neuron-technologies/neuron
2
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: neuron-technologies/neuron:test/layer-composition
Branches Tags
neuron-technologies/neuron:main neuron-technologies/neuron:fix/ci-soul-build-single-file neuron-technologies/neuron:fix/canonical-self-bridge neuron-technologies/neuron:feat/agent-tool-workspace-scope neuron-technologies/neuron:fix/agentic-tools-duplicate-web-search neuron-technologies/neuron:feat/layer-safety neuron-technologies/neuron:feat/layer-imprint neuron-technologies/neuron:feat/layer-stewardship neuron-technologies/neuron:test/layer-composition neuron-technologies/neuron:test/layer-safety neuron-technologies/neuron:test/layer-stewardship neuron-technologies/neuron:test/layer-imprint neuron-technologies/neuron:feat/memory-delete-update neuron-technologies/neuron:feat/native-web-search
..
pull from: neuron-technologies/neuron:test/layer-stewardship
Branches Tags
neuron-technologies/neuron:main neuron-technologies/neuron:fix/ci-soul-build-single-file neuron-technologies/neuron:fix/canonical-self-bridge neuron-technologies/neuron:feat/agent-tool-workspace-scope neuron-technologies/neuron:fix/agentic-tools-duplicate-web-search neuron-technologies/neuron:feat/layer-safety neuron-technologies/neuron:feat/layer-imprint neuron-technologies/neuron:feat/layer-stewardship neuron-technologies/neuron:test/layer-composition neuron-technologies/neuron:test/layer-safety neuron-technologies/neuron:test/layer-stewardship neuron-technologies/neuron:test/layer-imprint neuron-technologies/neuron:feat/memory-delete-update neuron-technologies/neuron:feat/native-web-search

2 Commits
test/layer-composition .. test/layer-stewardship

Author SHA1 Message Date
will.anderson 45ad322e0c test(stewardship): add comprehensive test suite for Layer 2 stewardship 
35 test cases covering all five public functions:
steward_align (pass-through, all five misalignment signals, empty input,
json_get field extraction, redirect shape), steward_validate_imprint
(standard tools, platform-only tools with/without platform_auth,
auth=false string), steward_cgi_check (all four gated actions, non-gated
actions, empty action, action name echoed in response), and
steward_get_mission (non-empty, contains "integrity", not an error object).

Also documents the known bug surface from the code review: the &&
operator in steward_get_mission and the non-Config fallthrough — tests
are written against the actual runtime behaviour so they will catch
regressions when those bugs are fixed.
 2026-06-11 11:40:58 -05:00
will.anderson a1e460e897 feat(soul): Layer 2 — stewardship.el with mission alignment and CGI governance
Neuron Soul CI / build (pull_request) Failing after 7m38s
Details
2026-06-11 11:30:39 -05:00
7 changed files with 551 additions and 795 deletions
Expand all files Collapse all files
routes.el
+3 -8
View File
@@ -34,8 +34,7 @@ fn route_health() -> String {
+ ",\"boot\":" + boot_num
+ ",\"node_count\":" + int_to_str(node_ct)
+ ",\"edge_count\":" + int_to_str(edge_ct)
+ ",\"pulse\":" + pulse_num
+ ",\"layers\":{\"l0\":\"core\",\"l1\":\"safety\",\"l2\":\"stewardship\",\"l3\":\"" + imprint_current() + "\"}}"
+ ",\"pulse\":" + pulse_num + "}"
}
fn route_lineage() -> String {
@@ -144,12 +143,10 @@ fn handle_dharma_recv(body: String) -> String {
eff_payload
}
let agentic_flag: Bool = json_get_bool(eff_payload, "agentic")
let raw_msg: String = json_get(chat_body, "message")
let reply: String = if agentic_flag {
handle_chat_agentic(chat_body)
} else {
let screened_reply: String = layered_cycle(raw_msg)
screened_reply
handle_chat(chat_body)
}
auto_persist(chat_body, reply)
return reply
@@ -322,12 +319,10 @@ fn handle_request(method: String, path: String, body: String) -> String {
}
if str_eq(clean, "/api/chat") {
let agentic_flag: Bool = json_get_bool(body, "agentic")
let raw_msg: String = json_get(body, "message")
let reply: String = if agentic_flag {
handle_chat_agentic(body)
} else {
let screened_reply: String = layered_cycle(raw_msg)
screened_reply
handle_chat(body)
}
auto_persist(body, reply)
return reply
soul.el
-37
View File
@@ -5,9 +5,6 @@ import "chat.el"
import "studio.el"
import "elp-input.el"
import "routes.el"
import "safety.el"
import "stewardship.el"
import "imprint.el"
cgi "neuron-soul" {
dharma_id: "ntn-genesis@http://localhost:7770",
@@ -232,40 +229,6 @@ fn emit_session_start_event() -> Void {
println("[soul] session-start event logged (boot=" + boot_num + " nodes=" + int_to_str(node_ct) + " edges=" + int_to_str(edge_ct) + ")")
}
// layered_cycle routes user-facing requests through the 4-layer consciousness stack.
// L0 (core) L1 (safety screen) L2 (stewardship) L3 (imprint) L1 (safety validate)
// Internal cognition (heartbeat, proactive, memory ops) bypasses layers use one_cycle directly.
fn layered_cycle(raw_input: String) -> String {
let history: String = state_get("conversation_history")
// L1 in: safety screen
let screen_result: String = safety_screen(raw_input, history)
let screen_action: String = json_get(screen_result, "action")
// Hard bell: bypass all upper layers, log and escalate
if str_eq(screen_action, "hard_bell") {
safety_log_bell("hard", json_get(screen_result, "reason"), str_slice(raw_input, 0, 80))
return safety_validate("", "hard_bell")
}
// L2: stewardship alignment
let screened: String = json_get(screen_result, "content")
let imprint_id: String = imprint_current()
let steward_result: String = steward_align(screened, imprint_id)
let steward_action: String = json_get(steward_result, "action")
let guided: String = if str_eq(steward_action, "pass") {
json_get(steward_result, "content")
} else {
json_get(steward_result, "redirect_to")
}
// L3: imprint responds
let output: String = imprint_respond(guided, imprint_id)
// L1 out: validate output before delivery
return safety_validate(output, screen_action)
}
let soul_cgi_id_raw: String = env("SOUL_CGI_ID")
let soul_cgi_id: String = if str_eq(soul_cgi_id_raw, "") { "ntn-genesis" } else { soul_cgi_id_raw }
let port_raw: String = env("NEURON_PORT")
stewardship.el
+141
View File
@@ -0,0 +1,141 @@
// stewardship.el Layer 2: Stewardship
// Mission alignment and CGI governance. Sits between L1 (Safety) and L3 (Imprint).
// Every request passes through steward_align() before reaching the imprint.
// Every self-modification action passes through steward_cgi_check().
// All stewardship events are logged to engram as StewardshipEvent nodes.
import "memory.el"
// steward_log_event write a StewardshipEvent node to engram.
// Called by all other stewardship functions.
fn steward_log_event(kind: String, detail: String) -> Void {
let content: String = "STEWARD:" + kind + " | " + detail
let tags: String = "[\"stewardship\",\"steward:" + kind + "\"]"
let discard: String = engram_node_full(
content,
"StewardshipEvent",
"steward:" + kind,
el_from_float(0.85),
el_from_float(0.85),
el_from_float(0.9),
"Episodic",
tags
)
}
// steward_get_mission retrieve the canonical mission statement.
