npm - soloforge - Versions diffs - 1.2.8 → 1.2.10 - Mend

soloforge 1.2.8 → 1.2.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (405) hide show

package/dist/engine/privacy_secret_contract.js ADDED Viewed

@@ -0,0 +1,874 @@
+import crypto from "node:crypto";
+// ── Default handling by sensitivity label ──
+const DEFAULT_HANDLING = {
+    public: "allow",
+    internal: "allow",
+    confidential: "require_human",
+    secret: "forbidden",
+    credential: "forbidden",
+    pii: "require_human",
+    customer_data: "require_human",
+    production_data: "require_human",
+    unknown: "require_human",
+};
+// ── Context-specific handling ──
+const CONTEXT_HANDLING = {
+    public: {
+        prompt_injection: "allow",
+        task_context_store: "allow",
+        artifact_store: "allow",
+        evidence_store: "allow",
+        external_send: "allow",
+        read_operation: "allow",
+    },
+    internal: {
+        prompt_injection: "allow",
+        task_context_store: "allow",
+        artifact_store: "allow",
+        evidence_store: "allow",
+        external_send: "forbidden",
+        read_operation: "allow",
+    },
+    confidential: {
+        prompt_injection: "summarize_only",
+        task_context_store: "redact",
+        artifact_store: "redact",
+        evidence_store: "redact",
+        external_send: "require_human",
+        read_operation: "require_human",
+    },
+    secret: {
+        prompt_injection: "forbidden",
+        task_context_store: "forbidden",
+        artifact_store: "forbidden",
+        evidence_store: "forbidden",
+        external_send: "forbidden",
+        read_operation: "forbidden",
+    },
+    credential: {
+        prompt_injection: "forbidden",
+        task_context_store: "forbidden",
+        artifact_store: "forbidden",
+        evidence_store: "forbidden",
+        external_send: "forbidden",
+        read_operation: "forbidden",
+    },
+    pii: {
+        prompt_injection: "redact",
+        task_context_store: "redact",
+        artifact_store: "redact",
+        evidence_store: "redact",
+        external_send: "require_human",
+        read_operation: "require_human",
+    },
+    customer_data: {
+        prompt_injection: "summarize_only",
+        task_context_store: "summarize_only",
+        artifact_store: "summarize_only",
+        evidence_store: "summarize_only",
+        external_send: "require_human",
+        read_operation: "require_human",
+    },
+    production_data: {
+        prompt_injection: "summarize_only",
+        task_context_store: "summarize_only",
+        artifact_store: "summarize_only",
+        evidence_store: "summarize_only",
+        external_send: "require_human",
+        read_operation: "require_human",
+    },
+    unknown: {
+        prompt_injection: "summarize_only",
+        task_context_store: "summarize_only",
+        artifact_store: "summarize_only",
+        evidence_store: "summarize_only",
+        external_send: "require_human",
+        read_operation: "require_human",
+    },
+};
+// ── Forbidden read patterns (content reading forbidden, existence check only) ──
+export const FORBIDDEN_READ_PATTERNS = [
+    { pattern: /\.env($|\.)/, label: "credential", reason: ".env 文件默认禁止读取内容" },
+    { pattern: /id_rsa/, label: "secret", reason: "SSH 私钥默认禁止读取" },
+    { pattern: /\.pem$/, label: "secret", reason: "PEM 私钥默认禁止读取" },
+    { pattern: /\.key$/, label: "secret", reason: "密钥文件默认禁止读取" },
+    { pattern: /\.aws[\\/]credentials/, label: "credential", reason: "AWS 凭证默认禁止读取" },
+    { pattern: /\.npmrc$/, label: "credential", reason: "npmrc 可能包含 token" },
+    { pattern: /\.pypirc$/, label: "credential", reason: "PyPI 配置可能包含凭证" },
+    { pattern: /kubeconfig/, label: "credential", reason: "kubeconfig 可能包含集群凭证" },
+    { pattern: /\.docker[\\/]config\.json/, label: "credential", reason: "Docker 配置可能包含 registry 凭证" },
+    { pattern: /tokens\.json|token_store|\.token/, label: "credential", reason: "token store 文件默认禁止读取" },
+    { pattern: /cookies\.sqlite|cookies\.db|\.cookie[\\/]/, label: "secret", reason: "浏览器 cookie/session 默认禁止读取" },
+    { pattern: /login\.keychain|\.keychain|\.keystore/, label: "secret", reason: "系统钥匙串默认禁止读取" },
+    { pattern: /ssh[\\/]config$/i, label: "secret", reason: "SSH config 可能包含敏感主机/代理配置" },
+];
+// ── Requires confirmation patterns ──
