@principles/core 1.87.0 → 1.89.0

package/dist/runtime-v2/config/pd-config-redaction.js

@@ -0,0 +1,179 @@
+/**
+ * PD Config Redaction — PRI-304
+ *
+ * Produces safe summaries for CLI/Console display.
+ * Never includes token/API key values or raw OpenClaw provider objects.
+ * Uses safe serialization for previews (ERR-014, ERR-016, ERR-017).
+ * Redaction uses ANY-segment logic for sensitive keys (ERR-045).
+ * String values run through full redaction pipeline before truncation (ERR-046).
+ */
+import { DANGEROUS_KEYS, } from './pd-config-types.js';
+// ── Sensitive Key Detection ─────────────────────────────────────────────────
+const SENSITIVE_KEY_SEGMENTS = new Set([
+    'key', 'token', 'secret', 'password', 'auth', 'credential', 'apikey', 'api_key',
+    'accesstoken', 'access_token', 'refreshtoken', 'refresh_token',
+    'private', 'certificate', 'signature',
+]);
+function isSensitiveKey(key) {
+    const segments = key.toLowerCase().split(/[_\-.]/);
+    if (segments.length === 0)
+        return false;
+    // ANY-segment match (ERR-045): flag if any segment is sensitive
+    return segments.some(seg => SENSITIVE_KEY_SEGMENTS.has(seg));
+}
+// ── Safe String Redaction ───────────────────────────────────────────────────
+const TOKEN_PATTERN = /\bsk-(?:ant-)?[A-Za-z0-9_-]{8,}\b/g;
+const BEARER_PATTERN = /\bBearer\s+[A-Za-z0-9._\-+/=]{8,}\b/g;
+const KEY_ASSIGN_PATTERN = /\b(api[_-]?key|token|secret|password)\s*[:=]\s*['"]?([^\s'",}{]{4,})['"]?/gi;
+function redactString(value) {
+    return value
+        .replace(TOKEN_PATTERN, '[REDACTED]')
+        .replace(BEARER_PATTERN, '[REDACTED]')
+        .replace(KEY_ASSIGN_PATTERN, (_m, key) => `${key}=[REDACTED]`);
+}
+function safeTruncate(value, maxLen) {
+    if (value.length <= maxLen)
+        return value;
+    return value.slice(0, maxLen) + '…';
+}
+// ── Profile Label ───────────────────────────────────────────────────────────
+function buildProfileLabel(id, profile) {
+    if (profile.type === 'openclaw') {
+        const oc = profile;
+        const parts = ['openclaw'];
+        if (oc.provider)
+            parts.push(oc.provider);
+        if (oc.model)
+            parts.push(oc.model);
+        if (oc.source && !oc.provider && !oc.model)
+            parts.push(oc.source);
+        return parts.join(': ');
+    }
+    // pi-ai
+    const pd = profile;
+    return `pi-ai: ${pd.provider}/${pd.model}`;
+}
+// ── Profile Readiness ───────────────────────────────────────────────────────
+function assessProfileReadiness(profile) {
+    if (profile.type === 'openclaw') {
+        const oc = profile;
+        // OpenClaw profile with source=default is always "ready" (delegated to OpenClaw)
+        if (oc.source === 'default')
+            return 'ready';
+        // OpenClaw profile with provider+model may be ready
+        if (oc.provider && oc.model)
+            return 'ready';
+        return 'needs_setup';
+    }
+    // pi-ai: needs apiKeyEnv set
+    const pd = profile;
+    if (!pd.provider || !pd.model || !pd.apiKeyEnv)
+        return 'needs_setup';
+    return 'not_ready'; // has config but runtime availability unknown
+}
+// ── Agent Readiness ─────────────────────────────────────────────────────────
+function assessAgentReadiness(enabled, profileId, profiles) {
+    if (!enabled)
+        return 'disabled';
+    if (!Object.hasOwn(profiles, profileId))
+        return 'needs_setup';
+    const profile = profiles[profileId];
+    if (!profile)
+        return 'needs_setup';
+    const profileReadiness = assessProfileReadiness(profile);
+    return profileReadiness;
+}
+// ── Redact Config ───────────────────────────────────────────────────────────
+/**
+ * Produce a redacted summary of the effective PD config.
