forkit-connect 0.1.33 → 0.1.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/v1/service.js +70 -24
- package/package.json +1 -1
package/dist/v1/service.js
CHANGED
|
@@ -52,9 +52,54 @@ const SMART_INBOX_CONFIDENCE_PRIORITY = {
|
|
|
52
52
|
low: 2,
|
|
53
53
|
};
|
|
54
54
|
const SMART_INBOX_FRESH_MAX_AGE_MS = 45 * 1000;
|
|
55
|
+
const C2_RUNTIME_SIGNAL_SENSITIVE_METADATA_PATTERNS = [
|
|
56
|
+
/prompt(?!_?tokens?$)/i,
|
|
57
|
+
/message/i,
|
|
58
|
+
/conversation/i,
|
|
59
|
+
/transcript/i,
|
|
60
|
+
/chat/i,
|
|
61
|
+
/log(s|_?text|_?content)?$/i,
|
|
62
|
+
/secret/i,
|
|
63
|
+
/password/i,
|
|
64
|
+
/api[_-]?key/i,
|
|
65
|
+
/token(?!s?($|_?(count|in|out|total|usage)$)|Usage$)/i,
|
|
66
|
+
/authorization/i,
|
|
67
|
+
/cookie/i,
|
|
68
|
+
/private[_-]?key/i,
|
|
69
|
+
/credential/i,
|
|
70
|
+
/email/i,
|
|
71
|
+
/phone/i,
|
|
72
|
+
/ssn/i,
|
|
73
|
+
/address/i,
|
|
74
|
+
/file[_-]?(content|body|text|data)/i,
|
|
75
|
+
/model[_-]?(weight|weights|binary|blob)/i,
|
|
76
|
+
/dataset[_-]?(row|rows|sample|content|record)/i,
|
|
77
|
+
];
|
|
55
78
|
function isRecord(value) {
|
|
56
79
|
return Boolean(value) && typeof value === 'object' && !Array.isArray(value);
|
|
57
80
|
}
|
|
81
|
+
function isSensitiveC2RuntimeSignalMetadataKey(key) {
|
|
82
|
+
return C2_RUNTIME_SIGNAL_SENSITIVE_METADATA_PATTERNS.some((pattern) => pattern.test(key));
|
|
83
|
+
}
|
|
84
|
+
function sanitizeC2RuntimeSignalMetadataValue(value) {
|
|
85
|
+
if (Array.isArray(value)) {
|
|
86
|
+
return value.map((item) => sanitizeC2RuntimeSignalMetadataValue(item));
|
|
87
|
+
}
|
|
88
|
+
if (!isRecord(value)) {
|
|
89
|
+
return value;
|
|
90
|
+
}
|
|
91
|
+
return sanitizeC2RuntimeSignalMetadata(value);
|
|
92
|
+
}
|
|
93
|
+
function sanitizeC2RuntimeSignalMetadata(metadata) {
|
|
94
|
+
const safeMetadata = {};
|
|
95
|
+
for (const [key, value] of Object.entries(metadata)) {
|
|
96
|
+
if (isSensitiveC2RuntimeSignalMetadataKey(key)) {
|
|
97
|
+
continue;
|
|
98
|
+
}
|
|
99
|
+
safeMetadata[key] = sanitizeC2RuntimeSignalMetadataValue(value);
|
|
100
|
+
}
|
|
101
|
+
return safeMetadata;
|
|
102
|
+
}
|
|
58
103
|
function extractApiErrorCode(body) {
|
|
59
104
|
if (!isRecord(body))
|
|
60
105
|
return null;
|
|
@@ -6921,34 +6966,35 @@ class ConnectV1Service {
|
|
|
6921
6966
|
return nextSession;
|
|
6922
6967
|
}
|
|
6923
6968
|
buildC2RuntimeSignalPayload(event, apiKey, scope) {
|
|
6969
|
+
const metadata = sanitizeC2RuntimeSignalMetadata({
|
|
6970
|
+
client_event_id: event.event_id, // traceable but excluded from server idempotency hash
|
|
6971
|
+
runtime_gaid: event.runtime_gaid,
|
|
6972
|
+
runtime_name: event.runtime_name,
|
|
6973
|
+
runtime_type: event.runtime_type,
|
|
6974
|
+
model_name: event.model_name,
|
|
6975
|
+
discoveryHash: event.discovery_hash,
|
|
6976
|
+
registrationKey: event.registration_key,
|
|
6977
|
+
passportGaid: event.passport_gaid,
|
|
6978
|
+
pulse_status: event.pulse_status,
|
|
6979
|
+
connection_classification: event.connection_classification,
|
|
6980
|
+
daemon_running: event.daemon_running,
|
|
6981
|
+
shadow_candidate_reason: event.shadow_candidate_reason,
