soloforge 1.1.30 → 1.1.31

package/dist/engine/audit/privacy_secret_contract.js

@@ -1,875 +1,14 @@
-import crypto from "node:crypto";
-import { debugLog } from "../core/logger.js";
-// ── 敏感标签的默认处理方式 ──
-const DEFAULT_HANDLING = {
-    public: "allow",
-    internal: "allow",
-    confidential: "require_human",
-    secret: "forbidden",
-    credential: "forbidden",
-    pii: "require_human",
-    customer_data: "require_human",
-    production_data: "require_human",
-    unknown: "require_human",
-};
-// ── 上下文相关处理方式 ──
-const CONTEXT_HANDLING = {
-    public: {
-        prompt_injection: "allow",
-        task_context_store: "allow",
-        artifact_store: "allow",
-        evidence_store: "allow",
-        external_send: "allow",
-        read_operation: "allow",
-    },
-    internal: {
-        prompt_injection: "allow",
-        task_context_store: "allow",
-        artifact_store: "allow",
-        evidence_store: "allow",
-        external_send: "forbidden",
-        read_operation: "allow",
-    },
-    confidential: {
-        prompt_injection: "summarize_only",
-        task_context_store: "redact",
-        artifact_store: "redact",
-        evidence_store: "redact",
-        external_send: "require_human",
-        read_operation: "require_human",
-    },
-    secret: {
-        prompt_injection: "forbidden",
-        task_context_store: "forbidden",
-        artifact_store: "forbidden",
-        evidence_store: "forbidden",
-        external_send: "forbidden",
-        read_operation: "forbidden",
-    },
-    credential: {
-        prompt_injection: "forbidden",
-        task_context_store: "forbidden",
-        artifact_store: "forbidden",
-        evidence_store: "forbidden",
-        external_send: "forbidden",
-        read_operation: "forbidden",
-    },
-    pii: {
-        prompt_injection: "redact",
-        task_context_store: "redact",
-        artifact_store: "redact",
-        evidence_store: "redact",
-        external_send: "require_human",
-        read_operation: "require_human",
-    },
-    customer_data: {
-        prompt_injection: "summarize_only",
-        task_context_store: "summarize_only",
-        artifact_store: "summarize_only",
-        evidence_store: "summarize_only",
-        external_send: "require_human",
-        read_operation: "require_human",
-    },
-    production_data: {
-        prompt_injection: "summarize_only",
-        task_context_store: "summarize_only",
-        artifact_store: "summarize_only",
-        evidence_store: "summarize_only",
-        external_send: "require_human",
-        read_operation: "require_human",
-    },
-    unknown: {
-        prompt_injection: "summarize_only",
-        task_context_store: "summarize_only",
-        artifact_store: "summarize_only",
-        evidence_store: "summarize_only",
-        external_send: "require_human",
-        read_operation: "require_human",
-    },
-};
-// ── 禁止读取模式（内容读取禁止，仅允许存在性检查） ──
-export const FORBIDDEN_READ_PATTERNS = [
-    { pattern: /\.env($|\.)/, label: "credential", reason: ".env 文件默认禁止读取内容" },
-    { pattern: /id_rsa/, label: "secret", reason: "SSH 私钥默认禁止读取" },
-    { pattern: /\.pem$/, label: "secret", reason: "PEM 私钥默认禁止读取" },
-    { pattern: /\.key$/, label: "secret", reason: "密钥文件默认禁止读取" },
-    { pattern: /\.aws[\\/]credentials/, label: "credential", reason: "AWS 凭证默认禁止读取" },
-    { pattern: /\.npmrc$/, label: "credential", reason: "npmrc 可能包含 token" },
-    { pattern: /\.pypirc$/, label: "credential", reason: "PyPI 配置可能包含凭证" },
-    { pattern: /kubeconfig/, label: "credential", reason: "kubeconfig 可能包含集群凭证" },
-    { pattern: /\.docker[\\/]config\.json/, label: "credential", reason: "Docker 配置可能包含 registry 凭证" },
-    { pattern: /tokens\.json|token_store|\.token/, label: "credential", reason: "token store 文件默认禁止读取" },
-    { pattern: /cookies\.sqlite|cookies\.db|\.cookie[\\/]/, label: "secret", reason: "浏览器 cookie/session 默认禁止读取" },
-    { pattern: /login\.keychain|\.keychain|\.keystore/, label: "secret", reason: "系统钥匙串默认禁止读取" },
-    { pattern: /ssh[\\/]config$/i, label: "secret", reason: "SSH config 可能包含敏感主机/代理配置" },
-];
-// ── 需确认读取模式 ──
-export const CONFIRMATION_READ_PATTERNS = [
-    { pattern: /\.log$/, label: "production_data", reason: "日志文件可能包含敏感信息" },