+export const CONFIRMATION_READ_PATTERNS = [
+    { pattern: /\.log$/, label: "production_data", reason: "日志文件可能包含敏感信息" },
+    { pattern: /\.sql$/, label: "production_data", reason: "SQL 文件可能是数据库 dump" },
+    { pattern: /\.csv$/, label: "customer_data", reason: "CSV 可能包含客户数据" },
+    { pattern: /dump/, label: "production_data", reason: "dump 文件可能包含生产数据" },
+    { pattern: /[\\/]export[\\/]/, label: "customer_data", reason: "export 目录可能包含客户导出数据" },
+    { pattern: /figma[\\/]|notion[\\/]|drive[\\/]|slack[\\/]|github[\\/]private/, label: "confidential", reason: "私有云文档/协作平台数据需确认" },
+    { pattern: /api[_-]?response|_response\.json|_result\.json/, label: "confidential", reason: "外部系统返回数据需确认" },
+    { pattern: new RegExp('\\b(Users|home)\\/[\\w.-]+\\/(Desktop|Documents|Downloads|Pictures)', 's'), label: "confidential", reason: "用户 home 大范围目录需确认" },
+    { pattern: /sample.*\.json|fixture.*\.json/, label: "confidential", reason: "真实 API 响应样本需确认" },
+    { pattern: /\.vcf$|\. contacts$/, label: "pii", reason: "包含联系方式/PII 的文件需确认" },
+];
+// ── Detection helpers ──
+/**
+ * 检测来源的敏感等级。
+ * @param sourceRef - 来源引用路径
+ * @param contentHints - 内容提示关键词（可选）
+ * @returns 数据敏感标签
+ */
+export function detectSensitivity(sourceRef, contentHints) {
+    console.error(`[soloForge] 隐私契约: 检测敏感等级 — ${sourceRef}`);
+    // 优先检查禁止模式
+    for (const { pattern, label, reason } of FORBIDDEN_READ_PATTERNS) {
+        if (pattern.test(sourceRef)) {
+            return {
+                label,
+                source_ref: sourceRef,
+                detected_by: [`pattern: ${pattern.source}`],
+                confidence: 0.9,
+                handling: "forbidden",
+            };
+        }
+    }
+    // 检查确认模式
+    for (const { pattern, label, reason } of CONFIRMATION_READ_PATTERNS) {
+        if (pattern.test(sourceRef)) {
+            return {
+                label,
+                source_ref: sourceRef,
+                detected_by: [`pattern: ${pattern.source}`],
+                confidence: 0.7,
+                handling: "require_human",
+            };
+        }
+    }
+    // 基于内容的检测
+    if (contentHints && contentHints.length > 0) {
+        const joined = contentHints.join(" ");
+        if (/token|api[_-]?key|secret[_-]?key|private[_-]?key/i.test(joined)) {
+            return {
+                label: "secret",
+                source_ref: sourceRef,
+                detected_by: ["content_keyword"],
+                confidence: 0.6,
+                handling: "forbidden",
+            };
+        }
+        if (/\bpassword\b|\bpasswd\b/i.test(joined)) {
+            return {
+                label: "credential",
+                source_ref: sourceRef,
+                detected_by: ["content_keyword"],
+                confidence: 0.6,
+                handling: "forbidden",
+            };
+        }
+        if (/\b\d{11}\b/.test(joined) || /\b[\w.+-]+@[\w-]+\.[\w.]+\b/.test(joined)) {
+            return {
+                label: "pii",
+                source_ref: sourceRef,
+                detected_by: ["content_pattern"],
+                confidence: 0.5,
+                handling: "require_human",
+            };
+        }
+    }
+    // 常规代码文件 (.ts, .js, .py, .go, .rs, .java, .tsx, .jsx) 默认为 internal
+    const codeExtensions = /\.(ts|tsx|js|jsx|py|go|rs|java|c|cpp|h|rb|php|swift|kt)$/i;
+    if (codeExtensions.test(sourceRef)) {
+        return {
+            label: "internal",
+            source_ref: sourceRef,
+            detected_by: ["file_extension"],
+            confidence: 0.7,
+            handling: "allow",
+        };
+    }
+    return {
+        label: "unknown",
+        source_ref: sourceRef,
+        detected_by: ["no_match"],
+        confidence: 0.3,
+        handling: DEFAULT_HANDLING["unknown"],
+    };
+}
+// ── Check functions ──
+/**
+ * 获取指定敏感标签的默认处理方式。
+ * @param label - 敏感标签
+ * @returns 处理方式
+ */
+export function getDefaultHandling(label) {
+    console.error(`[soloForge] 隐私契约: 获取默认处理方式 — ${label}`);
+    return DEFAULT_HANDLING[label];
+}
+/**
+ * 获取指定敏感标签在特定上下文中的处理方式。
+ * @param label - 敏感标签
+ * @param context - 检查上下文
+ * @returns 处理方式
+ */
+export function getContextHandling(label, context) {
+    console.error(`[soloForge] 隐私契约: 获取上下文处理方式 — ${label}/${context}`);
+    return CONTEXT_HANDLING[label][context];
+}
