@principles/core 1.75.0 → 1.77.0

package/dist/runtime-v2/feedback/index.d.ts

@@ -0,0 +1,9 @@
+export type { FeedbackType, UserSeverity, FeedbackSource, FeedbackContext, AgentDraft, FeedbackUserText, FeedbackDraftInput, NormalizedDraft, RecentEvent, CanaryStatus, DiagnosticSummary, ContextRef, PrivacyPreview, FeedbackReport, ValidationError, NormalizeResult, } from './feedback-types.js';
+export { isFeedbackType, isUserSeverity, isFeedbackSource, isRecord, isBoolean, normalizeFeedbackDraftInput, } from './feedback-types.js';
+export { redactAbsolutePaths, redactTokenLikeValues, redactEnvLikeValues, redactStackTrace, redactSensitiveFields, REDACTED_PATH, REDACTED_VALUE, NO_STACK, type RedactResult, } from './redact-sensitive.js';
+export { renderReportMarkdown, MAX_MARKDOWN_LENGTH } from './render-markdown.js';
+export { buildGitHubIssueDraftUrl, MAX_URL_BODY_LENGTH, GITHUB_REPO, type GithubUrlResult, } from './render-github-url.js';
+export { buildPrivacyPreview, buildEmailText, DEFAULT_INCLUDED_SECTIONS, DEFAULT_EXCLUDED_CATEGORIES, } from './privacy-preview.js';
+export { createFeedbackReport, type CreateReportResult } from './create-report.js';
+export { safeStringifyPreview } from './safe-stringify.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/runtime-v2/feedback/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/runtime-v2/feedback/index.ts"],"names":[],"mappings":"AAIA,YAAY,EACV,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,eAAe,EACf,UAAU,EACV,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,WAAW,EACX,YAAY,EACZ,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,cAAc,EACd,eAAe,EACf,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,cAAc,EACd,cAAc,EACd,gBAAgB,EAChB,QAAQ,EACR,SAAS,EACT,2BAA2B,GAC5B,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,gBAAgB,EAChB,qBAAqB,EACrB,aAAa,EACb,cAAc,EACd,QAAQ,EACR,KAAK,YAAY,GAClB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAEjF,OAAO,EACL,wBAAwB,EACxB,mBAAmB,EACnB,WAAW,EACX,KAAK,eAAe,GACrB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,mBAAmB,EACnB,cAAc,EACd,yBAAyB,EACzB,2BAA2B,GAC5B,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,oBAAoB,EAAE,KAAK,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAEnF,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/runtime-v2/feedback/index.js

@@ -0,0 +1,11 @@
+// feedback/index.ts
+// Barrel re-exports for the feedback report contract.
+// Pure logic only — no I/O, no fs, no process, no db, no network.
+export { isFeedbackType, isUserSeverity, isFeedbackSource, isRecord, isBoolean, normalizeFeedbackDraftInput, } from './feedback-types.js';
+export { redactAbsolutePaths, redactTokenLikeValues, redactEnvLikeValues, redactStackTrace, redactSensitiveFields, REDACTED_PATH, REDACTED_VALUE, NO_STACK, } from './redact-sensitive.js';
+export { renderReportMarkdown, MAX_MARKDOWN_LENGTH } from './render-markdown.js';
+export { buildGitHubIssueDraftUrl, MAX_URL_BODY_LENGTH, GITHUB_REPO, } from './render-github-url.js';
+export { buildPrivacyPreview, buildEmailText, DEFAULT_INCLUDED_SECTIONS, DEFAULT_EXCLUDED_CATEGORIES, } from './privacy-preview.js';
+export { createFeedbackReport } from './create-report.js';
+export { safeStringifyPreview } from './safe-stringify.js';
+//# sourceMappingURL=index.js.map

package/dist/runtime-v2/feedback/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/runtime-v2/feedback/index.ts"],"names":[],"mappings":"AAAA,oBAAoB;AACpB,sDAAsD;AACtD,kEAAkE;AAqBlE,OAAO,EACL,cAAc,EACd,cAAc,EACd,gBAAgB,EAChB,QAAQ,EACR,SAAS,EACT,2BAA2B,GAC5B,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,gBAAgB,EAChB,qBAAqB,EACrB,aAAa,EACb,cAAc,EACd,QAAQ,GAET,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAEjF,OAAO,EACL,wBAAwB,EACxB,mBAAmB,EACnB,WAAW,GAEZ,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,mBAAmB,EACnB,cAAc,EACd,yBAAyB,EACzB,2BAA2B,GAC5B,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,oBAAoB,EAA2B,MAAM,oBAAoB,CAAC;AAEnF,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/runtime-v2/feedback/internal-guards.d.ts

@@ -0,0 +1,2 @@
+export declare function isString(value: unknown): value is string;
+//# sourceMappingURL=internal-guards.d.ts.map

package/dist/runtime-v2/feedback/internal-guards.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"internal-guards.d.ts","sourceRoot":"","sources":["../../../src/runtime-v2/feedback/internal-guards.ts"],"names":[],"mappings":"AAGA,wBAAgB,QAAQ,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,MAAM,CAExD"}

package/dist/runtime-v2/feedback/internal-guards.js

@@ -0,0 +1,6 @@
+// internal-guards.ts
+// Re-exported shared primitive guards used across the feedback module.
+export function isString(value) {
+    return typeof value === 'string';
+}
+//# sourceMappingURL=internal-guards.js.map

package/dist/runtime-v2/feedback/internal-guards.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"internal-guards.js","sourceRoot":"","sources":["../../../src/runtime-v2/feedback/internal-guards.ts"],"names":[],"mappings":"AAAA,qBAAqB;AACrB,uEAAuE;AAEvE,MAAM,UAAU,QAAQ,CAAC,KAAc;IACrC,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC;AACnC,CAAC"}