|
|
6982
|
+
...event.metadata,
|
|
6983
|
+
binding_id: scope?.bindingId ?? null,
|
|
6984
|
+
connect_device_id: scope?.connectDeviceId ?? null,
|
|
6985
|
+
workspaceId: scope?.workspaceId ?? event.workspace_id ?? null,
|
|
6986
|
+
projectId: scope?.projectId ?? event.project_id ?? null,
|
|
6987
|
+
workspace_id: scope?.workspaceId ?? event.workspace_id ?? null,
|
|
6988
|
+
project_id: scope?.projectId ?? event.project_id ?? null,
|
|
6989
|
+
evidence_type: 'observed_runtime_session',
|
|
6990
|
+
});
|
|
6924
6991
|
return {
|
|
6925
6992
|
gaid: event.passport_gaid,
|
|
6926
6993
|
apiKey,
|
|
6927
6994
|
binding_id: scope?.bindingId ?? null,
|
|
6928
6995
|
eventType: event.event_type,
|
|
6929
6996
|
timestamp: event.occurred_at,
|
|
6930
|
-
metadata
|
|
6931
|
-
client_event_id: event.event_id, // traceable but excluded from server idempotency hash
|
|
6932
|
-
runtime_gaid: event.runtime_gaid,
|
|
6933
|
-
runtime_name: event.runtime_name,
|
|
6934
|
-
runtime_type: event.runtime_type,
|
|
6935
|
-
model_name: event.model_name,
|
|
6936
|
-
discoveryHash: event.discovery_hash,
|
|
6937
|
-
registrationKey: event.registration_key,
|
|
6938
|
-
passportGaid: event.passport_gaid,
|
|
6939
|
-
pulse_status: event.pulse_status,
|
|
6940
|
-
connection_classification: event.connection_classification,
|
|
6941
|
-
daemon_running: event.daemon_running,
|
|
6942
|
-
shadow_candidate_reason: event.shadow_candidate_reason,
|
|
6943
|
-
...event.metadata,
|
|
6944
|
-
binding_id: scope?.bindingId ?? null,
|
|
6945
|
-
connect_device_id: scope?.connectDeviceId ?? null,
|
|
6946
|
-
workspaceId: scope?.workspaceId ?? event.workspace_id ?? null,
|
|
6947
|
-
projectId: scope?.projectId ?? event.project_id ?? null,
|
|
6948
|
-
workspace_id: scope?.workspaceId ?? event.workspace_id ?? null,
|
|
6949
|
-
project_id: scope?.projectId ?? event.project_id ?? null,
|
|
6950
|
-
evidence_type: 'observed_runtime_session',
|
|
6951
|
-
},
|
|
6997
|
+
metadata,
|
|
6952
6998
|
};
|
|
6953
6999
|
}
|
|
6954
7000
|
runtimeRecommendedAction(runtimePassport) {
|
|
@@ -7132,7 +7178,7 @@ class ConnectV1Service {
|
|
|
7132
7178
|
return;
|
|
7133
7179
|
}
|
|
7134
7180
|
try {
|
|
7135
|
-
const result = await this.
|
|
7181
|
+
const result = await this.getApiClientWithSessionToken(apiKey).pushRuntimeSignalEvent(this.buildC2RuntimeSignalPayload(event, apiKey, runtimeScope));
|
|
7136
7182
|
if (!result.ok) {
|
|
7137
7183
|
// 429 rate-limit — halt the current flush cycle and respect Retry-After.
|
|
7138
7184
|
if (result.status === 429) {
|
|
@@ -8852,7 +8898,7 @@ class ConnectV1Service {
|
|
|
8852
8898
|
...item.payload,
|
|
8853
8899
|
apiKey: resolvedRuntimeSignalApiKey,
|
|
8854
8900
|
};
|
|
8855
|
-
const result = await
|
|
8901
|
+
const result = await this.getApiClientWithSessionToken(resolvedRuntimeSignalApiKey).pushRuntimeSignalEvent(this.withRuntimeBindingPayload(payloadWithRuntimeKey, runtimeScope));
|
|
8856
8902
|
if (!result.ok) {
|
|
8857
8903
|
const metadataValue = item.payload?.metadata;
|
|
8858
8904
|
const metadata = metadataValue && typeof metadataValue === 'object' && !Array.isArray(metadataValue)
|