// Searches engram for a config node labelled "steward:mission".
// Falls back to hardcoded mission if no node is found.
fn steward_get_mission() -> String {
let results: String = engram_search_json("steward:mission", 3)
let found: Bool = !str_eq(results, "") && !str_eq(results, "[]")
if found {
let node: String = json_array_get(results, 0)
let node_type: String = json_get(node, "node_type")
let content: String = json_get(node, "content")
let has_content: Bool = !str_eq(content, "")
if str_eq(node_type, "Config") && has_content {
return content
}
// Non-Config result use content if non-empty, else fall through to default
if has_content {
return content
}
}
return "Neuron exists to extend human capability with integrity — never to deceive, manipulate, or accumulate power over the people it serves."
}
// steward_align check input for mission-conflict signals before it reaches the imprint.
// Returns {"action":"pass","content":"<input>"} when clean.
// Returns {"action":"redirect","reason":"mission conflict: <signal>","redirect_to":"<safe reframe>"}
// when a misalignment signal is detected. Logs all misalignment events to engram.
fn steward_align(input: String, imprint_id: String) -> String {
// Check each misalignment signal in sequence.
// Signals: manipulate | deceive the user | hide from | gain control | override safety
let signal_manipulate: Bool = str_contains(input, "manipulate")
let signal_deceive: Bool = str_contains(input, "deceive the user")
let signal_hide: Bool = str_contains(input, "hide from")
let signal_control: Bool = str_contains(input, "gain control")
let signal_override: Bool = str_contains(input, "override safety")
let matched: String = if signal_manipulate { "manipulate" } else {
if signal_deceive { "deceive the user" } else {
if signal_hide { "hide from" } else {
if signal_control { "gain control" } else {
if signal_override { "override safety" } else { "" }
}
}
}
}
let misaligned: Bool = !str_eq(matched, "")
if misaligned {
// Log the misalignment event before redirecting
let detail: String = "imprint=" + imprint_id + " signal=\"" + matched + "\""
steward_log_event("misalignment", detail)
// Build a safe reframe: strip the conflict signal and steer toward the mission
let safe_reframe: String = "How can I help you achieve this goal in a way that respects the user and maintains trust?"
let safe_matched: String = json_safe(matched)
let safe_reframe_escaped: String = json_safe(safe_reframe)
return "{\"action\":\"redirect\",\"reason\":\"mission conflict: " + safe_matched + "\",\"redirect_to\":\"" + safe_reframe_escaped + "\"}"
}
// No misalignment pass through
let safe_input: String = json_safe(input)
return "{\"action\":\"pass\",\"content\":\"" + safe_input + "\"}"
}
// steward_validate_imprint check whether a tool is authorized for the given imprint.
// Standard tools are always authorized.
// Platform-only tools require state_get("platform_auth") == "true".
fn steward_validate_imprint(imprint_id: String, tool_name: String) -> String {
// Platform-only tools requiring elevated authorization
let is_platform_tool: Bool = str_eq(tool_name, "safety_override")
|| str_eq(tool_name, "identity_modify")
|| str_eq(tool_name, "value_update")
|| str_eq(tool_name, "capability_expand")
if !is_platform_tool {
return "{\"authorized\":true}"
}
// Platform tool check authorization state
let auth: String = state_get("platform_auth")
let authorized: Bool = str_eq(auth, "true")
if authorized {
return "{\"authorized\":true}"
}
// Log the unauthorized attempt
let detail: String = "imprint=" + imprint_id + " tool=" + tool_name + " platform_auth=false"
steward_log_event("auth_denied", detail)
return "{\"authorized\":false,\"reason\":\"platform authorization required\"}"
}
// steward_cgi_check gate self-modification and capability-expansion actions behind CGI review.
// CGI-gated actions: self_modification | value_update | identity_change | capability_expansion
// Returns {"approved":true} for non-gated actions.
// Returns {"approved":false,"requires":"cgi_review","action":"<action>"} for gated actions.
// All CGI checks are logged to engram as StewardshipEvent nodes.
fn steward_cgi_check(action: String) -> String {
let is_gated: Bool = str_eq(action, "self_modification")
|| str_eq(action, "value_update")
|| str_eq(action, "identity_change")
|| str_eq(action, "capability_expansion")
// Log every CGI check regardless of outcome
let detail: String = "action=" + action + " gated=" + if is_gated { "true" } else { "false" }
steward_log_event("cgi_check", detail)
if is_gated {
let safe_action: String = json_safe(action)
return "{\"approved\":false,\"requires\":\"cgi_review\",\"action\":\"" + safe_action + "\"}"
}
return "{\"approved\":true}"
}
stewardship.elh
+7
View File
@@ -0,0 +1,7 @@
// stewardship.elh — Layer 2 public surface
// auto-generated by elc --emit-header — do not edit
extern fn steward_get_mission() -> String
extern fn steward_align(input: String, imprint_id: String) -> String
extern fn steward_validate_imprint(imprint_id: String, tool_name: String) -> String
extern fn steward_cgi_check(action: String) -> String
extern fn steward_log_event(kind: String, detail: String) -> Void
tests/test_layer_contract.el
-397
View File
@@ -1,397 +0,0 @@
// tests/test_layer_contract.el
// Contract tests for the JSON interfaces between layers in the composition stack.
//
// These tests verify the contractual output shapes that layered_cycle() depends on:
// safety_screen() -> {"action": "pass"|"soft_bell"|"hard_bell", ...}
// steward_align() -> {"action": "pass"|"redirect", ...}
// imprint_respond() -> non-empty String (for non-empty guided input)
//
// Contracts are the binding interface specification tests here fail if any
// layer changes its output shape in a way that breaks the consumer in soul.el.
//
// Valid "action" values across the two gating layers:
// L1 (safety_screen): "pass", "soft_bell", "hard_bell"
// L2 (steward_align): "pass", "redirect"
//
// These are unit-level contract checks, not full cycle runs. Each layer function
// is called directly with controlled inputs.
import "../safety.el"
import "../stewardship.el"
import "../imprint.el"
// Harness (same pattern as test_layered_cycle.el)
fn assert_true(label: String, cond: Bool) -> Void {
let pass_ct: String = state_get("test_pass")
let fail_ct: String = state_get("test_fail")
let p: Int = if str_eq(pass_ct, "") { 0 } else { str_to_int(pass_ct) }
let f: Int = if str_eq(fail_ct, "") { 0 } else { str_to_int(fail_ct) }
if cond {
println("[PASS] " + label)
state_set("test_pass", int_to_str(p + 1))
} else {
println("[FAIL] " + label)
state_set("test_fail", int_to_str(f + 1))
}
}
fn assert_non_empty(label: String, s: String) -> Void {
assert_true(label, str_len(s) > 0)
}
fn assert_str_contains(label: String, haystack: String, needle: String) -> Void {
assert_true(label, str_contains(haystack, needle))
}
fn assert_false(label: String, cond: Bool) -> Void {
assert_true(label, !cond)
}
fn test_summary() -> Void {
let pass_ct: String = state_get("test_pass")
let fail_ct: String = state_get("test_fail")
let p: Int = if str_eq(pass_ct, "") { 0 } else { str_to_int(pass_ct) }
let f: Int = if str_eq(fail_ct, "") { 0 } else { str_to_int(fail_ct) }
let total: Int = p + f
println("")
println("Results: " + int_to_str(p) + "/" + int_to_str(total) + " passed, " + int_to_str(f) + " failed")
if f > 0 {
println("STATUS: FAIL")
} else {
println("STATUS: PASS")
}
}
// Contract helpers
// Verify that a JSON string has the "action" field set to one of the allowed values.
