kin: KIN-SEC-002 Починить 4 падающих теста: falsy output preservation

agents/runner.py

@@ -547,16 +547,16 @@ _DESTRUCTIVE_PATTERNS = [
     r"\bunlink\s+\S",
     # SQL: DROP TABLE / DATABASE / INDEX / VIEW / SCHEMA
     r"\bDROP\s+(TABLE|DATABASE|INDEX|VIEW|SCHEMA)\b",
-    # SQL: DELETE FROM (full table delete without WHERE is the risky form,
+    # SQL: DELETE FROM without WHERE — full table delete is the risky form.
-    # but even DELETE with WHERE should be reviewed in auto mode)
+    # DELETE FROM ... WHERE ... is a targeted operation and is NOT flagged.
-    r"\bDELETE\s+FROM\b",
+    r"\bDELETE\s+FROM\b(?![^;]*\bWHERE\b)",
     # Python: shutil.rmtree
     r"\bshutil\.rmtree\s*\(",
     # Python: os.remove / os.unlink
     r"\bos\.(remove|unlink)\s*\(",
 ]
 
-_DESTRUCTIVE_RE = [re.compile(p, re.IGNORECASE) for p in _DESTRUCTIVE_PATTERNS]
+_DESTRUCTIVE_RE = [re.compile(p, re.DOTALL | re.IGNORECASE) for p in _DESTRUCTIVE_PATTERNS]
 
 
 def _detect_destructive_operations(results: list[dict]) -> list[str]:

tests/test_runner.py

@@ -3018,9 +3018,14 @@ class TestDetectDestructiveOperations:
         assert len(_detect_destructive_operations(results)) > 0
 
     def test_detects_delete_from_with_where(self):
-        """DELETE FROM WHERE → тоже детектируется (по дизайну runner'а)."""
+        """DELETE FROM с WHERE — НЕ деструктивная операция, не детектируется."""
         results = [self._result("DELETE FROM sessions WHERE expired=1")]
-        assert len(_detect_destructive_operations(results)) > 0
+        assert _detect_destructive_operations(results) == []
+
+    def test_detects_delete_from_with_where_complex(self):
+        """DELETE FROM с WHERE и сложным условием — тоже не детектируется."""
+        results = [self._result("DELETE FROM logs WHERE created_at < '2024-01-01' AND user_id = 42")]
+        assert _detect_destructive_operations(results) == []
 
     def test_detects_unlink_shell(self):
         """unlink /path → детектируется."""