@principles/core 1.96.0 → 1.98.0

package/dist/runtime-v2/__tests__/pain-signal-observability.test.js

@@ -57,7 +57,9 @@ describe('recordPainSignalObservability', () => {
             type: 'pain_detected',
             data: {
                 painId: 'manual_test_001',
-                taskId: 'diagnosis_manual_test_001',
+                source: 'manual',
+                score: 95,
+                evidenceCount: 0,
             },
         });
         const db = new Database(join(stateDir, 'trajectory.db'), { readonly: true });
@@ -147,5 +149,25 @@ describe('recordPainSignalObservability', () => {
             dbRead.close();
         }
     });
+    it('redacts token-like patterns in evolution stream reason', () => {
+        const { workspaceDir, stateDir } = makeWorkspace();
+        const result = recordPainSignalObservability({
+            workspaceDir,
+            stateDir,
+            data: {
+                painId: 'token_test_001',
+                painType: 'tool_failure',
+                source: 'tool_failure',
+                reason: 'Tool write failed with token sk-proj-abcdefghijklmnopqrstuvwxyz0123456789 in path',
+                score: 60,
+                sessionId: 's1',
+            },
+        });
+        expect(result.warnings).toEqual([]);
+        const evolutionLine = readFileSync(String(result.evolutionStreamPath), 'utf8').trim();
+        const parsed = JSON.parse(evolutionLine);
+        expect(parsed.data.reason).toContain('___REDACTED___');
+        expect(parsed.data.reason).not.toContain('sk-proj-abcdefghijklmnopqrstuvwxyz0123456789');
+    });
 });
 //# sourceMappingURL=pain-signal-observability.test.js.map