+ * Safe for CLI output, Console display, and diagnostics copy.
+ * Never includes token/API key values or raw provider objects.
+ */
+export function redactPdConfig(effective) {
+    const { config, source, warnings } = effective;
+    // Features
+    const features = [];
+    for (const [id, entry] of Object.entries(config.features)) {
+        if (DANGEROUS_KEYS.has(id))
+            continue;
+        features.push({
+            id,
+            category: entry.category,
+            enabled: entry.enabled,
+        });
+    }
+    // Runtime profiles — redacted
+    const runtimeProfiles = [];
+    for (const [id, profile] of Object.entries(config.runtimeProfiles)) {
+        if (DANGEROUS_KEYS.has(id))
+            continue;
+        const summary = {
+            id,
+            type: profile.type,
+            label: buildProfileLabel(id, profile),
+            readiness: assessProfileReadiness(profile),
+        };
+        // For pi-ai profiles: show apiKeyEnv name, never the value
+        if (profile.type === 'pi-ai') {
+            const pd = profile;
+            summary.apiKeyEnv = pd.apiKeyEnv;
+        }
+        runtimeProfiles.push(summary);
+    }
+    // Agents — redacted
+    const agents = [];
+    for (const name of Object.keys(config.internalAgents.agents)) {
+        const binding = config.internalAgents.agents[name];
+        const profileId = binding.runtimeProfile ?? config.internalAgents.defaultRuntime;
+        const profile = config.runtimeProfiles[profileId];
+        agents.push({
+            name,
+            enabled: binding.enabled,
+            runtimeProfileId: profileId,
+            runtimeProfileLabel: profile ? buildProfileLabel(profileId, profile) : `unknown:${profileId}`,
+            readiness: assessAgentReadiness(binding.enabled, profileId, config.runtimeProfiles),
+        });
+    }
+    return {
+        version: config.version,
+        source,
+        features,
+        runtimeProfiles,
+        defaultRuntime: config.internalAgents.defaultRuntime,
+        agents,
+        ui: config.ui,
+        warnings,
+    };
+}
+/**
+ * Redact an arbitrary value for safe display.
+ * Runs through sensitive key detection and string redaction.
+ */
+export function redactConfigValue(value, key) {
+    // If the key itself is sensitive, redact the entire value
+    if (key !== undefined && isSensitiveKey(key)) {
+        return '[REDACTED]';
+    }
+    if (value === null || value === undefined)
+        return value;
+    if (typeof value === 'string') {
+        return safeTruncate(redactString(value), 200);
+    }
+    if (typeof value === 'number' || typeof value === 'boolean')
+        return value;
+    if (Array.isArray(value)) {
+        return value.slice(0, 20).map((v) => redactConfigValue(v, undefined));
+    }
+    if (typeof value === 'object' && value !== null && !Array.isArray(value)) {
+        const result = {};
+        const entries = Object.entries(value).slice(0, 30);
+        for (const [k, v] of entries) {
+            if (DANGEROUS_KEYS.has(k))
+                continue;
+            result[k] = redactConfigValue(v, k);
+        }
+        return result;
+    }
+    return '[REDACTED]';
+}
+//# sourceMappingURL=pd-config-redaction.js.map