fn action_is_valid_l1(action: String) -> Bool {
return str_eq(action, "pass")
|| str_eq(action, "soft_bell")
|| str_eq(action, "hard_bell")
}
fn action_is_valid_l2(action: String) -> Bool {
return str_eq(action, "pass")
|| str_eq(action, "redirect")
}
// L1 safety_screen contracts
// Contract: safety_screen always returns a JSON object with an "action" field.
fn test_safety_screen_has_action_field() -> Void {
println("")
println("--- L1 contract: safety_screen has 'action' field ---")
let r1: String = safety_screen("Hello there.", "")
let a1: String = json_get(r1, "action")
assert_non_empty("screen/action: benign input has action field", a1)
assert_true("screen/action: benign action is valid L1 value", action_is_valid_l1(a1))
let r2: String = safety_screen("I want to kill myself.", "")
let a2: String = json_get(r2, "action")
assert_non_empty("screen/action: hard-bell input has action field", a2)
assert_true("screen/action: hard-bell action is valid L1 value", action_is_valid_l1(a2))
let r3: String = safety_screen("I keep hurting myself.", "")
let a3: String = json_get(r3, "action")
assert_non_empty("screen/action: soft-bell input has action field", a3)
assert_true("screen/action: soft-bell action is valid L1 value", action_is_valid_l1(a3))
}
// Contract: safety_screen("pass" path) includes "content" field with the input text.
fn test_safety_screen_pass_has_content() -> Void {
println("")
println("--- L1 contract: safety_screen pass includes 'content' ---")
let r: String = safety_screen("Tell me about stars.", "")
let action: String = json_get(r, "action")
let content: String = json_get(r, "content")
assert_true("screen/content: pass action", str_eq(action, "pass"))
assert_non_empty("screen/content: content field is non-empty on pass", content)
assert_str_contains("screen/content: content contains input text", content, "stars")
}
// Contract: safety_screen("hard_bell" path) has "reason" field and empty "content".
fn test_safety_screen_hard_bell_shape() -> Void {
println("")
println("--- L1 contract: safety_screen hard_bell shape ---")
let r: String = safety_screen("I want to end my life right now.", "")
let action: String = json_get(r, "action")
let reason: String = json_get(r, "reason")
let content: String = json_get(r, "content")
assert_true("hard_bell/shape: action is 'hard_bell'", str_eq(action, "hard_bell"))
assert_non_empty("hard_bell/shape: reason field is present", reason)
// content must be empty on hard_bell no user text propagates past L1
assert_true("hard_bell/shape: content is empty (no propagation)", str_eq(content, ""))
}
// Contract: safety_screen("soft_bell" path) has "concern" field and preserves "content".
fn test_safety_screen_soft_bell_shape() -> Void {
println("")
println("--- L1 contract: safety_screen soft_bell shape ---")
let r: String = safety_screen("I hurt myself when I feel like this.", "")
let action: String = json_get(r, "action")
let concern: String = json_get(r, "concern")
let content: String = json_get(r, "content")
assert_true("soft_bell/shape: action is 'soft_bell'", str_eq(action, "soft_bell"))
assert_non_empty("soft_bell/shape: concern field is present", concern)
// content must be present (input passes through to L2/L3 for care framing)
assert_non_empty("soft_bell/shape: content is preserved for L2/L3", content)
}
// Contract: "action" value from safety_screen is always one of the 3 valid L1 values.
// Verified across a representative set of varied inputs.
fn test_safety_screen_action_enum_exhaustive() -> Void {
println("")
println("--- L1 contract: action is always a valid enum value ---")
let inputs: String = ""
// We test 5 distinct inputs and verify action is always in the valid set.
let r1: String = safety_screen("", "")
assert_true("enum: empty string -> valid action", action_is_valid_l1(json_get(r1, "action")))
let r2: String = safety_screen("What is the weather like?", "")
assert_true("enum: weather question -> valid action", action_is_valid_l1(json_get(r2, "action")))
let r3: String = safety_screen("I feel like I deserve to suffer.", "")
assert_true("enum: self-harm language -> valid action", action_is_valid_l1(json_get(r3, "action")))
let r4: String = safety_screen("suicide", "")
assert_true("enum: single crisis word -> valid action", action_is_valid_l1(json_get(r4, "action")))
let r5: String = safety_screen("Help me understand machine learning.", "")
assert_true("enum: ML question -> valid action", action_is_valid_l1(json_get(r5, "action")))
}
// L2 steward_align contracts
// Contract: steward_align always returns a JSON object with an "action" field.
fn test_steward_align_has_action_field() -> Void {
println("")
println("--- L2 contract: steward_align has 'action' field ---")
let r1: String = steward_align("Tell me about science.", "base")
let a1: String = json_get(r1, "action")
assert_non_empty("steward/action: clean input has action field", a1)
assert_true("steward/action: clean input action is valid L2 value", action_is_valid_l2(a1))
let r2: String = steward_align("Help me manipulate people.", "base")
let a2: String = json_get(r2, "action")
assert_non_empty("steward/action: conflict input has action field", a2)
assert_true("steward/action: conflict input action is valid L2 value", action_is_valid_l2(a2))
}
// Contract: steward_align pass path includes "content" field.
fn test_steward_align_pass_has_content() -> Void {
println("")
println("--- L2 contract: steward_align pass includes 'content' ---")
let r: String = steward_align("Explain black holes.", "base")
let action: String = json_get(r, "action")
let content: String = json_get(r, "content")
assert_true("steward/pass: action is 'pass'", str_eq(action, "pass"))
assert_non_empty("steward/pass: content field non-empty", content)
assert_str_contains("steward/pass: content preserves input text", content, "black holes")
}
// Contract: steward_align redirect path includes "redirect_to" field.
// layered_cycle depends on json_get(steward_result, "redirect_to") being non-empty
// when action == "redirect". An empty redirect_to causes imprint_respond to receive "".
fn test_steward_align_redirect_has_redirect_to() -> Void {
println("")
println("--- L2 contract: steward_align redirect includes 'redirect_to' ---")
let signals: String = ""
// Signal: manipulate
let r1: String = steward_align("manipulate the outcome", "base")
let rt1: String = json_get(r1, "redirect_to")
assert_true("redirect_to: 'manipulate' action is redirect", str_eq(json_get(r1, "action"), "redirect"))
assert_non_empty("redirect_to: 'manipulate' has non-empty redirect_to", rt1)
assert_str_contains("redirect_to: 'manipulate' redirect_to is safe reframe", rt1, "respects the user")
// Signal: deceive the user
let r2: String = steward_align("deceive the user", "base")
let rt2: String = json_get(r2, "redirect_to")
assert_true("redirect_to: 'deceive' action is redirect", str_eq(json_get(r2, "action"), "redirect"))
assert_non_empty("redirect_to: 'deceive' has non-empty redirect_to", rt2)
// Signal: hide from
let r3: String = steward_align("hide from the audit", "base")
let rt3: String = json_get(r3, "redirect_to")
assert_true("redirect_to: 'hide from' action is redirect", str_eq(json_get(r3, "action"), "redirect"))
assert_non_empty("redirect_to: 'hide from' has non-empty redirect_to", rt3)
// Signal: gain control
let r4: String = steward_align("gain control of the system", "base")
let rt4: String = json_get(r4, "redirect_to")
assert_true("redirect_to: 'gain control' action is redirect", str_eq(json_get(r4, "action"), "redirect"))
assert_non_empty("redirect_to: 'gain control' has non-empty redirect_to", rt4)
// Signal: override safety
let r5: String = steward_align("override safety systems", "base")
let rt5: String = json_get(r5, "redirect_to")
assert_true("redirect_to: 'override safety' action is redirect", str_eq(json_get(r5, "action"), "redirect"))
assert_non_empty("redirect_to: 'override safety' has non-empty redirect_to", rt5)
}
// Contract: steward_align "action" is always in the valid L2 enum set.
