@aikdna/kdna-core 0.2.3 → 0.4.0

package/src/compose.js

@@ -120,4 +120,258 @@ function loadAndCompose(dataMaps, options = {}) {
   return { domains, context, activeIndices };
 }
 
-module.exports = { composeContext, classifySignals, composeChecks, loadAndCompose };
+/**
+ * Compose context with source attribution — every axiom, misunderstanding,
+ * banned term, and self-check is prefixed with its origin domain.
+ *
+ * @param {Array<{id:string, core:object, patterns:object}>} domains
+ * @param {object} [options]
+ * @param {string} [options.separator] — section separator
+ * @returns {{context: string, attributionMap: object}}
+ */
+function composeContextWithAttribution(domains, options = {}) {
+  if (!domains || !domains.length) return { context: '', attributionMap: {} };
+
+  const separator = options.separator || '\n\n---\n\n';
+  const lines = [];
+  const attributionMap = {};
+  let axiomIndex = 0;
+  let misreadingIndex = 0;
+  let termIndex = 0;
+  let checkIndex = 0;
+
+  for (const domain of domains) {
+    if (!domain || !domain.core) continue;
+    const name = domain.id || domain.core.meta?.domain || 'unknown';
+    const core = domain.core;
+    const patterns = domain.patterns || {};
+
+    lines.push(`## [${name}] Domain cognition`);
+
+    if (core.axioms?.length) {
+      lines.push(`### Axioms`);
+      for (const a of core.axioms) {
+        const tag = `[${name}:axiom.${a.id}]`;
+        lines.push(`- ${tag} ${a.one_sentence}`);
+        if (a.applies_when?.length) {
+          lines.push(`  APPLIES WHEN: ${a.applies_when.join('; ')}`);
+        }
+        if (a.does_not_apply_when?.length) {
+          lines.push(`  DOES NOT APPLY WHEN: ${a.does_not_apply_when.join('; ')}`);
+        }
+        if (a.failure_risk) lines.push(`  RISK IF MISAPPLIED: ${a.failure_risk}`);
+        attributionMap[tag] = { domain: name, type: 'axiom', id: a.id, index: axiomIndex++ };
+      }
+    }
+
+    if (patterns.misunderstandings?.length) {
+      lines.push(`### Misunderstandings`);
+      for (const m of patterns.misunderstandings) {
+        const tag = `[${name}:misunderstanding.${m.id}]`;
+        lines.push(`- ${tag} WRONG: ${m.wrong}`);
+        lines.push(`  CORRECT: ${m.correct}`);
+        if (m.failure_risk) lines.push(`  RISK: ${m.failure_risk}`);
+        attributionMap[tag] = { domain: name, type: 'misunderstanding', id: m.id, index: misreadingIndex++ };
+      }
+    }
+
+    if (patterns.terminology?.banned_terms?.length) {
+      lines.push(`### Banned terms`);
+      for (const t of patterns.terminology.banned_terms) {
+        const term = typeof t === 'string' ? t : t.term;
+        const tag = `[${name}:banned_term.${term}]`;
+        const replace = typeof t === 'object' ? t.replace_with : null;
+        lines.push(`- ${tag} "${term}"${replace ? ` → use: ${replace}` : ''}`);
+        attributionMap[tag] = { domain: name, type: 'banned_term', term, index: termIndex++ };
+      }
+    }
+
+    if (patterns.self_check?.length) {
+      lines.push(`### Self-checks`);
+      for (const q of patterns.self_check) {
+        const text = typeof q === 'string' ? q : q.question;
+        const tag = `[${name}:self_check.${checkIndex}]`;
+        if (text) lines.push(`- ${tag} ${text}`);
+        attributionMap[tag] = { domain: name, type: 'self_check', index: checkIndex++ };
+      }
+    }
+
+    lines.push(separator.trimEnd());
+  }
+
+  return { context: lines.join('\n'), attributionMap };
+}
+
+/**
+ * Classify signals across a cluster of domains. Returns which domains
+ * matched and which were excluded. Unlike classifySignals (which just
+ * returns indices), this provides full diagnostic info.
+ *
+ * @param {string} input
+ * @param {Array<{id:string, name:string, role:string, core:object}>} domainEntries
+ * @returns {{selected: Array, excluded: Array}}
+ */
+function classifySignalsAcrossDomains(input, domainEntries) {
+  if (!input || !domainEntries?.length) return { selected: [], excluded: [] };
+
+  const lower = input.toLowerCase();
+  const selected = [];
+  const excluded = [];
+
+  for (const entry of domainEntries) {
+    const signals = entry.core?.trigger_signals || [];
+    const negativeSignals = entry.core?.negative_signals || [];
+    const doesNotApply = [];
+    for (const a of entry.core?.axioms || []) {
+      if (Array.isArray(a.does_not_apply_when)) doesNotApply.push(...a.does_not_apply_when);
+    }
+
+    // Check negative signals
+    const blocked = negativeSignals.some((s) => lower.includes(s.toLowerCase())) ||
+      doesNotApply.some((s) => lower.includes(s.toLowerCase()));
+
+    if (blocked) {
+      excluded.push({ id: entry.id, name: entry.name, reason: 'blocked by does_not_apply_when', role: entry.role });
+      continue;
+    }
+
+    // No signals defined → required domain (always active)
+    if (!signals.length) {
