forkit-connect 0.1.34 → 0.1.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/v1/service.js +68 -22
- package/package.json +1 -1
package/dist/v1/service.js
CHANGED
|
@@ -52,9 +52,54 @@ const SMART_INBOX_CONFIDENCE_PRIORITY = {
|
|
|
52
52
|
low: 2,
|
|
53
53
|
};
|
|
54
54
|
const SMART_INBOX_FRESH_MAX_AGE_MS = 45 * 1000;
|
|
55
|
+
const C2_RUNTIME_SIGNAL_SENSITIVE_METADATA_PATTERNS = [
|
|
56
|
+
/prompt(?!_?tokens?$)/i,
|
|
57
|
+
/message/i,
|
|
58
|
+
/conversation/i,
|
|
59
|
+
/transcript/i,
|
|
60
|
+
/chat/i,
|
|
61
|
+
/log(s|_?text|_?content)?$/i,
|
|
62
|
+
/secret/i,
|
|
63
|
+
/password/i,
|
|
64
|
+
/api[_-]?key/i,
|
|
65
|
+
/token(?!s?($|_?(count|in|out|total|usage)$)|Usage$)/i,
|
|
66
|
+
/authorization/i,
|
|
67
|
+
/cookie/i,
|
|
68
|
+
/private[_-]?key/i,
|
|
69
|
+
/credential/i,
|
|
70
|
+
/email/i,
|
|
71
|
+
/phone/i,
|
|
72
|
+
/ssn/i,
|
|
73
|
+
/address/i,
|
|
74
|
+
/file[_-]?(content|body|text|data)/i,
|
|
75
|
+
/model[_-]?(weight|weights|binary|blob)/i,
|
|
76
|
+
/dataset[_-]?(row|rows|sample|content|record)/i,
|
|
77
|
+
];
|
|
55
78
|
function isRecord(value) {
|
|
56
79
|
return Boolean(value) && typeof value === 'object' && !Array.isArray(value);
|
|
57
80
|
}
|
|
81
|
+
function isSensitiveC2RuntimeSignalMetadataKey(key) {
|
|
82
|
+
return C2_RUNTIME_SIGNAL_SENSITIVE_METADATA_PATTERNS.some((pattern) => pattern.test(key));
|
|
83
|
+
}
|
|
84
|
+
function sanitizeC2RuntimeSignalMetadataValue(value) {
|
|
85
|
+
if (Array.isArray(value)) {
|
|
86
|
+
return value.map((item) => sanitizeC2RuntimeSignalMetadataValue(item));
|
|
87
|
+
}
|
|
88
|
+
if (!isRecord(value)) {
|
|
89
|
+
return value;
|
|
90
|
+
}
|
|
91
|
+
return sanitizeC2RuntimeSignalMetadata(value);
|
|
92
|
+
}
|
|
93
|
+
function sanitizeC2RuntimeSignalMetadata(metadata) {
|
|
94
|
+
const safeMetadata = {};
|
|
95
|
+
for (const [key, value] of Object.entries(metadata)) {
|
|
96
|
+
if (isSensitiveC2RuntimeSignalMetadataKey(key)) {
|
|
97
|
+
continue;
|
|
98
|
+
}
|
|
99
|
+
safeMetadata[key] = sanitizeC2RuntimeSignalMetadataValue(value);
|
|
100
|
+
}
|
|
101
|
+
return safeMetadata;
|
|
102
|
+
}
|
|
58
103
|
function extractApiErrorCode(body) {
|
|
59
104
|
if (!isRecord(body))
|
|
60
105
|
return null;
|
|
@@ -6921,34 +6966,35 @@ class ConnectV1Service {
|
|
|
6921
6966
|
return nextSession;
|
|
6922
6967
|
}
|
|
6923
6968
|
buildC2RuntimeSignalPayload(event, apiKey, scope) {
|
|
6969
|
+
const metadata = sanitizeC2RuntimeSignalMetadata({
|
|
6970
|
+
client_event_id: event.event_id, // traceable but excluded from server idempotency hash
|
|
6971
|
+
runtime_gaid: event.runtime_gaid,
|
|
6972
|
+
runtime_name: event.runtime_name,
|
|
6973
|
+
runtime_type: event.runtime_type,
|
|
6974
|
+
model_name: event.model_name,
|
|
6975
|
+
discoveryHash: event.discovery_hash,
|
|
6976
|
+
registrationKey: event.registration_key,
|
|
6977
|
+
passportGaid: event.passport_gaid,
|
|
6978
|
+
pulse_status: event.pulse_status,
|
|
6979
|
+
connection_classification: event.connection_classification,
|
|
6980
|
+
daemon_running: event.daemon_running,
|
|
6981
|
+
shadow_candidate_reason: event.shadow_candidate_reason,
|
|
6982
|
+
...event.metadata,
|
|
6983
|
+
binding_id: scope?.bindingId ?? null,
|
|
6984
|
+
connect_device_id: scope?.connectDeviceId ?? null,
|
|
6985
|
+
workspaceId: scope?.workspaceId ?? event.workspace_id ?? null,
|
|
6986
|
+
projectId: scope?.projectId ?? event.project_id ?? null,
|
|
6987
|
+
workspace_id: scope?.workspaceId ?? event.workspace_id ?? null,
|
|
6988
|
+
project_id: scope?.projectId ?? event.project_id ?? null,
|
|
6989
|
+
evidence_type: 'observed_runtime_session',
|
|
6990
|
+
});
|
|
6924
6991
|
return {
|
|
6925
6992
|
gaid: event.passport_gaid,
|
|
6926
6993
|
apiKey,
|
|
6927
6994
|
binding_id: scope?.bindingId ?? null,
|
|
6928
6995
|
eventType: event.event_type,
|
|
6929
6996
|
timestamp: event.occurred_at,
|
|
6930
|
-
metadata
|
|
6931
|
-
client_event_id: event.event_id, // traceable but excluded from server idempotency hash
|
|
6932
|
-
runtime_gaid: event.runtime_gaid,
|
|
6933
|
-
runtime_name: event.runtime_name,
|
|
6934
|
-
runtime_type: event.runtime_type,
|
|
6935
|
-
model_name: event.model_name,
|
|
6936
|
-
discoveryHash: event.discovery_hash,
|
|
6937
|
-
registrationKey: event.registration_key,
|
|
6938
|
-
passportGaid: event.passport_gaid,
|
|
6939
|
-
pulse_status: event.pulse_status,
|
|
6940
|
-
connection_classification: event.connection_classification,
|
|
6941
|
-
daemon_running: event.daemon_running,
|
|
6942
|
-
shadow_candidate_reason: event.shadow_candidate_reason,
|
|
6943
|
-
...event.metadata,
|
|
6944
|
-
binding_id: scope?.bindingId ?? null,
|
|
6945
|
-
connect_device_id: scope?.connectDeviceId ?? null,
|
|
6946
|
-
workspaceId: scope?.workspaceId ?? event.workspace_id ?? null,
|
|
6947
|
-
projectId: scope?.projectId ?? event.project_id ?? null,
|
|
6948
|
-
workspace_id: scope?.workspaceId ?? event.workspace_id ?? null,
|
|
6949
|
-
project_id: scope?.projectId ?? event.project_id ?? null,
|
|
6950
|
-
evidence_type: 'observed_runtime_session',
|
|
6951
|
-
},
|
|
6997
|
+
metadata,
|
|
6952
6998
|
};
|
|
6953
6999
|
}
|
|
6954
7000
|
runtimeRecommendedAction(runtimePassport) {
|