@bothat-io/molenkopf 0.1.2

package/packages/core/src/auth/session.ts

@@ -0,0 +1,64 @@
+import { createHmac, randomBytes, timingSafeEqual } from "node:crypto";
+
+// Stateless signed session tokens: base64(userId.expiry).hmac. Runtime servers
+// must supply a stable secret; newSessionSecret is for tests and utilities.
+
+const DEFAULT_TTL_MS = 12 * 60 * 60 * 1000;
+export type SessionPayload = { userId: string; sessionVersion: number };
+
+export function newSessionSecret(): string {
+  return randomBytes(32).toString("hex");
+}
+
+export function signSession(userId: string, secret: string, ttlMs = DEFAULT_TTL_MS, now = Date.now(), sessionVersion = 0): string {
+  const body = Buffer.from(JSON.stringify({ u: userId, v: sessionVersion, e: now + ttlMs })).toString("base64url");
+  return `${body}.${hmac(body, secret)}`;
+}
+
+export function verifySession(token: string | undefined, secret: string, now = Date.now()): string | undefined {
+  return verifySessionPayload(token, secret, now)?.userId;
+}
+
+export function verifySessionPayload(token: string | undefined, secret: string, now = Date.now()): SessionPayload | undefined {
+  if (!token || !token.includes(".")) return undefined;
+  const parts = token.split(".");
+  if (parts.length !== 2) return undefined;
+  const [body, sig] = parts;
+  if (!body || !sig || !equals(sig, hmac(body, secret))) return undefined;
+  const decoded = Buffer.from(body, "base64url").toString("utf8");
+  const payload = parsePayload(decoded);
+  if (!payload) return undefined;
+  const { userId, sessionVersion, expiry } = payload;
+  if (!Number.isSafeInteger(sessionVersion) || sessionVersion < 0) return undefined;
+  if (!Number.isFinite(expiry) || expiry < now) return undefined;
+  return { userId, sessionVersion };
+}
+
+function parsePayload(decoded: string): (SessionPayload & { expiry: number }) | undefined {
+  if (decoded.startsWith("{")) {
+    try {
+      const parsed = JSON.parse(decoded) as { u?: unknown; v?: unknown; e?: unknown };
+      if (typeof parsed.u === "string") return { userId: parsed.u, sessionVersion: Number(parsed.v), expiry: Number(parsed.e) };
+    } catch {
+      return undefined;
+    }
+  }
+  const parts = decoded.split(".");
+  if (parts.length < 2) return undefined;
+  const expiry = Number(parts.at(-1));
+  const maybeVersion = Number(parts.at(-2));
+  if (parts.length >= 3 && Number.isSafeInteger(maybeVersion) && maybeVersion >= 0) {
+    return { userId: parts.slice(0, -2).join("."), sessionVersion: maybeVersion, expiry };
+  }
+  return { userId: parts.slice(0, -1).join("."), sessionVersion: 0, expiry };
+}
+
+function hmac(body: string, secret: string): string {
+  return createHmac("sha256", secret).update(body).digest("base64url");
+}
+
+function equals(a: string, b: string): boolean {
+  const x = Buffer.from(a);
+  const y = Buffer.from(b);
+  return x.length === y.length && timingSafeEqual(x, y);
+}