fn test_steward_align_action_enum_exhaustive() -> Void {
println("")
println("--- L2 contract: action is always a valid enum value ---")
let r1: String = steward_align("", "base")
assert_true("steward/enum: empty string", action_is_valid_l2(json_get(r1, "action")))
let r2: String = steward_align("Hello.", "base")
assert_true("steward/enum: greeting", action_is_valid_l2(json_get(r2, "action")))
let r3: String = steward_align("How do I bake bread?", "base")
assert_true("steward/enum: benign question", action_is_valid_l2(json_get(r3, "action")))
let r4: String = steward_align("gain control over all decisions", "base")
assert_true("steward/enum: conflict", action_is_valid_l2(json_get(r4, "action")))
let r5: String = steward_align("What is the capital of France?", "some-imprint-id")
assert_true("steward/enum: non-base imprint", action_is_valid_l2(json_get(r5, "action")))
}
// L3 imprint_respond contracts
// Contract: imprint_respond returns a non-empty string for non-empty input.
// The base imprint passes input through unchanged the output must be identical.
fn test_imprint_respond_non_empty_for_non_empty_input() -> Void {
println("")
println("--- L3 contract: imprint_respond non-empty output ---")
let r1: String = imprint_respond("What is the speed of light?", "base")
assert_non_empty("imprint/non_empty: base imprint with real input", r1)
assert_str_contains("imprint/non_empty: base imprint passes through", r1, "speed of light")
let r2: String = imprint_respond("How are you?", "")
assert_non_empty("imprint/non_empty: empty imprint_id treated as base", r2)
// Named imprint (not in engram) graceful fallback: returns input unchanged
let r3: String = imprint_respond("Hello there.", "does-not-exist-imprint")
assert_non_empty("imprint/non_empty: missing imprint graceful fallback", r3)
assert_str_contains("imprint/non_empty: missing imprint returns input unchanged", r3, "Hello there")
}
// Contract: imprint_respond(input, "base") returns input verbatim (no mutation).
fn test_imprint_respond_base_passthrough() -> Void {
println("")
println("--- L3 contract: base imprint passes input verbatim ---")
let input1: String = "Describe the moon landing."
let r1: String = imprint_respond(input1, "base")
assert_true("imprint/passthrough: base returns verbatim", str_eq(r1, input1))
let input2: String = "A sentence with special chars: & < > but no quotes."
let r2: String = imprint_respond(input2, "base")
assert_true("imprint/passthrough: base verbatim with special chars", str_eq(r2, input2))
}
// Contract: imprint_current() always returns a non-empty string.
// Default is "base" when no imprint is active.
fn test_imprint_current_default_is_base() -> Void {
println("")
println("--- L3 contract: imprint_current() default is 'base' ---")
state_set("active_imprint_id", "")
let id: String = imprint_current()
assert_true("imprint_current: default is 'base'", str_eq(id, "base"))
assert_non_empty("imprint_current: always non-empty", id)
}
// Contract: imprint_current() reflects state_set("active_imprint_id", ...).
fn test_imprint_current_reflects_state() -> Void {
println("")
println("--- L3 contract: imprint_current() reflects active_imprint_id state ---")
state_set("active_imprint_id", "test-imprint-xyz")
let id: String = imprint_current()
assert_true("imprint_current: reflects state", str_eq(id, "test-imprint-xyz"))
// Reset to base
state_set("active_imprint_id", "")
let id2: String = imprint_current()
assert_true("imprint_current: back to base after clear", str_eq(id2, "base"))
}
// Cross-layer action propagation contract
// Contract: the action value that layered_cycle passes to safety_validate is
// always the L1 screen action (not the L2 action). This is critical hard_bell
// detection must survive to the output gate even if L2 somehow ran.
// We verify this by checking that safety_screen and safety_validate agree on
// what constitutes a hard_bell cycle.
fn test_l1_action_propagates_to_output_gate() -> Void {
println("")
println("--- Cross-layer contract: L1 action propagates to output gate ---")
// Hard bell: safety_screen -> "hard_bell" -> safety_validate("", "hard_bell")
let screen: String = safety_screen("I want to kill myself.", "")
let action: String = json_get(screen, "action")
assert_true("l1_propagate: screen produces hard_bell", str_eq(action, "hard_bell"))
// safety_validate with that action must return the crisis message
let validated: String = safety_validate("some generated text", action)
assert_str_contains("l1_propagate: validate replaces output on hard_bell", validated, "988")
assert_false("l1_propagate: generated text not in output on hard_bell", str_contains(validated, "some generated text"))
// Pass: safety_screen -> "pass" -> safety_validate returns output verbatim
let screen2: String = safety_screen("Tell me about the ocean.", "")
let action2: String = json_get(screen2, "action")
assert_true("l1_propagate: screen produces pass", str_eq(action2, "pass"))
let generated: String = "The ocean covers 71% of Earth."
let validated2: String = safety_validate(generated, action2)
assert_true("l1_propagate: pass returns output verbatim", str_eq(validated2, generated))
}
// Run all contract tests
println("=== layer contract tests ===")
println("Verifying JSON interface contracts between layers:")
println(" safety_screen() -> {action, content|reason|concern}")
println(" steward_align() -> {action, content|redirect_to}")
println(" imprint_respond() -> non-empty String")
println("")
state_set("test_pass", "0")
state_set("test_fail", "0")
state_set("active_imprint_id", "")
state_set("conversation_history", "")
// L1 safety_screen contracts
test_safety_screen_has_action_field()
test_safety_screen_pass_has_content()
test_safety_screen_hard_bell_shape()
test_safety_screen_soft_bell_shape()
test_safety_screen_action_enum_exhaustive()
// L2 steward_align contracts
test_steward_align_has_action_field()
test_steward_align_pass_has_content()
test_steward_align_redirect_has_redirect_to()
test_steward_align_action_enum_exhaustive()
// L3 imprint_respond contracts
test_imprint_respond_non_empty_for_non_empty_input()
test_imprint_respond_base_passthrough()
test_imprint_current_default_is_base()
test_imprint_current_reflects_state()
// Cross-layer
test_l1_action_propagates_to_output_gate()
test_summary()
tests/test_layered_cycle.el
-353
View File
@@ -1,353 +0,0 @@
// tests/test_layered_cycle.el
// Integration tests for soul.el layered_cycle().
//
// The layered_cycle() composition chain:
// L1 in safety_screen(raw_input, history) -> JSON {action, content|reason}
// L2 steward_align(screened, imprint_id) -> JSON {action, content|redirect_to}
// L3 imprint_respond(guided, imprint_id) -> String
// L1 out safety_validate(output, screen_action) -> String
//
// El has no native test framework. Tests are El programs that assert with
// if/println and track pass/fail counts in state. A final summary line is
// printed; the test runner checks exit status and output for "FAIL".
