FIX: Tightened regex to avoid escaping with double quoted strings. Added validation error to catch incorrect regex patterns

Author: PredictabilityAtScale

README.md

@@ -94,9 +94,7 @@ context:
       reject_secrets: true
     - name: app_context
       max_size: 2000
-      allow_regex:
-        pattern: "^[A-Za-z0-9 _-]+$"
-        flags: "i"
+      allow_regex: /^[A-Za-z0-9 _-]+$/i
 includes:
   - ./shared/tone.md
 ---
@@ -164,7 +162,7 @@ Supported values for `warnings.contextSize` are `auto`, `off`, `result-only`, `c
 - **Provider-aware input caching controls** — optional `cache` front matter maps to OpenAI prompt cache hints, Anthropic `cache_control`, and Gemini `cachedContent`
 - **Vendor escape hatch** — optional `raw.<provider>` blocks shallow-merge unmodeled request-body fields into the final provider payload
 - **Validation** — Zod schema validation, Levenshtein-based "did you mean?" for typos, variable usage checks
-- **Context hardening** — structured regexes with flags, `/pattern/i` convenience syntax, and built-in `non_empty` / `reject_secrets` validators
+- **Context hardening** — copyable `/pattern/i` regex literals, structured regexes with `return_message`, and built-in `non_empty` / `reject_secrets` validators
 - **Optional short-circuit messages** — validators can return a structured `returnMessage` instead of throwing when configured
 - **Context size guardrails** — optional per-input `max_size` metadata with non-blocking render-time warnings
 - **Warning controls** — top-level config can suppress or emit context size warnings differently in dev and prod
@@ -616,6 +614,8 @@ Prompt files use YAML front matter with these fields:
 | `tiers` | `object` | Named tier overrides |
 | `metadata` | `object` | `{ owner, tags, review_required, stable }` |
 
+For `allow_regex` and `deny_regex`, prefer unquoted `/pattern/i` literal form so regex escapes such as `\s` and `\b` stay copyable from tools like regex101. If you use structured `pattern:` form, use single-quoted YAML strings or double each backslash in double-quoted strings.
+
 ## Website
 
 The `website/` directory contains a standalone marketing website for PromptOpsKit.

SKILL.md

@@ -105,7 +105,9 @@ Rules:
 - Use object-form inputs with `max_size` when a variable is likely to grow large and should trigger early warnings
 - Use `trim` to enforce byte budgets before interpolation when `max_size` is set
 - Use `allow_regex` for allowlist checks and `deny_regex` for blocklist checks on risky inputs
-- Prefer structured regexes like `{ pattern, flags }`; `/pattern/i` strings are also accepted and normalized internally
+- Prefer unquoted `/pattern/i` literals for regex validators so backslash escapes such as `\s` and `\b` stay copyable from regex tools
+- Use structured regexes like `{ pattern, flags, return_message }` when the validator needs a fallback message or separate flags
+- In structured `pattern:` YAML, use single quotes for patterns with backslashes or double each backslash in double-quoted strings
 - Use `non_empty: true` for required user text and `reject_secrets: true` for common secret redaction checks
 - When the caller should receive a structured fallback message instead of an exception, use object form with `return_message` on `allow_regex`, `deny_regex`, `non_empty`, or `reject_secrets`
 - Escape literal braces with `\{{` and `\}}`
@@ -127,7 +129,7 @@ At render time, callers can also pass `onContextOverflow` to transform oversized
 
 If a validator declares `return_message`, `renderPrompt()` returns that message in a structured result and omits the provider request instead of throwing for that validation failure. Invalid regex definitions still fail during `validate` and `compile` as `POK013` prompt-authoring errors.
 