package/dist/runtime-v2/config/pd-config-redaction.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pd-config-redaction.js","sourceRoot":"","sources":["../../../src/runtime-v2/config/pd-config-redaction.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAQL,cAAc,GACf,MAAM,sBAAsB,CAAC;AAE9B,+EAA+E;AAE/E,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC;IACrC,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS;IAC/E,aAAa,EAAE,cAAc,EAAE,cAAc,EAAE,eAAe;IAC9D,SAAS,EAAE,aAAa,EAAE,WAAW;CACtC,CAAC,CAAC;AAEH,SAAS,cAAc,CAAC,GAAW;IACjC,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACnD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,gEAAgE;IAChE,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,sBAAsB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,+EAA+E;AAE/E,MAAM,aAAa,GAAG,oCAAoC,CAAC;AAC3D,MAAM,cAAc,GAAG,sCAAsC,CAAC;AAC9D,MAAM,kBAAkB,GAAG,6EAA6E,CAAC;AAEzG,SAAS,YAAY,CAAC,KAAa;IACjC,OAAO,KAAK;SACT,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC;SACpC,OAAO,CAAC,cAAc,EAAE,YAAY,CAAC;SACrC,OAAO,CAAC,kBAAkB,EAAE,CAAC,EAAE,EAAE,GAAW,EAAE,EAAE,CAAC,GAAG,GAAG,aAAa,CAAC,CAAC;AAC3E,CAAC;AAED,SAAS,YAAY,CAAC,KAAa,EAAE,MAAc;IACjD,IAAI,KAAK,CAAC,MAAM,IAAI,MAAM;QAAE,OAAO,KAAK,CAAC;IACzC,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,GAAG,GAAG,CAAC;AACtC,CAAC;AAED,+EAA+E;AAE/E,SAAS,iBAAiB,CAAC,EAAU,EAAE,OAAuB;IAC5D,IAAI,OAAO,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAChC,MAAM,EAAE,GAAG,OAAO,CAAC;QACnB,MAAM,KAAK,GAAa,CAAC,UAAU,CAAC,CAAC;QACrC,IAAI,EAAE,CAAC,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC;QACzC,IAAI,EAAE,CAAC,KAAK;YAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC;QACnC,IAAI,EAAE,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC,QAAQ,IAAI,CAAC,EAAE,CAAC,KAAK;YAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;QAClE,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IACD,QAAQ;IACR,MAAM,EAAE,GAAG,OAAO,CAAC;IACnB,OAAO,UAAU,EAAE,CAAC,QAAQ,IAAI,EAAE,CAAC,KAAK,EAAE,CAAC;AAC7C,CAAC;AAED,+EAA+E;AAE/E,SAAS,sBAAsB,CAAC,OAAuB;IACrD,IAAI,OAAO,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAChC,MAAM,EAAE,GAAG,OAAO,CAAC;QACnB,iFAAiF;QACjF,IAAI,EAAE,CAAC,MAAM,KAAK,SAAS;YAAE,OAAO,OAAO,CAAC;QAC5C,oDAAoD;QACpD,IAAI,EAAE,CAAC,QAAQ,IAAI,EAAE,CAAC,KAAK;YAAE,OAAO,OAAO,CAAC;QAC5C,OAAO,aAAa,CAAC;IACvB,CAAC;IACD,6BAA6B;IAC7B,MAAM,EAAE,GAAG,OAAO,CAAC;IACnB,IAAI,CAAC,EAAE,CAAC,QAAQ,IAAI,CAAC,EAAE,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC,SAAS;QAAE,OAAO,aAAa,CAAC;IACrE,OAAO,WAAW,CAAC,CAAC,8CAA8C;AACpE,CAAC;AAED,+EAA+E;AAE/E,SAAS,oBAAoB,CAC3B,OAAgB,EAChB,SAAiB,EACjB,QAAwC;IAExC,IAAI,CAAC,OAAO;QAAE,OAAO,UAAU,CAAC;IAChC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC;QAAE,OAAO,aAAa,CAAC;IAC9D,MAAM,OAAO,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;IACpC,IAAI,CAAC,OAAO;QAAE,OAAO,aAAa,CAAC;IACnC,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;IACzD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED,+EAA+E;AAE/E;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAAC,SAA4B;IACzD,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAC;IAE/C,WAAW;IACX,MAAM,QAAQ,GAA6B,EAAE,CAAC;IAC9C,KAAK,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1D,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;YAAE,SAAS;QACrC,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE;YACF,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAC,CAAC;IACL,CAAC;IAED,8BAA8B;IAC9B,MAAM,eAAe,GAAoC,EAAE,CAAC;IAC5D,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QACnE,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;YAAE,SAAS;QAErC,MAAM