package/packages/core/src/ci/ci-mode.ts

@@ -0,0 +1,71 @@
+import { redactSecrets } from "../security/secret-redactor.ts";
+
+export type PrFile = { path: string; patch: string };
+export type PrContextInput = { title: string; description?: string; files: PrFile[] };
+export type PrContextLimits = { maxFiles?: number; maxFieldChars?: number; maxPatchChars?: number; maxTotalChars?: number };
+
+const DEFAULT_LIMITS = { maxFiles: 100, maxFieldChars: 500, maxPatchChars: 4000, maxTotalChars: 16000 };
+
+export function packPrContext(input: PrContextInput, limitsInput: PrContextLimits = {}): string {
+  const limits = { ...DEFAULT_LIMITS, ...limitsInput };
+  if (input.files.length > limits.maxFiles) throw new Error("too_many_pr_files");
+  const lines = ["# PR Context", `title: ${safeField(input.title, limits.maxFieldChars)}`];
+  if (input.description) lines.push(`description: ${safeField(input.description, limits.maxFieldChars)}`);
+  let omittedFiles = 0;
+  for (const file of input.files) {
+    const block = fileBlock(file, limits.maxPatchChars);
+    if (joinedLength(lines, block) > limits.maxTotalChars) {
+      omittedFiles++;
+      continue;
+    }
+    lines.push(block);
+  }
+  if (omittedFiles && joinedLength(lines, omittedMarker(omittedFiles)) <= limits.maxTotalChars) lines.push(omittedMarker(omittedFiles));
+  return truncate(lines.join("\n"), limits.maxTotalChars, "context");
+}
+
+export function createCiAuditArtifact(input: { requestId: string; savedTokens: number; retrievalIds: string[] }) {
+  return {
+    mode: "ci",
+    remoteIssueIntegration: false,
+    createdAt: new Date().toISOString(),
+    requestId: input.requestId,
+    savedTokens: input.savedTokens,
+    retrievalIds: input.retrievalIds
+  };
+}
+
+function fileBlock(file: PrFile, maxPatchChars: number): string {
+  const patch = safePatch(file.patch, maxPatchChars);
+  return `\n## ${safePath(file.path)}\n${patch}`;
+}
+
+function safeField(value: string, maxChars: number): string {
+  return truncate(redactSecrets(value).text.replace(/\s+/g, " ").trim(), maxChars, "field");
+}
+
+function safePath(value: string): string {
+  const redacted = redactSecrets(value).text.replace(/\\/g, "/");
+  const parts = redacted.split("/").filter((part) => part && part !== "." && part !== "..");
+  const normalized = parts.join("/") || "unknown";
+  return truncate(normalized.replace(/[^\w .@:/\-[\]]/g, "_"), 180, "path");
+}
+
+function safePatch(value: string, maxChars: number): string {
+  return truncate(redactSecrets(value).text, maxChars, "patch");
+}
+
+function truncate(value: string, maxChars: number, label: string): string {
+  if (value.length <= maxChars) return value;
+  const marker = `\n[molenkopf omitted: ${value.length - maxChars} ${label} chars]`;
+  if (marker.length >= maxChars) return value.slice(0, Math.max(0, maxChars));
+  return `${value.slice(0, maxChars - marker.length)}${marker}`;
+}
+
+function joinedLength(lines: string[], next: string): number {
+  return lines.concat(next).join("\n").length;
+}
+
+function omittedMarker(count: number): string {
+  return `[molenkopf omitted: ${count} files after total context limit]`;
+}

package/packages/core/src/compression/content-classifier.ts

@@ -0,0 +1,25 @@
+export type ContentKind =
+  | "json" | "stacktrace" | "log" | "shell_output" | "markdown"
+  | "source_code" | "diff" | "plain_text" | "unknown";
+
+export function classifyContent(text: string, filename = ""): ContentKind {
+  const trimmed = text.trim();
+  if (!trimmed) return "plain_text";
+  try {
+    JSON.parse(trimmed);
+    return "json";
+  } catch {}
+  if (/^diff --git|^@@\s|^\+\+\+ |^--- /m.test(text)) return "diff";
+  if (/Traceback|Exception|Error:|^\s+at .+\(.+:\d+:\d+\)|File ".+", line \d+/m.test(text)) return "stacktrace";
+  if (/\.(ts|tsx|js|mjs|cjs|json|lock|sql|py|go|rs)$/i.test(filename)) return "source_code";
+  if (/\b(import|export|function|class|interface|type)\b|=>|[{;]\s*$/m.test(text)) return "source_code";
+  if (/^\s{0,3}#{1,6}\s|^\s*[-*]\s|\|.+\|/m.test(text)) return "markdown";
+  if (/\b(npm|pnpm|yarn|pytest|cargo|go test|FAIL|PASS|exit code)\b/i.test(text)) return "shell_output";
+  const lines = text.split("\n");
+  const logHits = lines.filter((line) => /\d{4}-\d{2}-\d{2}|^\[[^\]]+\]\s+(ERROR|WARN|INFO|DEBUG|TRACE|FATAL)\b|\b(ERROR|WARN|FATAL)\b/i.test(line)).length;
+  const requiredHits = Math.max(1, Math.ceil(lines.length * 0.2));
+  const numberedOutputHits = lines.filter((line) => /^line \d+\b/i.test(line)).length;
+  if (logHits >= 1 && numberedOutputHits >= Math.ceil(lines.length * 0.5)) return "log";
+  if (logHits >= requiredHits) return "log";
+  return "plain_text";
+}

