config-loader.js';
 
 vi.mock('fs');
 vi.mock('../../src/utils/io.js');
+vi.mock('../../src/core/pd-config-loader.js', () => ({
+  loadPdConfigForPlugin: vi.fn(() => ({ ok: true, source: 'mock', effective: {}, errors: [] })),
+  loadFeatureFlagFromConfig: vi.fn(() => ({ enabled: false, source: 'mock' })),
+}));
 vi.mock('../../src/core/evolution-engine.js', () => ({
   recordEvolutionSuccess: vi.fn(),
   recordEvolutionFailure: vi.fn(),
@@ -480,4 +485,62 @@ describe('Post-Write Checks & Pain Hook', () => {
     }));
   });
 
+  it('PEAT-B1: triage evidence_only returns early before PainDiagnosticGate (no cooldown pollution)', () => {
+    // Enable the evidence triage feature flag
+    vi.mocked(loadFeatureFlagFromConfig).mockReturnValue({ enabled: true, source: 'test' });
+
+    const mockCtx = { workspaceDir, sessionId: 's-triage-evidence', api: { logger: {} } };
+    const mockEvent = {
+      toolName: 'write',
+      params: { file_path: 'src/main.ts' },
+      error: 'Permission denied',
+      result: { exitCode: 1 },
+    };
+
+    vi.mocked(ioUtils.normalizePath).mockReturnValue('src/main.ts');
+    vi.mocked(ioUtils.isRisky).mockReturnValue(false);
+    vi.mocked(fs.existsSync).mockReturnValue(false);
+
+    handleAfterToolCall(mockEvent as any, mockCtx as any);
+
+    // Core assertion: pain_detected event is NOT emitted — gate was not reached
+    expect(mockEmitSync).not.toHaveBeenCalled();
+    // Core assertion: recordPainSignal is NOT called — triage prevented gate evaluation
+    expect(mockEventLog.recordPainSignal).not.toHaveBeenCalled();
+    // Core assertion: trajectory pain event is NOT recorded — cooldown not polluted
+    expect(mockWctx.trajectory.recordPainEvent).not.toHaveBeenCalled();
+    // But tool call IS still tracked (friction tracking, not diagnosis)
+    expect(mockWctx.trajectory.recordToolCall).toHaveBeenCalledWith(expect.objectContaining({
+      sessionId: 's-triage-evidence',
+      toolName: 'write',
+      outcome: 'failure',
+    }));
+  });
+
+  it('PEAT-B1: triage admit proceeds to PainDiagnosticGate and cooldown', () => {
+    // For owner_reported source kinds, triage admits, so gate IS reached
+    vi.mocked(loadFeatureFlagFromConfig).mockReturnValue({ enabled: true, source: 'test' });
+
+    const mockCtx = { workspaceDir, sessionId: 's-triage-admit', api: { logger: {} } };
+    // Manual pain command — triggers the manual pain path
+    const mockEvent = {
+      toolName: 'pain',
+      params: { input: 'test pain' },
+      result: { exitCode: 0 },
+      error: undefined,
+    };
+
+    handleAfterToolCall(mockEvent as any, mockCtx as any);
+
+    // Core assertion: pain_detected event IS emitted — gate WAS reached
+    expect(mockEmitSync).toHaveBeenCalledWith(expect.objectContaining({
+      type: 'pain_detected',
+    }));
+    // Core assertion: recordPainSignal IS called
+    expect(mockEventLog.recordPainSignal).toHaveBeenCalledWith(
+      's-triage-admit',
+      expect.objectContaining({ score: 100, source: 'manual' }),
+    );
+  });
+
 });

package/tests/hooks/triage-adapter.test.ts

@@ -0,0 +1,260 @@
+/**
+ * Triage Adapter Tests — PEAT-B1
+ *
+ * Tests the plugin-side adapter that maps hook context to SourceKind
+ * and calls the pure triage policy from principles-core.
+ *
+ * ERR checklist:
+ * - ERR-001: Source kind resolved from runtime values, not `as` casts.
+ * - ERR-002: Every triage result has reason + nextAction.
+ * - ERR-024/025/048: Production-path tests for the adapter.
