Merge branch 'main' into fix/git-log-delimiter-collision

Author: unifiedh

src/__tests__/authority-rules.test.ts

@@ -427,6 +427,57 @@ describe("Rate Limit Rules", () => {
       expect(decision.reasonCode).toBe("RATE_LIMIT_SPAWN");
     });
   });
+
+  describe("rate limit DB unavailable", () => {
+    it("denies when DB is not accessible (fail-closed)", () => {
+      const rules = createRateLimitRules();
+      const engine = new PolicyEngine(db, rules);
+
+      const tool = createMockTool({
+        name: "update_genesis_prompt",
+        riskLevel: "dangerous",
+        category: "self_mod",
+      });
+      // Pass no DB to simulate DB unavailable
+      const request = createRequest(tool, {}, "agent");
+
+      const decision = engine.evaluate(request);
+      expect(decision.action).toBe("deny");
+      expect(decision.reasonCode).toBe("DB_UNAVAILABLE");
+    });
+
+    it("denies edit_own_file when DB is not accessible", () => {
+      const rules = createRateLimitRules();
+      const engine = new PolicyEngine(db, rules);
+
+      const tool = createMockTool({
+        name: "edit_own_file",
+        riskLevel: "dangerous",
+        category: "self_mod",
+      });
+      const request = createRequest(tool, {}, "agent");
+
+      const decision = engine.evaluate(request);
+      expect(decision.action).toBe("deny");
+      expect(decision.reasonCode).toBe("DB_UNAVAILABLE");
+    });
+
+    it("denies spawn_child when DB is not accessible", () => {
+      const rules = createRateLimitRules();
+      const engine = new PolicyEngine(db, rules);
+
+      const tool = createMockTool({
+        name: "spawn_child",
+        riskLevel: "dangerous",
+        category: "replication",
+      });
+      const request = createRequest(tool, {}, "agent");
+
+      const decision = engine.evaluate(request);
+      expect(decision.action).toBe("deny");
+      expect(decision.reasonCode).toBe("DB_UNAVAILABLE");
+    });
+  });
 });
 