package/dist/runtime-v2/__tests__/pain-signal-observability.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"pain-signal-observability.test.js","sourceRoot":"","sources":["../../../src/runtime-v2/__tests__/pain-signal-observability.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AAClE,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC;AAC5B,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACzD,OAAO,EAAE,6BAA6B,EAAE,MAAM,iCAAiC,CAAC;AAEhF,MAAM,QAAQ,GAAa,EAAE,CAAC;AAE9B,SAAS,aAAa;IACpB,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,mBAAmB,CAAC,CAAC,CAAC;IACtE,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC5B,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,EAAE,CAAC;AAClE,CAAC;AAED,SAAS,CAAC,GAAG,EAAE;IACb,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,+BAA+B,EAAE,GAAG,EAAE;IAC7C,EAAE,CAAC,+EAA+E,EAAE,GAAG,EAAE;QACvF,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,aAAa,EAAE,CAAC;QACnD,MAAM,MAAM,GAAG,6BAA6B,CAAC;YAC3C,YAAY;YACZ,QAAQ;YACR,IAAI,EAAE;gBACJ,MAAM,EAAE,iBAAiB;gBACzB,MAAM,EAAE,2BAA2B;gBACnC,QAAQ,EAAE,kBAAkB;gBAC5B,MAAM,EAAE,QAAQ;gBAChB,MAAM,EAAE,uBAAuB;gBAC/B,KAAK,EAAE,EAAE;gBACT,SAAS,EAAE,KAAK;gBAChB,OAAO,EAAE,QAAQ;aAClB;SACF,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACpC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACjD,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,iBAAiB,CAAC,CAAC,CAAC;QACzF,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACxD,MAAM,EAAC,YAAY,EAAC,GAAG,MAAM,CAAC;QAC9B,MAAM,EAAC,mBAAmB,EAAC,GAAG,MAAM,CAAC;QACrC,MAAM,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;QACnC,MAAM,CAAC,mBAAmB,CAAC,CAAC,WAAW,EAAE,CAAC;QAE1C,MAAM,YAAY,GAAG,YAAY,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QACvE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,aAAa,CAAC;YAC7C,IAAI,EAAE,aAAa;YACnB,QAAQ,EAAE,UAAU;YACpB,SAAS,EAAE,KAAK;YAChB,IAAI,EAAE;gBACJ,OAAO,EAAE,iBAAiB;gBAC1B,KAAK,EAAE,EAAE;gBACT,MAAM,EAAE,QAAQ;gBAChB,MAAM,EAAE,aAAa;aACtB;SACF,CAAC,CAAC;QAEH,MAAM,aAAa,GAAG,YAAY,CAAC,MAAM,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QAC/E,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC;YAC9C,IAAI,EAAE,eAAe;YACrB,IAAI,EAAE;gBACJ,MAAM,EAAE,iBAAiB;gBACzB,MAAM,EAAE,2BAA2B;aACpC;SACF,CAAC,CAAC;QAEH,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7E,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,2DAA2D,CAAC,CAAC,GAAG,EAK1F,CAAC;YACF,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC;gBACtB,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,QAAQ;gBAChB,KAAK,EAAE,EAAE;gBACT,MAAM,EAAE,uBAAuB;aAChC,CAAC,CAAC;YAEH,MAAM,iBAAiB,GAAG,EAAE,CAAC,OAAO,CAAC;;OAEpC,CAAC,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,CAAC,iBAAiB,CAAC,CAAC,aAAa,EAAE,CAAC;QAC5C,CAAC;gBAAS,CAAC;YACT,EAAE,CAAC,KAAK,EAAE,CAAC;QACb,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kFAAkF,EAAE,GAAG,EAAE;QAC1F,2EAA2E;QAC3E,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,aAAa,EAAE,CAAC;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;QAE/C,iDAAiD;QACjD,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEzC,yDAAyD;QACzD,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;QAChC,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;KAoBP,CAAC,CAAC;QACH,EAAE,CAAC,KAAK,EAAE,CAAC;QAEX,+DAA+D;QAC/D,MAAM,MAAM,GAAG,6BAA6B,CAAC;YAC3C,YAAY;YACZ,QAAQ;YACR,IAAI,EAAE;gBACJ,MAAM,EAAE,wBAAwB;gBAChC,MAAM,EAAE,kCAAkC;gBAC1C,QAAQ,EAAE,kBAAkB;gBAC5B,MAAM,EAAE,QAAQ;gBAChB,MAAM,EAAE,8BAA8B;gBACtC,KAAK,EAAE,EAAE;gBACT,SAAS,EAAE,KAAK;gBAChB,OAAO,EAAE,QAAQ;aAClB;SACF,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACpC,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAExD,iCAAiC;QACjC,MAAM,MAAM,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QACjF,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,2DAA2D,CAAC,CAAC,GAAG,EAK9F,CAAC;YACF,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC;gBACtB,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,QAAQ;gBAChB,KAAK,EAAE,EAAE;gBACT,MAAM,EAAE,8BAA8B;aACvC,CAAC,CAAC;YAEH,kEAAkE;YAClE,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC,GAAG,EAAwB,CAAC;YACjG,MAAM,WAAW,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACtD,MAAM,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;YACnD,MAAM,CAAC,WAAW,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;YAC5C,MAAM,CAAC,WAAW,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;YAC5C,MAAM,CAAC,WAAW,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QAC9C,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"pain-signal-observability.test.js","sourceRoot":"","sources":["../../../src/runtime-v2/__tests__/pain-signal-observability.