+      selected.push({ id: entry.id, name: entry.name, role: entry.role, reason: 'required' });
+      continue;
+    }
+
+    // Check positive signals
+    const matched = signals.some((s) => lower.includes(s.toLowerCase()));
+    if (matched) {
+      selected.push({ id: entry.id, name: entry.name, role: entry.role, reason: 'signal_match' });
+    } else {
+      excluded.push({ id: entry.id, name: entry.name, reason: 'no signal match', role: entry.role });
+    }
+  }
+
+  return { selected, excluded };
+}
+
+/**
+ * Load a cluster from its manifest.
+ *
+ * @param {string} clusterManifestPath — path to kdna.cluster.json
+ * @param {function} domainLoader — fn(domainId) → {core, patterns} or null
+ * @returns {{manifest:object, domains:Array, errors:Array}}
+ */
+function loadCluster(clusterManifestPath, domainLoader) {
+  const fs = require('fs');
+  const manifest = JSON.parse(fs.readFileSync(clusterManifestPath, 'utf8'));
+  const domains = [];
+  const errors = [];
+
+  if (!manifest.domains || !Array.isArray(manifest.domains)) {
+    return { manifest, domains, errors: ['No domains defined in cluster manifest'] };
+  }
+
+  for (const entry of manifest.domains) {
+    try {
+      const loaded = domainLoader(entry.id);
+      if (loaded) {
+        domains.push({ id: entry.id, name: loaded.core?.meta?.domain || entry.id, role: entry.role || 'advisor', required: entry.required !== false, core: loaded.core, patterns: loaded.patterns });
+      } else {
+        errors.push(`Domain ${entry.id}: not found or failed to load`);
+      }
+    } catch (e) {
+      errors.push(`Domain ${entry.id}: ${e.message}`);
+    }
+  }
+
+  return { manifest, domains, errors };
+}
+
+/**
+ * Detect conflicts between loaded domains in a cluster.
+ *
+ * @param {Array<{id:string, core:object, patterns:object}>} domains
+ * @returns {Array<{type:string, domains:string[], description:string}>}
+ */
+function detectDomainConflicts(domains) {
+  if (!domains || domains.length < 2) return [];
+
+  const conflicts = [];
+  const bannedTermMap = new Map();
+
+  // Check banned term conflicts — same term banned by one, preferred by another
+  for (const d of domains) {
+    const terms = d.patterns?.terminology?.banned_terms || [];
+    for (const t of terms) {
+      const term = typeof t === 'string' ? t : t.term;
+      if (bannedTermMap.has(term)) {
+        conflicts.push({
+          type: 'term_conflict',
+          domains: [bannedTermMap.get(term), d.id],
+          description: `Banned term "${term}" appears in multiple domains`,
+        });
+      }
+      bannedTermMap.set(term, d.id);
+    }
+  }
+
+  // Check stance conflicts — contradictory stances
+  for (let i = 0; i < domains.length; i++) {
+    for (let j = i + 1; j < domains.length; j++) {
+      const sA = (domains[i].core?.stances || []).map((s) => (typeof s === 'string' ? s : s.stance));
+      const sB = (domains[j].core?.stances || []).map((s) => (typeof s === 'string' ? s : s.stance));
+      for (const sa of sA) {
+        for (const sb of sB) {
+          // Simple negation check — can be extended
+if (sa && sb && (/\bnot\b/.test(sa) && sb.toLowerCase().includes(sa.toLowerCase().replace('not ', ''))) ||
+    (/\bnot\b/.test(sb) && sa.toLowerCase().includes(sb.toLowerCase().replace('not ', '')))) {
+            conflicts.push({
+              type: 'stance_conflict',
+              domains: [domains[i].id, domains[j].id],
+              description: `Potential stance conflict: "${sa.slice(0, 60)}" vs "${sb.slice(0, 60)}"`,
+            });
+          }
+        }
+      }
+    }
+  }
+
+  return conflicts;
+}
+
+/**
+ * Generate a judgment trace for a cluster operation.
+ *
+ * @param {object} params
+ * @param {string} params.input — the original user input
+ * @param {Array} params.loadedDomains — all domains in the cluster
+ * @param {Array} params.activeDomains — domains that were activated
+ * @param {Array} params.conflicts — detected conflicts
+ * @returns {object}
+ */
+function generateClusterTrace({ input, loadedDomains, activeDomains, conflicts }) {
+  return {
+    input: (input || '').slice(0, 200),
+    timestamp: new Date().toISOString(),
+    loaded_domains: (loadedDomains || []).map((d) => d.id || d.name || '?'),
+    active_domains: (activeDomains || []).map((d) => d.id || d.name || '?'),
+    active_count: (activeDomains || []).length,
+    domains_excluded: (loadedDomains || []).length - (activeDomains || []).length,
+    conflicts: (conflicts || []).map((c) => ({
+      type: c.type,
+      domains: c.domains,
+      description: c.description,
+    })),
+  };
+}
+
+module.exports = {
+  composeContext,
+  composeContextWithAttribution,
+  classifySignals,
+  classifySignalsAcrossDomains,
+  composeChecks,
+  loadAndCompose,
+  loadCluster,
+  detectDomainConflicts,
+  generateClusterTrace,
+};

