haechi 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -50,7 +50,8 @@
50
50
  "filters": {
51
51
  "customRules": [],
52
52
  "minConfidence": 0,
53
- "allowlist": []
53
+ "allowlist": [],
54
+ "decodeAndRescan": false
54
55
  },
55
56
  "keys": {
56
57
  "provider": "local",
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "haechi",
3
- "version": "1.2.0",
3
+ "version": "1.3.0",
4
4
  "description": "Self-hosted AI context enforcement across LLM, MCP, vLLM, Ollama, and agent traffic — a stable, zero-dependency security gateway.",
5
5
  "license": "Apache-2.0",
6
6
  "type": "module",
@@ -76,11 +76,13 @@
76
76
  "checksums": "node scripts/release-checksums.mjs",
77
77
  "bench:payload": "node scripts/bench-payload.mjs",
78
78
  "bench:detection": "node scripts/bench-detection.mjs",
79
+ "bench:throughput": "node scripts/bench-throughput.mjs",
79
80
  "scan:detection": "node scripts/bench-detection.mjs --gate",
80
81
  "check:peer-ranges": "node scripts/check-satellite-peer-ranges.mjs",
81
82
  "release:preflight": "node scripts/release-preflight.mjs && node scripts/check-satellite-peer-ranges.mjs",
82
83
  "release:preflight:npm": "node scripts/release-preflight.mjs --require-npm-auth && node scripts/check-satellite-peer-ranges.mjs",
83
84
  "haechi": "node packages/cli/bin/haechi.mjs",
85
+ "demo": "node examples/local-proxy-demo/demo.mjs",
84
86
  "demo:init": "node packages/cli/bin/haechi.mjs init --force",
85
87
  "demo:protect": "node packages/cli/bin/haechi.mjs protect examples/llm-prompt-filtering/input.json --config haechi.config.json",
86
88
  "demo:report": "node packages/cli/bin/haechi.mjs report --audit .haechi/audit.jsonl"
@@ -737,7 +737,8 @@ Enforcement
737
737
 
738
738
  Upstream + proxy
739
739
  target.type llm-http | openai-compatible | vllm-openai |
740
- ollama | llama-cpp (unknown = fail)
740
+ ollama | llama-cpp | anthropic |
741
+ gemini (unknown = fail)
741
742
  target.upstream the only upstream the proxy forwards to
742
743
  proxy.host / proxy.port 127.0.0.1 / ${DEFAULT_PROXY_PORT}
743
744
  non-loopback host needs --allow-remote-bind (CLI flag)
@@ -777,7 +778,7 @@ Audit integrity
777
778
  audit.anchor.everyRecords anchor cadence (default 1)
778
779
 
779
780
  Privacy + MCP
780
- privacy.profile kr-pipa | eu-gdpr | us-general | null
781
+ privacy.profile kr-pipa | eu-gdpr | asia-pdpa | us-general | jp-appi | null
781
782
  mcp.allowedMethods client-callable method allowlist
782
783
 
783
784
  Binding beyond loopback (0.0.0.0):
@@ -103,7 +103,13 @@ export function defaultConfig() {
103
103
  // allowlist [] = no operator FP exceptions. Both additive; neither can
104
104
  // suppress a hard-block type (secret/api_key/kr_rrn/card) — see core.
105
105
  minConfidence: 0,
106
- allowlist: []
106
+ allowlist: [],
107
+ // WS2d residual — opt-in base64/percent decode-and-rescan. Default false =
108
+ // byte-identical to prior behavior (no decode). When true, a string leaf
109
+ // that looks base64/percent-encoded is decoded and rescanned; a decoded
110
+ // hit fails closed to a WHOLE-LEAF detection and only fires for a validator-
111
+ // backed / hard-block match (precision guard against random-base64 FPs).
112
+ decodeAndRescan: false
107
113
  },
108
114
  keys: {
109
115
  provider: "local",
@@ -716,6 +722,11 @@ function validateFilters(filters) {
716
722
  }
717
723
  }
718
724
  }
725
+ // WS2d residual — opt-in base64/percent decode-and-rescan. Strict boolean,
726
+ // fail-closed: a non-boolean throws rather than silently coercing.
727
+ if (filters.decodeAndRescan !== undefined && typeof filters.decodeAndRescan !== "boolean") {
728
+ throw new Error("filters.decodeAndRescan must be a boolean");
729
+ }
719
730
  }
720
731
 
721
732
  function validatePolicyExtras(policy) {