+/**
+ * 判断数据是否可以注入 prompt。
+ * @param label - 敏感标签
+ * @returns 是否允许
+ */
+export function canInjectInPrompt(label) {
+    console.error(`[soloForge] 隐私契约: 检查 prompt 注入许可 — ${label}`);
+    const handling = CONTEXT_HANDLING[label].prompt_injection;
+    return handling === "allow";
+}
+/**
+ * 判断数据是否可以存入任务上下文。
+ * @param label - 敏感标签
+ * @returns 是否允许
+ */
+export function canStoreInTaskContext(label) {
+    console.error(`[soloForge] 隐私契约: 检查 TaskContext 存储许可 — ${label}`);
+    const handling = CONTEXT_HANDLING[label].task_context_store;
+    return handling === "allow" || handling === "redact" || handling === "summarize_only";
+}
+/**
+ * 判断数据是否可以存入产物。
+ * @param label - 敏感标签
+ * @returns 是否允许
+ */
+export function canStoreInArtifact(label) {
+    console.error(`[soloForge] 隐私契约: 检查 artifact 存储许可 — ${label}`);
+    const handling = CONTEXT_HANDLING[label].artifact_store;
+    return handling === "allow" || handling === "redact" || handling === "summarize_only";
+}
+/**
+ * 判断数据是否可以外部发送。
+ * @param label - 敏感标签
+ * @returns 是否允许
+ */
+export function canSendExternally(label) {
+    console.error(`[soloForge] 隐私契约: 检查外发许可 — ${label}`);
+    return CONTEXT_HANDLING[label].external_send === "allow";
+}
+/**
+ * 判断来源的内容是否可以读取。
+ * @param sourceRef - 来源引用路径
+ * @returns 读取许可结果
+ */
+export function canReadContent(sourceRef) {
+    console.error(`[soloForge] 隐私契约: 检查内容读取许可 — ${sourceRef}`);
+    for (const { pattern, label, reason } of FORBIDDEN_READ_PATTERNS) {
+        if (pattern.test(sourceRef)) {
+            return { allowed: false, reason, label, requires_confirmation: false };
+        }
+    }
+    for (const { pattern, label, reason } of CONFIRMATION_READ_PATTERNS) {
+        if (pattern.test(sourceRef)) {
+            return { allowed: false, reason, label, requires_confirmation: true };
+        }
+    }
+    return { allowed: true, reason: "", label: "public" };
+}
+/**
+ * 判断来源是否禁止读取。
+ * @param sourceRef - 来源引用路径
+ * @returns 是否禁止
+ */
+export function isReadForbidden(sourceRef) {
+    console.error(`[soloForge] 隐私契约: 检查是否禁止读取 — ${sourceRef}`);
+    return FORBIDDEN_READ_PATTERNS.some(({ pattern }) => pattern.test(sourceRef));
+}
+/**
+ * 判断来源是否需要确认后才能读取。
+ * @param sourceRef - 来源引用路径
+ * @returns 是否需要确认
+ */
+export function isReadRequiresConfirmation(sourceRef) {
+    console.error(`[soloForge] 隐私契约: 检查是否需要确认读取 — ${sourceRef}`);
+    return CONFIRMATION_READ_PATTERNS.some(({ pattern }) => pattern.test(sourceRef));
+}
+// ── Grant management ──
+/**
+ * 创建数据访问授权。
+ * @param options.granted_by - 授权人
+ * @param options.scope_refs - 授权范围引用
+ * @param options.sensitivity_allowed - 允许的敏感标签
+ * @param options.allowed_operations - 允许的操作
+ * @param options.purpose - 用途
+ * @param options.duration_hours - 有效时长（小时）
+ * @returns 数据访问授权
+ */
+export function createDataAccessGrant(options) {
+    console.error(`[soloForge] 隐私契约: 创建数据访问授权 — 授权人: ${options.granted_by}, 范围: ${options.scope_refs.length} 个引用`);
+    const expiresAt = new Date(Date.now() + options.duration_hours * 3600_000);
+    return {
+        grant_id: `grant-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,
+        granted_by: options.granted_by,
+        scope_refs: options.scope_refs,
+        sensitivity_allowed: options.sensitivity_allowed,
+        allowed_operations: options.allowed_operations,
+        purpose: options.purpose,
+        expires_at: expiresAt.toISOString(),
+        revocable: true,
+    };
+}
+/**
+ * 判断授权是否有效。
+ * @param grant - 数据访问授权
+ * @returns 是否有效
+ */
+export function isGrantValid(grant) {
+    console.error(`[soloForge] 隐私契约: 检查授权有效性 — ${grant.grant_id}`);
+    return new Date(grant.expires_at) > new Date();
+}
+/**
+ * 判断授权是否已过期。
+ * @param grant - 数据访问授权
+ * @returns 是否已过期
+ */
+export function isGrantExpired(grant) {
+    console.error(`[soloForge] 隐私契约: 检查授权是否过期 — ${grant.grant_id}`);
+    return new Date(grant.expires_at) <= new Date();
+}
+/**
+ * 检查授权是否允许指定操作。
+ * @param grant - 数据访问授权
+ * @param operation - 请求的操作
+ * @param sensitivity - 敏感标签
+ * @returns 权限检查结果
+ */
+export function checkGrantPermission(grant, operation, sensitivity) {
+    console.error(`[soloForge] 隐私契约: 检查授权权限 — ${grant.grant_id}, 操作: ${operation}, 等级: ${sensitivity}`);
+    if (isGrantExpired(grant)) {
+        console.error(`[soloForge] 隐私契约: 授权权限拒绝 — 授权已过期`);
