npm - @mondaydotcomorg/atp-provenance - Versions diffs - 0.19.21 → 0.21.0 - Mend

@mondaydotcomorg/atp-provenance 0.19.21 → 0.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/checkpoint-integration.d.ts +97 -0
package/dist/checkpoint-integration.d.ts.map +1 -0
package/dist/checkpoint-integration.js +253 -0
package/dist/checkpoint-integration.js.map +1 -0
package/dist/index.cjs +291 -1
package/dist/index.cjs.map +1 -1
package/dist/index.d.ts +2 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +285 -2
package/dist/index.js.map +1 -1
package/dist/registry.d.ts +19 -13
package/dist/registry.d.ts.map +1 -1
package/dist/registry.js +92 -73
package/dist/registry.js.map +1 -1
package/package.json +3 -2

package/dist/index.cjs CHANGED Viewed

@@ -366,7 +366,16 @@ var InMemoryProvenanceStore = class {
 // src/registry.ts
 var PROVENANCE_KEY = "__provenance__";
 var PROVENANCE_ID_KEY = "__prov_id__";
+var PROVENANCE_META_KEY = "__prov_meta__";
 var provenanceStore = /* @__PURE__ */ new WeakMap();
+var PROVENANCE_PROPERTY_NAMES = {
+  /** Symbol used for storing provenance data: __provenance__ */
+  PROVENANCE: PROVENANCE_KEY,
+  /** Symbol used for provenance ID: __prov_id__ */
+  PROVENANCE_ID: PROVENANCE_ID_KEY,
+  /** Symbol used for provenance metadata: __prov_meta__ */
+  PROVENANCE_META: PROVENANCE_META_KEY
+};
 var provenanceRegistry = /* @__PURE__ */ new Map();
 var executionProvenanceIds = /* @__PURE__ */ new Map();
 var currentExecutionId = null;
@@ -689,7 +698,7 @@ function createProvenanceProxy(value, source, readers = {
     }
   } else if (typeof value === "object") {
     for (const key in value) {
-      if (Object.prototype.hasOwnProperty.call(value, key) && key !== PROVENANCE_ID_KEY) {
+      if (Object.prototype.hasOwnProperty.call(value, key) && key !== PROVENANCE_ID_KEY && key !== PROVENANCE_META_KEY) {
         const nestedValue = value[key];
         if (typeof nestedValue === "object" && nestedValue !== null && !hasProvenance(nestedValue)) {
           createProvenanceProxy(nestedValue, source, readers, [
@@ -729,6 +738,24 @@ function getProvenance(value) {
         return metadata;
       }
     }
+    if (PROVENANCE_META_KEY in value) {
+      const embeddedMeta = value[PROVENANCE_META_KEY];
+      if (embeddedMeta && typeof embeddedMeta === "object") {
+        const metadata = {
+          id: embeddedMeta.id || id || crypto__default.default.randomUUID(),
+          source: embeddedMeta.source,
+          readers: embeddedMeta.readers || {
+            type: "public"
+          },
+          dependencies: embeddedMeta.dependencies || [],
+          context: {}
+        };
+        if (metadata.id) {
+          provenanceRegistry.set(metadata.id, metadata);
+        }
+        return metadata;
+      }
+    }
     if (PROVENANCE_KEY in value) {
       return value[PROVENANCE_KEY];
     }
@@ -744,6 +771,46 @@ function hasProvenance(value) {
   return getProvenance(value) !== null;
 }
 __name(hasProvenance, "hasProvenance");
+function attachProvenanceMetaForCheckpoint(value, visited = /* @__PURE__ */ new WeakSet()) {
+  if (value === null || value === void 0 || typeof value !== "object") {
+    return;
+  }
+  if (visited.has(value)) {
+    return;
+  }
+  visited.add(value);
+  const metadata = getProvenance(value);
+  if (metadata) {
+    try {
+      if (!(PROVENANCE_META_KEY in value)) {
+        Object.defineProperty(value, PROVENANCE_META_KEY, {
+          value: {
+            id: metadata.id,
+            source: metadata.source,
+            readers: metadata.readers,
+            dependencies: metadata.dependencies
+          },
+          writable: false,
+          enumerable: true,
+          configurable: true
+        });
+      }
+    } catch (e) {
+    }
+  }
+  if (Array.isArray(value)) {
+    for (const item of value) {
+      attachProvenanceMetaForCheckpoint(item, visited);
+    }
+  } else {
+    for (const key in value) {
+      if (Object.prototype.hasOwnProperty.call(value, key) && key !== PROVENANCE_ID_KEY && key !== PROVENANCE_META_KEY) {
+        attachProvenanceMetaForCheckpoint(value[key], visited);
+      }
+    }
+  }
+}
+__name(attachProvenanceMetaForCheckpoint, "attachProvenanceMetaForCheckpoint");
 function getAllProvenance(value, visited = /* @__PURE__ */ new Set()) {
   if (value === null || value === void 0 || typeof value !== "object") {
     return [];