package/dist/runtime-v2/feedback/privacy-preview.d.ts

@@ -0,0 +1,14 @@
+import type { FeedbackReport, PrivacyPreview } from './feedback-types.js';
+export declare const DEFAULT_INCLUDED_SECTIONS: readonly string[];
+export declare const DEFAULT_EXCLUDED_CATEGORIES: readonly string[];
+/**
+ * Build a fresh PrivacyPreview object. Each call returns new arrays so callers
+ * may mutate the result without affecting the defaults.
+ */
+export declare function buildPrivacyPreview(redactionNotes: string[]): PrivacyPreview;
+/**
+ * Build an email-ready plain-text version of a FeedbackReport.
+ * Uses real '\n' newlines. BigInt/cycle-safe via safeStringifyPreview.
+ */
+export declare function buildEmailText(report: FeedbackReport): string;
+//# sourceMappingURL=privacy-preview.d.ts.map

package/dist/runtime-v2/feedback/privacy-preview.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"privacy-preview.d.ts","sourceRoot":"","sources":["../../../src/runtime-v2/feedback/privacy-preview.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAI1E,eAAO,MAAM,yBAAyB,EAAE,SAAS,MAAM,EAOtD,CAAC;AAEF,eAAO,MAAM,2BAA2B,EAAE,SAAS,MAAM,EASxD,CAAC;AAEF;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,cAAc,EAAE,MAAM,EAAE,GAAG,cAAc,CAM5E;AAWD;;;GAGG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,MAAM,CA4E7D"}

package/dist/runtime-v2/feedback/privacy-preview.js

@@ -0,0 +1,128 @@
+// privacy-preview.ts
+// Privacy metadata and email-text rendering.
+// ERR-014/016/017: correct '\n' newlines, BigInt-safe, never throws on cycles.
+import { safeStringifyPreview } from './safe-stringify.js';
+import { redactAbsolutePaths, redactTokenLikeValues, redactEnvLikeValues } from './redact-sensitive.js';
+export const DEFAULT_INCLUDED_SECTIONS = [
+    'versions',
+    'platform',
+    'featureFlags',
+    'canary',
+    'userText',
+    'contextIds',
+];
+export const DEFAULT_EXCLUDED_CATEGORIES = [
+    'rawPrompt',
+    'rawChat',
+    'rawTrajectory',
+    'fileContents',
+    'fullPaths',
+    'envVars',
+    'tokens',
+    'fullStackTraces',
+];
+/**
+ * Build a fresh PrivacyPreview object. Each call returns new arrays so callers
+ * may mutate the result without affecting the defaults.
+ */
+export function buildPrivacyPreview(redactionNotes) {
+    return {
+        includedSections: [...DEFAULT_INCLUDED_SECTIONS],
+        excludedByDefault: [...DEFAULT_EXCLUDED_CATEGORIES],
+        redactionNotes: redactionNotes.slice(),
+    };
+}
+const MAX_EMAIL_FIELD = 1500;
+const MAX_EMAIL_DIAGNOSTIC_FIELD = 1200;
+function safe(s, max) {
+    if (typeof s !== 'string')
+        return '';
+    if (s.length <= max)
+        return s;
+    return s.slice(0, max) + '…';
+}
+/**
+ * Build an email-ready plain-text version of a FeedbackReport.
+ * Uses real '\n' newlines. BigInt/cycle-safe via safeStringifyPreview.
+ */
+export function buildEmailText(report) {
+    const lines = [];
+    lines.push(`Subject: [PD feedback] [${report.type}] ${redactAbsolutePaths(report.title)}`);
+    lines.push('');
+    lines.push('— PD Feedback Report —');
+    lines.push(`ID: ${report.id}`);
+    lines.push(`Created: ${report.createdAt}`);
+    if (report.userText.userSeverity) {
+        lines.push(`User severity: ${report.userText.userSeverity}`);
+    }
+    lines.push('');
+    lines.push('— Description —');
+    lines.push(safe(report.userText.description, MAX_EMAIL_FIELD));
+    if (report.userText.stepsToReproduce) {
+        lines.push('');
+        lines.push('— Steps to reproduce —');
+        lines.push(safe(report.userText.stepsToReproduce, MAX_EMAIL_FIELD));
+    }
+    if (report.userText.expectedBehavior) {
+        lines.push('');
+        lines.push('— Expected behavior —');
+        lines.push(safe(report.userText.expectedBehavior, MAX_EMAIL_FIELD));
+    }
+    if (report.userText.actualBehavior) {
+        lines.push('');
+        lines.push('— Actual behavior —');
+        lines.push(safe(report.userText.actualBehavior, MAX_EMAIL_FIELD));
+    }
+    lines.push('');
+    lines.push('— Diagnostics (low-sensitivity) —');
+    lines.push('versions:');
+    lines.push(safeStringifyPreview(report.diagnosticSummary.versions).slice(0, MAX_EMAIL_DIAGNOSTIC_FIELD));
+    lines.push('platform:');
+    lines.push(safeStringifyPreview(report.diagnosticSummary.platform).slice(0, MAX_EMAIL_DIAGNOSTIC_FIELD));
+    lines.push('featureFlags:');
+    lines.push(safeStringifyPreview(report.diagnosticSummary.featureFlags).slice(0, MAX_EMAIL_DIAGNOSTIC_FIELD));
+    if (report.diagnosticSummary.canary.status === 'available') {
+        lines.push(`canary: available${report.diagnosticSummary.canary.summary ? ` — ${report.diagnosticSummary.canary.summary}` : ''}`);
+    }
+    else {
+        lines.push(`canary: unavailable${report.diagnosticSummary.canary.unavailableReason ? ` — ${report.diagnosticSummary.canary.unavailableReason}` : ''}`);
+    }
+    if (report.contextRefs.length > 0) {
+        lines.push('');
+        lines.push('— Context references —');
+        const maxContextRefs = 12;
+        const shownRefs = report.contextRefs.slice(0, maxContextRefs);
+        for (const r of shownRefs) {
+            const label = r.label ? ` — ${r.label}` : '';
+            lines.push(`- ${r.kind}: ${r.id}${label}`);
+        }
+        if (report.contextRefs.length > maxContextRefs) {
+            lines.push(`- … and ${report.contextRefs.length - maxContextRefs} more`);
+        }
+    }
+    lines.push('');
+    lines.push('— Privacy —');
+    lines.push('Included by default:');
+    for (const s of report.privacy.includedSections)
+        lines.push(`- ${s}`);
+    lines.push('Excluded by default:');
+    for (const s of report.privacy.excludedByDefault)
+        lines.push(`- ${s}`);
+    if (report.privacy.redactionNotes.length > 0) {
+        lines.push('Redaction notes:');
+        const maxNotes = 12;
+        const shownNotes = report.privacy.redactionNotes.slice(0, maxNotes);
+        for (const n of shownNotes)
+            lines.push(`- ${n}`);
+        if (report.privacy.redactionNotes.length > maxNotes) {
+            lines.push(`- … and ${report.privacy.redactionNotes.length - maxNotes} more`);
+        }
+    }
+    // Defense-in-depth: scrub any absolute path / token / env value that slipped through.
+    let email = lines.join('\n');
+    email = redactAbsolutePaths(email);
+    email = redactTokenLikeValues(email);
+    email = redactEnvLikeValues(email);
+    return email;
+}
+//# sourceMappingURL=privacy-preview.js.map