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AAClE,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC;AAC5B,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACzD,OAAO,EAAE,6BAA6B,EAAE,MAAM,iCAAiC,CAAC;AAEhF,MAAM,QAAQ,GAAa,EAAE,CAAC;AAE9B,SAAS,aAAa;IACpB,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,mBAAmB,CAAC,CAAC,CAAC;IACtE,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC5B,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,EAAE,CAAC;AAClE,CAAC;AAED,SAAS,CAAC,GAAG,EAAE;IACb,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,+BAA+B,EAAE,GAAG,EAAE;IAC7C,EAAE,CAAC,+EAA+E,EAAE,GAAG,EAAE;QACvF,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,aAAa,EAAE,CAAC;QACnD,MAAM,MAAM,GAAG,6BAA6B,CAAC;YAC3C,YAAY;YACZ,QAAQ;YACR,IAAI,EAAE;gBACJ,MAAM,EAAE,iBAAiB;gBACzB,MAAM,EAAE,2BAA2B;gBACnC,QAAQ,EAAE,kBAAkB;gBAC5B,MAAM,EAAE,QAAQ;gBAChB,MAAM,EAAE,uBAAuB;gBAC/B,KAAK,EAAE,EAAE;gBACT,SAAS,EAAE,KAAK;gBAChB,OAAO,EAAE,QAAQ;aAClB;SACF,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACpC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACjD,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,iBAAiB,CAAC,CAAC,CAAC;QACzF,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACxD,MAAM,EAAC,YAAY,EAAC,GAAG,MAAM,CAAC;QAC9B,MAAM,EAAC,mBAAmB,EAAC,GAAG,MAAM,CAAC;QACrC,MAAM,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;QACnC,MAAM,CAAC,mBAAmB,CAAC,CAAC,WAAW,EAAE,CAAC;QAE1C,MAAM,YAAY,GAAG,YAAY,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QACvE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,aAAa,CAAC;YAC7C,IAAI,EAAE,aAAa;YACnB,QAAQ,EAAE,UAAU;YACpB,SAAS,EAAE,KAAK;YAChB,IAAI,EAAE;gBACJ,OAAO,EAAE,iBAAiB;gBAC1B,KAAK,EAAE,EAAE;gBACT,MAAM,EAAE,QAAQ;gBAChB,MAAM,EAAE,aAAa;aACtB;SACF,CAAC,CAAC;QAEH,MAAM,aAAa,GAAG,YAAY,CAAC,MAAM,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QAC/E,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC;YAC9C,IAAI,EAAE,eAAe;YACrB,IAAI,EAAE;gBACJ,MAAM,EAAE,iBAAiB;gBACzB,MAAM,EAAE,QAAQ;gBAChB,KAAK,EAAE,EAAE;gBACT,aAAa,EAAE,CAAC;aACjB;SACF,CAAC,CAAC;QAEH,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7E,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,2DAA2D,CAAC,CAAC,GAAG,EAK1F,CAAC;YACF,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC;gBACtB,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,QAAQ;gBAChB,KAAK,EAAE,EAAE;gBACT,MAAM,EAAE,uBAAuB;aAChC,CAAC,CAAC;YAEH,MAAM,iBAAiB,GAAG,EAAE,CAAC,OAAO,CAAC;;OAEpC,CAAC,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,CAAC,iBAAiB,CAAC,CAAC,aAAa,EAAE,CAAC;QAC5C,CAAC;gBAAS,CAAC;YACT,EAAE,CAAC,KAAK,EAAE,CAAC;QACb,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kFAAkF,EAAE,GAAG,EAAE;QAC1F,2EAA2E;QAC3E,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,aAAa,EAAE,CAAC;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;QAE/C,iDAAiD;QACjD,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEzC,yDAAyD;QACzD,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;QAChC,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;KAoBP,CAAC,CAAC;QACH,EAAE,CAAC,KAAK,EAAE,CAAC;QAEX,+DAA+D;QAC/D,MAAM,MAAM,GAAG,6BAA6B,CAAC;YAC3C,YAAY;YACZ,QAAQ;YACR,IAAI,EAAE;gBACJ,MAAM,EAAE,wBAAwB;gBAChC,MAAM,EAAE,kCAAkC;gBAC1C,QAAQ,EAAE,kBAAkB;gBAC5B,MAAM,EAAE,QAAQ;gBAChB,MAAM,EAAE,8BAA8B;gBACtC,KAAK,EAAE,EAAE;gBACT,SAAS,EAAE,KAAK;gBAChB,OAAO,EAAE,QAAQ;aAClB;SACF,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACpC,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAExD,iCAAiC;QACjC,MAAM,MAAM,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QACjF,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,2DAA2D,CAAC,CAAC,GAAG,EAK9F,CAAC;YACF,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC;gBACtB,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,QAAQ;gBAChB,KAAK,EAAE,EAAE;gBACT,MAAM,EAAE,8BAA8B;aACvC,CAAC,CAAC;YAEH,kEAAkE;YAClE,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC,GAAG,EAAwB,CAAC;YACjG,MAAM,WAAW,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACtD,MAAM,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;YACnD,MAAM,CAAC,WAAW,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;YAC5C,MAAM,CAAC,WAAW,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;YAC5C,MAAM,CAAC,WAAW,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QAC9C,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,aAAa,EAAE,CAAC;QACnD,MAAM,MAAM,GAAG,6BAA6B,CAAC;YAC3C,YAAY;YACZ,QAAQ;YACR,IAAI,EAAE;gBACJ,MAAM,EAAE,gBAAgB;gBACxB,QAAQ,EAAE,cAAc;gBACxB,MAAM,EAAE,cAAc;gBACtB,MAAM,EAAE,mFAAmF;gBAC3F,KAAK,EAAE,EAAE;gBACT,SAAS,EAAE,IAAI;aAChB;SACF,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACpC,MAAM,aAAa,GAAG,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QACtF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;QACvD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,8CAA8C,CAAC,CAAC;IAC3F,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/runtime-v2/config/pd-config-defaults.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"pd-config-defaults.d.ts","sourceRoot":"","sources":["../../../src/runtime-v2/config/pd-config-defaults.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,KAAK,QAAQ,EACb,KAAK,gBAAgB,EACrB,KAAK,sBAAsB,EAG3B,KAAK,oBAAoB,EACzB,KAAK,QAAQ,EAGd,MAAM,sBAAsB,CAAC;AAI9B,eAAO,MAAM,qBAAqB,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAkBlE,CAAC;AAIF,eAAO,MAAM,0BAA0B,qBAAqB,CAAC;AAE7D,eAAO,MAAM,uBAAuB,EAAE,sBAGrC,CAAC;AAiBF,wBAAgB,wBAAwB,IAAI,oBAAoB,CAY/D;AAID,eAAO,MAAM,UAAU,EAAE,QAExB,CAAC;AAIF,wBAAgB,kBAAkB,IAAI,QAAQ,CAU7C"}
+{"version":3,"file":"pd-config-defaults.d.ts","sourceRoot":"","sources":["../../../src/runtime-v2/config/pd-config-defaults.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,KAAK,QAAQ,EACb,KAAK,gBAAgB,EACrB,KAAK,sBAAsB,EAG3B,KAAK,oBAAoB,EACzB,KAAK,QAAQ,EAGd,MAAM,sBAAsB,CAAC;AAI9B,eAAO,MAAM,qBAAqB,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAmBlE,CAAC;AAIF,eAAO,MAAM,0BAA0B,qBAAqB,CAAC;AAE7D,eAAO,MAAM,uBAAuB,EAAE,sBAGrC,CAAC;AAiBF,wBAAgB,wBAAwB,IAAI,oBAAoB,CAY/D;AAID,eAAO,MAAM,UAAU,EAAE,QAExB,CAAC;AAIF,wBAAgB,kBAAkB,IAAI,QAAQ,CAU7C"}