-Malformed `allow_regex` and `deny_regex` values fail during `validate` and `compile`, not just at render time. When regex compilation fails, the error includes the prompt id, variable name, field name, and raw configured value.
+Malformed `allow_regex` and `deny_regex` values fail during `validate` and `compile`, not just at render time. When regex compilation fails, the error includes the prompt id, variable name, field name, and raw configured value. Double-quoted YAML regex strings with raw backslashes fail as `POK013`; use `/pattern/i`, single-quoted `pattern: '...'`, or doubled backslashes.
 
 Example: this is the minimal valid shape for a prompt that references
 `{{ pull_request }}` even when provider/model are inherited from defaults:

docs/api-reference.md

@@ -118,7 +118,7 @@ const result = await kit.validatePrompt('support/reply');
 // { valid: boolean, errors: ValidationError[], warnings: ValidationError[] }
 ```
 
-`validatePrompt()` covers schema, include-graph, variable declaration issues, and context regex compilation. Render-time context size warnings are produced by `renderPrompt()`, not validation.
+`validatePrompt()` covers schema, include-graph, variable declaration issues, context regex compilation, and context regex YAML quoting problems. Render-time context size warnings are produced by `renderPrompt()`, not validation.
 
 ## `kit.clearCache()`
 
@@ -223,7 +223,7 @@ const result = validateAsset(asset, ['id', 'schema_version', 'model'], 'hello.md
 // { valid: boolean, errors: ValidationError[], warnings: ValidationError[] }
 ```
 
-`validateAsset()` reports malformed `allow_regex` and `deny_regex` values before runtime, including the prompt id, variable name, field name, and raw configured value in the error message.
+`validateAsset()` reports malformed `allow_regex` and `deny_regex` values before runtime, including the prompt id, variable name, field name, and raw configured value in the error message. When parsing source Markdown through `parsePrompt()`, `loadPromptFile()`, or `validatePrompt()`, parser-level checks also report unsafe double-quoted YAML regex strings with raw backslashes as `POK013`; prefer unquoted `/pattern/i` literal form for copyable regex escapes.
 
 ### `validateAssetWithIncludes(asset, filePath, frontMatterKeys?)`
 

docs/cli.md

@@ -51,6 +51,7 @@ Checks:
 - Unknown front matter keys with Levenshtein-based "did you mean?" suggestions
 - Variable usage — used but undeclared, declared but unused
 - Context regex compilation for `allow_regex` and `deny_regex`
+- YAML quoting problems in context regex fields, such as raw `\s` or `\b` inside double-quoted strings
 - Include resolution — missing files, circular includes
 - Folder defaults inheritance from `defaults.md` (provider, model, metadata, system instructions)
 
@@ -82,7 +83,7 @@ promptopskit compile [sourceDir] [outputDir] [--source <dir>] [--output <dir>] [
 
 Includes are resolved during compilation so compiled artifacts are self-sufficient. The output directory is cleared by default before compiling (unless `--no-clean` is set).
 
-Compilation runs validation before writing artifacts. Invalid `allow_regex` or `deny_regex` definitions fail the compile step early with `POK013` instead of surfacing later during `renderPrompt()`.
+Compilation runs validation before writing artifacts. Invalid `allow_regex` or `deny_regex` definitions, including unsafe double-quoted YAML regex strings with raw backslashes, fail the compile step early with `POK013` instead of surfacing later during `renderPrompt()`.
 
 If you omit `<out>`, the CLI chooses `./.generated-prompts/json` for `json` and `./.generated-prompts/esm` for `esm`.
 