-    { pattern: /\.sql$/, label: "production_data", reason: "SQL 文件可能是数据库 dump" },
-    { pattern: /\.csv$/, label: "customer_data", reason: "CSV 可能包含客户数据" },
-    { pattern: /dump/, label: "production_data", reason: "dump 文件可能包含生产数据" },
-    { pattern: /[\\/]export[\\/]/, label: "customer_data", reason: "export 目录可能包含客户导出数据" },
-    { pattern: /figma[\\/]|notion[\\/]|drive[\\/]|slack[\\/]|github[\\/]private/, label: "confidential", reason: "私有云文档/协作平台数据需确认" },
-    { pattern: /api[_-]?response|_response\.json|_result\.json/, label: "confidential", reason: "外部系统返回数据需确认" },
-    { pattern: new RegExp('\\b(Users|home)\\/[\\w.-]+\\/(Desktop|Documents|Downloads|Pictures)', 's'), label: "confidential", reason: "用户 home 大范围目录需确认" },
-    { pattern: /sample.*\.json|fixture.*\.json/, label: "confidential", reason: "真实 API 响应样本需确认" },
-    { pattern: /\.vcf$|\. contacts$/, label: "pii", reason: "包含联系方式/PII 的文件需确认" },
-];
-// ── 检测辅助函数 ──
 /**
- * 检测来源的敏感等级。
- * @param sourceRef - 来源引用路径
- * @param contentHints - 内容提示关键词（可选）
- * @returns 数据敏感标签
- */
-export function detectSensitivity(sourceRef, contentHints) {
-    debugLog(`隐私契约: 检测敏感等级 — ${sourceRef}`);
-    // 优先检查禁止模式
-    for (const { pattern, label, reason } of FORBIDDEN_READ_PATTERNS) {
-        if (pattern.test(sourceRef)) {
-            return {
-                label,
-                source_ref: sourceRef,
-                detected_by: [`pattern: ${pattern.source}`],
-                confidence: 0.9,
-                handling: "forbidden",
-            };
-        }
-    }
-    // 检查确认模式
-    for (const { pattern, label, reason } of CONFIRMATION_READ_PATTERNS) {
-        if (pattern.test(sourceRef)) {
-            return {
-                label,
-                source_ref: sourceRef,
-                detected_by: [`pattern: ${pattern.source}`],
-                confidence: 0.7,
-                handling: "require_human",
-            };
-        }
-    }
-    // 基于内容的检测
-    if (contentHints && contentHints.length > 0) {
-        const joined = contentHints.join(" ");
-        if (/token|api[_-]?key|secret[_-]?key|private[_-]?key/i.test(joined)) {
-            return {
-                label: "secret",
-                source_ref: sourceRef,
-                detected_by: ["content_keyword"],
-                confidence: 0.6,
-                handling: "forbidden",
-            };
-        }
-        if (/\bpassword\b|\bpasswd\b/i.test(joined)) {
-            return {
-                label: "credential",
-                source_ref: sourceRef,
-                detected_by: ["content_keyword"],
-                confidence: 0.6,
-                handling: "forbidden",
-            };
-        }
-        if (/\b\d{11}\b/.test(joined) || /\b[\w.+-]+@[\w-]+\.[\w.]+\b/.test(joined)) {
-            return {
-                label: "pii",
-                source_ref: sourceRef,
-                detected_by: ["content_pattern"],
-                confidence: 0.5,
-                handling: "require_human",
-            };
-        }
-    }
-    // 常规代码文件 (.ts, .js, .py, .go, .rs, .java, .tsx, .jsx) 默认为 internal
-    const codeExtensions = /\.(ts|tsx|js|jsx|py|go|rs|java|c|cpp|h|rb|php|swift|kt)$/i;
-    if (codeExtensions.test(sourceRef)) {
-        return {
-            label: "internal",
-            source_ref: sourceRef,
-            detected_by: ["file_extension"],
-            confidence: 0.7,
-            handling: "allow",
-        };
-    }
-    return {
-        label: "unknown",
-        source_ref: sourceRef,
-        detected_by: ["no_match"],
-        confidence: 0.3,
-        handling: DEFAULT_HANDLING["unknown"],
-    };
-}
-// ── 检查函数 ──
-/**
- * 获取指定敏感标签的默认处理方式。
- * @param label - 敏感标签
- * @returns 处理方式
- */
-export function getDefaultHandling(label) {
-    debugLog(`隐私契约: 获取默认处理方式 — ${label}`);
-    return DEFAULT_HANDLING[label];
-}
-/**
- * 获取指定敏感标签在特定上下文中的处理方式。
- * @param label - 敏感标签
- * @param context - 检查上下文
- * @returns 处理方式
- */
-export function getContextHandling(label, context) {
-    debugLog(`隐私契约: 获取上下文处理方式 — ${label}/${context}`);
-    return CONTEXT_HANDLING[label][context];
-}
-/**
- * 判断数据是否可以注入 prompt。
- * @param label - 敏感标签
- * @returns 是否允许
- */
-export function canInjectInPrompt(label) {
-    debugLog(`隐私契约: 检查 prompt 注入许可 — ${label}`);