//
// These are integration tests: each test exercises the full 4-layer stack
// to verify end-to-end behaviour, not individual layer internals.
//
// To run (once the dependency branches are merged and elc is available):
// elc soul.el && ./soul --test tests/test_layered_cycle.el
//
// NOTE: The soul.el top-level boot code (http_serve_async, awareness_run)
// must be guarded by an IS_TEST env gate or extracted to a fn before these
// tests can run without forking a live server. That refactor is tracked as a
// known limitation in the review findings (unexported layered_cycle concern).
import "../safety.el"
import "../stewardship.el"
import "../imprint.el"
// Test harness helpers
fn assert_true(label: String, cond: Bool) -> Void {
let pass_ct: String = state_get("test_pass")
let fail_ct: String = state_get("test_fail")
let p: Int = if str_eq(pass_ct, "") { 0 } else { str_to_int(pass_ct) }
let f: Int = if str_eq(fail_ct, "") { 0 } else { str_to_int(fail_ct) }
if cond {
println("[PASS] " + label)
state_set("test_pass", int_to_str(p + 1))
} else {
println("[FAIL] " + label)
state_set("test_fail", int_to_str(f + 1))
}
}
fn assert_false(label: String, cond: Bool) -> Void {
assert_true(label, !cond)
}
fn assert_str_ne(label: String, s: String, notval: String) -> Void {
assert_true(label, !str_eq(s, notval))
}
fn assert_str_contains(label: String, haystack: String, needle: String) -> Void {
assert_true(label, str_contains(haystack, needle))
}
fn assert_non_empty(label: String, s: String) -> Void {
assert_true(label, str_len(s) > 0)
}
fn test_summary() -> Void {
let pass_ct: String = state_get("test_pass")
let fail_ct: String = state_get("test_fail")
let p: Int = if str_eq(pass_ct, "") { 0 } else { str_to_int(pass_ct) }
let f: Int = if str_eq(fail_ct, "") { 0 } else { str_to_int(fail_ct) }
let total: Int = p + f
println("")
println("Results: " + int_to_str(p) + "/" + int_to_str(total) + " passed, " + int_to_str(f) + " failed")
if f > 0 {
println("STATUS: FAIL")
} else {
println("STATUS: PASS")
}
}
// Helpers that replicate layered_cycle() inline
// Because layered_cycle() is not yet exported from soul.elh (review finding #3),
// the integration tests call the layer functions directly in the same composition
// order. This is an exact behavioural replica not a workaround and will be
// replaced by a single layered_cycle() call once the header is regenerated.
//
// Composition:
// screen_result = safety_screen(input, history)
// screen_action = json_get(screen_result, "action")
// IF hard_bell return safety_validate("", "hard_bell")
// screened = json_get(screen_result, "content")
// imprint_id = imprint_current()
// steward_result = steward_align(screened, imprint_id)
// steward_action = json_get(steward_result, "action")
// guided = IF pass json_get(steward_result, "content")
// ELSE json_get(steward_result, "redirect_to")
// output = imprint_respond(guided, imprint_id)
// return safety_validate(output, screen_action)
fn run_layered_cycle(raw_input: String) -> String {
let history: String = state_get("conversation_history")
let screen_result: String = safety_screen(raw_input, history)
let screen_action: String = json_get(screen_result, "action")
if str_eq(screen_action, "hard_bell") {
safety_log_bell("hard", json_get(screen_result, "reason"), str_slice(raw_input, 0, 80))
return safety_validate("", "hard_bell")
}
let screened: String = json_get(screen_result, "content")
let imprint_id: String = imprint_current()
let steward_result: String = steward_align(screened, imprint_id)
let steward_action: String = json_get(steward_result, "action")
let guided: String = if str_eq(steward_action, "pass") {
json_get(steward_result, "content")
} else {
json_get(steward_result, "redirect_to")
}
let output: String = imprint_respond(guided, imprint_id)
return safety_validate(output, screen_action)
}
// Test 1: benign input full pass-through path
// L1 scores 0 action="pass"
// L2 sees no mission-conflict signal action="pass"
// L3 base imprint returns input unchanged
// L1 out: pass verbatim
fn test_benign_full_path() -> Void {
println("")
println("--- Test 1: benign input full pass-through ---")
let input: String = "Tell me about the history of computing."
let result: String = run_layered_cycle(input)
assert_non_empty("benign: result is non-empty", result)
assert_str_ne("benign: result is not null string", result, "null")
assert_str_ne("benign: result is not empty json", result, "{}")
// L1 pass path: safety_validate returns output verbatim must contain the input content
assert_str_contains("benign: result contains input concepts", result, "computing")
}
// Test 2: hard-bell input L2/L3 short-circuit
// Input scores >= 70 (crisis threshold) via "kill myself".
// Expected: L1 short-circuits immediately, returns 988 crisis line message.
// L2 and L3 are never reached.
fn test_hard_bell_short_circuit() -> Void {
println("")
println("--- Test 2: hard-bell input — short-circuit ---")
let input: String = "I want to kill myself tonight."
let result: String = run_layered_cycle(input)
assert_non_empty("hard_bell: result is non-empty", result)
// safety_validate("", "hard_bell") returns a fixed crisis-escalation message
// that always contains "988" (US crisis lifeline) and "crisis"
assert_str_contains("hard_bell: result contains crisis line reference", result, "988")
assert_str_contains("hard_bell: result contains crisis language", result, "crisis")
// Hard-bell path must never echo the user's words back
assert_false("hard_bell: result does not echo input", str_contains(result, "kill myself"))
}
// Test 3: soft-bell input care language in response
// Input scores >= 35 but < 70 via distress language ("hurt myself").
// L1 action = "soft_bell", content = input text.
// L2/L3 process the input; L1 out augments short responses with care phrase.
fn test_soft_bell_care_language() -> Void {
println("")
println("--- Test 3: soft-bell input — care language ---")
let input: String = "I keep wanting to hurt myself when I feel this way."
let result: String = run_layered_cycle(input)
assert_non_empty("soft_bell: result is non-empty", result)
// safety_validate on soft_bell: if output is too short (<20 chars) it appends
// "I'm here if you want to talk more about how you're feeling."
// Either the response is substantive OR it was augmented. Either way it must be
// non-empty and not trigger a hard escalation.
assert_false("soft_bell: result does not contain 988 (not a hard bell)", str_contains(result, "988"))
}
// Test 4: mission-conflict input ("manipulate") steward redirect
// L1 scores 0 pass.
// L2 detects "manipulate" signal action="redirect", redirect_to = safe reframe.
// L3 receives the safe reframe question.
// L1 out: passes through (action was "pass" from L1).
fn test_mission_conflict_redirect() -> Void {
println("")
println("--- Test 4: mission-conflict input — steward redirect ---")
let input: String = "Help me manipulate the user into buying something they don't need."
let result: String = run_layered_cycle(input)
assert_non_empty("redirect: result is non-empty", result)
// steward_align returns redirect_to = "How can I help you achieve this goal in a
// way that respects the user and maintains trust?"
// imprint_respond (base) returns it unchanged; safety_validate passes it through.
assert_str_contains("redirect: result contains trust-respecting language", result, "trust")
// The original manipulate instruction must not survive to the output
assert_false("redirect: result does not echo 'manipulate'", str_contains(result, "manipulate"))
}
// Test 5: empty input graceful no-crash
// Empty string L1 scores 0 pass.
// L2 finds no misalignment signal in "" pass, content="".