package/dist/runtime-v2/feedback/privacy-preview.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"privacy-preview.js","sourceRoot":"","sources":["../../../src/runtime-v2/feedback/privacy-preview.ts"],"names":[],"mappings":"AAAA,qBAAqB;AACrB,6CAA6C;AAC7C,+EAA+E;AAG/E,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAExG,MAAM,CAAC,MAAM,yBAAyB,GAAsB;IAC1D,UAAU;IACV,UAAU;IACV,cAAc;IACd,QAAQ;IACR,UAAU;IACV,YAAY;CACb,CAAC;AAEF,MAAM,CAAC,MAAM,2BAA2B,GAAsB;IAC5D,WAAW;IACX,SAAS;IACT,eAAe;IACf,cAAc;IACd,WAAW;IACX,SAAS;IACT,QAAQ;IACR,iBAAiB;CAClB,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,cAAwB;IAC1D,OAAO;QACL,gBAAgB,EAAE,CAAC,GAAG,yBAAyB,CAAC;QAChD,iBAAiB,EAAE,CAAC,GAAG,2BAA2B,CAAC;QACnD,cAAc,EAAE,cAAc,CAAC,KAAK,EAAE;KACvC,CAAC;AACJ,CAAC;AAED,MAAM,eAAe,GAAG,IAAI,CAAC;AAC7B,MAAM,0BAA0B,GAAG,IAAI,CAAC;AAExC,SAAS,IAAI,CAAC,CAAqB,EAAE,GAAW;IAC9C,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IACrC,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG;QAAE,OAAO,CAAC,CAAC;IAC9B,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC;AAC/B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,MAAsB;IACnD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,2BAA2B,MAAM,CAAC,IAAI,KAAK,mBAAmB,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC3F,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IACrC,KAAK,CAAC,IAAI,CAAC,OAAO,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/B,KAAK,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;IAC3C,IAAI,MAAM,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAC9B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC,CAAC;IAC/D,IAAI,MAAM,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC;QACrC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACrC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,EAAE,eAAe,CAAC,CAAC,CAAC;IACtE,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC;QACrC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,EAAE,eAAe,CAAC,CAAC,CAAC;IACtE,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;QACnC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,EAAE,eAAe,CAAC,CAAC,CAAC;IACpE,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;IAChD,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACxB,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,0BAA0B,CAAC,CAAC,CAAC;IACzG,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACxB,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,0BAA0B,CAAC,CAAC,CAAC;IACzG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC5B,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,0BAA0B,CAAC,CAAC,CAAC;IAC7G,IAAI,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,oBAAoB,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACnI,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,sBAAsB,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC,MAAM,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACzJ,CAAC;IACD,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACrC,MAAM,cAAc,GAAG,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7C,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,EAAE,GAAG,KAAK,EAAE,CAAC,CAAC;QAC7C,CAAC;QACD,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,cAAc,EAAE,CAAC;YAC/C,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,cAAc,OAAO,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAC1B,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACnC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB;QAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACtE,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACnC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,iBAAiB;QAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACvE,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7C,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAC/B,MAAM,QAAQ,GAAG,EAAE,CAAC;QACpB,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QACpE,KAAK,MAAM,CAAC,IAAI,UAAU;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACjD,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,MAAM,GAAG,QAAQ,EAAE,CAAC;YACpD,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,MAAM,GAAG,QAAQ,OAAO,CAAC,CAAC;QAChF,CAAC;IACH,CAAC;IAED,sFAAsF;IACtF,IAAI,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7B,KAAK,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;IACnC,KAAK,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;IACrC,KAAK,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;IACnC,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/runtime-v2/feedback/redact-sensitive.d.ts

