forkit-connect 0.1.34 → 0.1.35

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/v1/service.js +68 -22
  2. package/package.json +1 -1
@@ -52,9 +52,54 @@ const SMART_INBOX_CONFIDENCE_PRIORITY = {
52
52
  low: 2,
53
53
  };
54
54
  const SMART_INBOX_FRESH_MAX_AGE_MS = 45 * 1000;
55
+ const C2_RUNTIME_SIGNAL_SENSITIVE_METADATA_PATTERNS = [
56
+ /prompt(?!_?tokens?$)/i,
57
+ /message/i,
58
+ /conversation/i,
59
+ /transcript/i,
60
+ /chat/i,
61
+ /log(s|_?text|_?content)?$/i,
62
+ /secret/i,
63
+ /password/i,
64
+ /api[_-]?key/i,
65
+ /token(?!s?($|_?(count|in|out|total|usage)$)|Usage$)/i,
66
+ /authorization/i,
67
+ /cookie/i,
68
+ /private[_-]?key/i,
69
+ /credential/i,
70
+ /email/i,
71
+ /phone/i,
72
+ /ssn/i,
73
+ /address/i,
74
+ /file[_-]?(content|body|text|data)/i,
75
+ /model[_-]?(weight|weights|binary|blob)/i,
76
+ /dataset[_-]?(row|rows|sample|content|record)/i,
77
+ ];
55
78
  function isRecord(value) {
56
79
  return Boolean(value) && typeof value === 'object' && !Array.isArray(value);
57
80
  }
81
+ function isSensitiveC2RuntimeSignalMetadataKey(key) {
82
+ return C2_RUNTIME_SIGNAL_SENSITIVE_METADATA_PATTERNS.some((pattern) => pattern.test(key));
83
+ }
84
+ function sanitizeC2RuntimeSignalMetadataValue(value) {
85
+ if (Array.isArray(value)) {
86
+ return value.map((item) => sanitizeC2RuntimeSignalMetadataValue(item));
87
+ }
88
+ if (!isRecord(value)) {
89
+ return value;
90
+ }
91
+ return sanitizeC2RuntimeSignalMetadata(value);
92
+ }
93
+ function sanitizeC2RuntimeSignalMetadata(metadata) {
94
+ const safeMetadata = {};
95
+ for (const [key, value] of Object.entries(metadata)) {
96
+ if (isSensitiveC2RuntimeSignalMetadataKey(key)) {
97
+ continue;
98
+ }
99
+ safeMetadata[key] = sanitizeC2RuntimeSignalMetadataValue(value);
100
+ }
101
+ return safeMetadata;
102
+ }
58
103
  function extractApiErrorCode(body) {
59
104
  if (!isRecord(body))
60
105
  return null;
@@ -6921,34 +6966,35 @@ class ConnectV1Service {
6921
6966
  return nextSession;
6922
6967
  }
6923
6968
  buildC2RuntimeSignalPayload(event, apiKey, scope) {
6969
+ const metadata = sanitizeC2RuntimeSignalMetadata({
6970
+ client_event_id: event.event_id, // traceable but excluded from server idempotency hash
6971
+ runtime_gaid: event.runtime_gaid,
6972
+ runtime_name: event.runtime_name,
6973
+ runtime_type: event.runtime_type,
6974
+ model_name: event.model_name,
6975
+ discoveryHash: event.discovery_hash,
6976
+ registrationKey: event.registration_key,
6977
+ passportGaid: event.passport_gaid,
6978
+ pulse_status: event.pulse_status,
6979
+ connection_classification: event.connection_classification,
6980
+ daemon_running: event.daemon_running,
6981
+ shadow_candidate_reason: event.shadow_candidate_reason,
6982
+ ...event.metadata,
6983
+ binding_id: scope?.bindingId ?? null,
6984
+ connect_device_id: scope?.connectDeviceId ?? null,
6985
+ workspaceId: scope?.workspaceId ?? event.workspace_id ?? null,
6986
+ projectId: scope?.projectId ?? event.project_id ?? null,
6987
+ workspace_id: scope?.workspaceId ?? event.workspace_id ?? null,
6988
+ project_id: scope?.projectId ?? event.project_id ?? null,
6989
+ evidence_type: 'observed_runtime_session',
6990
+ });
6924
6991
  return {
6925
6992
  gaid: event.passport_gaid,
6926
6993
  apiKey,
6927
6994
  binding_id: scope?.bindingId ?? null,
6928
6995
  eventType: event.event_type,
6929
6996
  timestamp: event.occurred_at,
6930
- metadata: {
6931
- client_event_id: event.event_id, // traceable but excluded from server idempotency hash
6932
- runtime_gaid: event.runtime_gaid,
6933
- runtime_name: event.runtime_name,
6934
- runtime_type: event.runtime_type,
6935
- model_name: event.model_name,
6936
- discoveryHash: event.discovery_hash,
6937
- registrationKey: event.registration_key,
6938
- passportGaid: event.passport_gaid,
6939
- pulse_status: event.pulse_status,
6940
- connection_classification: event.connection_classification,
6941
- daemon_running: event.daemon_running,
6942
- shadow_candidate_reason: event.shadow_candidate_reason,
6943
- ...event.metadata,
6944
- binding_id: scope?.bindingId ?? null,
6945
- connect_device_id: scope?.connectDeviceId ?? null,
6946
- workspaceId: scope?.workspaceId ?? event.workspace_id ?? null,
6947
- projectId: scope?.projectId ?? event.project_id ?? null,
6948
- workspace_id: scope?.workspaceId ?? event.workspace_id ?? null,
6949
- project_id: scope?.projectId ?? event.project_id ?? null,
6950
- evidence_type: 'observed_runtime_session',
6951
- },
6997
+ metadata,
6952
6998
  };
6953
6999
  }
6954
7000
  runtimeRecommendedAction(runtimePassport) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "forkit-connect",
3
- "version": "0.1.34",
3
+ "version": "0.1.35",
4
4
  "description": "Forkit Connect Local Engine - The Global AI Governance Fabric",
5
5
  "license": "MIT",
6
6
  "main": "dist/index.js",