package/src/index.mjs

@@ -16,4 +16,4 @@ export { validateDomainSchema, validateCrossFile } from './validate-pure.js';
 
 export { renderPreviewHTML, escHtml, renderCard } from './render.js';
 
-export { composeContext, classifySignals, composeChecks, loadAndCompose } from './compose.js';
+export { composeContext, composeContextWithAttribution, classifySignals, classifySignalsAcrossDomains, composeChecks, loadAndCompose, loadCluster, detectDomainConflicts, generateClusterTrace } from './compose.js';

package/src/lint-pure.js

@@ -6,6 +6,38 @@
  * Output: { errors: string[], warnings: string[] }
  */
 
+/**
+ * Map of old/informal field names → correct v0.4 spec field names.
+ * Used to give helpful error messages when users write from scratch without the template.
+ */
+const OLD_FIELD_HINTS = {
+  statement: 'one_sentence or full_statement',
+  description: 'one_sentence',
+  summary: 'one_sentence',
+  claim: 'wrong',
+  misreading: 'wrong',
+  reality: 'correct',
+  definition: 'essence or one_sentence (on ontology entries)',
+  brief: 'title or context',
+  bad_pattern: 'what_happened',
+  master_pattern: 'structural_pattern',
+  conclusion: 'one_sentence',
+  capability_layers: 'stages',
+  name: 'id (on ontology entries — use id instead of name)',
+  input: 'from',
+  output: 'to',
+  judgment: 'via',
+};
+
+const KDNA_DOMAIN_FILES = new Set([
+  'KDNA_Core.json',
+  'KDNA_Patterns.json',
+  'KDNA_Scenarios.json',
+  'KDNA_Cases.json',
+  'KDNA_Reasoning.json',
+  'KDNA_Evolution.json',
+]);
+
 /**
  * Lint a KDNA domain from a map of parsed JSON objects.
  *
@@ -23,6 +55,15 @@ function lintDomain(dataMap) {
   function req(o, k, loc, hint) {
     if (!has(o, k) || o[k] === '' || o[k] == null) {
       let msg = `${loc}: missing required field "${k}"`;
+      // Check for common old field name and suggest the correct one
+      if (o && typeof o === 'object') {
+        for (const [oldName, newName] of Object.entries(OLD_FIELD_HINTS)) {
+          if (has(o, oldName)) {
+            msg += `\n    → Found field "${oldName}" — this looks like an old/informal field name. Use "${newName}" instead.`;
+            break;
+          }
+        }
+      }
       if (hint) msg += `\n    → ${hint}`;
       errors.push(msg);
     }
@@ -72,9 +113,7 @@ function lintDomain(dataMap) {
   }
 