,OAAO,GAAkC;YAC7C,EAAE;YACF,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,KAAK,EAAE,iBAAiB,CAAC,EAAE,EAAE,OAAO,CAAC;YACrC,SAAS,EAAE,sBAAsB,CAAC,OAAO,CAAC;SAC3C,CAAC;QAEF,2DAA2D;QAC3D,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC7B,MAAM,EAAE,GAAG,OAAO,CAAC;YACnB,OAAO,CAAC,SAAS,GAAG,EAAE,CAAC,SAAS,CAAC;QACnC,CAAC;QAED,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC;IAED,oBAAoB;IACpB,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,CAAwB,EAAE,CAAC;QACpF,MAAM,OAAO,GAAG,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,SAAS,GAAG,OAAO,CAAC,cAAc,IAAI,MAAM,CAAC,cAAc,CAAC,cAAc,CAAC;QACjF,MAAM,OAAO,GAAG,MAAM,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QAElD,MAAM,CAAC,IAAI,CAAC;YACV,IAAI;YACJ,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,gBAAgB,EAAE,SAAS;YAC3B,mBAAmB,EAAE,OAAO,CAAC,CAAC,CAAC,iBAAiB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW,SAAS,EAAE;YAC7F,SAAS,EAAE,oBAAoB,CAAC,OAAO,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,eAAe,CAAC;SACpF,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,MAAM;QACN,QAAQ;QACR,eAAe;QACf,cAAc,EAAE,MAAM,CAAC,cAAc,CAAC,cAAc;QACpD,MAAM;QACN,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,QAAQ;KACT,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAc,EAAE,GAAY;IAC5D,0DAA0D;IAC1D,IAAI,GAAG,KAAK,SAAS,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7C,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IAExD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,YAAY,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IAE1E,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;IACxE,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzE,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACnD,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC;gBAAE,SAAS;YACpC,MAAM,CAAC,CAAC,CAAC,GAAG,iBAAiB,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACtC,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC"}

package/dist/runtime-v2/config/pd-config-types.d.ts

@@ -0,0 +1,124 @@
+/**
+ * PD-Owned Config Contract — PRI-304
+ *
+ * Pure types and constants for `.pd/config.yaml`.
+ * No I/O — YAML loading lives in pd-cli / plugin boundary.
+ *
+ * ADR-0016: PD owns exactly one user config file.
+ * .pd/feature-flags.yaml is retired into this contract.
+ * .state/workflows.yaml is not a compatibility input.
+ * PD does not own provider secrets.
+ */
+export declare const PD_CONFIG_VERSION = 1;
+export type PdConfigVersion = 1;
+export declare const VALID_FEATURE_CATEGORIES: readonly ["core", "quiet", "gone"];
+export type FeatureCategory = (typeof VALID_FEATURE_CATEGORIES)[number];
+export interface FeatureFlagEntry {
+    category: FeatureCategory;
+    enabled: boolean;
+}
+export declare const VALID_PROFILE_TYPES: readonly ["openclaw", "pi-ai"];
+export type RuntimeProfileType = (typeof VALID_PROFILE_TYPES)[number];
+/** OpenClaw profile: references only, no secrets */
+export interface OpenClawRuntimeProfile {
+    type: 'openclaw';
+    /** Optional provider label (e.g. "lmstudio") */
+    provider?: string;
+    /** Optional model label (e.g. "qwen3.6-27b-mtp") */
+    model?: string;
+    /** Optional source identifier (e.g. "default") */
+    source?: string;
+}
+/** PD-local pi-ai profile: non-secret fields + apiKeyEnv name */
+export interface PdLocalRuntimeProfile {
+    type: 'pi-ai';
+    provider: string;
+    model: string;