@@ -1931,11 +1998,228 @@ function createTrackingRuntime() {
 }
 __name(createTrackingRuntime, "createTrackingRuntime");
+// src/checkpoint-integration.ts
+function extractProvenanceRecursive(value, extractor, path = "", visited = /* @__PURE__ */ new WeakSet()) {
+  const entries = [];
+  const primitives = [];
+  let hasRestrictedData = false;
+  if (value === null || value === void 0) {
+    return {
+      entries,
+      primitives,
+      hasRestrictedData
+    };
+  }
+  if (typeof value !== "object") {
+    const primMeta = extractor(value);
+    if (primMeta) {
+      primitives.push([
+        `${path}:${String(value)}`,
+        primMeta
+      ]);
+      if (primMeta.readers?.type === "restricted") {
+        hasRestrictedData = true;
+      }
+    }
+    return {
+      entries,
+      primitives,
+      hasRestrictedData
+    };
+  }
+  if (visited.has(value)) {
+    return {
+      entries,
+      primitives,
+      hasRestrictedData
+    };
+  }
+  visited.add(value);
+  const metadata = extractor(value);
+  if (metadata) {
+    entries.push({
+      path,
+      metadata
+    });
+    if (metadata.readers?.type === "restricted") {
+      hasRestrictedData = true;
+    }
+  }
+  if (Array.isArray(value)) {
+    for (let i = 0; i < value.length; i++) {
+      const itemPath = `${path}[${i}]`;
+      const itemResult = extractProvenanceRecursive(value[i], extractor, itemPath, visited);
+      entries.push(...itemResult.entries);
+      primitives.push(...itemResult.primitives);
+      if (itemResult.hasRestrictedData) {
+        hasRestrictedData = true;
+      }
+    }
+  } else {
+    for (const key of Object.keys(value)) {
+      if (key === PROVENANCE_PROPERTY_NAMES.PROVENANCE_ID || key === PROVENANCE_PROPERTY_NAMES.PROVENANCE || key === PROVENANCE_PROPERTY_NAMES.PROVENANCE_META) {
+        continue;
+      }
+      const propPath = path ? `${path}.${key}` : `.${key}`;
+      const propResult = extractProvenanceRecursive(value[key], extractor, propPath, visited);
+      entries.push(...propResult.entries);
+      primitives.push(...propResult.primitives);
+      if (propResult.hasRestrictedData) {
+        hasRestrictedData = true;
+      }
+    }
+  }
+  return {
+    entries,
+    primitives,
+    hasRestrictedData
+  };
+}
+__name(extractProvenanceRecursive, "extractProvenanceRecursive");
+function restoreProvenanceFromSnapshot(value, snapshot, attacher) {
+  if (!attacher) {
+    return value;
+  }
+  if (snapshot.primitives) {
+    for (const [key, primMeta] of snapshot.primitives) {
+      attacher(null, primMeta, [
+        [
+          key,
+          primMeta
+        ]
+      ]);
+    }
+  }
+  if (snapshot.entries && snapshot.entries.length > 0) {
+    return restoreProvenanceByPath(value, snapshot.entries, attacher);
+  }
+  if (snapshot.metadata) {
+    return attacher(value, snapshot.metadata, snapshot.primitives);
+  }
+  return value;
+}
+__name(restoreProvenanceFromSnapshot, "restoreProvenanceFromSnapshot");
+function restoreProvenanceByPath(value, entries, attacher) {
+  if (!entries || entries.length === 0) {
+    return value;
+  }
+  const sortedEntries = [
+    ...entries
+  ].sort((a, b) => b.path.length - a.path.length);
+  let result = deepClone(value);
+  for (const entry of sortedEntries) {
+    if (entry.path === "") {
+      result = attacher(result, entry.metadata, void 0);
+    } else {
+      result = attachProvenanceAtPath(result, entry.path, entry.metadata, attacher);
+    }
+  }
+  return result;
+}
+__name(restoreProvenanceByPath, "restoreProvenanceByPath");
+function attachProvenanceAtPath(root, path, metadata, attacher) {
+  const segments = parsePath(path);
+  if (segments.length === 0) {
+    return attacher(root, metadata, void 0);
+  }
+  let current = root;
+  const parentSegments = segments.slice(0, -1);
+  const lastSegment = segments[segments.length - 1];
+  for (const segment of parentSegments) {
+    if (current === null || current === void 0) {
+      return root;
+    }
+    current = current[segment];
+  }
+  if (current === null || current === void 0 || lastSegment === void 0) {
+    return root;
+  }
+  const targetValue = current[lastSegment];
+  const wrappedValue = attacher(targetValue, metadata, void 0);
+  current[lastSegment] = wrappedValue;
+  return root;
+}
+__name(attachProvenanceAtPath, "attachProvenanceAtPath");
+function parsePath(path) {
