Pull the pure guard logic out of cmdDelCounter and cmdSetCounterActive
into static evaluateDelCounter/evaluateSetCounterActive methods, leaving
the handlers as thin shells over the decision. Add command_zone_tests
covering every authorization branch of both evaluators.