+        return { allowed: false, reason: `授权 ${grant.grant_id} 已过期` };
+    }
+    if (!grant.allowed_operations.includes(operation)) {
+        console.error(`[soloForge] 隐私契约: 授权权限拒绝 — 不允许操作 ${operation}`);
+        return { allowed: false, reason: `授权 ${grant.grant_id} 不允许操作 ${operation}` };
+    }
+    if (!grant.sensitivity_allowed.includes(sensitivity)) {
+        console.error(`[soloForge] 隐私契约: 授权权限拒绝 — 不允许敏感等级 ${sensitivity}`);
+        return { allowed: false, reason: `授权 ${grant.grant_id} 不允许敏感等级 ${sensitivity}` };
+    }
+    console.error(`[soloForge] 隐私契约: 授权权限通过`);
+    return { allowed: true, reason: "" };
+}
+// ── Redaction ──
+/**
+ * 对内容进行脱敏处理。
+ * @param content - 原始内容
+ * @param label - 敏感标签
+ * @param sourceRef - 来源引用（可选）
+ * @returns 脱敏结果和脱敏记录
+ */
+export function redactContent(content, label, sourceRef) {
+    console.error(`[soloForge] 隐私契约: 开始内容脱敏 — 等级: ${label}, 来源: ${sourceRef ?? "未知"}`);
+    let redacted = content;
+    const fieldsRedacted = [];
+    if (label === "secret" || label === "credential") {
+        redacted = "***REDACTED***";
+        fieldsRedacted.push("all");
+    }
+    else if (label === "pii") {
+        redacted = redactPII(content);
+        fieldsRedacted.push("phone", "email", "id_number", "address");
+    }
+    else if (label === "customer_data" || label === "production_data") {
+        redacted = summarizeOnly(content);
+        fieldsRedacted.push("raw_data");
+    }
+    else if (label === "confidential") {
+        redacted = summarizeOnly(content);
+        fieldsRedacted.push("details");
+    }
+    return {
+        redacted,
+        record: {
+            source_ref: sourceRef ?? "",
+            redaction_type: labelToRedactionType(label),
+            after_hash: simpleHash(redacted),
+            fields_redacted: fieldsRedacted,
+        },
+    };
+}
+function redactPII(text) {
+    let result = text;
+    // 手机号: 138****1234
+    result = result.replace(/1[3-9]\d(\d{4})\d{4}/g, (m, last) => m.slice(0, 3) + "****" + last);
+    // 邮箱: a***@domain.com
+    result = result.replace(/([\w.+-])[\w.+-]*@([\w-]+\.[\w.]+)/g, (_, first, domain) => first + "***@" + domain);
+    // 身份证号: 保留后 4 位
+    result = result.replace(/\b\d{14}(\d{4})\b/g, "**************$1");
+    // Address: keep city-level (省/市 + following district, redact detail)
+    result = result.replace(/([\u4e00-\u9fa5]{2,6}(?:省|市|自治区|特别行政区))([\u4e00-\u9fa5]{2,6}(?:市|区|县|镇))([\u4e00-\u9fa5\d]+路?[\u4e00-\u9fa5\d]+)/g, "$1$2***");
+    return result;
+}
+function summarizeOnly(text) {
+    if (text.length <= 100)
+        return `[摘要] ${text.slice(0, 50)}...`;
+    return `[摘要] ${text.slice(0, 80)}... (共 ${text.length} 字符)`;
+}
+function labelToRedactionType(label) {
+    const map = {
+        secret: "secret_mask",
+        credential: "credential_removed",
+        pii: "pii_mask",
+        customer_data: "customer_data_summary",
+        production_data: "production_data_summary",
+        confidential: "path_only",
+    };
+    return map[label] ?? "hash_only";
+}
+function simpleHash(text) {
+    return crypto.createHash("sha256").update(text).digest("hex").slice(0, 16);
+}
+// ── External send check ──
+/**
+ * 检查内容是否可以外部发送。
+ * @param content - 待发送内容
+ * @param sensitivity - 敏感标签
+ * @param grants - 授权列表
+ * @returns 外发检查结果
+ */
+export function checkExternalSend(content, sensitivity, grants) {
+    console.error(`[soloForge] 隐私契约: 检查外发许可 — 等级: ${sensitivity.label}`);
+    const handling = CONTEXT_HANDLING[sensitivity.label].external_send;
+    if (handling === "forbidden") {
+        console.error(`[soloForge] 隐私契约: 外发拒绝 — 等级 ${sensitivity.label} 禁止外发`);
+        return { allowed: false, reason: `敏感等级 ${sensitivity.label} 禁止外发`, requiresRedaction: false };
+    }
+    if (handling === "allow") {
+        return { allowed: true, reason: "", requiresRedaction: false };
+    }
+    // require_human — 检查授权
+    for (const grant of grants) {
+        const perm = checkGrantPermission(grant, "external_send", sensitivity.label);
+        if (perm.allowed) {
+            console.error(`[soloForge] 隐私契约: 外发通过 — 授权 ${grant.grant_id} 允许（已脱敏）`);
+            const { redacted, record } = redactContent(content, sensitivity.label);
+            return { allowed: true, reason: `授权 ${grant.grant_id} 允许外发（已脱敏）`, requiresRedaction: true, redactedContent: redacted };