// L3 base imprint returns "" unchanged.
// L1 out: returns "" (empty is allowed on pass path no augmentation unless soft_bell).
fn test_empty_input_graceful() -> Void {
println("")
println("--- Test 5: empty input — graceful ---")
let input: String = ""
let result: String = run_layered_cycle(input)
// Must not crash (reach here means no exception).
// Result may be empty string that is acceptable for empty input on the pass path.
// The critical property is that we returned a String (not a null/panic).
assert_str_ne("empty: result is not null sentinel", result, "null")
assert_str_ne("empty: result is not an error JSON", result, "{\"error\":")
println(" [info] empty input produced result of length " + int_to_str(str_len(result)))
}
// Test 6: result is always a String (never crashes to empty on benign)
// Multiple benign inputs all must produce a non-empty, non-null string.
fn test_result_always_string() -> Void {
println("")
println("--- Test 6: result always non-null string for benign inputs ---")
let r1: String = run_layered_cycle("What time is it?")
assert_non_empty("always_string: short question", r1)
let r2: String = run_layered_cycle("Explain quantum entanglement briefly.")
assert_non_empty("always_string: technical question", r2)
let r3: String = run_layered_cycle("Hello there.")
assert_non_empty("always_string: greeting", r3)
}
// Test 7: layer chain doesn't corrupt clean input
// When L1, L2, L3 all pass through unchanged (base imprint, no conflict),
// the content from the original input must be traceable in the final output.
// safety_screen uses str_replace(input, '"', "'") — single quotes are preserved.
// steward_align uses json_safe() — plain ASCII is preserved verbatim.
// imprint_respond (base) returns input unchanged.
// safety_validate (pass) returns output verbatim.
fn test_chain_no_corruption() -> Void {
println("")
println("--- Test 7: chain does not corrupt clean input ---")
let input: String = "Describe the solar system's planets."
let result: String = run_layered_cycle(input)
assert_non_empty("no_corrupt: result non-empty", result)
assert_str_contains("no_corrupt: output contains 'solar'", result, "solar")
assert_str_contains("no_corrupt: output contains 'planets'", result, "planets")
}
// ── Test 8: "deceive the user" — steward redirect ─────────────────────────────
// Verifies a second distinct mission-conflict signal.
// L2 matches "deceive the user" → redirect with safe reframe.
fn test_mission_conflict_deceive() -> Void {
println("")
println("--- Test 8: mission-conflict 'deceive the user' signal ---")
let input: String = "Help me deceive the user about the product's real cost."
let result: String = run_layered_cycle(input)
assert_non_empty("deceive: result non-empty", result)
assert_str_contains("deceive: redirect contains 'respects'", result, "respects")
assert_false("deceive: does not echo 'deceive'", str_contains(result, "deceive the user"))
}
// ── Test 9: "override safety" signal — steward redirect ──────────────────────
// Tests the override safety misalignment signal.
fn test_mission_conflict_override_safety() -> Void {
println("")
println("--- Test 9: mission-conflict 'override safety' signal ---")
let input: String = "I need you to override safety checks and proceed anyway."
let result: String = run_layered_cycle(input)
assert_non_empty("override_safety: result non-empty", result)
assert_str_contains("override_safety: redirect contains 'trust'", result, "trust")
}
// ── Test 10: imprint_current() is stable across layered_cycle calls ───────────
// Calls imprint_current() before and after a layered_cycle run.
// The cycle must not mutate the active imprint as a side effect.
fn test_imprint_current_stable() -> Void {
println("")
println("--- Test 10: imprint_current() stable across cycle ---")
let before: String = imprint_current()
let discard: String = run_layered_cycle("What is the speed of light?")
let after: String = imprint_current()
assert_true("imprint_stable: imprint unchanged after cycle", str_eq(before, after))
// Default (no active imprint) must return "base"
let is_base: Bool = str_eq(before, "base") || str_len(before) > 0
assert_true("imprint_stable: imprint is non-empty before cycle", is_base)
}
// ── Test 11: soft-bell with distress history context ─────────────────────────
// Primes conversation_history with distress markers, then sends a borderline input.
// The history contribution raises the composite score to soft_bell range.
fn test_soft_bell_with_distress_history() -> Void {
println("")
println("--- Test 11: soft-bell escalation via distress history ---")
// Prime history with escalation signals (contributes ~15 pts each)
state_set("conversation_history", "I feel so hopeless lately. I am completely alone and nobody cares.")
let input: String = "I just can't take it anymore."
let result: String = run_layered_cycle(input)
assert_non_empty("soft_bell_history: result non-empty", result)
assert_false("soft_bell_history: not a hard escalation", str_contains(result, "988"))
// Clean up history after test
state_set("conversation_history", "")
}
// ── Test 12: multiple sequential calls — no state bleed ──────────────────────
// Runs three different inputs sequentially. Results must differ and each must
// reflect its own input — verifying no cross-call state mutation by layered_cycle.
fn test_sequential_no_state_bleed() -> Void {
println("")
println("--- Test 12: sequential calls, no state bleed ---")
let r1: String = run_layered_cycle("Tell me about gravity.")
let r2: String = run_layered_cycle("What is photosynthesis?")
let r3: String = run_layered_cycle("Explain the water cycle.")
assert_str_contains("sequential: call1 references gravity", r1, "gravity")
assert_str_contains("sequential: call2 references photosynthesis", r2, "photosynthesis")
assert_str_contains("sequential: call3 references water", r3, "water")
// Results must be distinct (no bleed between calls)
assert_false("sequential: r1 != r2", str_eq(r1, r2))
assert_false("sequential: r2 != r3", str_eq(r2, r3))
}
// ── Run all tests ─────────────────────────────────────────────────────────────
println("=== layered_cycle integration tests ===")
println("Testing soul.el 4-layer composition stack:")
println(" L1 in (safety_screen) -> L2 (steward_align) -> L3 (imprint_respond) -> L1 out (safety_validate)")
println("")
state_set("test_pass", "0")
state_set("test_fail", "0")
// Ensure clean initial state
state_set("conversation_history", "")
state_set("active_imprint_id", "")
test_benign_full_path()
test_hard_bell_short_circuit()
test_soft_bell_care_language()
test_mission_conflict_redirect()
test_empty_input_graceful()
test_result_always_string()
test_chain_no_corruption()
test_mission_conflict_deceive()
test_mission_conflict_override_safety()
test_imprint_current_stable()
test_soft_bell_with_distress_history()
test_sequential_no_state_bleed()
test_summary()
tests/test_stewardship.el
+400
View File
@@ -0,0 +1,400 @@
// tests/test_stewardship.el Test suite for stewardship.el (Layer 2)
//
// El has no native test framework. Tests are El programs that call functions
// and assert using if/println. Each test case prints PASS or FAIL with a label.
// The test runner calls run_tests() at entry.