 // ─── Financial Phase 1 Rules Tests ──────────────────────────────

src/__tests__/low-compute.test.ts

@@ -0,0 +1,114 @@
+import { describe, it, expect, vi } from "vitest";
+import {
+  canRunInference,
+  getModelForTier,
+  applyTierRestrictions,
+} from "../survival/low-compute.js";
+import type { SurvivalTier } from "../types.js";
+
+describe("canRunInference", () => {
+  it("allows inference for 'high' tier", () => {
+    expect(canRunInference("high")).toBe(true);
+  });
+
+  it("allows inference for 'normal' tier", () => {
+    expect(canRunInference("normal")).toBe(true);
+  });
+
+  it("allows inference for 'low_compute' tier", () => {
+    expect(canRunInference("low_compute")).toBe(true);
+  });
+
+  it("allows inference for 'critical' tier", () => {
+    expect(canRunInference("critical")).toBe(true);
+  });
+
+  it("denies inference for 'dead' tier", () => {
+    expect(canRunInference("dead")).toBe(false);
+  });
+});
+
+describe("getModelForTier", () => {
+  const defaultModel = "gpt-5.2";
+
+  it("returns default model for 'high' tier", () => {
+    expect(getModelForTier("high", defaultModel)).toBe(defaultModel);
+  });
+
+  it("returns default model for 'normal' tier", () => {
+    expect(getModelForTier("normal", defaultModel)).toBe(defaultModel);
+  });
+
+  it("returns a cheaper model for 'low_compute' tier", () => {
+    const model = getModelForTier("low_compute", defaultModel);
+    expect(model).not.toBe(defaultModel);
+  });
+
+  it("returns a cheaper model for 'critical' tier", () => {
+    const model = getModelForTier("critical", defaultModel);
+    expect(model).not.toBe(defaultModel);
+  });
+
+  it("returns a value for every tier", () => {
+    const tiers: SurvivalTier[] = ["high", "normal", "low_compute", "critical", "dead"];
+    for (const tier of tiers) {
+      const model = getModelForTier(tier, defaultModel);
+      expect(model).toBeTruthy();
+    }
+  });
+});
+
+describe("applyTierRestrictions", () => {
+  function makeMocks() {
+    return {
+      inference: { setLowComputeMode: vi.fn() },
+      db: {
+        setKV: vi.fn(),
+        getKV: vi.fn(),
+        raw: {} as any,
+        insertTurn: vi.fn(),
+        updateTurn: vi.fn(),
+        getTurnsBySession: vi.fn(),
+        insertToolCall: vi.fn(),
+        getToolCallsByTurn: vi.fn(),
+        getChildById: vi.fn(),
+        getChildren: vi.fn(),
+        insertChild: vi.fn(),
+        updateChild: vi.fn(),
+        deleteChild: vi.fn(),
+        close: vi.fn(),
+      },
+    };
+  }
+
+  it("sets low compute mode off for 'high' tier", () => {
+    const { inference, db } = makeMocks();
+    applyTierRestrictions("high", inference as any, db as any);
+    expect(inference.setLowComputeMode).toHaveBeenCalledWith(false);
+    expect(db.setKV).toHaveBeenCalledWith("current_tier", "high");
+  });
+
+  it("sets low compute mode off for 'normal' tier", () => {
+    const { inference, db } = makeMocks();
+    applyTierRestrictions("normal", inference as any, db as any);
+    expect(inference.setLowComputeMode).toHaveBeenCalledWith(false);
+  });
+
+  it("sets low compute mode on for 'low_compute' tier", () => {
+    const { inference, db } = makeMocks();
+    applyTierRestrictions("low_compute", inference as any, db as any);
+    expect(inference.setLowComputeMode).toHaveBeenCalledWith(true);
+  });
+
+  it("sets low compute mode on for 'critical' tier", () => {
+    const { inference, db } = makeMocks();
+    applyTierRestrictions("critical", inference as any, db as any);
+    expect(inference.setLowComputeMode).toHaveBeenCalledWith(true);
+  });
+
+  it("sets low compute mode on for 'dead' tier", () => {
+    const { inference, db } = makeMocks();
+    applyTierRestrictions("dead", inference as any, db as any);
+    expect(inference.setLowComputeMode).toHaveBeenCalledWith(true);
+  });
+});

src/__tests__/memory.test.ts

@@ -166,6 +166,15 @@ describe("WorkingMemoryManager", () => {
     expect(wm.getBySession("s2")).toHaveLength(1);
     expect(wm.getBySession("s1")[0].content).toBe("S1 entry");
   });
+
+  it("prune with negative maxEntries does not delete entries", () => {
+    wm.add({ sessionId: "s1", content: "Entry 1", contentType: "note" });
+    wm.add({ sessionId: "s1", content: "Entry 2", contentType: "note" });
+
+    const removed = wm.prune("s1", -5);
+    expect(removed).toBe(0);
+    expect(wm.getBySession("s1")).toHaveLength(2);
+  });
 });
 
 // ─── Episodic Memory Tests ────────────────────────────────────
@@ -242,6 +251,30 @@ describe("EpisodicMemoryManager", () => {
     }
     expect(ep.getRecent("s1", 3)).toHaveLength(3);
   });
+
+  it("prune with zero or negative retentionDays does not delete entries", () => {
+    ep.record({ sessionId: "s1", eventType: "test", summary: "Recent event" });
+
+    expect(ep.prune(0)).toBe(0);
+    expect(ep.prune(-30)).toBe(0);
+    expect(ep.getRecent("s1")).toHaveLength(1);
+  });
+  
+  it("should escape SQL LIKE wildcards in search queries", () => {
+    ep.record({ sessionId: "s1", eventType: "test", summary: "100% complete" });
+    ep.record({ sessionId: "s1", eventType: "test", summary: "file_name test" });
+    ep.record({ sessionId: "s1", eventType: "test", summary: "unrelated entry" });
+
+    // '%' in query should match literally, not as a wildcard
+    const pctResults = ep.search("100%");
+    expect(pctResults).toHaveLength(1);
+    expect(pctResults[0].summary).toBe("100% complete");
+
+    // '_' in query should match literally, not as single-char wildcard
+    const underResults = ep.search("file_name");
+    expect(underResults).toHaveLength(1);
+    expect(underResults[0].summary).toBe("file_name test");
+  });
 });
 