-    const handling = CONTEXT_HANDLING[label].prompt_injection;
-    return handling === "allow";
-}
-/**
- * 判断数据是否可以存入任务上下文。
- * @param label - 敏感标签
- * @returns 是否允许
- */
-export function canStoreInTaskContext(label) {
-    debugLog(`隐私契约: 检查 TaskContext 存储许可 — ${label}`);
-    const handling = CONTEXT_HANDLING[label].task_context_store;
-    return handling === "allow" || handling === "redact" || handling === "summarize_only";
-}
-/**
- * 判断数据是否可以存入产物。
- * @param label - 敏感标签
- * @returns 是否允许
- */
-export function canStoreInArtifact(label) {
-    debugLog(`隐私契约: 检查 artifact 存储许可 — ${label}`);
-    const handling = CONTEXT_HANDLING[label].artifact_store;
-    return handling === "allow" || handling === "redact" || handling === "summarize_only";
-}
-/**
- * 判断数据是否可以外部发送。
- * @param label - 敏感标签
- * @returns 是否允许
- */
-export function canSendExternally(label) {
-    debugLog(`隐私契约: 检查外发许可 — ${label}`);
-    return CONTEXT_HANDLING[label].external_send === "allow";
-}
-/**
- * 判断来源的内容是否可以读取。
- * @param sourceRef - 来源引用路径
- * @returns 读取许可结果
- */
-export function canReadContent(sourceRef) {
-    debugLog(`隐私契约: 检查内容读取许可 — ${sourceRef}`);
-    for (const { pattern, label, reason } of FORBIDDEN_READ_PATTERNS) {
-        if (pattern.test(sourceRef)) {
-            return { allowed: false, reason, label, requires_confirmation: false };
-        }
-    }
-    for (const { pattern, label, reason } of CONFIRMATION_READ_PATTERNS) {
-        if (pattern.test(sourceRef)) {
-            return { allowed: false, reason, label, requires_confirmation: true };
-        }
-    }
-    return { allowed: true, reason: "", label: "public" };
-}
-/**
- * 判断来源是否禁止读取。
- * @param sourceRef - 来源引用路径
- * @returns 是否禁止
- */
-export function isReadForbidden(sourceRef) {
-    debugLog(`隐私契约: 检查是否禁止读取 — ${sourceRef}`);
-    return FORBIDDEN_READ_PATTERNS.some(({ pattern }) => pattern.test(sourceRef));
-}
-/**
- * 判断来源是否需要确认后才能读取。
- * @param sourceRef - 来源引用路径
- * @returns 是否需要确认
- */
-export function isReadRequiresConfirmation(sourceRef) {
-    debugLog(`隐私契约: 检查是否需要确认读取 — ${sourceRef}`);
-    return CONFIRMATION_READ_PATTERNS.some(({ pattern }) => pattern.test(sourceRef));
-}
-// ── 授权管理 ──
-/**
- * 创建数据访问授权。
- * @param options.granted_by - 授权人
- * @param options.scope_refs - 授权范围引用
- * @param options.sensitivity_allowed - 允许的敏感标签
- * @param options.allowed_operations - 允许的操作
- * @param options.purpose - 用途
- * @param options.duration_hours - 有效时长（小时）
- * @returns 数据访问授权
- */
-export function createDataAccessGrant(options) {
-    debugLog(`隐私契约: 创建数据访问授权 — 授权人: ${options.granted_by}, 范围: ${options.scope_refs.length} 个引用`);
-    const expiresAt = new Date(Date.now() + options.duration_hours * 3600_000);
-    return {
-        grant_id: `grant-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,
-        granted_by: options.granted_by,
-        scope_refs: options.scope_refs,
-        sensitivity_allowed: options.sensitivity_allowed,
-        allowed_operations: options.allowed_operations,
-        purpose: options.purpose,
-        expires_at: expiresAt.toISOString(),
-        revocable: true,
-    };
-}
-/**
- * 判断授权是否有效。
- * @param grant - 数据访问授权
- * @returns 是否有效
- */
-export function isGrantValid(grant) {
-    debugLog(`隐私契约: 检查授权有效性 — ${grant.grant_id}`);
-    return new Date(grant.expires_at) > new Date();
-}
-/**
- * 判断授权是否已过期。
- * @param grant - 数据访问授权
- * @returns 是否已过期
- */
-export function isGrantExpired(grant) {
-    debugLog(`隐私契约: 检查授权是否过期 — ${grant.grant_id}`);
-    return new Date(grant.expires_at) <= new Date();
-}
-/**
- * 检查授权是否允许指定操作。
- * @param grant - 数据访问授权
- * @param operation - 请求的操作
- * @param sensitivity - 敏感标签
- * @returns 权限检查结果
- */
-export function checkGrantPermission(grant, operation, sensitivity) {
-    debugLog(`隐私契约: 检查授权权限 — ${grant.grant_id}, 操作: ${operation}, 等级: ${sensitivity}`);
-    if (isGrantExpired(grant)) {
-        debugLog(`隐私契约: 授权权限拒绝 — 授权已过期`);
-        return { allowed: false, reason: `授权 ${grant.grant_id} 已过期` };
-    }
-    if (!grant.allowed_operations.includes(operation)) {
-        debugLog(`隐私契约: 授权权限拒绝 — 不允许操作 ${operation}`);
-        return { allowed: false, reason: `授权 ${grant.grant_id} 不允许操作 ${operation}` };
-    }
-    if (!grant.sensitivity_allowed.includes(sensitivity)) {
-        debugLog(`隐私契约: 授权权限拒绝 — 不允许敏感等级 ${sensitivity}`);