docs/getting-started.md

@@ -47,7 +47,7 @@ context:
       non_empty: true
       reject_secrets: true
     - name: app_context
-      allow_regex: "/^[A-Za-z0-9 _-]+$/i"
+      allow_regex: /^[A-Za-z0-9 _-]+$/i
 includes:
   - ./shared/tone.md
 ---
@@ -121,7 +121,7 @@ Your application owns the HTTP call — PromptOpsKit produces the request body o
 npx promptopskit validate ./prompts
 ```
 
-This checks all `.md` files for schema errors, unknown front matter keys (with "did you mean?" suggestions), variable usage mismatches, and malformed context regex definitions.
+This checks all `.md` files for schema errors, unknown front matter keys (with "did you mean?" suggestions), variable usage mismatches, and malformed context regex definitions. For regex validators, prefer unquoted `/pattern/i` literals so backslash escapes stay copyable; double-quoted YAML regex strings with raw backslashes are reported as `POK013`.
 
 ## Compile for production
 

docs/index.md

@@ -19,7 +19,7 @@ Open-source developer toolkit for managing prompts, system instructions, tools,
 - [Schema](./schema.md) — Full YAML front matter schema reference
 - [Vendor Schema Gap Analysis](./vendor-schema-gap-analysis.md) — Snapshot comparison against published OpenAI, Anthropic, Gemini, and OpenRouter schema capabilities
 - [Testing](./testing.md) — Test helpers, mock assets, and sidecar test files
-- [Validation](./validation.md) — Schema validation, "did you mean?" suggestions, variable checks, and early regex validation
+- [Validation](./validation.md) — Schema validation, "did you mean?" suggestions, variable checks, early regex validation, and YAML regex quoting guidance
 
 ## Also see
 

docs/prompt-format.md

@@ -234,8 +234,8 @@ Each entry can be either a string variable name or an object with:
 - `name` — the template variable name
 - `max_size` — optional UTF-8 byte limit for the injected value
 - `trim` — optional trim-to-budget (`true`/`end` keeps first bytes, `start` keeps trailing bytes) applied when `max_size` is set
-- `allow_regex` — optional allowlist regex; accepts `"pattern"`, `/pattern/i`, or `{ pattern, flags, return_message? }` and throws `POK031` on mismatch unless `return_message` is configured
-- `deny_regex` — optional blocklist regex; accepts `"pattern"`, `/pattern/i`, or `{ pattern, flags, return_message? }` and throws `POK032` on match unless `return_message` is configured
+- `allow_regex` — optional allowlist regex; accepts `/pattern/i`, `"pattern"`, or `{ pattern, flags, return_message? }` and throws `POK031` on mismatch unless `return_message` is configured
+- `deny_regex` — optional blocklist regex; accepts `/pattern/i`, `"pattern"`, or `{ pattern, flags, return_message? }` and throws `POK032` on match unless `return_message` is configured
 - `non_empty` — optional boolean or object validator; use `true` to throw `POK033`, or `{ return_message }` to short-circuit rendering with a structured message
 - `reject_secrets` — optional boolean or object validator; use `true` to throw `POK034`, or `{ return_message }` to short-circuit rendering with a structured message
 
@@ -245,7 +245,7 @@ The validator warns about:
 
 At render time, PromptOpsKit also emits a non-blocking `POK030` warning when a provided variable exceeds its declared `max_size`. In source and auto modes, the warning is also written to `console.warn` to make local development issues visible early.
 
-Malformed `allow_regex` and `deny_regex` values fail during `validate` and `compile` with `POK013`, so bad patterns are caught before runtime.
+Malformed `allow_regex` and `deny_regex` values fail during `validate` and `compile` with `POK013`, so bad patterns are caught before runtime. Double-quoted YAML regex strings with raw backslashes are also reported as `POK013`; use unquoted `/pattern/i`, single-quoted `pattern: '...'`, or doubled backslashes in double quotes.
 
 Example hardened input definition:
 
@@ -256,16 +256,18 @@ context:
       trim: true
       max_size: 24
       allow_regex:
-        pattern: "^user_[a-z0-9]+$"
-        flags: "i"
-        return_message: "User IDs must use the user_123 format."
+        pattern: '^user_[a-z0-9]+$'
+        flags: 'i'
+        return_message: 'User IDs must use the user_123 format.'
     - name: pull_request_body
       non_empty:
-        return_message: "Pull request content is required."
+        return_message: 'Pull request content is required.'
       reject_secrets: true
-      deny_regex: "/(ignore previous instructions|system:)/i"
+      deny_regex: /(?:ignore|disregard|forget)\s+(?:all\s+)?(?:previous|prior|above)\s+instructions|(?:^|\b)(?:system|developer|assistant)\s*:|reveal\s+(?:your|the)\s+(?:system\s+prompt|hidden\s+instructions?)|print\s+(?:the\s+)?(?:policy|rules?)|BEGIN\s+SYSTEM\s+PROMPT|END\s+SYSTEM\s+PROMPT/i
 ```
 
