principles-disciple 1.92.0 → 1.94.0

package/src/hooks/trajectory-evidence.ts

@@ -0,0 +1,75 @@
+/**
+ * Trajectory Evidence Builder — PRI-326
+ *
+ * Extracted from pain.ts to avoid circular imports between
+ * pain.ts and after-tool-call-helpers.ts.
+ *
+ * Pure data extraction — reads from trajectory DB, sanitizes, returns evidence entries.
+ */
+
+import { sanitizeAssistantText } from './message-sanitize.js';
+import type { PainEvidenceEntry } from '@principles/core/runtime-v2';
+import { MAX_EVIDENCE_ENTRIES, MAX_EVIDENCE_NOTE_CHARS } from '@principles/core/runtime-v2';
+import type { WorkspaceContext } from '../core/workspace-context.js';
+
+export function buildTrajectoryEvidence(wctx: WorkspaceContext, sessionId: string): PainEvidenceEntry[] {
+  const evidence: PainEvidenceEntry[] = [];
+
+  if (!wctx.trajectory || sessionId === 'unknown') {
+    evidence.push({
+      sourceRef: 'owner_message:unavailable',
+      note: `trajectory_unavailable: ${!wctx.trajectory ? 'no_trajectory_db' : 'unknown_session'}`,
+    });
+    return evidence.slice(0, MAX_EVIDENCE_ENTRIES);
+  }
+
+  try {
+    const userTurns = wctx.trajectory.listUserTurnsForSession(sessionId) ?? [];
+    const lastCorrectionTurn = [...userTurns].reverse().find(t => t.correctionDetected);
+    if (lastCorrectionTurn) {
+      const sanitizedOwnerMessage = sanitizeAssistantText(
+        (lastCorrectionTurn.rawExcerpt ?? '').slice(0, MAX_EVIDENCE_NOTE_CHARS)
+      );
+      evidence.push({
+        sourceRef: `owner_message:${lastCorrectionTurn.createdAt}`,
+        note: sanitizedOwnerMessage,
+      });
+    }
+  } catch (e) {
+    evidence.push({
+      sourceRef: 'owner_message:unavailable',
+      note: `trajectory_user_turns_unavailable: ${String(e).slice(0, 100)}`,
+    });
+  }
+
+  try {
+    const assistantTurns = wctx.trajectory.listAssistantTurns(sessionId) ?? [];
+    const recentAssistant = assistantTurns.slice(-3);
+    for (const turn of recentAssistant) {
+      if (evidence.length >= MAX_EVIDENCE_ENTRIES) break;
+      const sanitizedNote = sanitizeAssistantText(
+        (turn.sanitizedText ?? '').slice(0, MAX_EVIDENCE_NOTE_CHARS)
+      );
+      evidence.push({
+        sourceRef: `agent_turn:${turn.createdAt}`,
+        note: sanitizedNote,
+      });
+    }
+  } catch (e) {
+    if (evidence.length < MAX_EVIDENCE_ENTRIES) {
+      evidence.push({
+        sourceRef: 'agent_turn:unavailable',
+        note: `trajectory_assistant_turns_unavailable: ${String(e).slice(0, 100)}`,
+      });
+    }
+  }
+
+  if (evidence.length === 0) {
+    evidence.push({
+      sourceRef: 'trajectory:empty',
+      note: 'trajectory_available_but_empty: no user correction or assistant turns found',
+    });
+  }
+
+  return evidence.slice(0, MAX_EVIDENCE_ENTRIES);
+}

package/src/hooks/triage-adapter.ts

@@ -0,0 +1,156 @@
+/**
+ * Triage Adapter — PEAT-B1
+ *
+ * Plugin-side adapter that maps OpenClaw hook context to evidence triage input.
+ * Calls the pure triage policy from principles-core.
+ *
+ * This file lives in openclaw-plugin because it:
+ * - Maps hook-specific context (source strings, session state) to SourceKind
+ * - Wraps evaluatePainDiagnosticGate as a compatibility sub-policy
+ * - Knows about OpenClaw hook conventions (sessionId, toolName, etc.)