-        return { allowed: false, reason: `授权 ${grant.grant_id} 不允许敏感等级 ${sensitivity}` };
-    }
-    debugLog(`隐私契约: 授权权限通过`);
-    return { allowed: true, reason: "" };
-}
-// ── 脱敏处理 ──
-/**
- * 对内容进行脱敏处理。
- * @param content - 原始内容
- * @param label - 敏感标签
- * @param sourceRef - 来源引用（可选）
- * @returns 脱敏结果和脱敏记录
- */
-export function redactContent(content, label, sourceRef) {
-    debugLog(`隐私契约: 开始内容脱敏 — 等级: ${label}, 来源: ${sourceRef ?? "未知"}`);
-    let redacted = content;
-    const fieldsRedacted = [];
-    if (label === "secret" || label === "credential") {
-        redacted = "***REDACTED***";
-        fieldsRedacted.push("all");
-    }
-    else if (label === "pii") {
-        redacted = redactPII(content);
-        fieldsRedacted.push("phone", "email", "id_number", "address");
-    }
-    else if (label === "customer_data" || label === "production_data") {
-        redacted = summarizeOnly(content);
-        fieldsRedacted.push("raw_data");
-    }
-    else if (label === "confidential") {
-        redacted = summarizeOnly(content);
-        fieldsRedacted.push("details");
-    }
-    return {
-        redacted,
-        record: {
-            source_ref: sourceRef ?? "",
-            redaction_type: labelToRedactionType(label),
-            after_hash: simpleHash(redacted),
-            fields_redacted: fieldsRedacted,
-        },
-    };
-}
-function redactPII(text) {
-    let result = text;
-    // 手机号: 138****1234
-    result = result.replace(/1[3-9]\d(\d{4})\d{4}/g, (m, last) => m.slice(0, 3) + "****" + last);
-    // 邮箱: a***@domain.com
-    result = result.replace(/([\w.+-])[\w.+-]*@([\w-]+\.[\w.]+)/g, (_, first, domain) => first + "***@" + domain);
-    // 身份证号: 保留后 4 位
-    result = result.replace(/\b\d{14}(\d{4})\b/g, "**************$1");
-    // Address: keep city-level (省/市 + following district, redact detail)
-    result = result.replace(/([\u4e00-\u9fa5]{2,6}(?:省|市|自治区|特别行政区))([\u4e00-\u9fa5]{2,6}(?:市|区|县|镇))([\u4e00-\u9fa5\d]+路?[\u4e00-\u9fa5\d]+)/g, "$1$2***");
-    return result;
-}
-function summarizeOnly(text) {
-    if (text.length <= 100)
-        return `[摘要] ${text.slice(0, 50)}...`;
-    return `[摘要] ${text.slice(0, 80)}... (共 ${text.length} 字符)`;
-}
-function labelToRedactionType(label) {
-    const map = {
-        secret: "secret_mask",
-        credential: "credential_removed",
-        pii: "pii_mask",
-        customer_data: "customer_data_summary",
-        production_data: "production_data_summary",
-        confidential: "path_only",
-    };
-    return map[label] ?? "hash_only";
-}
-function simpleHash(text) {
-    return crypto.createHash("sha256").update(text).digest("hex").slice(0, 16);
-}
-// ── 外发检查 ──
-/**
- * 检查内容是否可以外部发送。
- * @param content - 待发送内容
- * @param sensitivity - 敏感标签
- * @param grants - 授权列表
- * @returns 外发检查结果
- */
-export function checkExternalSend(content, sensitivity, grants) {
-    debugLog(`隐私契约: 检查外发许可 — 等级: ${sensitivity.label}`);
-    const handling = CONTEXT_HANDLING[sensitivity.label].external_send;
-    if (handling === "forbidden") {
-        debugLog(`隐私契约: 外发拒绝 — 等级 ${sensitivity.label} 禁止外发`);
-        return { allowed: false, reason: `敏感等级 ${sensitivity.label} 禁止外发`, requiresRedaction: false };
-    }
-    if (handling === "allow") {
-        return { allowed: true, reason: "", requiresRedaction: false };
-    }
-    // require_human — 检查授权
-    for (const grant of grants) {
-        const perm = checkGrantPermission(grant, "external_send", sensitivity.label);
-        if (perm.allowed) {
-            debugLog(`隐私契约: 外发通过 — 授权 ${grant.grant_id} 允许（已脱敏）`);
-            const { redacted, record } = redactContent(content, sensitivity.label);
-            return { allowed: true, reason: `授权 ${grant.grant_id} 允许外发（已脱敏）`, requiresRedaction: true, redactedContent: redacted };
-        }
-    }
-    debugLog(`隐私契约: 外发拒绝 — 等级 ${sensitivity.label} 需要人工授权`);
-    return {
-        allowed: false,
-        reason: `敏感等级 ${sensitivity.label} 需要人工授权才能外发`,
-        requiresRedaction: true,
-    };
-}
-// ── Prompt 注入检查 ──
-/**
- * 检查数据是否可以注入 prompt。
- * @param sensitivity - 敏感标签
- * @param grants - 授权列表
- * @returns 注入检查结果
- */
-export function checkPromptInjection(sensitivity, grants) {
-    debugLog(`隐私契约: 检查 prompt 注入许可 — 等级: ${sensitivity.label}`);