package/dist/runtime-v2/config/pd-config-defaults.js

@@ -17,6 +17,7 @@ export const DEFAULT_FEATURE_FLAGS = {
     gfi: { category: 'quiet', enabled: false },
     evolution_worker: { category: 'quiet', enabled: false },
     empathy_observer: { category: 'quiet', enabled: false },
+    painEvidenceAdmission: { category: 'quiet', enabled: false },
     // MVP-Gone (ADR-0014 §2.6)
     nocturnal: { category: 'gone', enabled: false },
     idle_trigger: { category: 'gone', enabled: false },

package/dist/runtime-v2/config/pd-config-defaults.js.map

@@ -1 +1 @@
-{"version":3,"file":"pd-config-defaults.js","sourceRoot":"","sources":["../../../src/runtime-v2/config/pd-config-defaults.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAQL,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,sBAAsB,CAAC;AAE9B,+EAA+E;AAE/E,MAAM,CAAC,MAAM,qBAAqB,GAAqC;IACrE,2BAA2B;IAC3B,MAAM,EAAc,EAAE,QAAQ,EAAE,MAAM,EAAG,OAAO,EAAE,IAAI,EAAE;IACxD,cAAc,EAAM,EAAE,QAAQ,EAAE,MAAM,EAAG,OAAO,EAAE,IAAI,EAAE;IACxD,aAAa,EAAO,EAAE,QAAQ,EAAE,MAAM,EAAG,OAAO,EAAE,IAAI,EAAE;IACxD,mBAAmB,EAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE;IAEzD,4BAA4B;IAC5B,gBAAgB,EAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE;IACxD,GAAG,EAAiB,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE;IACzD,gBAAgB,EAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE;IACzD,gBAAgB,EAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE;IAEzD,2BAA2B;IAC3B,SAAS,EAAW,EAAE,QAAQ,EAAE,MAAM,EAAG,OAAO,EAAE,KAAK,EAAE;IACzD,YAAY,EAAQ,EAAE,QAAQ,EAAE,MAAM,EAAG,OAAO,EAAE,KAAK,EAAE;IACzD,cAAc,EAAM,EAAE,QAAQ,EAAE,MAAM,EAAG,OAAO,EAAE,KAAK,EAAE;IACzD,OAAO,EAAa,EAAE,QAAQ,EAAE,MAAM,EAAG,OAAO,EAAE,KAAK,EAAE;CAC1D,CAAC;AAEF,+EAA+E;AAE/E,MAAM,CAAC,MAAM,0BAA0B,GAAG,kBAAkB,CAAC;AAE7D,MAAM,CAAC,MAAM,uBAAuB,GAA2B;IAC7D,IAAI,EAAE,UAAU;IAChB,MAAM,EAAE,SAAS;CAClB,CAAC;AAEF,+EAA+E;AAE/E,MAAM,qBAAqB,GAAuC;IAChE,aAAa,EAAE,IAAI;IACnB,OAAO,EAAE,IAAI;IACb,WAAW,EAAE,KAAK;IAClB,MAAM,EAAE,IAAI;IACZ,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,KAAK;IAChB,eAAe,EAAE,KAAK;IACtB,OAAO,EAAE,KAAK;IACd,kBAAkB,EAAE,KAAK;IACzB,eAAe,EAAE,KAAK;CACvB,CAAC;AAEF,MAAM,UAAU,wBAAwB;IACtC,MAAM,MAAM,GAAyC,EAAE,CAAC;IACxD,KAAK,MAAM,IAAI,IAAI,oBAAoB,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,GAAG;YACb,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC;YACpC,cAAc,EAAE,0BAA0B;SAC3C,CAAC;IACJ,CAAC;IACD,OAAO;QACL,cAAc,EAAE,0BAA0B;QAC1C,MAAM,EAAE,MAAyD;KAClE,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,MAAM,UAAU,GAAa;IAClC,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;CAChC,CAAC;AAEF,+EAA+E;AAE/E,MAAM,UAAU,kBAAkB;IAChC,OAAO;QACL,OAAO,EAAE,iBAAiB;QAC1B,QAAQ,EAAE,EAAE,GAAG,qBAAqB,EAAE;QACtC,eAAe,EAAE;YACf,CAAC,0BAA0B,CAAC,EAAE,EAAE,GAAG,uBAAuB,EAAE;SAC7D;QACD,cAAc,EAAE,wBAAwB,EAAE;QAC1C,EAAE,EAAE,EAAE,GAAG,UAAU,EAAE;KACtB,CAAC;AACJ,CAAC"}
+{"version":3,"file":"pd-config-defaults.js","sourceRoot":"","sources":["../../../src/runtime-v2/config/pd-config-defaults.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAQL,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,sBAAsB,CAAC;AAE9B,+EAA+E;AAE/E,MAAM,CAAC,MAAM,qBAAqB,GAAqC;IACrE,2BAA2B;IAC3B,MAAM,EAAc,EAAE,QAAQ,EAAE,MAAM,EAAG,OAAO,EAAE,IAAI,EAAE;IACxD,cAAc,EAAM,EAAE,QAAQ,EAAE,MAAM,EAAG,OAAO,EAAE,IAAI,EAAE;IACxD,aAAa,EAAO,EAAE,QAAQ,EAAE,MAAM,EAAG,OAAO,EAAE,IAAI,EAAE;IACxD,mBAAmB,EAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE;IAEzD,4BAA4B;IAC5B,gBAAgB,EAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE;IACxD,GAAG,EAAiB,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE;IACzD,gBAAgB,EAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE;IACzD,gBAAgB,EAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE;IACzD,qBAAqB,EAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE;IAE3D,2BAA2B;IAC3B,SAAS,EAAW,EAAE,QAAQ,EAAE,MAAM,EAAG,OAAO,EAAE,KAAK,EAAE;IACzD,YAAY,EAAQ,EAAE,QAAQ,EAAE,MAAM,EAAG,OAAO,EAAE,KAAK,EAAE;IACzD,cAAc,EAAM,EAAE,QAAQ,EAAE,MAAM,EAAG,OAAO,EAAE,KAAK,EAAE;IACzD,OAAO,EAAa,EAAE,QAAQ,EAAE,MAAM,EAAG,OAAO,EAAE,KAAK,EAAE;CAC1D,CAAC;AAEF,+EAA+E;AAE/E,MAAM,CAAC,MAAM,0BAA0B,GAAG,kBAAkB,CAAC;AAE7D,MAAM,CAAC,MAAM,uBAAuB,GAA2B;IAC7D,IAAI,EAAE,UAAU;IAChB,MAAM,EAAE,SAAS;CAClB,CAAC;AAEF,+EAA+E;AAE/E,MAAM,qBAAqB,GAAuC;IAChE,aAAa,EAAE,IAAI;IACnB,OAAO,EAAE,IAAI;IACb,WAAW,EAAE,KAAK;IAClB,MAAM,EAAE,IAAI;IACZ,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,KAAK;IAChB,eAAe,EAAE,KAAK;IACtB,OAAO,EAAE,KAAK;IACd,kBAAkB,EAAE,KAAK;IACzB,eAAe,EAAE,KAAK;CACvB,CAAC;AAEF,MAAM,UAAU,wBAAwB;IACtC,MAAM,MAAM,GAAyC,EAAE,CAAC;IACxD,KAAK,MAAM,IAAI,IAAI,oBAAoB,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,GAAG;YACb,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC;YACpC,cAAc,EAAE,0BAA0B;SAC3C,CAAC;IACJ,CAAC;IACD,OAAO;QACL,cAAc,EAAE,0BAA0B;QAC1C,MAAM,EAAE,MAAyD;KAClE,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,MAAM,UAAU,GAAa;IAClC,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;CAChC,CAAC;AAEF,+EAA+E;AAE/E,MAAM,UAAU,kBAAkB;IAChC,OAAO;QACL,OAAO,EAAE,iBAAiB;QAC1B,QAAQ,EAAE,EAAE,GAAG,qBAAqB,EAAE;QACtC,eAAe,EAAE;YACf,CAAC,0BAA0B,CAAC,EAAE,EAAE,GAAG,uBAAuB,EAAE;SAC7D;QACD,cAAc,EAAE,wBAAwB,EAAE;QAC1C,EAAE,EAAE,EAAE,GAAG,UAAU,EAAE;KACtB,CAAC;AACJ,CAAC"}