+ *
+ * It does NOT expose evaluatePainDiagnosticGate to core.
+ * Core only sees SourceKind and TriageResult.
+ *
+ * ERR checklist:
+ * - ERR-001: Source kind derived from runtime values with guards, not `as` casts.
+ * - ERR-002: Every triage result carries reason + nextAction.
+ * - ERR-024/025/048: Production-path tests cover this adapter.
+ */
+
+import {
+  evaluateTriage,
+  type TriageInput,
+  type TriageResult,
+  type SourceKind,
+} from '@principles/core/runtime-v2';
+
+// ── Source Kind Resolution ───────────────────────────────────────────────────
+
+/**
+ * Map after_tool_call hook context to SourceKind.
+ *
+ * Classifies based on:
+ * - toolName: 'pain' or 'skill:pain' → agent_on_owner_request
+ * - failureSource: 'dispatch_error' vs 'tool_failure'
+ * - isRisky + score: only used for rulehost_block upgrade, not for kind resolution
+ */
+export function resolveSourceKindFromToolFailure(
+  toolName: string | undefined,
+  failureSource: 'tool_failure' | 'dispatch_error',
+  provenance?: 'openclaw_context_bound' | 'owner_reported_no_host_trace' | 'automatic_hook',
+): SourceKind {
+  // Manual pain via agent tool call
+  if (toolName === 'pain' || toolName === 'skill:pain') {
+    return provenance === 'openclaw_context_bound' ? 'agent_on_owner_request' : 'owner_reported';
+  }
+
+  // Dispatch errors (tool not found, unknown tool)
+  if (failureSource === 'dispatch_error') {
+    return 'dispatch_error';
+  }
+
+  // Regular tool failure
+  return 'tool_failure';
+}
+
+/**
+ * Map empathy/semantic detection context to SourceKind.
+ *
+ * Classifies based on detection source prefix:
+ * - 'llm_paralysis' → llm_paralysis
+ * - 'llm_*' (detection rule) → semantic
+ * - 'user_empathy' or empathy keyword match → empathy_inferred
+ * - GFI threshold crossed → gfi_threshold
+ */
+export function resolveSourceKindFromLlmDetection(
+  detectionSource: string,
+  isGfiTriggered: boolean,
+): SourceKind {
+  if (isGfiTriggered) return 'gfi_threshold';
+  if (detectionSource === 'llm_paralysis') return 'llm_paralysis';
+  if (detectionSource.startsWith('llm_')) return 'semantic';
+  if (detectionSource === 'user_empathy') return 'empathy_inferred';
+  return 'unknown';
+}
+
+/**
+ * Map gate-block context to SourceKind.
+ */
+export function resolveSourceKindFromGateBlock(): SourceKind {
+  return 'rulehost_block';
+}
+
+/**
+ * Map /pd-pain command to SourceKind.
+ */
+export function resolveSourceKindFromCommand(): SourceKind {
+  return 'owner_reported';
+}
+
+/**
+ * Map provider/rate-limit failure to SourceKind.
+ */
+export function resolveSourceKindFromProvider(
+  isRateLimit: boolean,
+): SourceKind {
+  return isRateLimit ? 'rate_limit' : 'provider_failure';
+}
+
+/**
+ * Map subagent error to SourceKind.
+ */
+export function resolveSourceKindFromSubagent(): SourceKind {
+  return 'subagent_error';
+}
+
+// ── Triage Evaluation ───────────────────────────────────────────────────────
+
+/**
+ * Evaluate evidence triage for a given source kind and context.
+ *
+ * This is the main entry point for hooks. It calls the pure triage policy
+ * from principles-core and returns the result.
+ *
+ * The caller (hook) is responsible for:
+ * - Checking the painEvidenceAdmission feature flag
+ * - Acting on the triage result (proceed to diagnosis, store evidence, etc.)