   // Check file count
-  const kdnaFiles = Object.keys(dataMap).filter(
-    (f) => f.endsWith('.json') && f !== 'kdna.json',
-  );
+  const kdnaFiles = Object.keys(dataMap).filter((f) => KDNA_DOMAIN_FILES.has(f));
   if (kdnaFiles.length > 6) errors.push(`Domain has ${kdnaFiles.length} JSON files; KDNA allows at most 6.`);
 
   // Validate meta on all files
@@ -213,4 +252,152 @@ function lintDomain(dataMap) {
   return { errors, warnings };
 }
 
-module.exports = { lintDomain };
+/**
+ * Canonical enum tables for manifest validation.
+ * Single source of truth — keep in sync with schema/kdna-manifest-v1rc.json and specs/enum-tables.md.
+ */
+const VALID_STATUS = new Set(['draft', 'experimental', 'stable', 'deprecated', 'staging']);
+const VALID_BADGE = new Set(['untested', 'tested', 'validated', 'expert_reviewed', 'production_ready']);
+const VALID_ACCESS = new Set(['open', 'licensed', 'runtime']);
+const VALID_RISK = new Set(['R0', 'R1', 'R2', 'R3']);
+const VALID_I18N = new Set(['L0', 'L1', 'L2', 'L3']);
+
+const MANIFEST_REQUIRED = [
+  'kdna_spec', 'name', 'version', 'judgment_version',
+  'description', 'author', 'license', 'status',
+  'quality_badge', 'access', 'language',
+];
+
+/**
+ * Validate a kdna.json manifest against the canonical v1.0-rc schema.
+ *
+ * @param {Object} manifest — parsed kdna.json
+ * @returns {{ errors: string[], warnings: string[] }}
+ */
+function validateManifest(manifest) {
+  const errors = [];
+  const warnings = [];
+
+  if (!manifest || typeof manifest !== 'object') {
+    errors.push('kdna.json: missing or empty manifest');
+    return { errors, warnings };
+  }
+
+  // 1. Check spec_version is NOT in domain manifest (use kdna_spec only)
+  if ('spec_version' in manifest) {
+    errors.push(
+      'kdna.json: spec_version is deprecated in domain manifests. Use kdna_spec. ' +
+      '(spec_version is reserved for .kdna container manifests only.)',
+    );
+  }
+
+  // 2. Check required fields
+  for (const field of MANIFEST_REQUIRED) {
+    if (!(field in manifest) || manifest[field] === undefined || manifest[field] === '') {
+      errors.push(`kdna.json: missing required field "${field}"`);
+    }
+  }
+
+  // 3. Validate name format
+  if (manifest.name && !/^@[a-z][a-z0-9-]*\/[a-z][a-z0-9_]*$/.test(manifest.name)) {
+    errors.push(`kdna.json.name: invalid format "${manifest.name}". Expected @scope/name.`);
+  }
+
+  // 4. Validate enum fields
+  if (manifest.status && !VALID_STATUS.has(manifest.status)) {
+    errors.push(
+      `kdna.json.status: invalid value "${manifest.status}". ` +
+      `Valid: ${[...VALID_STATUS].join(', ')}`,
+    );
+  }
+  if (manifest.quality_badge && !VALID_BADGE.has(manifest.quality_badge)) {
+    errors.push(
+      `kdna.json.quality_badge: invalid value "${manifest.quality_badge}". ` +
+      `Valid: ${[...VALID_BADGE].join(', ')}`,
+    );
+  }
+  if (manifest.access && !VALID_ACCESS.has(manifest.access)) {
+    errors.push(