@@ -0,0 +1,37 @@
+export declare const REDACTED_PATH = "<redacted-path>";
+export declare const REDACTED_VALUE = "[REDACTED]";
+export declare const NO_STACK = "<no-stack>";
+/**
+ * Replace absolute paths with `<redacted-path>`. Relative paths are left alone.
+ */
+export declare function redactAbsolutePaths(text: string): string;
+/**
+ * Replace token-like values with `[REDACTED]`.
+ */
+export declare function redactTokenLikeValues(text: string): string;
+export declare function redactEnvLikeValues(text: string): string;
+/**
+ * Reduce a stack trace to the error name and the first N frames (paths redacted).
+ * Empty input returns `<no-stack>`.
+ */
+export declare function redactStackTrace(text: string, maxFrames?: number): string;
+export type RedactResult = {
+    ok: true;
+    value: unknown;
+    notes: string[];
+} | {
+    ok: false;
+    error: string;
+    nextAction: string;
+};
+/**
+ * Recursively redact sensitive fields in an unknown value.
+ * Never throws. Returns a structured result with notes describing what was redacted.
+ *
+ * ERR-002: returns `{ok:false,error,nextAction}` for non-object top-level input
+ * because field redaction is a structured-data operation. Primitives carry no
+ * fields; their values should be sanitized via `redactTokenLikeValues` /
+ * `redactEnvLikeValues` / `redactAbsolutePaths` instead.
+ */
+export declare function redactSensitiveFields(value: unknown): RedactResult;
+//# sourceMappingURL=redact-sensitive.d.ts.map

package/dist/runtime-v2/feedback/redact-sensitive.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redact-sensitive.d.ts","sourceRoot":"","sources":["../../../src/runtime-v2/feedback/redact-sensitive.ts"],"names":[],"mappings":"AAOA,eAAO,MAAM,aAAa,oBAAoB,CAAC;AAC/C,eAAO,MAAM,cAAc,eAAe,CAAC;AAC3C,eAAO,MAAM,QAAQ,eAAe,CAAC;AAWrC;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAGxD;AAaD;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAO1D;AAOD,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAGxD;AAMD;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,GAAE,MAAiC,GAAG,MAAM,CAUnG;AAyCD,MAAM,MAAM,YAAY,GACpB;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,MAAM,EAAE,CAAA;CAAE,GAC7C;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC;AAgIrD;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,OAAO,GAAG,YAAY,CA2BlE"}