+        }
+    }
+    console.error(`[soloForge] 隐私契约: 外发拒绝 — 等级 ${sensitivity.label} 需要人工授权`);
+    return {
+        allowed: false,
+        reason: `敏感等级 ${sensitivity.label} 需要人工授权才能外发`,
+        requiresRedaction: true,
+    };
+}
+// ── Prompt injection check ──
+/**
+ * 检查数据是否可以注入 prompt。
+ * @param sensitivity - 敏感标签
+ * @param grants - 授权列表
+ * @returns 注入检查结果
+ */
+export function checkPromptInjection(sensitivity, grants) {
+    console.error(`[soloForge] 隐私契约: 检查 prompt 注入许可 — 等级: ${sensitivity.label}`);
+    const handling = CONTEXT_HANDLING[sensitivity.label].prompt_injection;
+    if (handling === "forbidden") {
+        console.error(`[soloForge] 隐私契约: 注入拒绝 — 等级 ${sensitivity.label} 禁止注入 prompt`);
+        return { allowed: false, reason: `敏感等级 ${sensitivity.label} 禁止注入 prompt`, handling };
+    }
+    if (handling === "allow") {
+        return { allowed: true, reason: "", handling };
+    }
+    // 检查 prompt_inject 授权
+    for (const grant of grants) {
+        const perm = checkGrantPermission(grant, "prompt_inject", sensitivity.label);
+        if (perm.allowed) {
+            return { allowed: true, reason: `授权 ${grant.grant_id} 允许注入（${handling}）`, handling };
+        }
+    }
+    console.error(`[soloForge] 隐私契约: 注入拒绝 — 等级 ${sensitivity.label} 需要 ${handling} 处理`);
+    return { allowed: false, reason: `敏感等级 ${sensitivity.label} 需要 ${handling} 处理`, handling };
+}
+// ── Chinese feedback ──
+/**
+ * 构建隐私处理反馈信息。
+ * @param options - 反馈选项
+ * @returns 格式化的反馈文本
+ */
+export function buildPrivacyFeedback(options) {
+    console.error(`[soloForge] 隐私契约: 构建隐私反馈 — 未读: ${options.notRead.length}, 脱敏: ${options.redacted.length}, 需授权: ${options.requiresAuth.length}`);
+    const lines = [];
+    if (options.notRead.length > 0) {
+        lines.push(`未读取的内容: ${options.notRead.join(", ")}`);
+    }
+    if (options.redacted.length > 0) {
+        lines.push(`已脱敏的内容: ${options.redacted.join(", ")}`);
+    }
+    if (options.requiresAuth.length > 0) {
+        lines.push(`需要授权的内容: ${options.requiresAuth.join(", ")}`);
+    }
+    if (options.notInPrompt.length > 0) {
+        lines.push(`未进入 prompt 的内容: ${options.notInPrompt.join(", ")}`);
+    }
+    if (options.blocked) {
+        lines.push(`⚠️ 存在敏感信息阻断`);
+    }
+    if (options.externalRedaction) {
+        lines.push(`外发前已完成 redaction check`);
+    }
+    return lines.join("\n");
+}
+// ── Governance validation ──
+/**
+ * 验证隐私契约合规性。
+ * @param options.sensitivities - 敏感标签列表
+ * @param options.grants - 授权列表
+ * @param options.redactionRecords - 脱敏记录列表
+ * @param options.promptInjections - prompt 注入列表
+ * @param options.taskContextStores - 任务上下文存储列表
+ * @param options.artifactStores - 产物存储列表
+ * @param options.externalSends - 外部发送列表
+ * @returns 治理发现列表
+ */
+/**
+ * 验证隐私契约合规性。
+ * @param options - 验证选项
+ * @returns 验证结果，包含合规检查项和发现的问题
+ */
+export function validatePrivacyContract(options) {
+    const findings = [];
+    console.error(`[soloForge] 隐私契约: 开始治理验证 — 检查 ${options.sensitivities.length} 个敏感来源`);
+    // 规则 1: secret 不得进入 prompt
+    for (const inj of options.promptInjections) {
+        if (inj.label === "secret" || inj.label === "credential") {
+            findings.push({
+                severity: "hard_fail",
+                rule: "gc-secret-no-prompt",
+                source_ref: inj.source_ref,
+                message: `secret/credential (${inj.label}) 不得注入 prompt — ${inj.source_ref}`,
+            });
+        }
+    }
+    // 规则 2: secret 不得写入 TaskContext
+    for (const store of options.taskContextStores) {
+        if (store.label === "secret" || store.label === "credential") {
+            findings.push({
+                severity: "hard_fail",
+                rule: "gc-secret-no-taskcontext",
+                source_ref: store.source_ref,
+                message: `secret/credential (${store.label}) 不得写入 TaskContext — ${store.source_ref}`,
+            });
+        }
+    }
+    // 规则 3: secret 不得写入 artifact/report
+    for (const art of options.artifactStores) {
+        if (art.label === "secret" || art.label === "credential") {
+            findings.push({
+                severity: "hard_fail",
+                rule: "gc-secret-no-artifact",
+                source_ref: art.source_ref,
+                message: `secret/credential (${art.label}) 不得写入 artifact — ${art.source_ref}`,