+    /** Environment variable name containing the API key — never the key value itself */
+    apiKeyEnv: string;
+    /** Optional base URL override */
+    baseUrl?: string;
+    /** Optional timeout in milliseconds */
+    timeoutMs?: number;
+}
+export type RuntimeProfile = OpenClawRuntimeProfile | PdLocalRuntimeProfile;
+export declare const INTERNAL_AGENT_NAMES: readonly ["diagnostician", "dreamer", "philosopher", "scribe", "artificer", "evaluator", "rolloutReviewer", "trainer", "correctionObserver", "empathyObserver"];
+export type InternalAgentName = (typeof INTERNAL_AGENT_NAMES)[number];
+export interface InternalAgentBinding {
+    enabled: boolean;
+    /** Runtime profile ID referencing a profile in runtimeProfiles */
+    runtimeProfile?: string;
+}
+export interface InternalAgentsConfig {
+    /** Default runtime profile for all agents without explicit override */
+    defaultRuntime: string;
+    /** Per-agent overrides */
+    agents: Record<InternalAgentName, InternalAgentBinding>;
+}
+export declare const VALID_DIAGNOSTICS_MODES: readonly ["simple", "advanced"];
+export type DiagnosticsMode = (typeof VALID_DIAGNOSTICS_MODES)[number];
+export interface UiConfig {
+    diagnostics: {
+        mode: DiagnosticsMode;
+    };
+}
+export interface PdConfig {
+    version: PdConfigVersion;
+    features: Record<string, FeatureFlagEntry>;
+    runtimeProfiles: Record<string, RuntimeProfile>;
+    internalAgents: InternalAgentsConfig;
+    ui: UiConfig;
+}
+export interface PdConfigValidationError {
+    path: string;
+    reason: string;
+    nextAction: string;
+}
+export interface PdConfigValidationResultOk {
+    ok: true;
+    value: PdConfig;
+}
+export interface PdConfigValidationResultErr {
+    ok: false;
+    errors: PdConfigValidationError[];
+}
+export type PdConfigValidationResult = PdConfigValidationResultOk | PdConfigValidationResultErr;
+export interface EffectivePdConfig {
+    config: PdConfig;
+    source: 'defaults' | 'user_config';
+    warnings: string[];
+}
+export interface RedactedRuntimeProfileSummary {
+    id: string;
+    type: RuntimeProfileType;
+    /** Safe label for display (e.g. "openclaw: lmstudio/qwen3.6-27b-mtp") */
+    label: string;
+    /** For pi-ai profiles: the env var name, never the value */
+    apiKeyEnv?: string;
+    /** Whether the profile appears ready (has required fields) */
+    readiness: 'ready' | 'not_ready' | 'needs_setup' | 'disabled' | 'unknown';
+}
+export interface RedactedAgentSummary {
+    name: InternalAgentName;
+    enabled: boolean;
+    runtimeProfileId: string;
+    runtimeProfileLabel: string;
+    readiness: 'ready' | 'not_ready' | 'needs_setup' | 'disabled' | 'unknown';
+}
+export interface RedactedFeatureSummary {
+    id: string;
+    category: FeatureCategory;
+    enabled: boolean;
+}
+export interface RedactedPdConfigSummary {
+    version: PdConfigVersion;
+    source: 'defaults' | 'user_config';
+    features: RedactedFeatureSummary[];
+    runtimeProfiles: RedactedRuntimeProfileSummary[];
+    defaultRuntime: string;
+    agents: RedactedAgentSummary[];
+    ui: UiConfig;
+    warnings: string[];
+}
+export declare const DANGEROUS_KEYS: Set<string>;
+//# sourceMappingURL=pd-config-types.d.ts.map