+ */
+
+import { describe, it, expect } from 'vitest';
+import {
+  resolveSourceKindFromToolFailure,
+  resolveSourceKindFromLlmDetection,
+  resolveSourceKindFromGateBlock,
+  resolveSourceKindFromCommand,
+  resolveSourceKindFromProvider,
+  resolveSourceKindFromSubagent,
+  evaluateEvidenceTriage,
+  isHighConfidenceUnsafeAction,
+} from '../../src/hooks/triage-adapter.js';
+
+// ── resolveSourceKindFromToolFailure ────────────────────────────────────────
+
+describe('resolveSourceKindFromToolFailure', () => {
+  it('maps pain tool to agent_on_owner_request with openclaw_context_bound', () => {
+    expect(resolveSourceKindFromToolFailure('pain', 'tool_failure', 'openclaw_context_bound')).toBe('agent_on_owner_request');
+  });
+
+  it('maps pain tool to owner_reported without openclaw_context_bound', () => {
+    expect(resolveSourceKindFromToolFailure('pain', 'tool_failure')).toBe('owner_reported');
+    expect(resolveSourceKindFromToolFailure('pain', 'tool_failure', 'automatic_hook')).toBe('owner_reported');
+  });
+
+  it('maps skill:pain to agent_on_owner_request with openclaw_context_bound', () => {
+    expect(resolveSourceKindFromToolFailure('skill:pain', 'tool_failure', 'openclaw_context_bound')).toBe('agent_on_owner_request');
+  });
+
+  it('maps dispatch_error to dispatch_error', () => {
+    expect(resolveSourceKindFromToolFailure('read', 'dispatch_error')).toBe('dispatch_error');
+  });
+
+  it('maps regular tool failure to tool_failure', () => {
+    expect(resolveSourceKindFromToolFailure('write', 'tool_failure')).toBe('tool_failure');
+    expect(resolveSourceKindFromToolFailure('exec', 'tool_failure')).toBe('tool_failure');
+  });
+
+  it('maps undefined tool name with tool_failure to tool_failure', () => {
+    expect(resolveSourceKindFromToolFailure(undefined, 'tool_failure')).toBe('tool_failure');
+  });
+});
+
+// ── resolveSourceKindFromLlmDetection ───────────────────────────────────────
+
+describe('resolveSourceKindFromLlmDetection', () => {
+  it('maps gfi triggered to gfi_threshold', () => {
+    expect(resolveSourceKindFromLlmDetection('llm_some_rule', true)).toBe('gfi_threshold');
+  });
+
+  it('maps llm_paralysis to llm_paralysis', () => {
+    expect(resolveSourceKindFromLlmDetection('llm_paralysis', false)).toBe('llm_paralysis');
+  });
+
+  it('maps llm_* detection rules to semantic', () => {
+    expect(resolveSourceKindFromLlmDetection('llm_repetition', false)).toBe('semantic');
+    expect(resolveSourceKindFromLlmDetection('llm_loop', false)).toBe('semantic');
+  });
+
+  it('maps user_empathy to empathy_inferred', () => {
+    expect(resolveSourceKindFromLlmDetection('user_empathy', false)).toBe('empathy_inferred');
+  });
+
+  it('maps unknown source to unknown', () => {
+    expect(resolveSourceKindFromLlmDetection('something_else', false)).toBe('unknown');
+  });
+});
+
+// ── Other resolve functions ─────────────────────────────────────────────────
+
+describe('resolveSourceKindFromGateBlock', () => {
+  it('returns rulehost_block', () => {
+    expect(resolveSourceKindFromGateBlock()).toBe('rulehost_block');
+  });
+});
+
+describe('resolveSourceKindFromCommand', () => {
+  it('returns owner_reported', () => {
+    expect(resolveSourceKindFromCommand()).toBe('owner_reported');
+  });
+});
+
+describe('resolveSourceKindFromProvider', () => {
+  it('returns provider_failure for non-rate-limit', () => {
+    expect(resolveSourceKindFromProvider(false)).toBe('provider_failure');
+  });
+
+  it('returns rate_limit for rate-limit', () => {
+    expect(resolveSourceKindFromProvider(true)).toBe('rate_limit');
+  });
+});
+
+describe('resolveSourceKindFromSubagent', () => {
+  it('returns subagent_error', () => {
+    expect(resolveSourceKindFromSubagent()).toBe('subagent_error');
+  });
+});
+
+// ── evaluateEvidenceTriage ──────────────────────────────────────────────────
+
+describe('evaluateEvidenceTriage', () => {
+  it('admits owner_reported regardless of score', () => {
+    const result = evaluateEvidenceTriage('owner_reported', 100);
+    expect(result.decision).toBe('admit');
+    expect(result.reason).toBeTruthy();
+    expect(result.nextAction).toBeTruthy();
+  });
+
+  it('returns evidence_only for tool_failure', () => {
+    const result = evaluateEvidenceTriage('tool_failure', 70);
+    expect(result.decision).toBe('evidence_only');
+    expect(result.reason).toBeTruthy();
+    expect(result.nextAction).toBeTruthy();
+  });
+
+  it('returns health_only for provider_failure', () => {
+    const result = evaluateEvidenceTriage('provider_failure', 60);
+    expect(result.decision).toBe('health_only');
+  });
+
+  it('returns owner_confirm for empathy_inferred', () => {
+    const result = evaluateEvidenceTriage('empathy_inferred', 80);
+    expect(result.decision).toBe('owner_confirm');
+  });
+
+  it('admits rulehost_block when isUnsafeHighConfidence is true', () => {
+    const result = evaluateEvidenceTriage('rulehost_block', 80, { isUnsafeHighConfidence: true });
+    expect(result.decision).toBe('admit');
+  });
+
+  it('returns evidence_only for rulehost_block when isUnsafeHighConfidence is false', () => {
+    const result = evaluateEvidenceTriage('rulehost_block', 80, { isUnsafeHighConfidence: false });
+    expect(result.decision).toBe('evidence_only');
+  });
+});
+
+// ── isHighConfidenceUnsafeAction ─────────────────────────────────────────────
+
+describe('isHighConfidenceUnsafeAction', () => {
+  it('returns true when isRisky and score >= 70', () => {
+    expect(isHighConfidenceUnsafeAction(70, true)).toBe(true);
+    expect(isHighConfidenceUnsafeAction(90, true)).toBe(true);
+  });
+
+  it('returns false when score < 70', () => {
+    expect(isHighConfidenceUnsafeAction(45, true)).toBe(false);
+    expect(isHighConfidenceUnsafeAction(69, true)).toBe(false);
+  });
+
+  it('returns false when not risky', () => {
+    expect(isHighConfidenceUnsafeAction(90, false)).toBe(false);
+  });
+});
+
+// ── Evidence-Only Cooldown Contract ──────────────────────────────────────────
+//
+// Core contract: when triage returns evidence_only/owner_confirm/health_only,
+// the caller (hook) MUST NOT proceed to evaluatePainDiagnosticGate, which writes
+// cooldown. These tests verify the adapter-level guarantee: non-admit decisions
+// are surfaced clearly with the right nextAction, so the caller can distinguish
+// evidence-only from admit.