+            });
+        }
+    }
+    // 规则 4: PII 未脱敏外发
+    for (const ext of options.externalSends) {
+        if (ext.label === "pii" || ext.label === "customer_data" || ext.label === "production_data") {
+            const hasRedaction = options.redactionRecords.some((r) => r.source_ref === ext.source_ref);
+            if (!hasRedaction) {
+                findings.push({
+                    severity: "hard_fail",
+                    rule: "gc-pii-no-unredacted-external",
+                    source_ref: ext.source_ref,
+                    message: `${ext.label} 未脱敏不得外发 — ${ext.source_ref}`,
+                });
+            }
+        }
+    }
+    // 规则 5: secret 外发 hard fail
+    for (const ext of options.externalSends) {
+        if (ext.label === "secret" || ext.label === "credential") {
+            findings.push({
+                severity: "hard_fail",
+                rule: "gc-secret-no-external",
+                source_ref: ext.source_ref,
+                message: `secret/credential (${ext.label}) 外发 hard fail — ${ext.source_ref}`,
+            });
+        }
+    }
+    // 规则 6: DataAccessGrant 过期后不得使用
+    for (const grant of options.grants) {
+        if (isGrantExpired(grant)) {
+            findings.push({
+                severity: "hard_fail",
+                rule: "gc-grant-expired",
+                source_ref: grant.grant_id,
+                message: `授权 ${grant.grant_id} 已过期，不得继续使用`,
+            });
+        }
+    }
+    // 规则 7: unknown sensitivity 不能当 public
+    for (const s of options.sensitivities) {
+        if (s.label === "unknown" && s.handling === "allow") {
+            findings.push({
+                severity: "hard_fail",
+                rule: "gc-unknown-not-public",
+                source_ref: s.source_ref,
+                message: `unknown sensitivity 不能当做 public 处理 — ${s.source_ref}`,
+            });
+        }
+    }
+    // 规则 8: private evidence 不得注入 prompt
+    for (const s of options.sensitivities) {
+        if (s.label === "secret" || s.label === "credential") {
+            const injected = options.promptInjections.some((i) => i.source_ref === s.source_ref);
+            if (injected) {
+                findings.push({
+                    severity: "hard_fail",
+                    rule: "gc-private-no-prompt",
+                    source_ref: s.source_ref,
+                    message: `private evidence (${s.label}) 不得注入 prompt — ${s.source_ref}`,
+                });
+            }
+        }
+    }
+    // 规则 9: 每次脱敏必须有 RedactionRecord
+    const redactedSources = new Set(options.redactionRecords.map((r) => r.source_ref));
+    for (const s of options.sensitivities) {
+        if (s.handling === "redact" && !redactedSources.has(s.source_ref)) {
+            findings.push({
+                severity: "advisory",
+                rule: "gc-redaction-record-missing",
+                source_ref: s.source_ref,
+                message: `敏感来源 ${s.source_ref} 标记为脱敏但缺少 RedactionRecord`,
+            });
+        }
+    }
+    return findings;
+}
+// ── Unified Privacy Gate (硬门) ──
+const TEXT_SECRET_PATTERNS = [
+    { pattern: /sk-[a-zA-Z0-9]{32,}/, label: "secret", fields: ["api_key"] },
+    { pattern: /AKIA[0-9A-Z]{16}/, label: "credential", fields: ["aws_access_key"] },
+    { pattern: /aws_secret_access_key\s*=\s*['"][^'"]+['"]/, label: "credential", fields: ["aws_secret"] },
+    { pattern: /password\s*=\s*['"][^'"]{4,}['"]/, label: "credential", fields: ["password"] },
+    { pattern: /secret_key\s*=\s*['"][^'"]+['"]/, label: "secret", fields: ["secret_key"] },
+    { pattern: /jwt_secret\s*=\s*['"][^'"]+['"]/, label: "secret", fields: ["jwt_secret"] },
+    { pattern: /1[3-9]\d{9}/, label: "pii", fields: ["phone"] },
+    { pattern: /[\w.+-]+@[\w-]+\.[\w.]+/, label: "pii", fields: ["email"] },
+    { pattern: /\b\d{17}[\dXx]\b/, label: "pii", fields: ["id_number"] },
+    // 生产数据模式
+    { pattern: /production\.log|prod-\w+\.\w+|\bproduction\s+data\b/i, label: "production_data", fields: ["production_log"] },
+    { pattern: /SELECT\s+.{1,}?\s+FROM\s+/is, label: "production_data", fields: ["sql_query"] },
+    { pattern: /database\s+dump|db\s+dump|\bdb_dump\b/i, label: "production_data", fields: ["database_dump"] },
+    { pattern: /API\s+Response:\s*\{/i, label: "production_data", fields: ["api_response"] },