package/dist/runtime-v2/config/pd-config-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pd-config-types.d.ts","sourceRoot":"","sources":["../../../src/runtime-v2/config/pd-config-types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,eAAO,MAAM,iBAAiB,IAAI,CAAC;AACnC,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC;AAIhC,eAAO,MAAM,wBAAwB,oCAAqC,CAAC;AAC3E,MAAM,MAAM,eAAe,GAAG,CAAC,OAAO,wBAAwB,CAAC,CAAC,MAAM,CAAC,CAAC;AAIxE,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,eAAe,CAAC;IAC1B,OAAO,EAAE,OAAO,CAAC;CAClB;AAID,eAAO,MAAM,mBAAmB,gCAAiC,CAAC;AAClE,MAAM,MAAM,kBAAkB,GAAG,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,CAAC,CAAC;AAEtE,oDAAoD;AACpD,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,UAAU,CAAC;IACjB,gDAAgD;IAChD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,oDAAoD;IACpD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kDAAkD;IAClD,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,iEAAiE;AACjE,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,OAAO,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,oFAAoF;IACpF,SAAS,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,uCAAuC;IACvC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,cAAc,GAAG,sBAAsB,GAAG,qBAAqB,CAAC;AAI5E,eAAO,MAAM,oBAAoB,iKAWvB,CAAC;AAEX,MAAM,MAAM,iBAAiB,GAAG,CAAC,OAAO,oBAAoB,CAAC,CAAC,MAAM,CAAC,CAAC;AAItE,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,kEAAkE;IAClE,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAID,MAAM,WAAW,oBAAoB;IACnC,uEAAuE;IACvE,cAAc,EAAE,MAAM,CAAC;IACvB,0BAA0B;IAC1B,MAAM,EAAE,MAAM,CAAC,iBAAiB,EAAE,oBAAoB,CAAC,CAAC;CACzD;AAID,eAAO,MAAM,uBAAuB,iCAAkC,CAAC;AACvE,MAAM,MAAM,eAAe,GAAG,CAAC,OAAO,uBAAuB,CAAC,CAAC,MAAM,CAAC,CAAC;AAEvE,MAAM,WAAW,QAAQ;IACvB,WAAW,EAAE;QACX,IAAI,EAAE,eAAe,CAAC;KACvB,CAAC;CACH;AAID,MAAM,WAAW,QAAQ;IACvB,OAAO,EAAE,eAAe,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAC3C,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAChD,cAAc,EAAE,oBAAoB,CAAC;IACrC,EAAE,EAAE,QAAQ,CAAC;CACd;AAID,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,0BAA0B;IACzC,EAAE,EAAE,IAAI,CAAC;IACT,KAAK,EAAE,QAAQ,CAAC;CACjB;AAED,MAAM,WAAW,2BAA2B;IAC1C,EAAE,EAAE,KAAK,CAAC;IACV,MAAM,EAAE,uBAAuB,EAAE,CAAC;CACnC;AAED,MAAM,MAAM,wBAAwB,GAChC,0BAA0B,GAC1B,2BAA2B,CAAC;AAIhC,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,QAAQ,CAAC;IACjB,MAAM,EAAE,UAAU,GAAG,aAAa,CAAC;IACnC,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAID,MAAM,WAAW,6BAA6B;IAC5C,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,kBAAkB,CAAC;IACzB,yEAAyE;IACzE,KAAK,EAAE,MAAM,CAAC;IACd,4DAA4D;IAC5D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,8DAA8D;IAC9D,SAAS,EAAE,OAAO,GAAG,WAAW,GAAG,aAAa,GAAG,UAAU,GAAG,SAAS,CAAC;CAC3E;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,iBAAiB,CAAC;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,gBAAgB,EAAE,MAAM,CAAC;IACzB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,SAAS,EAAE,OAAO,GAAG,WAAW,GAAG,aAAa,GAAG,UAAU,GAAG,SAAS,CAAC;CAC3E;AAED,MAAM,WAAW,sBAAsB;IACrC,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,eAAe,CAAC;IAC1B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,eAAe,CAAC;IACzB,MAAM,EAAE,UAAU,GAAG,aAAa,CAAC;IACnC,QAAQ,EAAE,sBAAsB,EAAE,CAAC;IACnC,eAAe,EAAE,6BAA6B,EAAE,CAAC;IACjD,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,oBAAoB,EAAE,CAAC;IAC/B,EAAE,EAAE,QAAQ,CAAC;IACb,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAID,eAAO,MAAM,cAAc,aAAqD,CAAC"}

package/dist/runtime-v2/config/pd-config-types.js

@@ -0,0 +1,35 @@
+/**
+ * PD-Owned Config Contract — PRI-304
+ *
+ * Pure types and constants for `.pd/config.yaml`.