-    const handling = CONTEXT_HANDLING[sensitivity.label].prompt_injection;
-    if (handling === "forbidden") {
-        debugLog(`隐私契约: 注入拒绝 — 等级 ${sensitivity.label} 禁止注入 prompt`);
-        return { allowed: false, reason: `敏感等级 ${sensitivity.label} 禁止注入 prompt`, handling };
-    }
-    if (handling === "allow") {
-        return { allowed: true, reason: "", handling };
-    }
-    // 检查 prompt_inject 授权
-    for (const grant of grants) {
-        const perm = checkGrantPermission(grant, "prompt_inject", sensitivity.label);
-        if (perm.allowed) {
-            return { allowed: true, reason: `授权 ${grant.grant_id} 允许注入（${handling}）`, handling };
-        }
-    }
-    debugLog(`隐私契约: 注入拒绝 — 等级 ${sensitivity.label} 需要 ${handling} 处理`);
-    return { allowed: false, reason: `敏感等级 ${sensitivity.label} 需要 ${handling} 处理`, handling };
-}
-// ── 中文反馈 ──
-/**
- * 构建隐私处理反馈信息。
- * @param options - 反馈选项
- * @returns 格式化的反馈文本
- */
-export function buildPrivacyFeedback(options) {
-    debugLog(`隐私契约: 构建隐私反馈 — 未读: ${options.notRead.length}, 脱敏: ${options.redacted.length}, 需授权: ${options.requiresAuth.length}`);
-    const lines = [];
-    if (options.notRead.length > 0) {
-        lines.push(`未读取的内容: ${options.notRead.join(", ")}`);
-    }
-    if (options.redacted.length > 0) {
-        lines.push(`已脱敏的内容: ${options.redacted.join(", ")}`);
-    }
-    if (options.requiresAuth.length > 0) {
-        lines.push(`需要授权的内容: ${options.requiresAuth.join(", ")}`);
-    }
-    if (options.notInPrompt.length > 0) {
-        lines.push(`未进入 prompt 的内容: ${options.notInPrompt.join(", ")}`);
-    }
-    if (options.blocked) {
-        lines.push(`⚠️ 存在敏感信息阻断`);
-    }
-    if (options.externalRedaction) {
-        lines.push(`外发前已完成 redaction check`);
-    }
-    return lines.join("\n");
-}
-// ── 治理验证 ──
-/**
- * 验证隐私契约合规性。
- * @param options.sensitivities - 敏感标签列表
- * @param options.grants - 授权列表
- * @param options.redactionRecords - 脱敏记录列表
- * @param options.promptInjections - prompt 注入列表
- * @param options.taskContextStores - 任务上下文存储列表
- * @param options.artifactStores - 产物存储列表
- * @param options.externalSends - 外部发送列表
- * @returns 治理发现列表
- */
-/**
- * 验证隐私契约合规性。
- * @param options - 验证选项
- * @returns 验证结果，包含合规检查项和发现的问题
- */
-export function validatePrivacyContract(options) {
-    const findings = [];
-    debugLog(`隐私契约: 开始治理验证 — 检查 ${options.sensitivities.length} 个敏感来源`);
-    // 规则 1: secret 不得进入 prompt
-    for (const inj of options.promptInjections) {
-        if (inj.label === "secret" || inj.label === "credential") {
-            findings.push({
-                severity: "hard_fail",
-                rule: "gc-secret-no-prompt",
-                source_ref: inj.source_ref,
-                message: `secret/credential (${inj.label}) 不得注入 prompt — ${inj.source_ref}`,
-            });
-        }
-    }
-    // 规则 2: secret 不得写入 TaskContext
-    for (const store of options.taskContextStores) {
-        if (store.label === "secret" || store.label === "credential") {
-            findings.push({
-                severity: "hard_fail",
-                rule: "gc-secret-no-taskcontext",
-                source_ref: store.source_ref,
-                message: `secret/credential (${store.label}) 不得写入 TaskContext — ${store.source_ref}`,
-            });
-        }
-    }
-    // 规则 3: secret 不得写入 artifact/report
-    for (const art of options.artifactStores) {
-        if (art.label === "secret" || art.label === "credential") {
-            findings.push({
-                severity: "hard_fail",
-                rule: "gc-secret-no-artifact",
-                source_ref: art.source_ref,
-                message: `secret/credential (${art.label}) 不得写入 artifact — ${art.source_ref}`,
-            });
-        }
-    }
-    // 规则 4: PII 未脱敏外发
-    for (const ext of options.externalSends) {
-        if (ext.label === "pii" || ext.label === "customer_data" || ext.label === "production_data") {
-            const hasRedaction = options.redactionRecords.some((r) => r.source_ref === ext.source_ref);
-            if (!hasRedaction) {
-                findings.push({
-                    severity: "hard_fail",
-                    rule: "gc-pii-no-unredacted-external",
-                    source_ref: ext.source_ref,
-                    message: `${ext.label} 未脱敏不得外发 — ${ext.source_ref}`,