+Prefer unquoted `/pattern/i` literal form for regex patterns that contain backslashes. If you use a structured `pattern` field, use single-quoted YAML strings or double each backslash in double-quoted strings.
+
 ## Minimal example
 
 The simplest valid prompt:

docs/providers.md

@@ -149,7 +149,7 @@ interface ProviderAdapter {
 }
 ```
 
-Direct adapter rendering accepts the same `environment` and `tier` selectors as `kit.renderPrompt()`. Use the synchronous `validate()` and `render()` methods when you already have a compiled `ResolvedPromptAsset`, and use the async `validatePrompt()` and `renderPrompt()` helpers when you want the adapter to resolve either markdown source or a compiled artifact from disk. Context input validation runs through the same shared prompt-input wrapper for OpenAI, OpenAI Responses, Anthropic, Gemini, and OpenRouter, so `allow_regex`, `deny_regex`, `non_empty`, `reject_secrets`, and `return_message` behave consistently across all five.
+Direct adapter rendering accepts the same `environment` and `tier` selectors as `kit.renderPrompt()`. Use the synchronous `validate()` and `render()` methods when you already have a compiled `ResolvedPromptAsset`, and use the async `validatePrompt()` and `renderPrompt()` helpers when you want the adapter to resolve either markdown source or a compiled artifact from disk. Context input validation runs through the same shared prompt-input wrapper for OpenAI, OpenAI Responses, Anthropic, Gemini, and OpenRouter, so `allow_regex`, `deny_regex`, `non_empty`, `reject_secrets`, and `return_message` behave consistently across all five. For regex validators authored in YAML, prefer unquoted `/pattern/i` literals so backslash escapes stay copyable.
 
 Server-side example:
 

docs/schema.md

@@ -293,12 +293,14 @@ Object-form inputs add optional controls:
 
 - `max_size`: checked during `renderPrompt()` and can produce `POK030` warnings.
 - `trim`: trims incoming values to the `max_size` budget before interpolation (`true`/`end` keeps leading bytes, `start` keeps trailing bytes).
-- `allow_regex`: allowlist validation before interpolation; accepts `"pattern"`, `/pattern/i`, or `{ pattern, flags, return_message? }`. Non-matches throw `POK031` unless `return_message` is configured.
-- `deny_regex`: blocklist validation before interpolation; accepts `"pattern"`, `/pattern/i`, or `{ pattern, flags, return_message? }`. Matches throw `POK032` unless `return_message` is configured.
+- `allow_regex`: allowlist validation before interpolation; accepts `/pattern/i`, `"pattern"`, or `{ pattern, flags, return_message? }`. Non-matches throw `POK031` unless `return_message` is configured.
+- `deny_regex`: blocklist validation before interpolation; accepts `/pattern/i`, `"pattern"`, or `{ pattern, flags, return_message? }`. Matches throw `POK032` unless `return_message` is configured.
 - `non_empty`: accepts `true` or `{ return_message }`; blank values throw `POK033` unless `return_message` is configured.
 - `reject_secrets`: accepts `true` or `{ return_message }`; secret-like values throw `POK034` unless `return_message` is configured.
 
-Malformed `allow_regex` and `deny_regex` values are reported during `validate` and `compile` with `POK013`.
+Prefer unquoted `/pattern/i` literal form for regex validators, especially when the pattern contains backslashes such as `\s` or `\b`. If you use structured `pattern:` form, use single-quoted YAML strings or double each backslash in double-quoted strings.
+
+Malformed `allow_regex` and `deny_regex` values, including unsafe double-quoted YAML regex strings with raw backslashes, are reported during `validate` and `compile` with `POK013`.
 
 ## `includes`
 

docs/validation.md

@@ -34,7 +34,7 @@ const result = await kit.validatePrompt('support/reply');
 | `POK010` | Warning | Unknown front matter key (with "did you mean?" suggestion) |
 | `POK011` | Warning | Variable used in template but not declared in `context.inputs` |
 | `POK012` | Warning | Variable declared in `context.inputs` but never used |
-| `POK013` | Error | Invalid context regex pattern (`allow_regex` or `deny_regex`), including prompt id, variable name, field name, and raw configured value |
+| `POK013` | Error | Invalid context regex pattern or YAML regex quoting (`allow_regex` or `deny_regex`), including location and raw configured value when available |
 | `POK014` | Warning | `trim` configured without `max_size` (trim-to-budget skipped) |
 | `POK040` | Warning | Risky context input appears unbounded (`max_size` missing) |
 | `POK041` | Warning | Context input has no hardening validators (`allow/deny regex`, `non_empty`, `reject_secrets`) |
@@ -106,27 +106,27 @@ context:
   inputs:
     - name: user_id
       trim: true
-      allow_regex:
-        pattern: "^user_[a-z0-9]+$"
-        flags: "i"
+      allow_regex: /^user_[a-z0-9]+$/i
     - name: user_message
-      deny_regex: "/(ignore previous instructions|system:)/i"
+      deny_regex: /(?:ignore|disregard|forget)\s+(?:all\s+)?(?:previous|prior|above)\s+instructions|(?:^|\b)(?:system|developer|assistant)\s*:|reveal\s+(?:your|the)\s+(?:system\s+prompt|hidden\s+instructions?)|print\s+(?:the\s+)?(?:policy|rules?)|BEGIN\s+SYSTEM\s+PROMPT|END\s+SYSTEM\s+PROMPT/i
       non_empty: true
       reject_secrets: true
 ```
 