package/dist/runtime-v2/evidence-sanitizer.d.ts

@@ -0,0 +1,57 @@
+/**
+ * Shared evidence sanitizer for durable pain signal storage.
+ *
+ * Used by:
+ * - pain-signal-observability.ts (core package)
+ * - message-sanitize.ts (openclaw-plugin package)
+ *
+ * Design contract (EP-08 Security Boundary Placement):
+ * - Sanitization happens at the PERSISTENCE boundary, not at evaluation boundary
+ * - Enforcement input (raw params, error text) stays available for gate/score computation
+ * - All strings are token-redacted and bounded before durable storage
+ * - Unknown-first: never throws on malformed input; returns {} or bounded preview
+ * - Recursive with depth/key/array limits to prevent infinite traversal
+ *
+ * ERR checklist:
+ * - ERR-001: no `as` casts — input is `unknown`, narrowed with typeof guards
+ * - ERR-055: ANY-segment sensitive field matching, not ALL-segment
+ * - ERR-056: token redaction runs on ALL strings, not just truncation
+ * - ERR-051: redaction is at persistence output path, not evaluation input path
+ * - EP-08: platform-agnostic path basename — uses split on both `\\` and `/`,
+ *   never relies on nodePath.basename which only splits on the host OS separator.
+ */
+export declare const MAX_EVIDENCE_VALUE_CHARS = 200;
+/**
+ * Converges a single absolute path to a safe representation.
+ * - Under workspaceDir → repo-relative
+ * - Other absolute → basename only (platform-agnostic)
+ * - Relative paths → kept as-is
+ */
+export declare function convergePath(value: string, workspaceDir?: string): string;
+/**
+ * Sanitize a single string value:
+ * 1. Strip internal PD tags
+ * 2. Redact token-like patterns
+ * 3. Replace absolute paths embedded in the string
+ * 4. Bound length
+ */
+export declare function sanitizeString(value: string, workspaceDir?: string): string;
+/**
+ * Recursively sanitize any value for durable evidence storage.
+ * - Primitives: string → redact+bound; number/boolean → pass-through
+ * - Objects: recurse with key limit
+ * - Arrays: recurse with item limit
+ * - Depth limit prevents infinite traversal
+ *
+ * ERR-001: input is `unknown`, narrowed with typeof guards (no `as` casts)
+ */
+export declare function sanitizeValue(value: unknown, depth?: number, workspaceDir?: string): unknown;
+/**
+ * Sanitize tool-call params for evidence/trajectory storage.
+ *
+ * ERR-001: accepts `unknown`, not `Record<string, unknown>`. Runtime guards only.
+ * ERR-055: ANY-segment sensitive field matching.
+ * ERR-056: token redaction runs on ALL strings via sanitizeValue recursion.
+ */
+export declare function sanitizeToolParams(params: unknown, workspaceDir?: string): Record<string, unknown>;
+//# sourceMappingURL=evidence-sanitizer.d.ts.map

package/dist/runtime-v2/evidence-sanitizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"evidence-sanitizer.d.ts","sourceRoot":"","sources":["../../src/runtime-v2/evidence-sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAIH,eAAO,MAAM,wBAAwB,MAAM,CAAC;AAuD5C;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,CAmBzE;AAqBD;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,CAyB3E;AAID;;;;;;;;GAQG;AACH,wBAAgB,aAAa,CAC3B,KAAK,EAAE,OAAO,EACd,KAAK,SAAI,EACT,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO,CA+BT;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,OAAO,EACf,YAAY,CAAC,EAAE,MAAM,GACpB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CA8BzB"}