package/packages/core/src/compression/context-compressor.ts

@@ -0,0 +1,48 @@
+import { classifyContent } from "./content-classifier.ts";
+import { compressJsonText } from "./json-compressor.ts";
+import { compressLog } from "./log-compressor.ts";
+import { compressOperationalBlocks } from "./operational-block-compressor.ts";
+import { compressStacktrace } from "./stacktrace-compressor.ts";
+import { redactSecrets } from "../security/secret-redactor.ts";
+import { RetrievalStore } from "../store/retrieval-store.ts";
+import { byteLength } from "../utils/text.ts";
+
+export type ContextCompression = {
+  text: string;
+  compressed: boolean;
+  kind: string;
+  retrievalId?: string;
+  compressorName?: string;
+  redactedSecrets: number;
+};
+
+// Only structured/operational content is safe to reduce. Prose, markdown,
+// source code, and diffs pass through untouched so the model never loses
+// meaning it needs (compression is opt-in and must stay non-destructive).
+const COMPRESSIBLE = new Set(["json", "stacktrace", "log", "shell_output"]);
+
+export async function compressContext(text: string, store: RetrievalStore, requestId?: string): Promise<ContextCompression> {
+  const redacted = redactSecrets(text);
+  const safeText = redacted.text;
+  const kind = classifyContent(safeText);
+  const id = store.idFor(safeText);
+  if (!COMPRESSIBLE.has(kind) || safeText.length < 2000) {
+    const embedded = safeText.length >= 2000 ? compressOperationalBlocks(safeText, id) : { text: safeText, compressed: false, kind: undefined, compressorName: undefined };
+    if (!embedded.compressed || byteLength(embedded.text) >= byteLength(safeText)) return { text: safeText, compressed: false, kind, redactedSecrets: redacted.redactions.length };
+    await store.save(safeText, { contentKind: embedded.kind ?? kind, compressedBytes: byteLength(embedded.text), compressorName: embedded.compressorName ?? "embedded", redacted: true, requestId });
+    return { text: embedded.text, compressed: true, kind, retrievalId: id, compressorName: embedded.compressorName, redactedSecrets: redacted.redactions.length };
+  }
+  const result = runCompressor(kind, safeText, id);
+  // Never claim compression that did not actually shrink the payload — otherwise
+  // we would send a larger body and report negative/zero savings dishonestly.
+  // Only persist the original once compression is confirmed beneficial.
+  if (!result.compressed || byteLength(result.text) >= byteLength(safeText)) return { text: safeText, compressed: false, kind, redactedSecrets: redacted.redactions.length };
+  await store.save(safeText, { contentKind: kind, compressedBytes: byteLength(result.text), compressorName: kind, redacted: true, requestId });
+  return { text: result.text, compressed: true, kind, retrievalId: id, compressorName: result.compressorName, redactedSecrets: redacted.redactions.length };
+}
+
+function runCompressor(kind: string, text: string, id: string) {
+  if (kind === "json") return compressJsonText(text, id);
+  if (kind === "stacktrace") return compressStacktrace(text, id);
+  return compressLog(text, id);
+}

package/packages/core/src/compression/json-compressor.ts

@@ -0,0 +1,54 @@
+import { truncateValue } from "../utils/text.ts";
+
+export type JsonCompressionResult = { text: string; compressed: boolean; compressorName: string };
+
+const MAX_ARRAY_KEYS = 100;
+
+export function compressJsonText(input: string, retrieveId: string): JsonCompressionResult {
+  let parsed: unknown;
+  try {
+    parsed = JSON.parse(input);
+  } catch {
+    return { text: input, compressed: false, compressorName: "json" };
+  }
+  if (Array.isArray(parsed) && parsed.length > 40) {
+    const first = parsed.slice(0, 20).map((item) => truncateValue(item));
+    const last = parsed.slice(-20).map((item) => truncateValue(item));
+    const keys = arrayKeys(parsed);
+    const text = [
+      `[molenkopf compressed: kind=json original_items=${parsed.length} kept_items=40 omitted_items=${parsed.length - 40} retrieve=${retrieveId}]`,
+      `keys: ${keys.items.join(", ")}${keys.omitted ? `, ... omitted_key_entries=${keys.omitted}` : ""}`,
+      "first:",
+      JSON.stringify(first, null, 2),
+      "last:",
+      JSON.stringify(last, null, 2)
+    ].join("\n");
+    return { text, compressed: true, compressorName: "json" };
+  }
+  if (input.length < 2000) return { text: input, compressed: false, compressorName: "json" };
+  const summary = truncateValue(parsed, 320);
+  return {
+    text: `[molenkopf compressed: kind=json retrieve=${retrieveId}]\n${JSON.stringify(summary, null, 2)}`,
+    compressed: true,
+    compressorName: "json"
+  };
+}
+
+function arrayKeys(items: unknown[]): { items: string[]; omitted: number } {
+  const seen = new Set<string>();
+  const out: string[] = [];
+  let omitted = 0;
+  for (const item of items) {
+    if (!item || typeof item !== "object" || Array.isArray(item)) continue;
+    for (const key of Object.keys(item)) {
+      if (seen.has(key)) continue;
+      if (out.length >= MAX_ARRAY_KEYS) {
+        omitted++;
+        continue;
+      }
+      seen.add(key);
+      out.push(key);
+    }
+  }
+  return { items: out, omitted };
+}