+
+describe('evidence-only cooldown contract', () => {
+  it('tool_failure returns evidence_only — no admit, caller must skip gate', () => {
+    const result = evaluateEvidenceTriage('tool_failure', 70);
+    expect(result.decision).toBe('evidence_only');
+    expect(result.decision).not.toBe('admit');
+    expect(result.nextAction).toContain('evidence');
+  });
+
+  it('dispatch_error returns evidence_only — no admit', () => {
+    const result = evaluateEvidenceTriage('dispatch_error', 50);
+    expect(result.decision).toBe('evidence_only');
+    expect(result.decision).not.toBe('admit');
+  });
+
+  it('semantic (LLM detection) returns evidence_only — no admit', () => {
+    const result = evaluateEvidenceTriage('semantic', 55);
+    expect(result.decision).toBe('evidence_only');
+    expect(result.decision).not.toBe('admit');
+  });
+
+  it('llm_paralysis returns evidence_only — no admit', () => {
+    const result = evaluateEvidenceTriage('llm_paralysis', 40);
+    expect(result.decision).toBe('evidence_only');
+    expect(result.decision).not.toBe('admit');
+  });
+
+  it('gfi_threshold returns evidence_only — no admit', () => {
+    const result = evaluateEvidenceTriage('gfi_threshold', 70);
+    expect(result.decision).toBe('evidence_only');
+    expect(result.decision).not.toBe('admit');
+  });
+
+  it('empathy_inferred returns owner_confirm — no admit', () => {
+    const result = evaluateEvidenceTriage('empathy_inferred', 80);
+    expect(result.decision).toBe('owner_confirm');
+    expect(result.decision).not.toBe('admit');
+  });
+
+  it('provider_failure returns health_only — no admit', () => {
+    const result = evaluateEvidenceTriage('provider_failure', 60);
+    expect(result.decision).toBe('health_only');
+    expect(result.decision).not.toBe('admit');
+  });
+
+  it('rulehost_block WITHOUT isUnsafeHighConfidence returns evidence_only — no admit', () => {
+    const result = evaluateEvidenceTriage('rulehost_block', 45);
+    expect(result.decision).toBe('evidence_only');
+    expect(result.decision).not.toBe('admit');
+  });
+
+  it('rulehost_block WITH isUnsafeHighConfidence=true upgrades to admit', () => {
+    // This is the ONLY path where rulehost_block reaches the gate
+    const result = evaluateEvidenceTriage('rulehost_block', 80, { isUnsafeHighConfidence: true });
+    expect(result.decision).toBe('admit');
+    expect(result.reason).toContain('unsafe');
+  });
+
+  it('every LLM-typical source kind produces non-admit decision (cooldown-safe)', () => {
+    // These are the source kinds that handleLlmOutput produces
+    const llmSources = [
+      { kind: 'semantic' as const, score: 55 },
+      { kind: 'llm_paralysis' as const, score: 40 },
+      { kind: 'gfi_threshold' as const, score: 70 },
+      { kind: 'empathy_inferred' as const, score: 80 },
+    ];
+    for (const { kind, score } of llmSources) {
+      const result = evaluateEvidenceTriage(kind, score);
+      expect(result.decision).not.toBe('admit');
+      expect(result.reason).toBeTruthy();
+      expect(result.nextAction).toBeTruthy();
+    }
+  });
+
+  it('every after_tool_call-typical source kind produces non-admit decision (cooldown-safe)', () => {
+    // These are the source kinds that handleAfterToolCall produces
+    const toolSources = [
+      { kind: 'tool_failure' as const, score: 70 },
+      { kind: 'dispatch_error' as const, score: 50 },
+    ];
+    for (const { kind, score } of toolSources) {
+      const result = evaluateEvidenceTriage(kind, score);
+      expect(result.decision).not.toBe('admit');
+      expect(result.reason).toBeTruthy();
+      expect(result.nextAction).toBeTruthy();
+    }
+  });
+});