-                });
-            }
-        }
-    }
-    // 规则 5: secret 外发 hard fail
-    for (const ext of options.externalSends) {
-        if (ext.label === "secret" || ext.label === "credential") {
-            findings.push({
-                severity: "hard_fail",
-                rule: "gc-secret-no-external",
-                source_ref: ext.source_ref,
-                message: `secret/credential (${ext.label}) 外发 hard fail — ${ext.source_ref}`,
-            });
-        }
-    }
-    // 规则 6: DataAccessGrant 过期后不得使用
-    for (const grant of options.grants) {
-        if (isGrantExpired(grant)) {
-            findings.push({
-                severity: "hard_fail",
-                rule: "gc-grant-expired",
-                source_ref: grant.grant_id,
-                message: `授权 ${grant.grant_id} 已过期，不得继续使用`,
-            });
-        }
-    }
-    // 规则 7: unknown sensitivity 不能当 public
-    for (const s of options.sensitivities) {
-        if (s.label === "unknown" && s.handling === "allow") {
-            findings.push({
-                severity: "hard_fail",
-                rule: "gc-unknown-not-public",
-                source_ref: s.source_ref,
-                message: `unknown sensitivity 不能当做 public 处理 — ${s.source_ref}`,
-            });
-        }
-    }
-    // 规则 8: private evidence 不得注入 prompt
-    for (const s of options.sensitivities) {
-        if (s.label === "secret" || s.label === "credential") {
-            const injected = options.promptInjections.some((i) => i.source_ref === s.source_ref);
-            if (injected) {
-                findings.push({
-                    severity: "hard_fail",
-                    rule: "gc-private-no-prompt",
-                    source_ref: s.source_ref,
-                    message: `private evidence (${s.label}) 不得注入 prompt — ${s.source_ref}`,
-                });
-            }
-        }
-    }
-    // 规则 9: 每次脱敏必须有 RedactionRecord
-    const redactedSources = new Set(options.redactionRecords.map((r) => r.source_ref));
-    for (const s of options.sensitivities) {
-        if (s.handling === "redact" && !redactedSources.has(s.source_ref)) {
-            findings.push({
-                severity: "advisory",
-                rule: "gc-redaction-record-missing",
-                source_ref: s.source_ref,
-                message: `敏感来源 ${s.source_ref} 标记为脱敏但缺少 RedactionRecord`,
-            });
-        }
-    }
-    return findings;
-}
-// ── Unified Privacy Gate (硬门) ──
-const TEXT_SECRET_PATTERNS = [
-    { pattern: /sk-[a-zA-Z0-9]{32,}/, label: "secret", fields: ["api_key"] },
-    { pattern: /AKIA[0-9A-Z]{16}/, label: "credential", fields: ["aws_access_key"] },
-    { pattern: /aws_secret_access_key\s*=\s*['"][^'"]+['"]/, label: "credential", fields: ["aws_secret"] },
-    { pattern: /password\s*=\s*['"][^'"]{4,}['"]/, label: "credential", fields: ["password"] },
-    { pattern: /secret_key\s*=\s*['"][^'"]+['"]/, label: "secret", fields: ["secret_key"] },
-    { pattern: /jwt_secret\s*=\s*['"][^'"]+['"]/, label: "secret", fields: ["jwt_secret"] },
-    { pattern: /1[3-9]\d{9}/, label: "pii", fields: ["phone"] },
-    { pattern: /[\w.+-]+@[\w-]+\.[\w.]+/, label: "pii", fields: ["email"] },
-    { pattern: /\b\d{17}[\dXx]\b/, label: "pii", fields: ["id_number"] },
-    // 生产数据模式
-    { pattern: /production\.log|prod-\w+\.\w+|\bproduction\s+data\b/i, label: "production_data", fields: ["production_log"] },
-    { pattern: /SELECT\s+.{1,}?\s+FROM\s+/is, label: "production_data", fields: ["sql_query"] },
-    { pattern: /database\s+dump|db\s+dump|\bdb_dump\b/i, label: "production_data", fields: ["database_dump"] },
-    { pattern: /API\s+Response:\s*\{/i, label: "production_data", fields: ["api_response"] },
-    // 客户数据模式
-    { pattern: /email,\s*phone,\s*name|name,\s*email,\s*phone/i, label: "customer_data", fields: ["customer_csv"] },
-    { pattern: /user_id["']?\s*:\s*\d+.*["']?email["']?\s*:/i, label: "customer_data", fields: ["user_export"] },
-    { pattern: /customer.*export|export.*customer/i, label: "customer_data", fields: ["customer_export"] },
-];
-/**
- * 扫描文本中的敏感信息。
- * @param text - 待扫描文本
- * @param sourceRef - 来源引用
- * @returns 检测到的敏感标签列表
- */
-export function scanTextSensitivity(text, sourceRef) {