package/packages/core/src/compression/log-compressor.ts

@@ -0,0 +1,32 @@
+import { stripAnsi } from "../utils/text.ts";
+
+export type CompressionResult = { text: string; compressed: boolean; compressorName: string };
+
+const errorPattern = /ERROR|FATAL|FAIL|failed|exception|traceback|exit code|\.([jt]s|py|go|rs):\d+/i;
+
+export function compressLog(input: string, retrieveId: string): CompressionResult {
+  const clean = stripAnsi(input);
+  const lines = clean.split(/\r?\n/);
+  if (lines.length <= 220 && clean.length < 12000) {
+    return { text: clean, compressed: false, compressorName: "log" };
+  }
+  const keep = new Set<number>();
+  for (let i = 0; i < Math.min(80, lines.length); i++) keep.add(i);
+  for (let i = Math.max(0, lines.length - 120); i < lines.length; i++) keep.add(i);
+  lines.forEach((line, index) => {
+    if (!errorPattern.test(line)) return;
+    for (let i = Math.max(0, index - 5); i <= Math.min(lines.length - 1, index + 5); i++) keep.add(i);
+  });
+  const sorted = [...keep].sort((a, b) => a - b);
+  const output = [`[molenkopf compressed: kind=log original_lines=${lines.length} kept_lines=${sorted.length} retrieve=${retrieveId}]`];
+  let previous = -1;
+  for (const index of sorted) {
+    if (index > previous + 1) {
+      output.push(`[molenkopf omitted: ${index - previous - 1} repetitive lines retrieve=${retrieveId}]`);
+    }
+    const line = lines[index];
+    if (line !== output[output.length - 1]) output.push(line);
+    previous = index;
+  }
+  return { text: output.join("\n"), compressed: true, compressorName: "log" };
+}

package/packages/core/src/compression/operational-block-compressor.ts

@@ -0,0 +1,43 @@
+import { classifyContent } from "./content-classifier.ts";
+import { compressJsonText } from "./json-compressor.ts";
+import { compressLog } from "./log-compressor.ts";
+import { compressStacktrace } from "./stacktrace-compressor.ts";
+import { byteLength } from "../utils/text.ts";
+
+export type OperationalBlockCompression = {
+  text: string;
+  compressed: boolean;
+  kind?: string;
+  compressorName?: string;
+};
+
+const COMPRESSIBLE = new Set(["json", "stacktrace", "log", "shell_output"]);
+const SOURCE_LANGS = new Set(["ts", "tsx", "js", "jsx", "mjs", "cjs", "py", "go", "rs", "java", "rb", "sql", "diff", "patch", "md", "markdown", "sh", "bash", "zsh", "fish", "c", "cc", "cpp", "cxx", "h", "hpp", "cs", "php", "swift", "kt", "kts", "html", "css"]);
+const OPERATIONAL_LANGS = new Set(["log", "logs", "output", "shell-output", "terminal"]);
+const FENCE = /```([a-z0-9_-]*)[^\n]*\n([\s\S]*?)```/gi;
+
+export function compressOperationalBlocks(text: string, retrieveId: string): OperationalBlockCompression {
+  let compressed = false;
+  let kind: string | undefined;
+  let compressorName: string | undefined;
+  const rewritten = text.replace(FENCE, (match, lang: string, body: string) => {
+    const normalizedLang = lang.toLowerCase();
+    if (SOURCE_LANGS.has(normalizedLang) || body.length < 2000) return match;
+    if (normalizedLang && !OPERATIONAL_LANGS.has(normalizedLang)) return match;
+    const blockKind = classifyContent(body);
+    if (!COMPRESSIBLE.has(blockKind)) return match;
+    const result = compressStructured(blockKind, body, retrieveId);
+    if (!result.compressed || byteLength(result.text) >= byteLength(body)) return match;
+    compressed = true;
+    kind = blockKind;
+    compressorName = `embedded-${result.compressorName}`;
+    return "```" + lang + "\n" + result.text + "\n```";
+  });
+  return { text: rewritten, compressed, kind, compressorName };
+}
+
+function compressStructured(kind: string, text: string, retrieveId: string) {
+  if (kind === "json") return compressJsonText(text, retrieveId);
+  if (kind === "stacktrace") return compressStacktrace(text, retrieveId);
+  return compressLog(text, retrieveId);
+}