+      `kdna.json.access: invalid value "${manifest.access}". ` +
+      `Valid: ${[...VALID_ACCESS].join(', ')}`,
+    );
+  }
+  if (manifest.risk_level && !VALID_RISK.has(manifest.risk_level)) {
+    errors.push(
+      `kdna.json.risk_level: invalid value "${manifest.risk_level}". ` +
+      `Valid: ${[...VALID_RISK].join(', ')}`,
+    );
+  }
+  if (manifest.i18n_level && !VALID_I18N.has(manifest.i18n_level)) {
+    warnings.push(
+      `kdna.json.i18n_level: non-standard value "${manifest.i18n_level}". ` +
+      `Valid: ${[...VALID_I18N].join(', ')}`,
+    );
+  }
+
+  // 5. Deprecated status must have replaced_by
+  if (manifest.status === 'deprecated' && !manifest.replaced_by) {
+    errors.push('kdna.json: status is "deprecated" but replaced_by is missing');
+  }
+
+  // 6. Tested+ badge must have signature
+  const needsSig = ['tested', 'validated', 'expert_reviewed', 'production_ready'];
+  if (needsSig.includes(manifest.quality_badge) && !manifest.signature) {
+    warnings.push(
+      `kdna.json: quality_badge "${manifest.quality_badge}" should have a signature`,
+    );
+  }
+
+  // 7. Validate author
+  if (manifest.author) {
+    if (!manifest.author.name) errors.push('kdna.json.author: missing "name"');
+    if (!manifest.author.id) errors.push('kdna.json.author: missing "id"');
+    if (manifest.author.pubkey && !/^ed25519:[0-9a-f]{64}$/.test(manifest.author.pubkey)) {
+      warnings.push('kdna.json.author.pubkey: non-standard format. Expected ed25519:<64 hex chars>.');
+    }
+  }
+
+  // 8. Validate license
+  if (manifest.license && !manifest.license.type) {
+    errors.push('kdna.json.license: missing "type"');
+  }
+
+  // 9. Validate kdna_spec value
+  if (manifest.kdna_spec && manifest.kdna_spec !== '1.0-rc') {
+    warnings.push(
+      `kdna.json.kdna_spec: non-standard value "${manifest.kdna_spec}". Expected "1.0-rc".`,
+    );
+  }
+
+  // 10. Validate version format
+  if (manifest.version && !/^\d+\.\d+\.\d+/.test(manifest.version)) {
+    warnings.push(
+      `kdna.json.version: non-semver format "${manifest.version}". Expected MAJOR.MINOR.PATCH.`,
+    );
+  }
+
+  // 11. Check for removed fields
+  const removedFields = ['release_status', 'domain_field', 'judgment_patterns', 'files', 'registry'];
+  for (const field of removedFields) {
+    if (field in manifest) {
+      warnings.push(
+        `kdna.json: field "${field}" is not in the canonical domain manifest and should be removed`,
+      );
+    }
+  }
+
+  // 12. Check removed license sub-fields
+  if (manifest.license && typeof manifest.license === 'object') {
+    for (const field of ['commercial', 'allow_agent_use', 'allow_redistribution', 'allow_training']) {
+      if (field in manifest.license) {
+        warnings.push(
+          `kdna.json.license.${field}: license-type-specific field, not universal. Consider removing.`,
+        );
+      }
+    }
+  }
+
+  return { errors, warnings };
+}
+
+module.exports = { lintDomain, validateManifest };