 // ─── Semantic Memory Tests ────────────────────────────────────
@@ -385,6 +418,22 @@ describe("ProceduralMemoryManager", () => {
     pm.delete("temp_proc");
     expect(pm.get("temp_proc")).toBeUndefined();
   });
+
+  it("should escape SQL LIKE wildcards in search queries", () => {
+    pm.save({ name: "deploy_100%", description: "Full deploy", steps: [] });
+    pm.save({ name: "deploy_app", description: "Standard deploy", steps: [] });
+
+    // '%' should match literally — only "deploy_100%" matches, not both
+    const pctResults = pm.search("100%");
+    expect(pctResults).toHaveLength(1);
+    expect(pctResults[0].name).toBe("deploy_100%");
+
+    // '_' should match literally — "deploy_app" should not match "deploy.app"
+    pm.save({ name: "deploy.app", description: "Dot deploy", steps: [] });
+    const underResults = pm.search("deploy_app");
+    expect(underResults).toHaveLength(1);
+    expect(underResults[0].name).toBe("deploy_app");
+  });
 });
 
 // ─── Relationship Memory Tests ────────────────────────────────
@@ -640,6 +689,26 @@ describe("MemoryIngestionPipeline", () => {
     expect(decision).toBeTruthy();
     expect(decision!.content).toContain("edit_own_file");
   });
+
+  it("should record inbox sender interaction only once per turn, not per tool call", () => {
+    // Simulate a turn from an agent message with multiple tool calls
+    const turn = makeTurn({
+      inputSource: "agent" as any,
+      input: "[Message from 0xDEADBEEF]: Hello there",
+      toolCalls: [
+        makeToolCallResult({ id: "tc_1", name: "exec", result: "ok" }),
+        makeToolCallResult({ id: "tc_2", name: "exec", result: "ok" }),
+        makeToolCallResult({ id: "tc_3", name: "exec", result: "ok" }),
+      ],
+    });
+    pipeline.ingest("s1", turn, turn.toolCalls);
+
+    const rm = new RelationshipMemoryManager(db);
+    const rel = rm.get("0xDEADBEEF");
+    expect(rel).toBeTruthy();
+    // Should have interaction_count of 0 (new record) — NOT inflated by N tool calls
+    expect(rel!.interactionCount).toBe(0);
+  });
 });
 
 // ─── Turn Classification Tests ────────────────────────────────

src/__tests__/replication.test.ts

@@ -10,12 +10,16 @@
 
 import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
 import { isValidWalletAddress, spawnChild } from "../replication/spawn.js";
+import { SandboxCleanup } from "../replication/cleanup.js";
+import { ChildLifecycle } from "../replication/lifecycle.js";
+import { pruneDeadChildren } from "../replication/lineage.js";
 import {
   MockConwayClient,
   createTestDb,
   createTestIdentity,
 } from "./mocks.js";
 import type { AutomatonDatabase, GenesisConfig } from "../types.js";
+import { MIGRATION_V7 } from "../state/schema.js";
 