package/dist/runtime-v2/evidence-sanitizer.js

@@ -0,0 +1,213 @@
+/**
+ * Shared evidence sanitizer for durable pain signal storage.
+ *
+ * Used by:
+ * - pain-signal-observability.ts (core package)
+ * - message-sanitize.ts (openclaw-plugin package)
+ *
+ * Design contract (EP-08 Security Boundary Placement):
+ * - Sanitization happens at the PERSISTENCE boundary, not at evaluation boundary
+ * - Enforcement input (raw params, error text) stays available for gate/score computation
+ * - All strings are token-redacted and bounded before durable storage
+ * - Unknown-first: never throws on malformed input; returns {} or bounded preview
+ * - Recursive with depth/key/array limits to prevent infinite traversal
+ *
+ * ERR checklist:
+ * - ERR-001: no `as` casts — input is `unknown`, narrowed with typeof guards
+ * - ERR-055: ANY-segment sensitive field matching, not ALL-segment
+ * - ERR-056: token redaction runs on ALL strings, not just truncation
+ * - ERR-051: redaction is at persistence output path, not evaluation input path
+ * - EP-08: platform-agnostic path basename — uses split on both `\\` and `/`,
+ *   never relies on nodePath.basename which only splits on the host OS separator.
+ */
+// ── Limits ──
+export const MAX_EVIDENCE_VALUE_CHARS = 200;
+const MAX_DEPTH = 4;
+const MAX_KEYS = 50;
+const MAX_ARRAY_ITEMS = 20;
+// ── Token patterns ──
+const TOKEN_LIKE_PATTERNS = [
+    /[A-Za-z0-9+/=]{40,}/g,
+    /sk-[A-Za-z0-9_-]{20,}/g,
+    /ghp_[A-Za-z0-9]{36,}/g,
+    /gho_[A-Za-z0-9]{36,}/g,
+    /xox[bpras]-[A-Za-z0-9-]{20,}/g,
+    /eyJ[A-Za-z0-9_-]{20,}\./g,
+];
+// ── PD tag patterns ──
+const PD_TAG_PATTERNS = [
+    /\[EMOTIONAL_DAMAGE_DETECTED(?::(?:mild|moderate|severe))?\]/gi,
+    /\[EMPATHY_ROLLBACK_REQUEST\]/gi,
+    /<empathy[^>]*\/?>(?:<\/empathy>)?/gi,
+];
+// ── Path detection ──
+const ABSOLUTE_PATH_RE = /^(?:[A-Za-z]:[\\/]|\/|\\\\)/;
+const WINDOWS_DRIVE_RE = /^[A-Za-z]:\\/;
+/**
+ * Matches absolute paths embedded anywhere inside a string.
+ * Windows drive, POSIX root, UNC paths.
+ */
+const ABSOLUTE_PATH_IN_STRING_RE = /(?:^|[\s"'=])([A-Za-z]:\\[^\s"'&|<>]+|[A-Za-z]:\/[^\s"'&|<>]+|\\\\[^\s"'&|<>]+|(?:\/[\w.-]+){2,}(?:\/[^\s"'&|<>]*)?)/gm;
+// ── Helpers ──
+function isPlainRecord(value) {
+    return typeof value === 'object' && value !== null && !Array.isArray(value);
+}
+/**
+ * Platform-agnostic basename that handles both `\` and `/` separators.
+ *
+ * EP-08: nodePath.basename on Linux does not split on backslash.
+ * This helper splits on both separator families so that Windows paths
+ * like `D:\Code\principles` produce `principles` even when running on
+ * a POSIX CI runner.
+ */
+function platformAgnosticBasename(p) {
+    const parts = p.split(/[\\/]/);
+    return parts[parts.length - 1] || p;
+}
+/**
+ * Converges a single absolute path to a safe representation.
+ * - Under workspaceDir → repo-relative
+ * - Other absolute → basename only (platform-agnostic)
+ * - Relative paths → kept as-is
+ */
+export function convergePath(value, workspaceDir) {
+    if (!ABSOLUTE_PATH_RE.test(value))
+        return value;
+    // Try repo-relative
+    if (workspaceDir) {
+        const normalizedWorkspace = workspaceDir.replace(/[\\/]+$/, '');
+        const normalizedValue = value.replace(/[\\/]+$/, '');
+        // Case-insensitive comparison on Windows
+        const compare = WINDOWS_DRIVE_RE.test(value)
+            ? (a, b) => a.toLowerCase() === b.toLowerCase()
+            : (a, b) => a === b;
+        if (compare(normalizedValue.slice(0, normalizedWorkspace.length), normalizedWorkspace)) {
+            const relative = normalizedValue.slice(normalizedWorkspace.length).replace(/^[/\\]/, '');
+            return relative || platformAgnosticBasename(value);
+        }
+    }
+    // Absolute, not under workspace → basename
+    return platformAgnosticBasename(value);
+}
+/**
+ * Replace absolute paths embedded inside a longer string.
+ * e.g. "cd D:\Code\principles && git status" → "cd <path:principles> && git status"
+ * e.g. "error in /home/user/project/src/file.ts" → "error in <path:file.ts>"
+ */
+function replacePathsInString(value, workspaceDir) {
+    return value.replace(ABSOLUTE_PATH_IN_STRING_RE, (fullMatch, capturedPath) => {
+        const leading = fullMatch.slice(0, fullMatch.length - capturedPath.length);