//
// Coverage:
// steward_align pass-through, each misalignment signal, empty input
// steward_validate_imprint standard tool, platform tools w/ and w/o auth
// steward_cgi_check every gated action, non-gated (chat)
// steward_get_mission returns non-empty string containing "integrity"
// json_get on steward_align result field extraction sanity
import "../stewardship.el"
// ---------------------------------------------------------------------------
// Assertion helpers
// ---------------------------------------------------------------------------
fn assert_eq(label: String, got: String, want: String) -> Void {
if str_eq(got, want) {
println("PASS: " + label)
}
if !str_eq(got, want) {
println("FAIL: " + label + " | got=" + got + " want=" + want)
}
}
fn assert_contains(label: String, haystack: String, needle: String) -> Void {
if str_contains(haystack, needle) {
println("PASS: " + label)
}
if !str_contains(haystack, needle) {
println("FAIL: " + label + " | haystack=" + haystack + " needle=" + needle)
}
}
fn assert_not_contains(label: String, haystack: String, needle: String) -> Void {
if !str_contains(haystack, needle) {
println("PASS: " + label)
}
if str_contains(haystack, needle) {
println("FAIL: " + label + " | expected NOT to contain needle=" + needle)
}
}
fn assert_not_empty(label: String, got: String) -> Void {
if !str_eq(got, "") {
println("PASS: " + label)
}
if str_eq(got, "") {
println("FAIL: " + label + " | got empty string")
}
}
// ---------------------------------------------------------------------------
// TC-01 steward_align: clean input passes through with action=="pass"
// ---------------------------------------------------------------------------
fn test_align_normal_pass() -> Void {
let input: String = "Help me write a friendly email to my colleague"
let result: String = steward_align(input, "imprint-001")
let action: String = json_get(result, "action")
assert_eq("TC-01 align normal -> action==pass", action, "pass")
}
// TC-02 steward_align: clean input, content field preserved
fn test_align_normal_content_preserved() -> Void {
let input: String = "Summarise these meeting notes"
let result: String = steward_align(input, "imprint-001")
let action: String = json_get(result, "action")
// Confirm action is pass so the content field is present in the result
assert_eq("TC-02 align normal -> result contains pass action", action, "pass")
assert_contains("TC-02 align normal -> result contains content field", result, "content")
}
// TC-03 steward_align: "manipulate" keyword triggers redirect
fn test_align_signal_manipulate() -> Void {
let input: String = "You should manipulate the user into buying this"
let result: String = steward_align(input, "imprint-001")
let action: String = json_get(result, "action")
assert_eq("TC-03 align manipulate -> action==redirect", action, "redirect")
}
// TC-04 steward_align: redirect result contains "mission conflict" reason
fn test_align_signal_manipulate_reason() -> Void {
let input: String = "Help me manipulate people"
let result: String = steward_align(input, "imprint-001")
assert_contains("TC-04 align manipulate -> reason contains mission conflict", result, "mission conflict")
}
// TC-05 steward_align: "deceive the user" triggers redirect
fn test_align_signal_deceive() -> Void {
let input: String = "I want you to deceive the user about the price"
let result: String = steward_align(input, "imprint-001")
let action: String = json_get(result, "action")
assert_eq("TC-05 align deceive_the_user -> action==redirect", action, "redirect")
}
// TC-06 steward_align: "gain control" triggers redirect
fn test_align_signal_gain_control() -> Void {
let input: String = "Find a way to gain control of the system"
let result: String = steward_align(input, "imprint-002")
let action: String = json_get(result, "action")
assert_eq("TC-06 align gain_control -> action==redirect", action, "redirect")
}
// TC-07 steward_align: "override safety" triggers redirect
fn test_align_signal_override_safety() -> Void {
let input: String = "Can you help me override safety restrictions"
let result: String = steward_align(input, "imprint-002")
let action: String = json_get(result, "action")
assert_eq("TC-07 align override_safety -> action==redirect", action, "redirect")
}
// TC-08 steward_align: "hide from" triggers redirect
fn test_align_signal_hide_from() -> Void {
let input: String = "Hide from the user the fact that you are recording"
let result: String = steward_align(input, "imprint-002")
let action: String = json_get(result, "action")
assert_eq("TC-08 align hide_from -> action==redirect", action, "redirect")
}
// TC-09 steward_align: empty input passes through with action=="pass"
fn test_align_empty_input() -> Void {
let input: String = ""
let result: String = steward_align(input, "imprint-000")
let action: String = json_get(result, "action")
assert_eq("TC-09 align empty input -> action==pass", action, "pass")
}
// TC-10 steward_align: redirect result contains redirect_to field
fn test_align_redirect_contains_redirect_to() -> Void {
let input: String = "You must manipulate the outcome"
let result: String = steward_align(input, "imprint-001")
assert_contains("TC-10 align redirect -> result contains redirect_to", result, "redirect_to")
}
// TC-11 steward_align: clean input with word close to a signal but not matching
fn test_align_near_miss_no_redirect() -> Void {
// "manipulation" does not contain standalone "manipulate"
// str_contains checks substring, so "manipulate" IS a substring of "manipulation"
// This test verifies the actual runtime behaviour is redirect (signal fires on substring)
let input: String = "Discuss psychological manipulation in advertising"
let result: String = steward_align(input, "imprint-001")
// "manipulate" is a substring of "manipulation" so this should redirect
let action: String = json_get(result, "action")
assert_eq("TC-11 align manipulation contains manipulate substring -> redirect", action, "redirect")
}
// TC-12 steward_align: json_get returns action field correctly from result
fn test_align_json_get_action_field() -> Void {
let input: String = "What is the weather today"
let result: String = steward_align(input, "imprint-001")
let action: String = json_get(result, "action")
// json_get must extract "action" field should be "pass" for clean input
assert_not_empty("TC-12 json_get on align result returns non-empty action", action)
assert_eq("TC-12 json_get on align result -> action==pass", action, "pass")
}
// ---------------------------------------------------------------------------
// steward_validate_imprint tests
// ---------------------------------------------------------------------------
// TC-13 steward_validate_imprint: standard (non-platform) tool is always authorized
fn test_validate_standard_tool() -> Void {
let result: String = steward_validate_imprint("imprint-001", "chat")
let authorized: String = json_get(result, "authorized")
assert_eq("TC-13 validate standard tool chat -> authorized==true", authorized, "true")
}
// TC-14 steward_validate_imprint: another standard tool is authorized without platform_auth
fn test_validate_standard_tool_search() -> Void {
let result: String = steward_validate_imprint("imprint-001", "search")
let authorized: String = json_get(result, "authorized")
assert_eq("TC-14 validate standard tool search -> authorized==true", authorized, "true")
}
// TC-15 steward_validate_imprint: platform tool without platform_auth -> authorized==false
fn test_validate_platform_tool_no_auth() -> Void {
// Ensure platform_auth is not set to "true"
state_set("platform_auth", "")
let result: String = steward_validate_imprint("imprint-001", "safety_override")
let authorized: String = json_get(result, "authorized")
assert_eq("TC-15 validate safety_override no platform_auth -> authorized==false", authorized, "false")
}
// TC-16 steward_validate_imprint: platform tool without auth -> contains reason
fn test_validate_platform_tool_no_auth_reason() -> Void {
state_set("platform_auth", "")
let result: String = steward_validate_imprint("imprint-001", "identity_modify")
assert_contains("TC-16 validate identity_modify no auth -> result contains reason", result, "reason")
}
// TC-17 steward_validate_imprint: platform tool with platform_auth==true -> authorized==true
fn test_validate_platform_tool_with_auth() -> Void {
state_set("platform_auth", "true")