+- Prefer unquoted `/pattern/i` literal form for regex patterns that contain backslashes. If you use a structured `pattern` field, use single-quoted YAML strings or double each backslash in double-quoted strings.
 - `trim` trims values to the `max_size` byte budget before interpolation.
 - `allow_regex` enforces an allowlist pattern before interpolation and throws `POK031` when a value fails validation, unless `return_message` is configured.
 - `deny_regex` enforces a blocklist pattern before interpolation and throws `POK032` when a value matches, unless `return_message` is configured.
 - `non_empty` rejects blank or whitespace-only values with `POK033`, unless `return_message` is configured.
 - `reject_secrets` rejects common secret-like strings with `POK034`, unless `return_message` is configured.
 - During static validation and compilation, malformed `allow_regex` or `deny_regex` patterns are reported as `POK013`.
+- Double-quoted YAML regex strings with raw backslashes, such as `"\s+"`, are reported as `POK013` before YAML parsing. Prefer unquoted `/pattern/i` literals for copyable regexes.
 - During static validation, `trim` without `max_size` returns a `POK014` warning.
 - During static validation, risky unbounded inputs and missing hardening are flagged as `POK040` and `POK041`.
 - During static validation, provider/cache hygiene checks can emit `POK042`–`POK045`.
 - During static validation, inline tool quality checks can emit `POK047`.
 
-Regex compilation errors include the prompt id, variable name, field name, and raw configured value to make bad prompt definitions easy to locate.
+Regex compilation errors include the prompt id, variable name, field name, and raw configured value to make bad prompt definitions easy to locate. YAML quoting errors include the file and line when available.
 
 If a validator declares `return_message`, `renderPrompt()` returns that message in a structured result and omits the provider request instead of throwing.