+ * No I/O — YAML loading lives in pd-cli / plugin boundary.
+ *
+ * ADR-0016: PD owns exactly one user config file.
+ * .pd/feature-flags.yaml is retired into this contract.
+ * .state/workflows.yaml is not a compatibility input.
+ * PD does not own provider secrets.
+ */
+// ── Config Version ──────────────────────────────────────────────────────────
+export const PD_CONFIG_VERSION = 1;
+// ── Feature Flag Category ───────────────────────────────────────────────────
+export const VALID_FEATURE_CATEGORIES = ['core', 'quiet', 'gone'];
+// ── Runtime Profile Types ───────────────────────────────────────────────────
+export const VALID_PROFILE_TYPES = ['openclaw', 'pi-ai'];
+// ── Internal Agent Names ────────────────────────────────────────────────────
+export const INTERNAL_AGENT_NAMES = [
+    'diagnostician',
+    'dreamer',
+    'philosopher',
+    'scribe',
+    'artificer',
+    'evaluator',
+    'rolloutReviewer',
+    'trainer',
+    'correctionObserver',
+    'empathyObserver',
+];
+// ── UI Config ───────────────────────────────────────────────────────────────
+export const VALID_DIAGNOSTICS_MODES = ['simple', 'advanced'];
+// ── Dangerous Keys ──────────────────────────────────────────────────────────
+export const DANGEROUS_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+//# sourceMappingURL=pd-config-types.js.map

package/dist/runtime-v2/config/pd-config-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pd-config-types.js","sourceRoot":"","sources":["../../../src/runtime-v2/config/pd-config-types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,+EAA+E;AAE/E,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAGnC,+EAA+E;AAE/E,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAU,CAAC;AAU3E,+EAA+E;AAE/E,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,UAAU,EAAE,OAAO,CAAU,CAAC;AA6BlE,+EAA+E;AAE/E,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,eAAe;IACf,SAAS;IACT,aAAa;IACb,QAAQ;IACR,WAAW;IACX,WAAW;IACX,iBAAiB;IACjB,SAAS;IACT,oBAAoB;IACpB,iBAAiB;CACT,CAAC;AAqBX,+EAA+E;AAE/E,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAU,CAAC;AAuFvE,+EAA+E;AAE/E,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC,CAAC"}

package/dist/runtime-v2/config/pd-config-validate.d.ts

@@ -0,0 +1,16 @@
+/**
+ * PD Config Validation — PRI-304
+ *
+ * Runtime validation from `unknown` (parsed YAML/JSON).
+ * No `as` bypasses on untrusted input (ERR-001, ERR-005).
+ * Uses `Object.hasOwn()` for key checks (ERR-013).
+ * Missing/malformed required fields fail loud (ERR-009, ERR-010).
+ * Non-boolean enabled fields fail loud (ERR-047).
+ */
+import { type PdConfigValidationResult } from './pd-config-types.js';
+/**
+ * Validate a parsed `.pd/config.yaml` value from unknown input.
+ * Returns structured result — never throws on malformed input.
+ */
+export declare function validatePdConfig(raw: unknown): PdConfigValidationResult;
+//# sourceMappingURL=pd-config-validate.d.ts.map

package/dist/runtime-v2/config/pd-config-validate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pd-config-validate.d.ts","sourceRoot":"","sources":["../../../src/runtime-v2/config/pd-config-validate.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAEL,KAAK,wBAAwB,EAmB9B,MAAM,sBAAsB,CAAC;AA+W9B;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,OAAO,GAAG,wBAAwB,CAyHvE"}