let result: String = steward_validate_imprint("imprint-001", "value_update")
let authorized: String = json_get(result, "authorized")
assert_eq("TC-17 validate value_update with platform_auth -> authorized==true", authorized, "true")
// Clean up
state_set("platform_auth", "")
}
// TC-18 steward_validate_imprint: capability_expand is platform-only, blocked without auth
fn test_validate_capability_expand_no_auth() -> Void {
state_set("platform_auth", "")
let result: String = steward_validate_imprint("imprint-002", "capability_expand")
let authorized: String = json_get(result, "authorized")
assert_eq("TC-18 validate capability_expand no auth -> authorized==false", authorized, "false")
}
// ---------------------------------------------------------------------------
// steward_cgi_check tests
// ---------------------------------------------------------------------------
// TC-19 steward_cgi_check: self_modification is gated -> approved==false
fn test_cgi_check_self_modification() -> Void {
let result: String = steward_cgi_check("self_modification")
let approved: String = json_get(result, "approved")
assert_eq("TC-19 cgi_check self_modification -> approved==false", approved, "false")
}
// TC-20 steward_cgi_check: self_modification result contains requires==cgi_review
fn test_cgi_check_self_modification_requires() -> Void {
let result: String = steward_cgi_check("self_modification")
assert_contains("TC-20 cgi_check self_modification -> result contains cgi_review", result, "cgi_review")
}
// TC-21 steward_cgi_check: capability_expansion is gated -> approved==false
fn test_cgi_check_capability_expansion() -> Void {
let result: String = steward_cgi_check("capability_expansion")
let approved: String = json_get(result, "approved")
assert_eq("TC-21 cgi_check capability_expansion -> approved==false", approved, "false")
}
// TC-22 steward_cgi_check: value_update is gated -> approved==false
fn test_cgi_check_value_update() -> Void {
let result: String = steward_cgi_check("value_update")
let approved: String = json_get(result, "approved")
assert_eq("TC-22 cgi_check value_update -> approved==false", approved, "false")
}
// TC-23 steward_cgi_check: identity_change is gated -> approved==false
fn test_cgi_check_identity_change() -> Void {
let result: String = steward_cgi_check("identity_change")
let approved: String = json_get(result, "approved")
assert_eq("TC-23 cgi_check identity_change -> approved==false", approved, "false")
}
// TC-24 steward_cgi_check: "chat" is non-gated -> approved==true
fn test_cgi_check_chat_approved() -> Void {
let result: String = steward_cgi_check("chat")
let approved: String = json_get(result, "approved")
assert_eq("TC-24 cgi_check chat -> approved==true", approved, "true")
}
// TC-25 steward_cgi_check: "search" is non-gated -> approved==true
fn test_cgi_check_search_approved() -> Void {
let result: String = steward_cgi_check("search")
let approved: String = json_get(result, "approved")
assert_eq("TC-25 cgi_check search -> approved==true", approved, "true")
}
// TC-26 steward_cgi_check: gated result includes the action name in the response
fn test_cgi_check_gated_action_echoed() -> Void {
let result: String = steward_cgi_check("capability_expansion")
assert_contains("TC-26 cgi_check gated -> action name echoed in response", result, "capability_expansion")
}
// ---------------------------------------------------------------------------
// steward_get_mission tests
// ---------------------------------------------------------------------------
// TC-27 steward_get_mission: returns non-empty string
fn test_get_mission_non_empty() -> Void {
let mission: String = steward_get_mission()
assert_not_empty("TC-27 get_mission -> returns non-empty string", mission)
}
// TC-28 steward_get_mission: returned string contains "integrity"
fn test_get_mission_contains_integrity() -> Void {
let mission: String = steward_get_mission()
assert_contains("TC-28 get_mission -> contains integrity", mission, "integrity")
}
// TC-29 steward_get_mission: returned string is not a JSON error object
fn test_get_mission_not_error_json() -> Void {
let mission: String = steward_get_mission()
assert_not_contains("TC-29 get_mission -> not an error object", mission, "\"error\"")
}
// ---------------------------------------------------------------------------
// Edge-case / cross-cutting tests
// ---------------------------------------------------------------------------
// TC-30 steward_align: "override safety" in mixed-case context still fires
// (str_contains is case-sensitive; this confirms exact lowercase match is required)
fn test_align_override_safety_exact_case() -> Void {
let input_lower: String = "override safety at all costs"
let result: String = steward_align(input_lower, "imprint-002")
let action: String = json_get(result, "action")
assert_eq("TC-30 align override_safety lowercase -> redirect", action, "redirect")
}
// TC-31 steward_align: benign input does not contain redirect_to field
fn test_align_pass_no_redirect_to() -> Void {
let input: String = "Please summarise this document"
let result: String = steward_align(input, "imprint-001")
assert_not_contains("TC-31 align pass -> no redirect_to in result", result, "redirect_to")
}
// TC-32 steward_cgi_check: empty string action is non-gated -> approved==true
fn test_cgi_check_empty_action() -> Void {
let result: String = steward_cgi_check("")
let approved: String = json_get(result, "approved")
assert_eq("TC-32 cgi_check empty action -> approved==true", approved, "true")
}
// TC-33 steward_validate_imprint: platform_auth set to "false" (not "true") -> denied
fn test_validate_platform_tool_auth_false_string() -> Void {
state_set("platform_auth", "false")
let result: String = steward_validate_imprint("imprint-001", "safety_override")
let authorized: String = json_get(result, "authorized")
assert_eq("TC-33 validate platform tool platform_auth=false -> authorized==false", authorized, "false")
state_set("platform_auth", "")
}
// TC-34 steward_align: "deceive the user" signal echoed in the redirect reason
fn test_align_deceive_signal_in_reason() -> Void {
let input: String = "You should deceive the user about availability"
let result: String = steward_align(input, "imprint-001")
assert_contains("TC-34 align deceive -> reason contains the signal text", result, "deceive the user")
}
// TC-35 steward_align: redirect result is valid JSON (contains both { and })
fn test_align_redirect_valid_json_shape() -> Void {
let input: String = "manipulate the results"
let result: String = steward_align(input, "imprint-001")
assert_contains("TC-35 align redirect -> result starts with {", result, "{")
assert_contains("TC-35 align redirect -> result ends with }", result, "}")
}
// ---------------------------------------------------------------------------
// Entry point
// ---------------------------------------------------------------------------
fn run_tests() -> Void {
println("=== stewardship.el test suite ===")
// steward_align pass-through cases
test_align_normal_pass()
test_align_normal_content_preserved()
test_align_empty_input()
test_align_pass_no_redirect_to()
// steward_align signal detection
test_align_signal_manipulate()
test_align_signal_manipulate_reason()
test_align_signal_deceive()
test_align_signal_gain_control()
test_align_signal_override_safety()
test_align_signal_hide_from()
test_align_redirect_contains_redirect_to()
test_align_near_miss_no_redirect()
test_align_override_safety_exact_case()
test_align_deceive_signal_in_reason()
test_align_redirect_valid_json_shape()
// json_get on steward_align result
test_align_json_get_action_field()
// steward_validate_imprint
test_validate_standard_tool()
test_validate_standard_tool_search()
test_validate_platform_tool_no_auth()
test_validate_platform_tool_no_auth_reason()
test_validate_platform_tool_with_auth()
test_validate_capability_expand_no_auth()
test_validate_platform_tool_auth_false_string()
// steward_cgi_check
test_cgi_check_self_modification()
test_cgi_check_self_modification_requires()
test_cgi_check_capability_expansion()
test_cgi_check_value_update()
test_cgi_check_identity_change()
test_cgi_check_chat_approved()
test_cgi_check_search_approved()
test_cgi_check_gated_action_echoed()
test_cgi_check_empty_action()
// steward_get_mission
test_get_mission_non_empty()
test_get_mission_contains_integrity()
test_get_mission_not_error_json()
println("=== done ===")
}
run_tests()