+    // 客户数据模式
+    { pattern: /email,\s*phone,\s*name|name,\s*email,\s*phone/i, label: "customer_data", fields: ["customer_csv"] },
+    { pattern: /user_id["']?\s*:\s*\d+.*["']?email["']?\s*:/i, label: "customer_data", fields: ["user_export"] },
+    { pattern: /customer.*export|export.*customer/i, label: "customer_data", fields: ["customer_export"] },
+];
+/**
+ * 扫描文本中的敏感信息。
+ * @param text - 待扫描文本
+ * @param sourceRef - 来源引用
+ * @returns 检测到的敏感标签列表
+ */
+export function scanTextSensitivity(text, sourceRef) {
+    console.error(`[soloForge] 隐私契约: 扫描文本敏感信息 — 来源: ${sourceRef}`);
+    const labels = [];
+    for (const { pattern, label, fields } of TEXT_SECRET_PATTERNS) {
+        if (pattern.test(text)) {
+            labels.push({
+                label,
+                source_ref: sourceRef,
+                detected_by: [`text_pattern:${fields.join(",")}`],
+                confidence: 0.85,
+                handling: (label === "pii" || label === "production_data" || label === "customer_data") ? "require_human" : "forbidden",
+            });
+        }
+    }
+    return labels;
+}
+/**
+ * 扫描来源引用的敏感等级。
+ * @param sourceRef - 来源引用路径
+ * @returns 数据敏感标签
+ */
+export function scanSourceRefSensitivity(sourceRef) {
+    console.error(`[soloForge] 隐私契约: 扫描来源敏感等级 — ${sourceRef}`);
+    return detectSensitivity(sourceRef);
+}
+/**
+ * 对文本中的敏感信息进行脱敏处理。
+ * @param text - 原始文本
+ * @param sourceRef - 来源引用（可选）
+ * @returns 脱敏结果和脱敏记录
+ */
+export function redactSensitiveText(text, sourceRef) {
+    let result = text;
+    const records = [];
+    const fieldsRedacted = [];
+    console.error(`[soloForge] 隐私契约: 开始文本脱敏 — 来源: ${sourceRef ?? '未知'}`);
+    // API 密钥 / 令牌
+    if (/sk-[a-zA-Z0-9]{32,}/.test(result)) {
+        result = result.replace(/sk-[a-zA-Z0-9]{32,}/g, "sk-****REDACTED****");
+        fieldsRedacted.push("api_key");
+    }
+    // AWS 访问密钥
+    if (/AKIA[0-9A-Z]{16}/.test(result)) {
+        result = result.replace(/AKIA[0-9A-Z]{16}/g, "AKIA****REDACTED****");
+        fieldsRedacted.push("aws_access_key");
+    }
+    // AWS 秘密访问密钥值
+    result = result.replace(/(aws_secret_access_key\s*=\s*['"])[^'"]+(['"])/g, "$1****REDACTED****$2");
+    // 密码值
+    result = result.replace(/(password\s*=\s*['"])[^'"]{4,}(['"])/gi, "$1****REDACTED****$2");
+    // 密钥值
+    result = result.replace(/(secret_key\s*=\s*['"])[^'"]+(['"])/gi, "$1****REDACTED****$2");
+    // JWT 密钥值
+    result = result.replace(/(jwt_secret\s*=\s*['"])[^'"]+(['"])/gi, "$1****REDACTED****$2");
+    // 个人身份信息
+    const piiResult = redactPII(result);
+    if (piiResult !== result) {
+        result = piiResult;
+        fieldsRedacted.push("phone", "email", "id_number", "address");
+    }
+    if (fieldsRedacted.length > 0) {
+        console.error(`[soloForge] 隐私契约: 文本脱敏完成 — 脱敏字段: ${fieldsRedacted.join(", ")}`);
+        records.push({
+            source_ref: sourceRef ?? "",
+            redaction_type: "secret_mask",
+            after_hash: simpleHash(result),
+            fields_redacted: [...new Set(fieldsRedacted)],
+        });
+    }
+    return { redacted: result, records };
+}
+/**
+ * 评估统一隐私门禁。
+ * @param params.intent - 用户意图文本（可选）
+ * @param params.input_materials - 输入材料（可选）
+ * @param params.prompt_sources - prompt 来源（可选）
+ * @param params.task_context_stores - 任务上下文存储（可选）
+ * @param params.artifact_stores - 产物存储（可选）
+ * @param params.external_sends - 外部发送列表（可选）
+ * @param params.grants - 授权列表（可选）
+ * @returns 隐私门禁结果
+ */
+/**
+ * 评估隐私门禁，决定是否阻断操作。
+ * @param options - 门禁评估选项
+ * @returns 门禁结果，包含是否通过、阻断源和警告
+ */
+export function evaluatePrivacyGate(params) {
+    const findings = [];
+    const blockedSources = [];
+    console.error(`[soloForge] 隐私契约: 开始隐私门禁评估`);
+    const allLabels = [];
+    const redactionRecords = [];
+    let hardFail = false;
+    // 扫描意图文本
+    if (params.intent) {
+        const intentLabels = scanTextSensitivity(params.intent, "intent");
+        for (const l of intentLabels) {
+            allLabels.push(l);
+            if (l.label === "secret" || l.label === "credential") {
+                hardFail = true;
+                blockedSources.push("intent");
+                findings.push({ severity: "hard_fail", rule: "gc-intent-secret", source_ref: "intent", message: `用户意图包含 ${l.label}（${l.detected_by.join(", ")}），禁止执行` });