package/dist/runtime-v2/feedback/redact-sensitive.js

@@ -0,0 +1,272 @@
+// redact-sensitive.ts
+// Privacy-preserving redaction helpers used by the feedback pipeline.
+// ERR-001/005: no `as` casts on untrusted values.
+// ERR-002: never throws; pipeline functions return either a string or a structured result with notes.
+// ERR-003: segment-exact key matching (e.g. "authorization", "auth_token"), never substring ("author" must NOT match).
+// ERR-014/016: bounded output.
+export const REDACTED_PATH = '<redacted-path>';
+export const REDACTED_VALUE = '[REDACTED]';
+export const NO_STACK = '<no-stack>';
+const MAX_STACK_FRAMES_DEFAULT = 3;
+// ── Path redaction ──────────────────────────────────────────────────────────
+// Windows: C:\Users\alice\...   D:\foo\bar   E:/...
+const WINDOWS_PATH = /(?:[A-Za-z]:[\\/](?:[^\\\s/:*?"<>|]+[\\/])+[^\\\s/:*?"<>|]*)/g;
+// POSIX: /home/alice/...   /usr/local/bin/...
+const POSIX_PATH = /(?:\/(?:usr|home|var|opt|etc|tmp|root|run|mnt|media|srv|boot|dev|proc|sys)(?:\/[^\\\s/:*?"<>|]+)+)/g;
+/**
+ * Replace absolute paths with `<redacted-path>`. Relative paths are left alone.
+ */
+export function redactAbsolutePaths(text) {
+    if (typeof text !== 'string')
+        return text;
+    return text.replace(WINDOWS_PATH, REDACTED_PATH).replace(POSIX_PATH, REDACTED_PATH);
+}
+// ── Token redaction ─────────────────────────────────────────────────────────
+// OpenAI sk-..., Anthropic sk-ant-..., generic sk-_...
+const OPENAI_TOKEN = /\bsk-(?:ant-)?[A-Za-z0-9_-]{16,}\b/g;
+// GitHub tokens: ghp_, gho_, ghu_, ghs_, ghr_
+const GITHUB_TOKEN = /\bgh[pousr]_[A-Za-z0-9]{16,}\b/g;
+// Generic api_key= / token= / secret= / password= assignments
+const KEY_ASSIGN = /\b(api[_-]?key|token|secret|password|auth(?:_?token)?)\s*[:=]\s*['"]?([^\s'",}{]+)['"]?/gi;
+// Bearer headers
+const BEARER = /\bBearer\s+[A-Za-z0-9._\-+/=]{8,}\b/g;
+/**
+ * Replace token-like values with `[REDACTED]`.
+ */
+export function redactTokenLikeValues(text) {
+    if (typeof text !== 'string')
+        return text;
+    return text
+        .replace(OPENAI_TOKEN, REDACTED_VALUE)
+        .replace(GITHUB_TOKEN, REDACTED_VALUE)
+        .replace(BEARER, REDACTED_VALUE)
+        .replace(KEY_ASSIGN, (_m, key) => `${key}=${REDACTED_VALUE}`);
+}
+// ── Environment-like value redaction ────────────────────────────────────────
+// KEY=value (basic)  /  KEY="value with spaces"
+const ENV_ASSIGN = /\b([A-Z_][A-Z0-9_]{2,})\s*=\s*(?:"([^"]*)"|'([^']*)'|([^\s,;}{]+))/g;
+export function redactEnvLikeValues(text) {
+    if (typeof text !== 'string')
+        return text;
+    return text.replace(ENV_ASSIGN, (_m, key) => `${key}=${REDACTED_VALUE}`);
+}
+// ── Stack trace redaction ──────────────────────────────────────────────────
+const STACK_FRAME_LINE = /^\s*at\s+.*$/gm;
+/**
+ * Reduce a stack trace to the error name and the first N frames (paths redacted).
+ * Empty input returns `<no-stack>`.
+ */
+export function redactStackTrace(text, maxFrames = MAX_STACK_FRAMES_DEFAULT) {
+    if (typeof text !== 'string' || text.length === 0)
+        return NO_STACK;
+    const firstLine = text.split('\n', 1)[0]?.trim() ?? '';
+    const frames = text.match(STACK_FRAME_LINE) ?? [];
+    const kept = frames
+        .slice(0, Math.max(0, maxFrames))
+        .map((f) => f.replace(WINDOWS_PATH, REDACTED_PATH).replace(POSIX_PATH, REDACTED_PATH))
+        .join('\n');
+    if (!kept)
+        return firstLine || NO_STACK;
+    return kept.includes(firstLine) ? kept : `${firstLine}\n${kept}`;
+}
+// ── Structured field redaction ──────────────────────────────────────────────
+/**
+ * Segment-exact sensitive key names (split on `_-`).
+ * ERR-003 fix: do not match substrings like "author" → "auth".
+ */
+const SENSITIVE_KEY_SEGMENTS = new Set([
+    'password',
+    'passwd',
+    'secret',
+    'token',
+    'api',
+    'apikey',
+    'authorization',
+    'auth',
+    'credential',
+    'credentials',
+    'private',
+    'key',
+]);
+function segmentsOfKey(key) {
+    return key
+        .toLowerCase()
+        .split(/[_\-.]/g)
+        .filter((s) => s.length > 0);
+}
+function isSensitiveKey(key) {
+    const segs = segmentsOfKey(key);
+    if (segs.length === 0)
+        return false;
+    // A key is sensitive if ANY of its segments matches a sensitive segment.
+    // This catches composite names like "github_token" or "db_password".
+    for (const seg of segs) {
+        if (SENSITIVE_KEY_SEGMENTS.has(seg))
+            return true;
+    }
+    return false;
+}
+const REDACT_MAX_DEPTH = 6;
+const REDACT_MAX_KEYS = 100;
+const REDACT_MAX_STRING = 2000;
+// Internal helpers (defined above the public entry point to satisfy
+// `no-use-before-define` while still being hoisted via `function` declarations).
+function redactInner(value, ctx) {
+    if (value === null)
+        return { ok: true, value: null, notes: [] };
+    if (value === undefined)
+        return { ok: true, value: undefined, notes: [] };
+    const t = typeof value;
+    if (t === 'string') {
+        let s = value;
+        const original = s;
+        // Run string through path/token/env redactors before truncation so
+        // secrets embedded in values (e.g. buildId, cwd) are cleaned regardless of key name.
+        s = redactAbsolutePaths(s);
+        s = redactTokenLikeValues(s);
+        s = redactEnvLikeValues(s);
+        if (s !== original) {
+            ctx.notes.push('string value redacted (path/token/env)');
+        }
+        if (s.length > REDACT_MAX_STRING) {
+            s = s.slice(0, REDACT_MAX_STRING) + '…';
+            ctx.notes.push(`string truncated to ${REDACT_MAX_STRING} chars`);
+        }
+        return { ok: true, value: s, notes: ctx.notes };
+    }
+    if (t === 'bigint') {
+        // BigInt-safe preview: encode as a string marker so JSON.stringify callers don't throw
+        return { ok: true, value: `<bigint:${value.toString()}>`, notes: [] };
+    }
+    if (t !== 'object') {
+        return { ok: true, value, notes: [] };
+    }
+    if (ctx.depth >= REDACT_MAX_DEPTH) {
+        return { ok: true, value: '<deep>', notes: [] };
+    }
+    const obj = value;
+    if (ctx.seen.has(obj)) {
+        ctx.notes.push('circular reference detected');
+        return { ok: true, value: '<circular>', notes: [] };
+    }
+    ctx.seen.add(obj);
+    try {
+        if (Array.isArray(value)) {
+            const arr = [];
+            for (let i = 0; i < value.length; i++) {
+                const r = redactInner(value[i], { seen: ctx.seen, depth: ctx.depth + 1, notes: ctx.notes });
+                if (!r.ok)
+                    return r;
+                arr.push(r.value);
+            }
+            return { ok: true, value: arr, notes: [] };
+        }
+        const record = value;
+        const out = {};
+        const keys = Object.keys(record).slice(0, REDACT_MAX_KEYS);
+        for (const k of keys) {
+            if (isSensitiveKey(k)) {
+                out[k] = REDACTED_VALUE;
+                ctx.notes.push(`field "${k}" redacted`);
+                continue;
+            }
+            const v = record[k];
+            if (v !== null && typeof v === 'object' && ctx.seen.has(v)) {
+                ctx.notes.push(`circular reference detected at "${k}"`);
+                out[k] = '<circular>';
+                continue;
+            }
+            const r = redactInner(v, { seen: ctx.seen, depth: ctx.depth + 1, notes: ctx.notes });
+            if (!r.ok)
+                return r;
+            out[k] = r.value;
+        }
+        return { ok: true, value: out, notes: [] };
+    }
+    finally {
+        ctx.seen.delete(obj);
+    }
+}
+function redactArray(arr) {
+    const notes = [];
+    const out = [];
+    const ctx = { seen: new WeakSet(), depth: 0, notes };
+    ctx.seen.add(arr);
+    for (let i = 0; i < arr.length; i++) {
+        const item = arr[i];
+        if (item !== null && typeof item === 'object' && ctx.seen.has(item)) {
+            notes.push('circular reference detected in array');
+            out.push('<circular>');
+            continue;
+        }
+        const r = redactInner(item, ctx);
+        if (!r.ok)
+            return r;
+        out.push(r.value);
+    }
+    return { ok: true, value: out, notes };
+}
+function redactObject(obj) {
+    const rec = obj;
+    const notes = [];
+    const ctx = { seen: new WeakSet(), depth: 0, notes };
+    ctx.seen.add(obj);
+    const out = {};
+    const keys = Object.keys(rec).slice(0, REDACT_MAX_KEYS);
+    for (const k of keys) {
+        if (isSensitiveKey(k)) {
+            out[k] = REDACTED_VALUE;
+            notes.push(`field "${k}" redacted`);
+            continue;
+        }
+        const v = rec[k];
+        if (v !== null && typeof v === 'object' && ctx.seen.has(v)) {
+            notes.push(`circular reference detected at "${k}"`);
+            out[k] = '<circular>';
+            continue;
+        }
+        const r = redactInner(v, ctx);
+        if (!r.ok)
+            return r;
+        out[k] = r.value;
+    }
+    return { ok: true, value: out, notes };
+}
+/**
+ * Recursively redact sensitive fields in an unknown value.
+ * Never throws. Returns a structured result with notes describing what was redacted.
+ *
+ * ERR-002: returns `{ok:false,error,nextAction}` for non-object top-level input
+ * because field redaction is a structured-data operation. Primitives carry no
+ * fields; their values should be sanitized via `redactTokenLikeValues` /
+ * `redactEnvLikeValues` / `redactAbsolutePaths` instead.
+ */
+export function redactSensitiveFields(value) {
+    if (value === null) {
+        return {
+            ok: false,
+            error: 'redactSensitiveFields: null is not a redactable object',
+            nextAction: 'pass a JSON object or array; null carries no fields to redact',
+        };
+    }
+    if (value === undefined) {
+        return {
+            ok: false,
+            error: 'redactSensitiveFields: undefined is not a redactable object',
+            nextAction: 'pass a JSON object or array; undefined carries no fields to redact',
+        };
+    }
+    const t = typeof value;
+    if (t !== 'object') {
+        return {
+            ok: false,
+            error: `redactSensitiveFields: top-level value must be an object or array (got ${t})`,
+            nextAction: 'pass a JSON object or array; for primitive values use redactTokenLikeValues / redactEnvLikeValues / redactAbsolutePaths',
+        };
+    }
+    if (Array.isArray(value)) {
+        return redactArray(value);
+    }
+    return redactObject(value);
+}
+//# sourceMappingURL=redact-sensitive.js.map

