haechi 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.ko.md +46 -11
- package/README.md +46 -11
- package/docs/current/config-version.ko.md +2 -2
- package/docs/current/config-version.md +2 -2
- package/docs/current/configuration.ko.md +26 -10
- package/docs/current/configuration.md +26 -10
- package/docs/current/operations-runbook.ko.md +36 -2
- package/docs/current/operations-runbook.md +39 -2
- package/docs/current/release-process.ko.md +5 -1
- package/docs/current/release-process.md +5 -1
- package/docs/current/risk-register-release-gate.ko.md +4 -3
- package/docs/current/risk-register-release-gate.md +4 -3
- package/docs/current/shared-responsibility.ko.md +2 -2
- package/docs/current/shared-responsibility.md +2 -2
- package/docs/current/threat-model.ko.md +4 -3
- package/docs/current/threat-model.md +4 -3
- package/examples/local-proxy-demo/README.md +51 -0
- package/examples/local-proxy-demo/demo.mjs +144 -0
- package/examples/local-proxy-demo/demo.tape +19 -0
- package/examples/local-proxy-demo/live-demo.mjs +121 -0
- package/examples/local-proxy-demo/live-demo.tape +25 -0
- package/haechi.config.example.json +2 -1
- package/package.json +3 -1
- package/packages/cli/bin/haechi.mjs +3 -2
- package/packages/cli/runtime.mjs +12 -1
- package/packages/filter/index.mjs +679 -6
- package/packages/privacy-profiles/index.mjs +72 -3
- package/packages/protocol-adapters/index.mjs +99 -1
- package/packages/proxy/index.mjs +7 -1
- package/packages/stream-filter/index.mjs +69 -7
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "haechi",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.3.0",
|
|
4
4
|
"description": "Self-hosted AI context enforcement across LLM, MCP, vLLM, Ollama, and agent traffic — a stable, zero-dependency security gateway.",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"type": "module",
|
|
@@ -76,11 +76,13 @@
|
|
|
76
76
|
"checksums": "node scripts/release-checksums.mjs",
|
|
77
77
|
"bench:payload": "node scripts/bench-payload.mjs",
|
|
78
78
|
"bench:detection": "node scripts/bench-detection.mjs",
|
|
79
|
+
"bench:throughput": "node scripts/bench-throughput.mjs",
|
|
79
80
|
"scan:detection": "node scripts/bench-detection.mjs --gate",
|
|
80
81
|
"check:peer-ranges": "node scripts/check-satellite-peer-ranges.mjs",
|
|
81
82
|
"release:preflight": "node scripts/release-preflight.mjs && node scripts/check-satellite-peer-ranges.mjs",
|
|
82
83
|
"release:preflight:npm": "node scripts/release-preflight.mjs --require-npm-auth && node scripts/check-satellite-peer-ranges.mjs",
|
|
83
84
|
"haechi": "node packages/cli/bin/haechi.mjs",
|
|
85
|
+
"demo": "node examples/local-proxy-demo/demo.mjs",
|
|
84
86
|
"demo:init": "node packages/cli/bin/haechi.mjs init --force",
|
|
85
87
|
"demo:protect": "node packages/cli/bin/haechi.mjs protect examples/llm-prompt-filtering/input.json --config haechi.config.json",
|
|
86
88
|
"demo:report": "node packages/cli/bin/haechi.mjs report --audit .haechi/audit.jsonl"
|
|
@@ -737,7 +737,8 @@ Enforcement
|
|
|
737
737
|
|
|
738
738
|
Upstream + proxy
|
|
739
739
|
target.type llm-http | openai-compatible | vllm-openai |
|
|
740
|
-
ollama | llama-cpp
|
|
740
|
+
ollama | llama-cpp | anthropic |
|
|
741
|
+
gemini (unknown = fail)
|
|
741
742
|
target.upstream the only upstream the proxy forwards to
|
|
742
743
|
proxy.host / proxy.port 127.0.0.1 / ${DEFAULT_PROXY_PORT}
|
|
743
744
|
non-loopback host needs --allow-remote-bind (CLI flag)
|
|
@@ -777,7 +778,7 @@ Audit integrity
|
|
|
777
778
|
audit.anchor.everyRecords anchor cadence (default 1)
|
|
778
779
|
|
|
779
780
|
Privacy + MCP
|
|
780
|
-
privacy.profile kr-pipa | eu-gdpr | us-general | null
|
|
781
|
+
privacy.profile kr-pipa | eu-gdpr | asia-pdpa | us-general | jp-appi | null
|
|
781
782
|
mcp.allowedMethods client-callable method allowlist
|
|
782
783
|
|
|
783
784
|
Binding beyond loopback (0.0.0.0):
|
package/packages/cli/runtime.mjs
CHANGED
|
@@ -103,7 +103,13 @@ export function defaultConfig() {
|
|
|
103
103
|
// allowlist [] = no operator FP exceptions. Both additive; neither can
|
|
104
104
|
// suppress a hard-block type (secret/api_key/kr_rrn/card) — see core.
|
|
105
105
|
minConfidence: 0,
|
|
106
|
-
allowlist: []
|
|
106
|
+
allowlist: [],
|
|
107
|
+
// WS2d residual — opt-in base64/percent decode-and-rescan. Default false =
|
|
108
|
+
// byte-identical to prior behavior (no decode). When true, a string leaf
|
|
109
|
+
// that looks base64/percent-encoded is decoded and rescanned; a decoded
|
|
110
|
+
// hit fails closed to a WHOLE-LEAF detection and only fires for a validator-
|
|
111
|
+
// backed / hard-block match (precision guard against random-base64 FPs).
|
|
112
|
+
decodeAndRescan: false
|
|
107
113
|
},
|
|
108
114
|
keys: {
|
|
109
115
|
provider: "local",
|
|
@@ -716,6 +722,11 @@ function validateFilters(filters) {
|
|
|
716
722
|
}
|
|
717
723
|
}
|
|
718
724
|
}
|
|
725
|
+
// WS2d residual — opt-in base64/percent decode-and-rescan. Strict boolean,
|
|
726
|
+
// fail-closed: a non-boolean throws rather than silently coercing.
|
|
727
|
+
if (filters.decodeAndRescan !== undefined && typeof filters.decodeAndRescan !== "boolean") {
|
|
728
|
+
throw new Error("filters.decodeAndRescan must be a boolean");
|
|
729
|
+
}
|
|
719
730
|
}
|
|
720
731
|
|
|
721
732
|
function validatePolicyExtras(policy) {
|