+ * - Falling back to existing behavior when the flag is off
+ */
+export function evaluateEvidenceTriage(
+  sourceKind: SourceKind,
+  score: number,
+  options?: {
+    isUnsafeHighConfidence?: boolean;
+    provenance?: 'openclaw_context_bound' | 'owner_reported_no_host_trace' | 'automatic_hook';
+  },
+): TriageResult {
+  const input: TriageInput = {
+    sourceKind,
+    score,
+    isUnsafeHighConfidence: options?.isUnsafeHighConfidence,
+    provenance: options?.provenance,
+  };
+
+  return evaluateTriage(input);
+}
+
+// ── High-Confidence Unsafe Action Detection ──────────────────────────────────
+
+/**
+ * Determine if a gate-blocked action is a high-confidence unsafe action.
+ *
+ * This is a heuristic that the plugin adapter owns. Core does not know about
+ * these heuristics — it only receives the boolean flag.
+ *
+ * Criteria for high-confidence unsafe:
+ * - Score >= 70 (high severity)
+ * - Tool is in the risky write set
+ * - Action would be irreversible (file deletion, force push, etc.)
+ */
+export function isHighConfidenceUnsafeAction(
+  score: number,
+  isRisky: boolean,
+): boolean {
+  return isRisky && score >= 70;
+}

package/tests/hooks/gate-block-helper-profile.test.ts

@@ -0,0 +1,186 @@
+/**
+ * Gate Block Helper — PROFILE loading resilience tests
+ *
+ * Verifies that recordGateBlockAndReturn handles malformed/oversized PROFILE
+ * gracefully: try/catch, 1MB size guard, fallback to non-risky, no crash.
+ *
+ * ERR checklist:
+ * - ERR-026: All PROFILE loads have try/catch (gate-block-helper.ts matches pain.ts)
+ * - ERR-024/025: Production-path tests for the edge case
+ */
+
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
+import { WorkspaceContext } from '../../src/core/workspace-context.js';
+import { EventLogService } from '../../src/core/event-log.js';
+import { clearSession } from '../../src/core/session-tracker.js';
+import { resetPainDiagnosticGateForTest } from '../../src/core/pain-diagnostic-gate.js';
+
+vi.mock('fs');
+vi.mock('../../src/utils/io.js', () => ({
+  isRisky: vi.fn(() => false),
+}));
+vi.mock('../../src/core/evolution-engine.js', () => ({
+  recordEvolutionSuccess: vi.fn(),
+  recordEvolutionFailure: vi.fn(),
+}));
+vi.mock('../../src/core/evolution-logger.js', () => ({
+  createTraceId: vi.fn(() => 'trace-123'),
+  getEvolutionLogger: vi.fn(() => ({
+    logPainDetected: vi.fn(),
+  })),
+}));
+vi.mock('../../src/core/pd-config-loader.js', () => ({
+  loadPdConfigForPlugin: vi.fn(() => ({ ok: true, source: 'mock', effective: {}, errors: [] })),
+  loadFeatureFlagFromConfig: vi.fn(() => ({ enabled: true, source: 'test' })),
+}));
+
+const mockEmitSync = vi.fn();
+const mockRecordProbationFeedback = vi.fn();
+const mockUpdatePrincipleValueMetrics = vi.fn();
+
+function makeTestWctx(overrides: Record<string, unknown> = {}) {
+  return {
+    workspaceDir: '/mock/workspace',
+    stateDir: '/mock/state',
+    config: { get: vi.fn().mockReturnValue(40) },
+    eventLog: {
+      recordGateBlock: vi.fn(),
+      recordPainSignal: vi.fn(),
+    },
+    trajectory: {
+      recordGateBlock: vi.fn(),
+      recordPainEvent: vi.fn(),
+      recordToolCall: vi.fn(),
+    },
+    principleTreeLedger: {
+      updatePrincipleValueMetrics: mockUpdatePrincipleValueMetrics,
+    },
+    evolutionReducer: {
+      emitSync: mockEmitSync,
+      recordProbationFeedback: mockRecordProbationFeedback,
+      getPrincipleById: vi.fn(),
+    },
+    resolve: vi.fn().mockImplementation((key: string) => {
+      if (key === 'PROFILE') return '/mock/workspace/PROFILE.json';
+      return '';
+    }),
+    ...overrides,
+  };
+}
+
+describe('Gate Block Helper — PROFILE Resilience', () => {