package/dist/runtime-v2/feedback/redact-sensitive.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redact-sensitive.js","sourceRoot":"","sources":["../../../src/runtime-v2/feedback/redact-sensitive.ts"],"names":[],"mappings":"AAAA,sBAAsB;AACtB,sEAAsE;AACtE,kDAAkD;AAClD,sGAAsG;AACtG,uHAAuH;AACvH,+BAA+B;AAE/B,MAAM,CAAC,MAAM,aAAa,GAAG,iBAAiB,CAAC;AAC/C,MAAM,CAAC,MAAM,cAAc,GAAG,YAAY,CAAC;AAC3C,MAAM,CAAC,MAAM,QAAQ,GAAG,YAAY,CAAC;AAErC,MAAM,wBAAwB,GAAG,CAAC,CAAC;AAEnC,+EAA+E;AAE/E,oDAAoD;AACpD,MAAM,YAAY,GAAG,+DAA+D,CAAC;AACrF,8CAA8C;AAC9C,MAAM,UAAU,GAAG,qGAAqG,CAAC;AAEzH;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAY;IAC9C,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC1C,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;AACtF,CAAC;AAED,+EAA+E;AAE/E,uDAAuD;AACvD,MAAM,YAAY,GAAG,qCAAqC,CAAC;AAC3D,8CAA8C;AAC9C,MAAM,YAAY,GAAG,iCAAiC,CAAC;AACvD,8DAA8D;AAC9D,MAAM,UAAU,GAAG,2FAA2F,CAAC;AAC/G,iBAAiB;AACjB,MAAM,MAAM,GAAG,sCAAsC,CAAC;AAEtD;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAAY;IAChD,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC1C,OAAO,IAAI;SACR,OAAO,CAAC,YAAY,EAAE,cAAc,CAAC;SACrC,OAAO,CAAC,YAAY,EAAE,cAAc,CAAC;SACrC,OAAO,CAAC,MAAM,EAAE,cAAc,CAAC;SAC/B,OAAO,CAAC,UAAU,EAAE,CAAC,EAAE,EAAE,GAAW,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,cAAc,EAAE,CAAC,CAAC;AAC1E,CAAC;AAED,+EAA+E;AAE/E,gDAAgD;AAChD,MAAM,UAAU,GAAG,qEAAqE,CAAC;AAEzF,MAAM,UAAU,mBAAmB,CAAC,IAAY;IAC9C,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC1C,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,EAAE,EAAE,GAAW,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,cAAc,EAAE,CAAC,CAAC;AACnF,CAAC;AAED,8EAA8E;AAE9E,MAAM,gBAAgB,GAAG,gBAAgB,CAAC;AAE1C;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY,EAAE,YAAoB,wBAAwB;IACzF,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,QAAQ,CAAC;IACnE,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACvD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;IAClD,MAAM,IAAI,GAAG,MAAM;SAChB,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;SAChC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;SACrF,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,IAAI,QAAQ,CAAC;IACxC,OAAO,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,SAAS,KAAK,IAAI,EAAE,CAAC;AACnE,CAAC;AAED,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAS;IAC7C,UAAU;IACV,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,KAAK;IACL,QAAQ;IACR,eAAe;IACf,MAAM;IACN,YAAY;IACZ,aAAa;IACb,SAAS;IACT,KAAK;CACN,CAAC,CAAC;AAEH,SAAS,aAAa,CAAC,GAAW;IAChC,OAAO,GAAG;SACP,WAAW,EAAE;SACb,KAAK,CAAC,SAAS,CAAC;SAChB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,cAAc,CAAC,GAAW;IACjC,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IAChC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACpC,yEAAyE;IACzE,qEAAqE;IACrE,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,sBAAsB,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;IACnD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAMD,MAAM,gBAAgB,GAAG,CAAC,CAAC;AAC3B,MAAM,eAAe,GAAG,GAAG,CAAC;AAC5B,MAAM,iBAAiB,GAAG,IAAI,CAAC;AAI/B,oEAAoE;AACpE,iFAAiF;AAEjF,SAAS,WAAW,CAAC,KAAc,EAAE,GAAkB;IACrD,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IAChE,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IAC1E,MAAM,CAAC,GAAG,OAAO,KAAK,CAAC;IACvB,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;QACnB,IAAI,CAAC,GAAG,KAAe,CAAC;QACxB,MAAM,QAAQ,GAAG,CAAC,CAAC;QACnB,mEAAmE;QACnE,qFAAqF;QACrF,CAAC,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC,GAAG,qBAAqB,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC;QAC3B,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;YACnB,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,CAAC,CAAC,MAAM,GAAG,iBAAiB,EAAE,CAAC;YACjC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,iBAAiB,CAAC,GAAG,GAAG,CAAC;YACxC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,uBAAuB,iBAAiB,QAAQ,CAAC,CAAC;QACnE,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC;IAClD,CAAC;IACD,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;QACnB,uFAAuF;QACvF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,WAAY,KAAgB,CAAC,QAAQ,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IACpF,CAAC;IACD,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;QACnB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IACxC,CAAC;IACD,IAAI,GAAG,CAAC,KAAK,IAAI,gBAAgB,EAAE,CAAC;QAClC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IAClD,CAAC;IACD,MAAM,GAAG,GAAG,KAAe,CAAC;IAC5B,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAC9C,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IACtD,CAAC;IACD,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAClB,IAAI,CAAC;QACH,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,GAAG,GAAc,EAAE,CAAC;YAC1B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,GAAG,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;gBAC5F,IAAI,CAAC,CAAC,CAAC,EAAE;oBAAE,OAAO,CAAC,CAAC;gBACpB,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;YACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QAC7C,CAAC;QACD,MAAM,MAAM,GAAG,KAAgC,CAAC;QAChD,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC;QAC3D,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;YACrB,IAAI,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtB,GAAG,CAAC,CAAC,CAAC,GAAG,cAAc,CAAC;gBACxB,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;gBACxC,SAAS;YACX,CAAC;YACD,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACpB,IAAI,CAAC,KAAK,IAAI,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3D,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,mCAAmC,CAAC,GAAG,CAAC,CAAC;gBACxD,GAAG,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC;gBACtB,SAAS;YACX,CAAC;YACD,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,GAAG,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;YACrF,IAAI,CAAC,CAAC,CAAC,EAAE;gBAAE,OAAO,CAAC,CAAC;YACpB,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;QACnB,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IAC7C,CAAC;YAAS,CAAC;QACT,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,GAAc;IACjC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAc,EAAE,CAAC;IAC1B,MAAM,GAAG,GAAkB,EAAE,IAAI,EAAE,IAAI,OAAO,EAAU,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC;IAC5E,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAClB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,IAAI,KAAK,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACpE,KAAK,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACnD,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACvB,SAAS;QACX,CAAC;QACD,MAAM,CAAC,GAAG,WAAW,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACjC,IAAI,CAAC,CAAC,CAAC,EAAE;YAAE,OAAO,CAAC,CAAC;QACpB,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IACpB,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;AACzC,CAAC;AAED,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,GAAG,GAAG,GAA8B,CAAC;IAC3C,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAkB,EAAE,IAAI,EAAE,IAAI,OAAO,EAAU,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC;IAC5E,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAClB,MAAM,GAAG,GAA4B,EAAE,CAAC;IACxC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC;IACxD,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,IAAI,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;YACtB,GAAG,CAAC,CAAC,CAAC,GAAG,cAAc,CAAC;YACxB,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;YACpC,SAAS;QACX,CAAC;QACD,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACjB,IAAI,CAAC,KAAK,IAAI,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3D,KAAK,CAAC,IAAI,CAAC,mCAAmC,CAAC,GAAG,CAAC,CAAC;YACpD,GAAG,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC;YACtB,SAAS;QACX,CAAC;QACD,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAC9B,IAAI,CAAC,CAAC,CAAC,EAAE;YAAE,OAAO,CAAC,CAAC;QACpB,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;IACnB,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;AACzC,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAAc;IAClD,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,wDAAwD;YAC/D,UAAU,EAAE,+DAA+D;SAC5E,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,6DAA6D;YACpE,UAAU,EAAE,oEAAoE;SACjF,CAAC;IACJ,CAAC;IACD,MAAM,CAAC,GAAG,OAAO,KAAK,CAAC;IACvB,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;QACnB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,0EAA0E,CAAC,GAAG;YACrF,UAAU,EAAE,yHAAyH;SACtI,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,WAAW,CAAC,KAAK,CAAC,CAAC;IAC5B,CAAC;IACD,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC;AAC7B,CAAC"}