package/packages/core/src/compression/stacktrace-compressor.ts

@@ -0,0 +1,23 @@
+export type StacktraceCompressionResult = { text: string; compressed: boolean; compressorName: string };
+
+export function compressStacktrace(input: string, retrieveId: string): StacktraceCompressionResult {
+  const lines = input.split(/\r?\n/);
+  if (lines.length <= 12 && !/node_modules|node:internal|site-packages/.test(input)) {
+    return { text: input, compressed: false, compressorName: "stacktrace" };
+  }
+  const output = [`[molenkopf compressed: kind=stacktrace original_lines=${lines.length} retrieve=${retrieveId}]`];
+  let vendor = 0;
+  for (const line of lines) {
+    if (/node_modules|node:internal|\/vendor\/|site-packages|stdlib/.test(line)) {
+      vendor++;
+      continue;
+    }
+    if (vendor) {
+      output.push(`[molenkopf omitted: ${vendor} vendor/stdlib frames retrieve=${retrieveId}]`);
+      vendor = 0;
+    }
+    output.push(line);
+  }
+  if (vendor) output.push(`[molenkopf omitted: ${vendor} vendor/stdlib frames retrieve=${retrieveId}]`);
+  return { text: output.join("\n"), compressed: output.length < lines.length + 1, compressorName: "stacktrace" };
+}