+  const segments = [];
+  let current = "";
+  let inBracket = false;
+  for (const char of path) {
+    if (char === "[") {
+      if (current) {
+        segments.push(current);
+        current = "";
+      }
+      inBracket = true;
+    } else if (char === "]") {
+      if (current) {
+        segments.push(current);
+        current = "";
+      }
+      inBracket = false;
+    } else if (char === "." && !inBracket) {
+      if (current) {
+        segments.push(current);
+        current = "";
+      }
+    } else {
+      current += char;
+    }
+  }
+  if (current) {
+    segments.push(current);
+  }
+  return segments;
+}
+__name(parsePath, "parsePath");
+function deepClone(value) {
+  if (value === null || value === void 0) {
+    return value;
+  }
+  if (typeof value !== "object") {
+    return value;
+  }
+  try {
+    return JSON.parse(JSON.stringify(value));
+  } catch {
+    return value;
+  }
+}
+__name(deepClone, "deepClone");
+function hasRestrictedProvenance(snapshot) {
+  if (!snapshot) {
+    return false;
+  }
+  if (snapshot.hasRestrictedData) {
+    return true;
+  }
+  if (snapshot.metadata?.readers?.type === "restricted") {
+    return true;
+  }
+  if (snapshot.entries) {
+    for (const entry of snapshot.entries) {
+      if (entry.metadata?.readers?.type === "restricted") {
+        return true;
+      }
+    }
+  }
+  if (snapshot.primitives) {
+    for (const [, primMeta] of snapshot.primitives) {
+      if (primMeta.readers?.type === "restricted") {
+        return true;
+      }
+    }
+  }
+  return false;
+}
+__name(hasRestrictedProvenance, "hasRestrictedProvenance");
 exports.ConditionSchema = ConditionSchema;
 exports.DeclarativePolicyConfigSchema = DeclarativePolicyConfigSchema;
 exports.DynamicPolicyRegistry = DynamicPolicyRegistry;
 exports.InMemoryProvenanceStore = InMemoryProvenanceStore;
 exports.OperatorSchema = OperatorSchema;
+exports.PROVENANCE_PROPERTY_NAMES = PROVENANCE_PROPERTY_NAMES;
 exports.PolicyActionSchema = PolicyActionSchema;
 exports.PolicyBuilder = PolicyBuilder;
 exports.PolicyConfigurationSchema = PolicyConfigurationSchema;
@@ -1943,6 +2227,7 @@ exports.PolicyRuleSchema = PolicyRuleSchema;
 exports.ProvenanceSecurityError = ProvenanceSecurityError;
 exports.RuleBuilder = RuleBuilder;
 exports.SecurityPolicyEngine = SecurityPolicyEngine;
+exports.attachProvenanceMetaForCheckpoint = attachProvenanceMetaForCheckpoint;
 exports.auditSensitiveAccess = auditSensitiveAccess;
 exports.blockLLMRecipients = blockLLMRecipients;
 exports.blockLLMRecipientsWithApproval = blockLLMRecipientsWithApproval;
@@ -1956,6 +2241,8 @@ exports.createCustomPolicy = createCustomPolicy;
 exports.createDeclarativePolicy = createDeclarativePolicy;
 exports.createProvenanceProxy = createProvenanceProxy;
 exports.createTrackingRuntime = createTrackingRuntime;
+exports.deepClone = deepClone;
+exports.extractProvenanceRecursive = extractProvenanceRecursive;
 exports.getAllProvenance = getAllProvenance;
 exports.getBuiltInPolicies = getBuiltInPolicies;
 exports.getBuiltInPoliciesWithApproval = getBuiltInPoliciesWithApproval;
@@ -1963,6 +2250,7 @@ exports.getClientSecret = getClientSecret;
 exports.getProvenance = getProvenance;
 exports.getProvenanceForPrimitive = getProvenanceForPrimitive;
 exports.hasProvenance = hasProvenance;
+exports.hasRestrictedProvenance = hasRestrictedProvenance;
 exports.hydrateExecutionProvenance = hydrateExecutionProvenance;
 exports.hydrateProvenance = hydrateProvenance;
 exports.instrumentCode = instrumentCode;
@@ -1970,11 +2258,13 @@ exports.isPrimitiveTainted = isPrimitiveTainted;
 exports.issueProvenanceToken = issueProvenanceToken;
 exports.loadDeclarativePolicies = loadDeclarativePolicies;
 exports.markPrimitiveTainted = markPrimitiveTainted;
+exports.parsePath = parsePath;
 exports.preventDataExfiltration = preventDataExfiltration;
 exports.preventDataExfiltrationWithApproval = preventDataExfiltrationWithApproval;
 exports.registerProvenanceMetadata = registerProvenanceMetadata;
 exports.requireUserOrigin = requireUserOrigin;
 exports.requireUserOriginWithApproval = requireUserOriginWithApproval;
+exports.restoreProvenanceFromSnapshot = restoreProvenanceFromSnapshot;
 exports.restoreProvenanceSnapshot = restoreProvenanceSnapshot;
 exports.restoreProvenanceState = restoreProvenanceState;
 exports.setGlobalProvenanceStore = setGlobalProvenanceStore;