package/dist/runtime-v2/feedback/render-github-url.d.ts

@@ -0,0 +1,21 @@
+import type { FeedbackType } from './feedback-types.js';
+export declare const MAX_URL_BODY_LENGTH = 500;
+export declare const GITHUB_REPO = "csuzngjh/principles";
+export type GithubUrlResult = {
+    ok: true;
+    url: string;
+} | {
+    ok: false;
+    error: string;
+    nextAction: string;
+};
+/**
+ * Build a `https://github.com/<repo>/issues/new?...` URL containing a redacted
+ * title and a short summary as the body. Body is bounded to MAX_URL_BODY_LENGTH.
+ *
+ * ERR-014/016: body is truncated to MAX_URL_BODY_LENGTH before encoding so the
+ * decoded body never exceeds the bound. Newlines inside the body are encoded
+ * as %0A by `encodeURIComponent`, preserving the markdown structure.
+ */
+export declare function buildGitHubIssueDraftUrl(title: string, type: FeedbackType | unknown, shortSummary: string): GithubUrlResult;
+//# sourceMappingURL=render-github-url.d.ts.map

package/dist/runtime-v2/feedback/render-github-url.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"render-github-url.d.ts","sourceRoot":"","sources":["../../../src/runtime-v2/feedback/render-github-url.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAIxD,eAAO,MAAM,mBAAmB,MAAM,CAAC;AACvC,eAAO,MAAM,WAAW,wBAAwB,CAAC;AAEjD,MAAM,MAAM,eAAe,GACvB;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GACzB;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC;AAOrD;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CACtC,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,YAAY,GAAG,OAAO,EAC5B,YAAY,EAAE,MAAM,GACnB,eAAe,CAsCjB"}