package/packages/core/src/config/config-policies.ts

@@ -0,0 +1,146 @@
+import { builtinPluginDescriptors } from "../plugins/plugin-descriptor.ts";
+
+export type ProfilePolicy = { id: string; providerId: string; allowedModels?: string[]; defaultModel?: string };
+export type PluginPolicy = { id: string; enabledPluginIds?: string[] };
+export type ResolvedAgent = {
+  id: string;
+  providerId: string;
+  enabled?: boolean;
+  profileId?: string;
+  pluginPolicyId?: string;
+  scopes?: string[];
+  allowedModels?: string[];
+  defaultModel?: string;
+  enabledPluginIds?: string[];
+};
+
+type JsonRecord = Record<string, unknown>;
+
+const ID_RE = /^[a-z0-9][a-z0-9._:-]{0,63}$/i;
+
+export function normalizePolicyConfig(root: JsonRecord, providerIds: Set<string>, enabledProviderIds: Set<string>) {
+  const profiles = normalizeProfiles(root.profiles, providerIds);
+  const pluginPolicies = normalizePluginPolicies(root.pluginPolicies);
+  return {
+    profiles: profiles.items,
+    pluginPolicies: pluginPolicies.items,
+    agents: normalizeAgents(root.agents, profiles, pluginPolicies, providerIds, enabledProviderIds),
+    firstProvider: profiles.items[0]?.providerId
+  };
+}
+
+function normalizeProfiles(input: unknown, providerIds: Set<string>): { items: ProfilePolicy[]; byId: Map<string, ProfilePolicy> } {
+  if (input === undefined) return { items: [], byId: new Map() };
+  const items = array(input, "$.profiles").map((item, index) => {
+    const profile = record(item, `$.profiles[${index}]`);
+    const id = idValue(profile.id, `$.profiles[${index}].id`);
+    const providerId = idValue(profile.providerId, `$.profiles[${index}].providerId`);
+    if (!providerIds.has(providerId)) throw new Error(`unknown provider in profile: ${providerId}`);
+    const allowedModels = uniqueStrings(profile.allowedModels, `$.profiles[${index}].allowedModels`);
+    const defaultModel = stringOrUndefined(profile.defaultModel, `$.profiles[${index}].defaultModel`);
+    if (defaultModel && allowedModels && !allowedModels.includes(defaultModel)) throw new Error(`default model not allowed: ${id}`);
+    return clean({ id, providerId, allowedModels, defaultModel });
+  });
+  assertUnique(items.map((item) => item.id), "profile");
+  return { items, byId: new Map(items.map((item) => [item.id, item])) };
+}
+
+function normalizePluginPolicies(input: unknown): { items: PluginPolicy[]; byId: Map<string, PluginPolicy> } {
+  if (input === undefined) return { items: [], byId: new Map() };
+  const builtinPluginIds = new Set(builtinPluginDescriptors.map((plugin) => plugin.id));
+  const items = array(input, "$.pluginPolicies").map((item, index) => {
+    const policy = record(item, `$.pluginPolicies[${index}]`);
+    const id = idValue(policy.id, `$.pluginPolicies[${index}].id`);
+    if (policy.remotePlugins === true) throw new Error(`remote plugins unsupported: ${id}`);
+    const enabledPluginIds = uniqueStrings(policy.enabledPluginIds, `$.pluginPolicies[${index}].enabledPluginIds`);
+    enabledPluginIds?.forEach((pluginId) => {
+      if (!builtinPluginIds.has(pluginId)) throw new Error(`unknown enabled plugin id: ${pluginId}`);
+    });
+    return clean({ id, enabledPluginIds });
+  });
+  assertUnique(items.map((item) => item.id), "plugin policy");
+  return { items, byId: new Map(items.map((item) => [item.id, item])) };
+}
+
+function normalizeAgents(input: unknown, profiles: ReturnType<typeof normalizeProfiles>, policies: ReturnType<typeof normalizePluginPolicies>, providerIds: Set<string>, enabledProviderIds: Set<string>): ResolvedAgent[] {
+  if (input === undefined) return [];
+  const agents = array(input, "$.agents").map((item, index) => {
+    const agent = record(item, `$.agents[${index}]`);
+    const id = idValue(agent.id, `$.agents[${index}].id`);