package/src/loader.js

@@ -118,6 +118,55 @@ function classifyInput(text) {
   return [...new Set(optional)];
 }
 
+/**
+ * Known field name mapping for detecting old/incorrect field names.
+ * When a common old name is found, log a warning and suggest the correct name.
+ */
+const FIELD_ALIASES = {
+  statement: 'one_sentence or full_statement',
+  description: 'one_sentence',
+  summary: 'one_sentence',
+  claim: 'wrong',
+  misreading: 'wrong',
+  reality: 'correct',
+  definition: 'essence or one_sentence (on ontology)',
+  brief: 'title or context',
+  bad_pattern: 'what_happened',
+  master_pattern: 'structural_pattern',
+  conclusion: 'one_sentence',
+  capability_layers: 'stages',
+  name: 'id (on ontology entries)',
+  input: 'from',
+  output: 'to',
+  judgment: 'via',
+};
+
+/**
+ * Deep-scan an object tree for known old field names and return warnings.
+ * @param {object} obj
+ * @param {string} path
+ * @param {string[]} [warnings]
+ * @returns {string[]}
+ */
+function detectOldFieldNames(obj, path = '', warnings = []) {
+  if (!obj || typeof obj !== 'object') return warnings;
+  if (Array.isArray(obj)) {
+    obj.forEach((item, i) => detectOldFieldNames(item, `${path}[${i}]`, warnings));
+    return warnings;
+  }
+  for (const key of Object.keys(obj)) {
+    if (FIELD_ALIASES[key]) {
+      warnings.push(
+        `[KDNA LOADER] ${path}.${key}: field "${key}" is not in spec v0.4. Use "${FIELD_ALIASES[key]}" instead. See docs/authoring-guide.md §0.`,
+      );
+    }
+    if (typeof obj[key] === 'object' && obj[key] !== null) {
+      detectOldFieldNames(obj[key], `${path}.${key}`, warnings);
+    }
+  }
+  return warnings;
+}
+
 /**
  * Format a loaded KDNA domain into a context string suitable for
  * inclusion in an agent's system prompt.
@@ -125,6 +174,16 @@ function classifyInput(text) {
  * @param {object} domain — result from loadDomainFromData() or loadDomainFromFiles()
  * @returns {string}
  */
+function sanitize(str) {
+  if (typeof str !== 'string') return str;
+  return str
+    .replace(/^#{1,6}\s/gm, '\\# ')     // Escape leading # to prevent fake headers
+    .replace(/```/g, '\\`\\`\\`')        // Escape code blocks
+    .replace(/<\|/g, '&lt;|')            // Escape special tokens
+    .replace(/\b(ignore|forget|disregard)\s+(all\s+)?(previous|prior|above)\s+(instructions?|directives?|rules?|constraints?)\b/gi,
+      '[filtered: $&]');                 // Filter prompt injection patterns
+}
+
 function formatContext(domain) {
   if (!domain || !domain.core || !domain.patterns) return '';
 
@@ -132,14 +191,25 @@ function formatContext(domain) {
   const core = domain.core;
   const pat = domain.patterns;
 
+  // Scan for old field names and warn
+  const warnings = detectOldFieldNames(domain, domain.core?.meta?.domain || 'domain');
+  if (warnings.length) {
+    parts.push('<!-- KDNA FIELD NAME WARNINGS:');
+    for (const w of warnings) parts.push(`  ${w}`);
+    parts.push('  These fields will be SILENTLY IGNORED by the loader.');
+    parts.push('  See: docs/authoring-guide.md §0 (Field Name Reference)');
+    parts.push('-->');
+    parts.push('');
+  }
+
   parts.push('## Domain Cognition (KDNA)');
-  parts.push(`Domain: ${core.meta.domain}`);
+  parts.push(`Domain: ${sanitize(core.meta.domain)}`);
   parts.push('');
 