+        const converged = convergePath(capturedPath, workspaceDir);
+        // Wrap outside-workspace absolute paths in angle brackets
+        if (ABSOLUTE_PATH_RE.test(capturedPath) && converged === platformAgnosticBasename(capturedPath)) {
+            return `${leading}<path:${converged}>`;
+        }
+        return `${leading}${converged}`;
+    });
+}
+// ── String sanitization ──
+/**
+ * Sanitize a single string value:
+ * 1. Strip internal PD tags
+ * 2. Redact token-like patterns
+ * 3. Replace absolute paths embedded in the string
+ * 4. Bound length
+ */
+export function sanitizeString(value, workspaceDir) {
+    let result = value;
+    // 1. Strip PD tags
+    for (const p of PD_TAG_PATTERNS) {
+        result = result.replace(p, '');
+    }
+    // 2. Redact tokens
+    for (const pattern of TOKEN_LIKE_PATTERNS) {
+        result = result.replace(pattern, (match) => {
+            const prefix = match.length > 50 ? match.slice(0, 8) : match.slice(0, 4);
+            return `${prefix}___REDACTED___${match.length}`;
+        });
+    }
+    // 3. Replace absolute paths embedded in the string
+    result = replacePathsInString(result, workspaceDir);
+    // 4. Bound length
+    if (result.length > MAX_EVIDENCE_VALUE_CHARS) {
+        result = result.slice(0, MAX_EVIDENCE_VALUE_CHARS) + '___TRUNCATED___';
+    }
+    return result.trim();
+}
+// ── Recursive value sanitization ──
+/**
+ * Recursively sanitize any value for durable evidence storage.
+ * - Primitives: string → redact+bound; number/boolean → pass-through
+ * - Objects: recurse with key limit
+ * - Arrays: recurse with item limit
+ * - Depth limit prevents infinite traversal
+ *
+ * ERR-001: input is `unknown`, narrowed with typeof guards (no `as` casts)
+ */
+export function sanitizeValue(value, depth = 0, workspaceDir) {
+    if (depth > MAX_DEPTH)
+        return '<max-depth>';
+    if (value === null || value === undefined)
+        return value;
+    if (typeof value === 'string')
+        return sanitizeString(value, workspaceDir);
+    if (typeof value === 'number' || typeof value === 'boolean')
+        return value;
+    if (Array.isArray(value)) {
+        const items = value.slice(0, MAX_ARRAY_ITEMS);
+        const mapped = items.map((item) => sanitizeValue(item, depth + 1, workspaceDir));
+        if (value.length > MAX_ARRAY_ITEMS) {
+            mapped.push(`<${value.length - MAX_ARRAY_ITEMS} more items>`);
+        }
+        return mapped;
+    }
+    // ERR-001: runtime guard instead of `as Record`
+    if (isPlainRecord(value)) {
+        const result = {};
+        let count = 0;
+        for (const [k, v] of Object.entries(value)) {
+            if (count >= MAX_KEYS) {
+                result['<truncated>'] = `${Object.keys(value).length - count} more keys`;
+                break;
+            }
+            result[k] = sanitizeValue(v, depth + 1, workspaceDir);
+            count++;
+        }
+        return result;
+    }
+    return '<unsupported-type>';
+}
+/**
+ * Sanitize tool-call params for evidence/trajectory storage.
+ *
+ * ERR-001: accepts `unknown`, not `Record<string, unknown>`. Runtime guards only.
+ * ERR-055: ANY-segment sensitive field matching.
+ * ERR-056: token redaction runs on ALL strings via sanitizeValue recursion.
+ */
+export function sanitizeToolParams(params, workspaceDir) {
+    if (params === null || params === undefined) {
+        return {};
+    }
+    if (typeof params === 'string') {
+        return { '<string-input>': sanitizeString(params.slice(0, MAX_EVIDENCE_VALUE_CHARS), workspaceDir) };
+    }
+    if (typeof params === 'number' || typeof params === 'boolean') {
+        return {};
+    }
+    if (Array.isArray(params)) {
+        const sanitized = sanitizeValue(params, 0, workspaceDir);
+        if (Array.isArray(sanitized)) {
+            return { '<array-input>': sanitized.join(', ').slice(0, MAX_EVIDENCE_VALUE_CHARS) };
+        }
+        return { '<array-input>': '<sanitization-error>' };
+    }
+    if (isPlainRecord(params)) {
+        const sanitized = sanitizeValue(params, 0, workspaceDir);
+        if (isPlainRecord(sanitized)) {
+            return sanitized;
+        }
+        return {};
+    }
+    return {};
+}
+//# sourceMappingURL=evidence-sanitizer.js.map