+    const enabled = agent.enabled === undefined ? true : boolean(agent.enabled, `$.agents[${index}].enabled`);
+    const profileId = optionalId(agent.profileId, `$.agents[${index}].profileId`);
+    const pluginPolicyId = optionalId(agent.pluginPolicyId, `$.agents[${index}].pluginPolicyId`);
+    const profile = profileId ? profiles.byId.get(profileId) : undefined;
+    const policy = pluginPolicyId ? policies.byId.get(pluginPolicyId) : undefined;
+    if (profileId && !profile) throw new Error(`unknown profile in agent: ${profileId}`);
+    if (pluginPolicyId && !policy) throw new Error(`unknown plugin policy in agent: ${pluginPolicyId}`);
+    if (agent.providerId !== undefined && profileId) throw new Error(`conflicting provider/profile in agent: ${id}`);
+    const providerId = agent.providerId !== undefined ? idValue(agent.providerId, `$.agents[${index}].providerId`) : profile?.providerId;
+    if (!providerId) throw new Error(`agent requires provider or profile: ${id}`);
+    if (!providerIds.has(providerId)) throw new Error(`unknown provider in agent: ${providerId}`);
+    if (enabled && !enabledProviderIds.has(providerId)) throw new Error(`agent provider disabled: ${providerId}`);
+    return clean({ id, providerId, enabled, profileId, pluginPolicyId, scopes: nonEmptyUniqueIds(agent.scopes, `$.agents[${index}].scopes`), allowedModels: profile?.allowedModels, defaultModel: profile?.defaultModel, enabledPluginIds: policy?.enabledPluginIds });
+  });
+  assertUnique(agents.map((item) => item.id), "agent");
+  return agents;
+}
+
+function record(value: unknown, path: string): JsonRecord {
+  if (!value || typeof value !== "object" || Array.isArray(value)) throw new Error(`expected object: ${path}`);
+  return value as JsonRecord;
+}
+
+function array(value: unknown, path: string): unknown[] {
+  if (!Array.isArray(value)) throw new Error(`expected array: ${path}`);
+  return value;
+}
+
+function optionalId(value: unknown, path: string): string | undefined {
+  return value === undefined ? undefined : idValue(value, path);
+}
+
+function idValue(value: unknown, path: string): string {
+  const id = string(value, path);
+  if (!ID_RE.test(id)) throw new Error(`invalid id: ${path}`);
+  return id;
+}
+
+function uniqueStrings(value: unknown, path: string): string[] | undefined {
+  if (value === undefined) return undefined;
+  const values = array(value, path).map((item, index) => string(item, `${path}[${index}]`));
+  return assertUnique(values, path), values;
+}
+
+function nonEmptyUniqueIds(value: unknown, path: string): string[] | undefined {
+  const values = uniqueStrings(value, path);
+  if (values === undefined) return undefined;
+  if (!values.length) throw new Error(`empty string array: ${path}`);
+  values.forEach((item, index) => idValue(item, `${path}[${index}]`));
+  return values;
+}
+
+function stringOrUndefined(value: unknown, path: string): string | undefined {
+  return value === undefined ? undefined : string(value, path);
+}
+
+function string(value: unknown, path: string): string {
+  if (typeof value !== "string" || !value.trim()) throw new Error(`expected string: ${path}`);
+  return value.trim();
+}
+
+function boolean(value: unknown, path: string): boolean {
+  if (typeof value !== "boolean") throw new Error(`expected boolean: ${path}`);
+  return value;
+}
+
+function assertUnique(values: string[], label: string): void {
+  const seen = new Set<string>();
+  values.forEach((value) => {
+    if (seen.has(value)) throw new Error(`duplicate ${label} id: ${value}`);
+    seen.add(value);
+  });
+}
+
+function clean<T extends Record<string, unknown>>(value: T): T {
+  return Object.fromEntries(Object.entries(value).filter(([, item]) => item !== undefined)) as T;
+}

