Add context input hardening: trim, allow/deny regex, and onContextOverflow callback

[PredictabilityAtScale]

Motivation

• Provide runtime controls to keep large or unsafe context values out of final prompts and reduce prompt-injection risk.
• Allow callers to transform oversized values before interpolation and warnings, and surface configurable per-input trimming behavior.
• Add static validation for new context controls to catch misconfiguration early.

Description

• Add trim, allow_regex/deny_regex (and legacy regex) fields to the context input schema and normalize them in src/context.ts and src/schema/schema.ts.
• Implement sanitizeContextVariables() which applies onContextOverflow callbacks, trims values to max_size, and enforces allow/block regex checks, and integrate it into renderPrompt() and provider input handling (src/index.ts and src/providers/prompt-input.ts).
• Add static validation checks in src/validation/validate.ts for malformed regex (POK013), trim without max_size (POK014), and both regex+allow_regex configured (POK015).
• Update docs and website copy (README.md, SKILL.md, docs/*.md, website/index.html) to document the new options and onContextOverflow runtime hook.

Testing

• Ran the repository test suite including updated tests/validation.test.ts and tests/runtime-context-placeholders.test.ts, which exercise POK013/POK014/POK015, trimming behavior, regex validation, deny rules, and the onContextOverflow callback, and all tests passed.
• New/updated unit tests assert trimmed interpolation and that invalid regex and deny/allow failures throw the expected POK031/POK032 style errors.
• Manual inspection of generated provider-render flow verified that sanitized variables are passed to provider adapters and that context-size warnings are preserved per the kit warnings.contextSize policy.

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 71da240062

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Skip truncation when trim is explicitly false

sanitizeContextVariables treats any defined trim value as enabled, so trim: false still flows into trimToMaxSize(...); combined with normalizeTrimMode defaulting non-'start' values to 'end', this silently truncates values even when callers explicitly disabled trimming. In prompts that set max_size with boolean-driven config defaults, this changes output content and can hide the expected oversize warning path.

Useful? React with 👍 / 👎.

[PredictabilityAtScale]

Duplicate. Merged later pull request.