-    debugLog(`隐私契约: 扫描文本敏感信息 — 来源: ${sourceRef}`);
-    const labels = [];
-    for (const { pattern, label, fields } of TEXT_SECRET_PATTERNS) {
-        if (pattern.test(text)) {
-            labels.push({
-                label,
-                source_ref: sourceRef,
-                detected_by: [`text_pattern:${fields.join(",")}`],
-                confidence: 0.85,
-                handling: (label === "pii" || label === "production_data" || label === "customer_data") ? "require_human" : "forbidden",
-            });
-        }
-    }
-    return labels;
-}
-/**
- * 扫描来源引用的敏感等级。
- * @param sourceRef - 来源引用路径
- * @returns 数据敏感标签
- */
-export function scanSourceRefSensitivity(sourceRef) {
-    debugLog(`隐私契约: 扫描来源敏感等级 — ${sourceRef}`);
-    return detectSensitivity(sourceRef);
-}
-/**
- * 对文本中的敏感信息进行脱敏处理。
- * @param text - 原始文本
- * @param sourceRef - 来源引用（可选）
- * @returns 脱敏结果和脱敏记录
- */
-export function redactSensitiveText(text, sourceRef) {
-    let result = text;
-    const records = [];
-    const fieldsRedacted = [];
-    debugLog(`隐私契约: 开始文本脱敏 — 来源: ${sourceRef ?? '未知'}`);
-    // API 密钥 / 令牌
-    if (/sk-[a-zA-Z0-9]{32,}/.test(result)) {
-        result = result.replace(/sk-[a-zA-Z0-9]{32,}/g, "sk-****REDACTED****");
-        fieldsRedacted.push("api_key");
-    }
-    // AWS 访问密钥
-    if (/AKIA[0-9A-Z]{16}/.test(result)) {
-        result = result.replace(/AKIA[0-9A-Z]{16}/g, "AKIA****REDACTED****");
-        fieldsRedacted.push("aws_access_key");
-    }
-    // AWS 秘密访问密钥值
-    result = result.replace(/(aws_secret_access_key\s*=\s*['"])[^'"]+(['"])/g, "$1****REDACTED****$2");
-    // 密码值
-    result = result.replace(/(password\s*=\s*['"])[^'"]{4,}(['"])/gi, "$1****REDACTED****$2");
-    // 密钥值
-    result = result.replace(/(secret_key\s*=\s*['"])[^'"]+(['"])/gi, "$1****REDACTED****$2");
-    // JWT 密钥值
-    result = result.replace(/(jwt_secret\s*=\s*['"])[^'"]+(['"])/gi, "$1****REDACTED****$2");
-    // 个人身份信息
-    const piiResult = redactPII(result);
-    if (piiResult !== result) {
-        result = piiResult;
-        fieldsRedacted.push("phone", "email", "id_number", "address");
-    }
-    if (fieldsRedacted.length > 0) {
-        debugLog(`隐私契约: 文本脱敏完成 — 脱敏字段: ${fieldsRedacted.join(", ")}`);
-        records.push({
-            source_ref: sourceRef ?? "",
-            redaction_type: "secret_mask",
-            after_hash: simpleHash(result),
-            fields_redacted: [...new Set(fieldsRedacted)],
-        });
-    }
-    return { redacted: result, records };
-}
-/**
- * 评估统一隐私门禁。
- * @param params.intent - 用户意图文本（可选）
- * @param params.input_materials - 输入材料（可选）
- * @param params.prompt_sources - prompt 来源（可选）
- * @param params.task_context_stores - 任务上下文存储（可选）
- * @param params.artifact_stores - 产物存储（可选）
- * @param params.external_sends - 外部发送列表（可选）
- * @param params.grants - 授权列表（可选）
- * @returns 隐私门禁结果
- */
-/**
- * 评估隐私门禁，决定是否阻断操作。
- * @param options - 门禁评估选项
- * @returns 门禁结果，包含是否通过、阻断源和警告
- */
-export function evaluatePrivacyGate(params) {
-    const findings = [];
-    const blockedSources = [];
-    debugLog(`隐私契约: 开始隐私门禁评估`);
-    const allLabels = [];
-    const redactionRecords = [];
-    let hardFail = false;
-    // 扫描意图文本
-    if (params.intent) {
-        const intentLabels = scanTextSensitivity(params.intent, "intent");
-        for (const l of intentLabels) {
-            allLabels.push(l);
-            if (l.label === "secret" || l.label === "credential") {
-                hardFail = true;
-                blockedSources.push("intent");
-                findings.push({ severity: "hard_fail", rule: "gc-intent-secret", source_ref: "intent", message: `用户意图包含 ${l.label}（${l.detected_by.join(", ")}），禁止执行` });
-            }
-        }
-    }
-    // 按来源引用扫描输入材料
-    if (params.input_materials) {
-        for (const m of params.input_materials) {
-            const refLabel = scanSourceRefSensitivity(m.path_or_ref);
-            allLabels.push(refLabel);
-            if (refLabel.handling === "forbidden") {
-                hardFail = true;
-                blockedSources.push(m.path_or_ref);
-                findings.push({ severity: "hard_fail", rule: "gc-material-forbidden", source_ref: m.path_or_ref, message: `输入材料 ${m.path_or_ref} 匹配禁止模式（${refLabel.label}），禁止读取` });
-            }
