Knowledge Runtime
knowledge_runtime_planKNOWLEDGE_RUNTIME_FOUNDATION_READY
Generated at
2026-05-29T10:07:47ZSnapshot version
1Redaction
APPLIEDSource paths
- config/knowledge_runtime/knowledge_brain_runtime_plan.yaml
- config/knowledge_runtime/knowledge_item_extraction_rules.yaml
- config/knowledge_runtime/knowledge_chunking_rules.yaml
- config/knowledge_runtime/knowledge_indexing_plan.yaml
- config/knowledge_runtime/retrieval_policy.yaml
- config/knowledge_runtime/knowledge_review_rules.yaml
- config/knowledge_runtime/knowledge_access_runtime_rules.yaml
Protected Prompt Boundary (PPB-01..PPB-10)
Prompt body text is not stored in this repository, not present in the database schema, and never serialized into API responses or UI snapshots. The UI shows [REDACTED-PPB-PROTECTED] in place of any field that matches the forbidden set.
PPB-PROTECTED
Defense in depth — six layers
- 1. Config — config/prompts/prompt_registry.yaml stores metadata only. Prompt body text never lives in YAML.
- 2. Schema — db/migrations/001_initial_schema.sql defines rfa.prompt_records WITHOUT body/template_body/full_prompt columns.
- 3. API — apps/api/src/lib/prompt-redactor.ts walks responses and replaces forbidden keys with the redaction marker.
- 4. Snapshot — scripts/ui/generate_static_registry_snapshots.py redacts again at snapshot-emit time.
- 5. UI — apps/web/src/lib/redaction.ts runs a third pass before any payload reaches a component.
- 6. Validator — scripts/validation/validate_protected_prompt_ui_boundary.py refuses to PASS if any forbidden field is un-redacted.
Top-level metrics
| Field | Value |
|---|---|
| runtime_statuses.length | 7 |
| hard_rules.length | 5 |
| ppb_protected | true |