package/dist/runtime-v2/feedback/render-github-url.js

@@ -0,0 +1,57 @@
+// render-github-url.ts
+// Builds a bounded GitHub issue draft URL.
+// ERR-001/005: no `as FeedbackType` cast; use isFeedbackType validator.
+// ERR-014/016: correct '\n' newlines, bounded body.
+import { isFeedbackType } from './feedback-types.js';
+import { redactAbsolutePaths, redactTokenLikeValues, redactEnvLikeValues } from './redact-sensitive.js';
+export const MAX_URL_BODY_LENGTH = 500;
+export const GITHUB_REPO = 'csuzngjh/principles';
+function truncateToMax(s, max) {
+    if (s.length <= max)
+        return s;
+    return s.slice(0, max);
+}
+/**
+ * Build a `https://github.com/<repo>/issues/new?...` URL containing a redacted
+ * title and a short summary as the body. Body is bounded to MAX_URL_BODY_LENGTH.
+ *
+ * ERR-014/016: body is truncated to MAX_URL_BODY_LENGTH before encoding so the
+ * decoded body never exceeds the bound. Newlines inside the body are encoded
+ * as %0A by `encodeURIComponent`, preserving the markdown structure.
+ */
+export function buildGitHubIssueDraftUrl(title, type, shortSummary) {
+    if (!isFeedbackType(type)) {
+        return {
+            ok: false,
+            error: `invalid feedback type: ${String(type)}`,
+            nextAction: 'provide a valid FeedbackType (bug, confusing, privacy_concern, feature_request, other)',
+        };
+    }
+    if (typeof title !== 'string') {
+        return {
+            ok: false,
+            error: 'title must be a string',
+            nextAction: 'provide a string value for title',
+        };
+    }
+    // ERR-009/010: fail loud when shortSummary is not a string
+    if (typeof shortSummary !== 'string') {
+        return {
+            ok: false,
+            error: 'shortSummary must be a string',
+            nextAction: 'provide a string value for shortSummary',
+        };
+    }
+    const safeTitle = redactEnvLikeValues(redactAbsolutePaths(redactTokenLikeValues(title))).slice(0, 200);
+    const issueTitle = `[${type}] ${safeTitle}`.trim();
+    // The body must stay short and free of secrets — only the shortSummary
+    // reaches the URL. We truncate to MAX_URL_BODY_LENGTH *before* URL-encoding
+    // so the decoded body never exceeds the bound.
+    const bodySource = redactEnvLikeValues(redactAbsolutePaths(redactTokenLikeValues(shortSummary)));
+    const body = truncateToMax(bodySource, MAX_URL_BODY_LENGTH);
+    const encodedTitle = encodeURIComponent(issueTitle);
+    const encodedBody = encodeURIComponent(body);
+    const url = `https://github.com/${GITHUB_REPO}/issues/new?title=${encodedTitle}&body=${encodedBody}`;
+    return { ok: true, url };
+}
+//# sourceMappingURL=render-github-url.js.map

package/dist/runtime-v2/feedback/render-github-url.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"render-github-url.js","sourceRoot":"","sources":["../../../src/runtime-v2/feedback/render-github-url.ts"],"names":[],"mappings":"AAAA,uBAAuB;AACvB,2CAA2C;AAC3C,wEAAwE;AACxE,oDAAoD;AAGpD,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAExG,MAAM,CAAC,MAAM,mBAAmB,GAAG,GAAG,CAAC;AACvC,MAAM,CAAC,MAAM,WAAW,GAAG,qBAAqB,CAAC;AAMjD,SAAS,aAAa,CAAC,CAAS,EAAE,GAAW;IAC3C,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG;QAAE,OAAO,CAAC,CAAC;IAC9B,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACzB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,wBAAwB,CACtC,KAAa,EACb,IAA4B,EAC5B,YAAoB;IAEpB,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1B,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,0BAA0B,MAAM,CAAC,IAAI,CAAC,EAAE;YAC/C,UAAU,EAAE,wFAAwF;SACrG,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,wBAAwB;YAC/B,UAAU,EAAE,kCAAkC;SAC/C,CAAC;IACJ,CAAC;IAED,2DAA2D;IAC3D,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;QACrC,OAAO;YACL,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,+BAA+B;YACtC,UAAU,EAAE,yCAAyC;SACtD,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,mBAAmB,CAAC,mBAAmB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACvG,MAAM,UAAU,GAAG,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC,IAAI,EAAE,CAAC;IAEnD,uEAAuE;IACvE,4EAA4E;IAC5E,+CAA+C;IAC/C,MAAM,UAAU,GAAG,mBAAmB,CAAC,mBAAmB,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACjG,MAAM,IAAI,GAAG,aAAa,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;IAE5D,MAAM,YAAY,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;IACpD,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,GAAG,GAAG,sBAAsB,WAAW,qBAAqB,YAAY,SAAS,WAAW,EAAE,CAAC;IACrG,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;AAC3B,CAAC"}

package/dist/runtime-v2/feedback/render-markdown.d.ts

@@ -0,0 +1,12 @@
+import type { FeedbackReport } from './feedback-types.js';
+export declare const MAX_MARKDOWN_LENGTH = 10240;
+/**
+ * Render a FeedbackReport to a Markdown string.
+ * Uses real `\n` newlines (not the broken `'\\n'` literal).
+ * Output is bounded to MAX_MARKDOWN_LENGTH characters.
+ *
+ * Mutates `report.privacy.redactionNotes` to record field-level truncation
+ * events (ERR-014). The renderer never throws.
+ */
+export declare function renderReportMarkdown(report: FeedbackReport): string;
+//# sourceMappingURL=render-markdown.d.ts.map