-            else if (refLabel.handling === "require_human") {
-                const hasGrant = (params.grants ?? []).some(g => isGrantValid(g) && g.sensitivity_allowed.includes(refLabel.label) && g.allowed_operations.includes("read"));
-                if (!hasGrant) {
-                    blockedSources.push(m.path_or_ref);
-                    findings.push({ severity: "advisory", rule: "gc-material-requires-confirmation", source_ref: m.path_or_ref, message: `输入材料 ${m.path_or_ref} 标记为 ${refLabel.label}，需人工确认后读取` });
-                }
-            }
-            // 如果提供了内容也进行扫描
-            if (m.content) {
-                const contentLabels = scanTextSensitivity(m.content, m.path_or_ref);
-                for (const cl of contentLabels) {
-                    if (cl.label === "secret" || cl.label === "credential") {
-                        hardFail = true;
-                        blockedSources.push(m.path_or_ref);
-                        findings.push({ severity: "hard_fail", rule: "gc-content-secret", source_ref: m.path_or_ref, message: `输入材料内容包含 ${cl.label}（${cl.detected_by.join(", ")}），禁止执行` });
-                    }
-                    allLabels.push(cl);
-                }
-            }
-        }
-    }
-    // 检查 task_context_stores 是否包含敏感内容
-    if (params.task_context_stores) {
-        for (const s of params.task_context_stores) {
-            if (s.content) {
-                const labels = scanTextSensitivity(s.content, s.source_ref);
-                for (const l of labels) {
-                    if (l.label === "secret" || l.label === "credential") {
-                        hardFail = true;
-                        findings.push({ severity: "hard_fail", rule: "gc-taskcontext-secret", source_ref: s.source_ref, message: `TaskContext 写入内容包含 ${l.label}，禁止保存` });
-                    }
-                }
-            }
-        }
-    }
-    // 检查外发内容
-    if (params.external_sends) {
-        for (const e of params.external_sends) {
-            const labels = e.content ? scanTextSensitivity(e.content, e.source_ref) : [];
-            const refLabel = scanSourceRefSensitivity(e.source_ref);
-            if (refLabel.label === "secret" || refLabel.label === "credential") {
-                hardFail = true;
-                findings.push({ severity: "hard_fail", rule: "gc-external-secret", source_ref: e.source_ref, message: `外发来源 ${e.source_ref} 标记为 ${refLabel.label}，禁止外发` });
-            }
-            for (const l of labels) {
-                if (l.label === "secret" || l.label === "credential") {
-                    hardFail = true;
-                    findings.push({ severity: "hard_fail", rule: "gc-external-content-secret", source_ref: e.source_ref, message: `外发内容包含 ${l.label}，禁止外发` });
-                }
-            }
-        }
-    }
-    // 如有需要，脱敏意图文本
-    let redactedText;
-    if (params.intent) {
-        const { redacted, records } = redactSensitiveText(params.intent, "intent");
-        if (records.length > 0) {
-            redactedText = redacted;
-            redactionRecords.push(...records);
-        }
-    }
-    if (hardFail) {
-        debugLog(`隐私契约: 隐私门禁阻断 — 发现 ${blockedSources.length} 个阻断源`);
-    }
-    else if (findings.length > 0) {
-        debugLog(`隐私契约: 隐私门禁通过 — 但有 ${findings.length} 个警告`);
-    }
-    else {
-        debugLog(`隐私契约: 隐私门禁通过`);
-    }
-    return {
-        allowed: !hardFail,
-        hard_fail: hardFail,
-        blocked_sources: [...new Set(blockedSources)],
-        findings,
-        redacted_text: redactedText,
-        redaction_records: redactionRecords,
-        labels: allLabels,
-    };
-}
+ * Privacy / Secret / Data Sovereignty Contract — barrel 重导出
+ *
+ * 将隐私合约拆分为 4 个模块，此文件保持原有导出 API 不变。
+ * 消费者无需任何改动。
+ */
+export * from "./privacy_types.js";
+export * from "./privacy_patterns.js";
+export * from "./privacy_grants.js";
+export * from "./privacy_scanning.js";
+// 显式重导出入口点名称，确保代码审计扫描器可检测
+export { scanTextSensitivity, evaluatePrivacyGate, redactSensitiveText, detectSensitivity, scanSourceRefSensitivity, redactContent, checkExternalSend, checkPromptInjection, buildPrivacyFeedback, validatePrivacyContract, } from "./privacy_scanning.js";
+// [隐私合约已拆分到 privacy_types/patterns/grants/scanning 四个模块]
 //# sourceMappingURL=privacy_secret_contract.js.map