forkit-connect 0.1.33 → 0.1.35

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/v1/service.js +70 -24
  2. package/package.json +1 -1
@@ -52,9 +52,54 @@ const SMART_INBOX_CONFIDENCE_PRIORITY = {
52
52
  low: 2,
53
53
  };
54
54
  const SMART_INBOX_FRESH_MAX_AGE_MS = 45 * 1000;
55
+ const C2_RUNTIME_SIGNAL_SENSITIVE_METADATA_PATTERNS = [
56
+ /prompt(?!_?tokens?$)/i,
57
+ /message/i,
58
+ /conversation/i,
59
+ /transcript/i,
60
+ /chat/i,
61
+ /log(s|_?text|_?content)?$/i,
62
+ /secret/i,
63
+ /password/i,
64
+ /api[_-]?key/i,
65
+ /token(?!s?($|_?(count|in|out|total|usage)$)|Usage$)/i,
66
+ /authorization/i,
67
+ /cookie/i,
68
+ /private[_-]?key/i,
69
+ /credential/i,
70
+ /email/i,
71
+ /phone/i,
72
+ /ssn/i,
73
+ /address/i,
74
+ /file[_-]?(content|body|text|data)/i,
75
+ /model[_-]?(weight|weights|binary|blob)/i,
76
+ /dataset[_-]?(row|rows|sample|content|record)/i,
77
+ ];
55
78
  function isRecord(value) {
56
79
  return Boolean(value) && typeof value === 'object' && !Array.isArray(value);
57
80
  }
81
+ function isSensitiveC2RuntimeSignalMetadataKey(key) {
82
+ return C2_RUNTIME_SIGNAL_SENSITIVE_METADATA_PATTERNS.some((pattern) => pattern.test(key));
83
+ }
84
+ function sanitizeC2RuntimeSignalMetadataValue(value) {
85
+ if (Array.isArray(value)) {
86
+ return value.map((item) => sanitizeC2RuntimeSignalMetadataValue(item));
87
+ }
88
+ if (!isRecord(value)) {
89
+ return value;
90
+ }
91
+ return sanitizeC2RuntimeSignalMetadata(value);
92
+ }
93
+ function sanitizeC2RuntimeSignalMetadata(metadata) {
94
+ const safeMetadata = {};
95
+ for (const [key, value] of Object.entries(metadata)) {
96
+ if (isSensitiveC2RuntimeSignalMetadataKey(key)) {
97
+ continue;
98
+ }
99
+ safeMetadata[key] = sanitizeC2RuntimeSignalMetadataValue(value);
100
+ }
101
+ return safeMetadata;
102
+ }
58
103
  function extractApiErrorCode(body) {
59
104
  if (!isRecord(body))
60
105
  return null;
@@ -6921,34 +6966,35 @@ class ConnectV1Service {
6921
6966
  return nextSession;
6922
6967
  }
6923
6968
  buildC2RuntimeSignalPayload(event, apiKey, scope) {
6969
+ const metadata = sanitizeC2RuntimeSignalMetadata({
6970
+ client_event_id: event.event_id, // traceable but excluded from server idempotency hash
6971
+ runtime_gaid: event.runtime_gaid,
6972
+ runtime_name: event.runtime_name,
6973
+ runtime_type: event.runtime_type,
6974
+ model_name: event.model_name,
6975
+ discoveryHash: event.discovery_hash,
6976
+ registrationKey: event.registration_key,
6977
+ passportGaid: event.passport_gaid,
6978
+ pulse_status: event.pulse_status,
6979
+ connection_classification: event.connection_classification,
6980
+ daemon_running: event.daemon_running,
6981
+ shadow_candidate_reason: event.shadow_candidate_reason,
6982
+ ...event.metadata,
6983
+ binding_id: scope?.bindingId ?? null,
6984
+ connect_device_id: scope?.connectDeviceId ?? null,
6985
+ workspaceId: scope?.workspaceId ?? event.workspace_id ?? null,
6986
+ projectId: scope?.projectId ?? event.project_id ?? null,
6987
+ workspace_id: scope?.workspaceId ?? event.workspace_id ?? null,
6988
+ project_id: scope?.projectId ?? event.project_id ?? null,
6989
+ evidence_type: 'observed_runtime_session',
6990
+ });
6924
6991
  return {
6925
6992
  gaid: event.passport_gaid,
6926
6993
  apiKey,
6927
6994
  binding_id: scope?.bindingId ?? null,
6928
6995
  eventType: event.event_type,
6929
6996
  timestamp: event.occurred_at,
6930
- metadata: {
6931
- client_event_id: event.event_id, // traceable but excluded from server idempotency hash
6932
- runtime_gaid: event.runtime_gaid,
6933
- runtime_name: event.runtime_name,
6934
- runtime_type: event.runtime_type,
6935
- model_name: event.model_name,
6936
- discoveryHash: event.discovery_hash,
6937
- registrationKey: event.registration_key,
6938
- passportGaid: event.passport_gaid,
6939
- pulse_status: event.pulse_status,
6940
- connection_classification: event.connection_classification,
6941
- daemon_running: event.daemon_running,
6942
- shadow_candidate_reason: event.shadow_candidate_reason,
6943
- ...event.metadata,
6944
- binding_id: scope?.bindingId ?? null,
6945
- connect_device_id: scope?.connectDeviceId ?? null,
6946
- workspaceId: scope?.workspaceId ?? event.workspace_id ?? null,
6947
- projectId: scope?.projectId ?? event.project_id ?? null,
6948
- workspace_id: scope?.workspaceId ?? event.workspace_id ?? null,
6949
- project_id: scope?.projectId ?? event.project_id ?? null,
6950
- evidence_type: 'observed_runtime_session',
6951
- },
6997
+ metadata,
6952
6998
  };
6953
6999
  }
6954
7000
  runtimeRecommendedAction(runtimePassport) {
@@ -7132,7 +7178,7 @@ class ConnectV1Service {
7132
7178
  return;
7133
7179
  }
7134
7180
  try {
7135
- const result = await this.getApiClient(currentState).pushRuntimeSignalEvent(this.buildC2RuntimeSignalPayload(event, apiKey, runtimeScope));
7181
+ const result = await this.getApiClientWithSessionToken(apiKey).pushRuntimeSignalEvent(this.buildC2RuntimeSignalPayload(event, apiKey, runtimeScope));
7136
7182
  if (!result.ok) {
7137
7183
  // 429 rate-limit — halt the current flush cycle and respect Retry-After.
7138
7184
  if (result.status === 429) {
@@ -8852,7 +8898,7 @@ class ConnectV1Service {
8852
8898
  ...item.payload,
8853
8899
  apiKey: resolvedRuntimeSignalApiKey,
8854
8900
  };
8855
- const result = await api.pushRuntimeSignalEvent(this.withRuntimeBindingPayload(payloadWithRuntimeKey, runtimeScope));
8901
+ const result = await this.getApiClientWithSessionToken(resolvedRuntimeSignalApiKey).pushRuntimeSignalEvent(this.withRuntimeBindingPayload(payloadWithRuntimeKey, runtimeScope));
8856
8902
  if (!result.ok) {
8857
8903
  const metadataValue = item.payload?.metadata;
8858
8904
  const metadata = metadataValue && typeof metadataValue === 'object' && !Array.isArray(metadataValue)
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "forkit-connect",
3
- "version": "0.1.33",
3
+ "version": "0.1.35",
4
4
  "description": "Forkit Connect Local Engine - The Global AI Governance Fabric",
5
5
  "license": "MIT",
6
6
  "main": "dist/index.js",