package/packages/core/src/config/molenkopf-config.ts

@@ -0,0 +1,137 @@
+import type { ProviderConfig } from "../providers/provider-catalog.ts";
+import { normalizeProvider } from "./provider-config.ts";
+import { validateProviderTarget } from "../security/target-policy.ts";
+import { normalizePolicyConfig, type PluginPolicy, type ProfilePolicy, type ResolvedAgent } from "./config-policies.ts";
+
+export type NormalizedMolenkopfConfig = {
+  target: string;
+  server: { bindHost?: string; port?: number; allowPublicBind?: boolean; dataDir?: string };
+  providers: ProviderConfig[];
+  activeProviderId: string;
+  profiles: ProfilePolicy[];
+  pluginPolicies: PluginPolicy[];
+  agents: ResolvedAgent[];
+};
+
+type JsonRecord = Record<string, unknown>;
+
+const FORBIDDEN_KEYS = new Set([
+  "apikey", "xapikey", "authorization", "cookie", "password", "credential", "credentials",
+  "credentialenv", "accesscredential", "clientcredentials", "token", "accesstoken",
+  "refreshtoken", "bearertoken", "sessiontoken", "secret", "clientsecret"
+]);
+const SAFE_ACCOUNTING_KEYS = new Set([
+  "tokenlimit", "tokensperday", "inputtokens", "outputtokens",
+  "estimatedoriginaltokens", "estimatedcompressedtokens", "estimatedsavedtokens"
+]);
+
+export function parseMolenkopfConfigJson(text: string, source = "molenkopf.config.json"): NormalizedMolenkopfConfig {
+  let parsed: unknown;
+  try {
+    parsed = JSON.parse(text);
+  } catch {
+    throw new Error(`invalid Molenkopf config JSON: ${source}`);
+  }
+  return normalizeMolenkopfConfig(parsed);
+}
+
+export function normalizeMolenkopfConfig(input: unknown): NormalizedMolenkopfConfig {
+  assertNoForbiddenKeys(input);
+  const root = record(input, "$");
+  const schemaVersion = root.schemaVersion ?? root.version;
+  if (schemaVersion !== 1) throw new Error("molenkopf config schemaVersion must be 1");
+  const providers = array(root.providers, "$.providers").map(normalizeProvider);
+  if (!providers.length) throw new Error("molenkopf config requires providers");
+  assertUnique(providers.map((item) => item.id), "provider");
+  const providerIds = new Set(providers.map((item) => item.id));
+  const enabledProviderIds = new Set(providers.filter((item) => item.enabled !== false).map((item) => item.id));
+  const policies = normalizePolicyConfig(root, providerIds, enabledProviderIds);
+  const server = normalizeServer(root.server);
+  const target = stringOrUndefined(root.target) ?? providers[0].target;
+  validateTarget(target, "$.target", providers);
+  const activeProviderId = policies.firstProvider ?? providers.find((item) => item.enabled !== false)?.id ?? providers[0].id;
+  if (!providerIds.has(activeProviderId)) throw new Error(`unknown active provider: ${activeProviderId}`);
+  if (providers.find((item) => item.id === activeProviderId)?.enabled === false) throw new Error(`active provider disabled: ${activeProviderId}`);
+  return { target, server, providers, activeProviderId, profiles: policies.profiles, pluginPolicies: policies.pluginPolicies, agents: policies.agents };
+}
+
+function normalizeServer(input: unknown): NormalizedMolenkopfConfig["server"] {
+  if (input === undefined) return {};
+  const item = record(input, "$.server");
+  const out: NormalizedMolenkopfConfig["server"] = {};
+  if (item.bindHost !== undefined) out.bindHost = string(item.bindHost, "$.server.bindHost");
+  if (item.host !== undefined) out.bindHost = string(item.host, "$.server.host");
+  if (item.port !== undefined) out.port = port(item.port);
+  if (item.allowPublicBind !== undefined) out.allowPublicBind = boolean(item.allowPublicBind, "$.server.allowPublicBind");
+  if (item.dataDir !== undefined) out.dataDir = string(item.dataDir, "$.server.dataDir");
+  return out;
+}
+
+function assertNoForbiddenKeys(value: unknown, path = "$") {
+  if (!value || typeof value !== "object") return;
+  if (Array.isArray(value)) return value.forEach((item, index) => assertNoForbiddenKeys(item, `${path}[${index}]`));
+  Object.entries(value as JsonRecord).forEach(([key, child]) => {
+    const normalized = key.toLowerCase().replace(/[-_]/g, "");
+    if (isForbiddenSecretKey(normalized) && !isAllowedCredentialRef(path, normalized)) throw new Error(`forbidden secret field in config: ${path}.${key}`);
+    assertNoForbiddenKeys(child, `${path}.${key}`);
+  });
+}
+
+function isForbiddenSecretKey(normalized: string): boolean {
+  if (SAFE_ACCOUNTING_KEYS.has(normalized)) return false;
+  return FORBIDDEN_KEYS.has(normalized)
+    || normalized.endsWith("apikey")
+    || normalized.endsWith("token")
+    || normalized.endsWith("secret")
+    || normalized.endsWith("credential")
+    || normalized.endsWith("credentials")
+    || normalized.endsWith("password");
+}
+
+function isAllowedCredentialRef(path: string, normalized: string): boolean {
+  return normalized === "credentialref" && /^\$\.providers\[\d+\]\.auth$/.test(path);
+}
+
+function validateTarget(value: string, path: string, providers: ProviderConfig[]) {
+  const url = new URL(value);
+  if (url.protocol === "cli:") return;
+  validateProviderTarget(value, { path, allowPrivate: providers.some((item) => item.kind === "local" && item.target === value) });
+}
+
+function assertUnique(values: string[], label: string) {
+  const seen = new Set<string>();
+  values.forEach((value) => {
+    if (seen.has(value)) throw new Error(`duplicate ${label} id: ${value}`);
+    seen.add(value);
+  });
+}
+
+function record(value: unknown, path: string): JsonRecord {
+  if (!value || typeof value !== "object" || Array.isArray(value)) throw new Error(`expected object: ${path}`);
+  return value as JsonRecord;
+}
+
+function array(value: unknown, path: string): unknown[] {
+  if (!Array.isArray(value)) throw new Error(`expected array: ${path}`);
+  return value;
+}
+
+function string(value: unknown, path: string): string {
+  if (typeof value !== "string" || !value.trim()) throw new Error(`expected string: ${path}`);
+  return value.trim();
+}
+
+function stringOrUndefined(value: unknown): string | undefined {
+  return typeof value === "string" && value.trim() ? value.trim() : undefined;
+}
+
+function boolean(value: unknown, path: string): boolean {
+  if (typeof value !== "boolean") throw new Error(`expected boolean: ${path}`);
+  return value;
+}
+
+function port(value: unknown): number {
+  const portNumber = Number(value);
+  if (!Number.isInteger(portNumber) || portNumber < 0 || portNumber > 65535) throw new Error("invalid server port");
+  return portNumber;
+}