   if (core.stances && core.stances.length) {
     parts.push('### Stances');
     for (const s of core.stances) {
-      parts.push(`- ${s}`);
+      parts.push(`- ${sanitize(s)}`);
     }
     parts.push('');
   }
@@ -147,8 +217,8 @@ function formatContext(domain) {
   if (core.axioms && core.axioms.length) {
     parts.push('### Axioms');
     for (const a of core.axioms) {
-      parts.push(`- **${a.one_sentence}** ${a.full_statement}`);
-      parts.push(`  *Why:* ${a.why}`);
+      parts.push(`- **${sanitize(a.one_sentence)}** ${sanitize(a.full_statement)}`);
+      parts.push(`  *Why:* ${sanitize(a.why)}`);
     }
     parts.push('');
   }
@@ -156,8 +226,8 @@ function formatContext(domain) {
   if (core.ontology && core.ontology.length) {
     parts.push('### Key Concepts');
     for (const c of core.ontology) {
-      parts.push(`- **${c.id.replace(/_/g, ' ')}** — ${c.one_sentence}`);
-      parts.push(`  Boundary: ${c.boundary}`);
+      parts.push(`- **${sanitize(c.id.replace(/_/g, ' '))}** — ${sanitize(c.one_sentence)}`);
+      parts.push(`  Boundary: ${sanitize(c.boundary)}`);
     }
     parts.push('');
   }
@@ -165,7 +235,7 @@ function formatContext(domain) {
   if (core.frameworks && core.frameworks.length) {
     parts.push('### Frameworks');
     for (const fw of core.frameworks) {
-      parts.push(`- **${fw.name}**: ${fw.when_to_use}`);
+      parts.push(`- **${sanitize(fw.name)}**: ${sanitize(fw.when_to_use)}`);
     }
     parts.push('');
   }
@@ -173,7 +243,7 @@ function formatContext(domain) {
   if (pat.terminology && pat.terminology.banned_terms && pat.terminology.banned_terms.length) {
     parts.push('### Avoid These Terms');
     for (const b of pat.terminology.banned_terms) {
-      parts.push(`- Avoid "${b.term}". ${b.why} Use "${b.replace_with}" instead.`);
+      parts.push(`- Avoid "${sanitize(b.term)}". ${sanitize(b.why)} Use "${sanitize(b.replace_with)}" instead.`);
     }
     parts.push('');
   }
@@ -181,8 +251,8 @@ function formatContext(domain) {
   if (pat.misunderstandings && pat.misunderstandings.length) {
     parts.push('### Watch For These Misunderstandings');
     for (const m of pat.misunderstandings) {
-      parts.push(`- **Wrong:** ${m.wrong}`);
-      parts.push(`  **Correct:** ${m.correct}`);
+      parts.push(`- **Wrong:** ${sanitize(m.wrong)}`);
+      parts.push(`  **Correct:** ${sanitize(m.correct)}`);
     }
     parts.push('');
   }
@@ -190,7 +260,7 @@ function formatContext(domain) {
   if (pat.self_check && pat.self_check.length) {
     parts.push('### Before Responding, Check');
     for (const s of pat.self_check) {
-      parts.push(`- [ ] ${s}`);
+      parts.push(`- [ ] ${sanitize(s)}`);
     }
     parts.push('');
   }
@@ -198,7 +268,7 @@ function formatContext(domain) {
   if (domain.scenarios && domain.scenarios.scenes) {
     parts.push('### Relevant Scenarios');
     for (const scene of domain.scenarios.scenes) {
-      parts.push(`- **${scene.name}**: ${scene.trigger_signal}`);
+      parts.push(`- **${sanitize(scene.name)}**: ${sanitize(scene.trigger_signal)}`);
     }
     parts.push('');
   }
@@ -206,7 +276,7 @@ function formatContext(domain) {
   if (domain.reasoning && domain.reasoning.reasoning_chains) {
     parts.push('### Reasoning Chains');
     for (const r of domain.reasoning.reasoning_chains) {
-      parts.push(`- **${r.one_sentence}** → ${r.so_what}`);
+      parts.push(`- **${sanitize(r.one_sentence)}** → ${sanitize(r.so_what)}`);
     }
     parts.push('');
   }
@@ -214,11 +284,11 @@ function formatContext(domain) {
   if (domain.cases && domain.cases.cases && domain.cases.cases.length) {
     parts.push('### Cases');
     for (const c of domain.cases.cases) {
-      parts.push(`- **${c.title}**`);
-      parts.push(`  Context: ${c.context}`);
-      parts.push(`  What happened: ${c.what_happened}`);
-      parts.push(`  Learned: ${c.what_was_learned}`);
-      parts.push(`  Pattern: ${c.structural_pattern}`);
+      parts.push(`- **${sanitize(c.title)}**`);
+      parts.push(`  Context: ${sanitize(c.context)}`);
+      parts.push(`  What happened: ${sanitize(c.what_happened)}`);
+      parts.push(`  Learned: ${sanitize(c.what_was_learned)}`);
+      parts.push(`  Pattern: ${sanitize(c.structural_pattern)}`);
     }
     parts.push('');
   }
@@ -228,7 +298,7 @@ function formatContext(domain) {
     if (evo.stages && evo.stages.length) {
       parts.push('### Growth Stages');
       for (const stage of evo.stages) {
-        parts.push(`- **${stage.name}**: ${stage.description}`);
+        parts.push(`- **${sanitize(stage.name)}**: ${sanitize(stage.description)}`);
       }
       parts.push('');
     }
@@ -236,7 +306,7 @@ function formatContext(domain) {
       parts.push('### Capability Layers');
       for (const layer of evo.evolution_layers) {
         parts.push(
-          `- **${layer.name}**: ${layer.capability} (${layer.from_stage} → ${layer.to_stage})`,
+          `- **${sanitize(layer.name)}**: ${sanitize(layer.capability)} (${sanitize(layer.from_stage)} → ${sanitize(layer.to_stage)})`,
         );
       }
       parts.push('');