package/dist/runtime-v2/evidence-sanitizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"evidence-sanitizer.js","sourceRoot":"","sources":["../../src/runtime-v2/evidence-sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,eAAe;AAEf,MAAM,CAAC,MAAM,wBAAwB,GAAG,GAAG,CAAC;AAC5C,MAAM,SAAS,GAAG,CAAC,CAAC;AACpB,MAAM,QAAQ,GAAG,EAAE,CAAC;AACpB,MAAM,eAAe,GAAG,EAAE,CAAC;AAE3B,uBAAuB;AAEvB,MAAM,mBAAmB,GAAa;IACpC,sBAAsB;IACtB,wBAAwB;IACxB,uBAAuB;IACvB,uBAAuB;IACvB,+BAA+B;IAC/B,0BAA0B;CAC3B,CAAC;AAEF,wBAAwB;AAExB,MAAM,eAAe,GAAa;IAChC,+DAA+D;IAC/D,gCAAgC;IAChC,qCAAqC;CACtC,CAAC;AAEF,uBAAuB;AAEvB,MAAM,gBAAgB,GAAG,6BAA6B,CAAC;AACvD,MAAM,gBAAgB,GAAG,cAAc,CAAC;AAExC;;;GAGG;AACH,MAAM,0BAA0B,GAC9B,wHAAwH,CAAC;AAE3H,gBAAgB;AAEhB,SAAS,aAAa,CAAC,KAAc;IACnC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,wBAAwB,CAAC,CAAS;IACzC,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/B,OAAO,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;AACtC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa,EAAE,YAAqB;IAC/D,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAEhD,oBAAoB;IACpB,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,mBAAmB,GAAG,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAChE,MAAM,eAAe,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QACrD,yCAAyC;QACzC,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC;YAC1C,CAAC,CAAC,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,WAAW,EAAE;YAC/D,CAAC,CAAC,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;QACtC,IAAI,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,mBAAmB,CAAC,MAAM,CAAC,EAAE,mBAAmB,CAAC,EAAE,CAAC;YACvF,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YACzF,OAAO,QAAQ,IAAI,wBAAwB,CAAC,KAAK,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,OAAO,wBAAwB,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED;;;;GAIG;AACH,SAAS,oBAAoB,CAAC,KAAa,EAAE,YAAqB;IAChE,OAAO,KAAK,CAAC,OAAO,CAAC,0BAA0B,EAAE,CAAC,SAAS,EAAE,YAAoB,EAAE,EAAE;QACnF,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QAC3E,MAAM,SAAS,GAAG,YAAY,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QAC3D,0DAA0D;QAC1D,IAAI,gBAAgB,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,SAAS,KAAK,wBAAwB,CAAC,YAAY,CAAC,EAAE,CAAC;YAChG,OAAO,GAAG,OAAO,SAAS,SAAS,GAAG,CAAC;QACzC,CAAC;QACD,OAAO,GAAG,OAAO,GAAG,SAAS,EAAE,CAAC;IAClC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,4BAA4B;AAE5B;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAAC,KAAa,EAAE,YAAqB;IACjE,IAAI,MAAM,GAAG,KAAK,CAAC;IAEnB,mBAAmB;IACnB,KAAK,MAAM,CAAC,IAAI,eAAe,EAAE,CAAC;QAChC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjC,CAAC;IAED,mBAAmB;IACnB,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;QAC1C,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YACzC,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACzE,OAAO,GAAG,MAAM,iBAAiB,KAAK,CAAC,MAAM,EAAE,CAAC;QAClD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,mDAAmD;IACnD,MAAM,GAAG,oBAAoB,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IAEpD,kBAAkB;IAClB,IAAI,MAAM,CAAC,MAAM,GAAG,wBAAwB,EAAE,CAAC;QAC7C,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,wBAAwB,CAAC,GAAG,iBAAiB,CAAC;IACzE,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;AACvB,CAAC;AAED,qCAAqC;AAErC;;;;;;;;GAQG;AACH,MAAM,UAAU,aAAa,CAC3B,KAAc,EACd,KAAK,GAAG,CAAC,EACT,YAAqB;IAErB,IAAI,KAAK,GAAG,SAAS;QAAE,OAAO,aAAa,CAAC;IAC5C,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IACxD,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,cAAc,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IAC1E,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IAE1E,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC;QACjF,IAAI,KAAK,CAAC,MAAM,GAAG,eAAe,EAAE,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,eAAe,cAAc,CAAC,CAAC;QAChE,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,gDAAgD;IAChD,IAAI,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,IAAI,KAAK,IAAI,QAAQ,EAAE,CAAC;gBACtB,MAAM,CAAC,aAAa,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,KAAK,YAAY,CAAC;gBACzE,MAAM;YACR,CAAC;YACD,MAAM,CAAC,CAAC,CAAC,GAAG,aAAa,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,EAAE,YAAY,CAAC,CAAC;YACtD,KAAK,EAAE,CAAC;QACV,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,OAAO,oBAAoB,CAAC;AAC9B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAChC,MAAe,EACf,YAAqB;IAErB,IAAI,MAAM,KAAK,IAAI,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QAC5C,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,OAAO,EAAE,gBAAgB,EAAE,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,wBAAwB,CAAC,EAAE,YAAY,CAAC,EAAE,CAAC;IACvG,CAAC;IAED,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,OAAO,MAAM,KAAK,SAAS,EAAE,CAAC;QAC9D,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,EAAE,CAAC,EAAE,YAAY,CAAC,CAAC;QACzD,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7B,OAAO,EAAE,eAAe,EAAE,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,wBAAwB,CAAC,EAAE,CAAC;QACtF,CAAC;QACD,OAAO,EAAE,eAAe,EAAE,sBAAsB,EAAE,CAAC;IACrD,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,EAAE,CAAC,EAAE,YAAY,CAAC,CAAC;QACzD,IAAI,aAAa,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC"}

package/dist/runtime-v2/evidence-triage/__tests__/triage-policy.test.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Triage Policy Tests — PEAT-B1
+ *
+ * Tests the pure triage policy evaluation.
+ * No I/O, no plugin imports, no mocks needed.
+ *
+ * ERR checklist:
+ * - ERR-001: Validates that source kind is runtime-checked, not cast.
+ * - ERR-002: Validates that every result has reason + nextAction.
+ * - ERR-024/025/048: Tests exercise the production evaluateTriage path.
+ */
+export {};
+//# sourceMappingURL=triage-policy.test.d.ts.map

package/dist/runtime-v2/evidence-triage/__tests__/triage-policy.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"triage-policy.test.d.ts","sourceRoot":"","sources":["../../../../src/runtime-v2/evidence-triage/__tests__/triage-policy.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG"}