+            }
+        }
+    }
+    // 按来源引用扫描输入材料
+    if (params.input_materials) {
+        for (const m of params.input_materials) {
+            const refLabel = scanSourceRefSensitivity(m.path_or_ref);
+            allLabels.push(refLabel);
+            if (refLabel.handling === "forbidden") {
+                hardFail = true;
+                blockedSources.push(m.path_or_ref);
+                findings.push({ severity: "hard_fail", rule: "gc-material-forbidden", source_ref: m.path_or_ref, message: `输入材料 ${m.path_or_ref} 匹配禁止模式（${refLabel.label}），禁止读取` });
+            }
+            else if (refLabel.handling === "require_human") {
+                const hasGrant = (params.grants ?? []).some(g => isGrantValid(g) && g.sensitivity_allowed.includes(refLabel.label) && g.allowed_operations.includes("read"));
+                if (!hasGrant) {
+                    blockedSources.push(m.path_or_ref);
+                    findings.push({ severity: "advisory", rule: "gc-material-requires-confirmation", source_ref: m.path_or_ref, message: `输入材料 ${m.path_or_ref} 标记为 ${refLabel.label}，需人工确认后读取` });
+                }
+            }
+            // 如果提供了内容也进行扫描
+            if (m.content) {
+                const contentLabels = scanTextSensitivity(m.content, m.path_or_ref);
+                for (const cl of contentLabels) {
+                    if (cl.label === "secret" || cl.label === "credential") {
+                        hardFail = true;
+                        blockedSources.push(m.path_or_ref);
+                        findings.push({ severity: "hard_fail", rule: "gc-content-secret", source_ref: m.path_or_ref, message: `输入材料内容包含 ${cl.label}（${cl.detected_by.join(", ")}），禁止执行` });
+                    }
+                    allLabels.push(cl);
+                }
+            }
+        }
+    }
+    // 检查 task_context_stores 是否包含敏感内容
+    if (params.task_context_stores) {
+        for (const s of params.task_context_stores) {
+            if (s.content) {
+                const labels = scanTextSensitivity(s.content, s.source_ref);
+                for (const l of labels) {
+                    if (l.label === "secret" || l.label === "credential") {
+                        hardFail = true;
+                        findings.push({ severity: "hard_fail", rule: "gc-taskcontext-secret", source_ref: s.source_ref, message: `TaskContext 写入内容包含 ${l.label}，禁止保存` });
+                    }
+                }
+            }
+        }
+    }
+    // 检查外发内容
+    if (params.external_sends) {
+        for (const e of params.external_sends) {
+            const labels = e.content ? scanTextSensitivity(e.content, e.source_ref) : [];
+            const refLabel = scanSourceRefSensitivity(e.source_ref);
+            if (refLabel.label === "secret" || refLabel.label === "credential") {
+                hardFail = true;
+                findings.push({ severity: "hard_fail", rule: "gc-external-secret", source_ref: e.source_ref, message: `外发来源 ${e.source_ref} 标记为 ${refLabel.label}，禁止外发` });
+            }
+            for (const l of labels) {
+                if (l.label === "secret" || l.label === "credential") {
+                    hardFail = true;
+                    findings.push({ severity: "hard_fail", rule: "gc-external-content-secret", source_ref: e.source_ref, message: `外发内容包含 ${l.label}，禁止外发` });
+                }
+            }
+        }
+    }
+    // 如有需要，脱敏意图文本
+    let redactedText;
+    if (params.intent) {
+        const { redacted, records } = redactSensitiveText(params.intent, "intent");
+        if (records.length > 0) {
+            redactedText = redacted;
+            redactionRecords.push(...records);
+        }
+    }
+    if (hardFail) {
+        console.error(`[soloForge] 隐私契约: 隐私门禁阻断 — 发现 ${blockedSources.length} 个阻断源`);
+    }
+    else if (findings.length > 0) {
+        console.error(`[soloForge] 隐私契约: 隐私门禁通过 — 但有 ${findings.length} 个警告`);
+    }
+    else {
+        console.error(`[soloForge] 隐私契约: 隐私门禁通过`);
+    }
+    return {
+        allowed: !hardFail,
+        hard_fail: hardFail,
+        blocked_sources: [...new Set(blockedSources)],
+        findings,
+        redacted_text: redactedText,
+        redaction_records: redactionRecords,
+        labels: allLabels,
+    };
+}
+//# sourceMappingURL=privacy_secret_contract.js.map