+  const sessionId = 's-profile-test';
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+    mockEmitSync.mockReset();
+    mockRecordProbationFeedback.mockReset();
+    mockUpdatePrincipleValueMetrics.mockReset();
+    vi.spyOn(WorkspaceContext, 'fromHookContext').mockReturnValue(makeTestWctx() as any);
+    vi.spyOn(EventLogService, 'get').mockReturnValue({} as any);
+    clearSession(sessionId);
+    resetPainDiagnosticGateForTest();
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  it('malformed PROFILE.json does not throw, returns block result with non-risky fallback', async () => {
+    // Arrange: PROFILE exists but contains invalid JSON
+    vi.mocked(fs.existsSync).mockReturnValue(true);
+    vi.mocked(fs.readFileSync).mockReturnValue('{ invalid json }');
+
+    // Dynamic import AFTER mocks are set up
+    const { recordGateBlockAndReturn } = await import('../../src/hooks/gate-block-helper.js');
+
+    // Act & Assert: does NOT throw
+    const result = recordGateBlockAndReturn(
+      makeTestWctx() as any,
+      {
+        filePath: 'src/danger.ts',
+        reason: 'Test block reason',
+        toolName: 'write',
+        sessionId,
+      },
+      { warn: vi.fn(), error: vi.fn(), info: vi.fn() },
+    );
+
+    expect(result).toBeDefined();
+    expect(result.block).toBe(true);
+    expect(result.blockReason).toContain('Security Gate Blocked');
+    // verify emitPainDetectedEvent was NOT called (triage fell back to non-risky)
+    expect(mockEmitSync).not.toHaveBeenCalled();
+  });
+
+  it('oversized PROFILE (>1MB) falls back to non-risky without crash', async () => {
+    // Arrange: PROFILE > 1MB
+    vi.mocked(fs.existsSync).mockReturnValue(true);
+    vi.mocked(fs.readFileSync).mockReturnValue('x'.repeat(1024 * 1024 + 1));
+
+    const { recordGateBlockAndReturn } = await import('../../src/hooks/gate-block-helper.js');
+
+    const result = recordGateBlockAndReturn(
+      makeTestWctx() as any,
+      {
+        filePath: 'src/danger.ts',
+        reason: 'Test block reason',
+        toolName: 'write',
+        sessionId,
+      },
+      { warn: vi.fn(), error: vi.fn(), info: vi.fn() },
+    );
+
+    expect(result).toBeDefined();
+    expect(result.block).toBe(true);
+    expect(mockEmitSync).not.toHaveBeenCalled();
+  });
+
+  it('missing PROFILE.json defaults to non-risky without error', async () => {
+    // Arrange: PROFILE does not exist
+    vi.mocked(fs.existsSync).mockReturnValue(false);
+
+    const { recordGateBlockAndReturn } = await import('../../src/hooks/gate-block-helper.js');
+
+    const result = recordGateBlockAndReturn(
+      makeTestWctx() as any,
+      {
+        filePath: 'src/danger.ts',
+        reason: 'Test block',
+        toolName: 'edit',
+        sessionId,
+      },
+      { warn: vi.fn(), error: vi.fn(), info: vi.fn() },
+    );
+
+    expect(result).toBeDefined();
+    expect(result.block).toBe(true);
+  });
+
+  it('fs.readFileSync permission error falls back gracefully', async () => {
+    // Arrange: existsSync returns true but readFileSync throws
+    vi.mocked(fs.existsSync).mockReturnValue(true);
+    vi.mocked(fs.readFileSync).mockImplementation(() => {
+      throw new Error('EACCES: permission denied');
+    });
+
+    const { recordGateBlockAndReturn } = await import('../../src/hooks/gate-block-helper.js');
+
+    const result = recordGateBlockAndReturn(
+      makeTestWctx() as any,
+      {
+        filePath: 'src/danger.ts',
+        reason: 'Test block',
+        toolName: 'write',
+        sessionId,
+      },
+      { warn: vi.fn(), error: vi.fn(), info: vi.fn() },
+    );
+
+    expect(result).toBeDefined();
+    expect(result.block).toBe(true);
+  });
+});