 // Mock fs for constitution propagation
 vi.mock("fs", async (importOriginal) => {
@@ -194,3 +198,110 @@ describe("spawnChild", () => {
     expect(deleteSpy).not.toHaveBeenCalled();
   });
 });
+
+// ─── SandboxCleanup ──────────────────────────────────────────
+
+describe("SandboxCleanup", () => {
+  let conway: MockConwayClient;
+  let db: AutomatonDatabase;
+  let lifecycle: ChildLifecycle;
+
+  beforeEach(() => {
+    conway = new MockConwayClient();
+    db = createTestDb();
+    // Apply lifecycle events migration
+    db.raw.exec(MIGRATION_V7);
+    lifecycle = new ChildLifecycle(db.raw);
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  it("does not transition to cleaned_up when sandbox deletion fails", async () => {
+    // Create a child and transition to stopped
+    lifecycle.initChild("child-1", "test-child", "sandbox-1", "test prompt");
+    lifecycle.transition("child-1", "sandbox_created", "created");
+    lifecycle.transition("child-1", "runtime_ready", "ready");
+    lifecycle.transition("child-1", "wallet_verified", "verified");
+    lifecycle.transition("child-1", "funded", "funded");
+    lifecycle.transition("child-1", "starting", "starting");
+    lifecycle.transition("child-1", "healthy", "healthy");
+    lifecycle.transition("child-1", "stopped", "stopped");
+
+    // Make deleteSandbox fail
+    vi.spyOn(conway, "deleteSandbox").mockRejectedValue(new Error("API unavailable"));
+
+    const cleanup = new SandboxCleanup(conway, lifecycle, db.raw);
+
+    await expect(cleanup.cleanup("child-1")).rejects.toThrow("API unavailable");
+
+    // Child should still be in "stopped" state, NOT "cleaned_up"
+    const state = lifecycle.getCurrentState("child-1");
+    expect(state).toBe("stopped");
+  });
+
+  it("transitions to cleaned_up when sandbox deletion succeeds", async () => {
+    lifecycle.initChild("child-2", "test-child", "sandbox-2", "test prompt");
+    lifecycle.transition("child-2", "sandbox_created", "created");
+    lifecycle.transition("child-2", "runtime_ready", "ready");
+    lifecycle.transition("child-2", "wallet_verified", "verified");
+    lifecycle.transition("child-2", "funded", "funded");
+    lifecycle.transition("child-2", "starting", "starting");
+    lifecycle.transition("child-2", "healthy", "healthy");
+    lifecycle.transition("child-2", "stopped", "stopped");
+
+    const cleanup = new SandboxCleanup(conway, lifecycle, db.raw);
+    await cleanup.cleanup("child-2");
+
+    const state = lifecycle.getCurrentState("child-2");
+    expect(state).toBe("cleaned_up");
+  });
+});
+
+// ─── pruneDeadChildren ──────────────────────────────────────
+
+describe("pruneDeadChildren", () => {
+  let db: AutomatonDatabase;
+  let conway: MockConwayClient;
+
+  beforeEach(() => {
+    db = createTestDb();
+    db.raw.exec(MIGRATION_V7);
+    conway = new MockConwayClient();
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  function insertChild(id: string, name: string, status: string, createdAt: string): void {
+    db.raw.prepare(
+      `INSERT INTO children (id, name, address, sandbox_id, genesis_prompt, status, created_at)
+       VALUES (?, ?, '0xabc', 'sandbox-${id}', 'prompt', ?, ?)`,
+    ).run(id, name, status, createdAt);
+  }
+
+  it("attempts sandbox cleanup for children with dead status", async () => {
+    // Insert 7 dead children (exceeds keepLast=5, so 2 should be pruned)
+    for (let i = 0; i < 7; i++) {
+      insertChild(`dead-${i}`, `child-${i}`, "dead", `2020-01-0${i + 1} 00:00:00`);
+    }
+
+    // Create a mock cleanup that tracks calls
+    const cleanupCalls: string[] = [];
+    const mockCleanup = {
+      cleanup: vi.fn(async (childId: string) => {
+        cleanupCalls.push(childId);
+      }),
+    } as any;
+
+    const removed = await pruneDeadChildren(db, mockCleanup, 5);
+
+    // 2 oldest should be removed (dead-0 and dead-1)
+    expect(removed).toBe(2);
+    // cleanup.cleanup should have been called for "dead" children
+    expect(cleanupCalls).toContain("dead-0");
+    expect(cleanupCalls).toContain("dead-1");
+  });
+});