Skip to content

Graphorin API reference v0.7.0


Graphorin API reference / @graphorin/security / / createTaintLedger

Function: createTaintLedger()

ts
function createTaintLedger(opts?): TaintLedger;

Defined in: packages/security/src/dataflow/ledger.ts:92

Create a run-scoped TaintLedger.

Verbatim detection is a bounded shingle intersection: an output is tracked only when its normalized length is ≥ minSpanLength, and the total tracked text is FIFO-capped at maxTrackedChars (oldest spans evicted first). Comparison runs over an NFKC + alphanumeric-only fold (SDF-11), so case, whitespace, inserted punctuation, zero-width and fullwidth-homoglyph obfuscation do not defeat it. Detection is therefore best-effort - it catches verbatim / near-verbatim forwarding of untrusted content, not aggressive paraphrase or cross-script confusables, and degrades gracefully past the budget. The conservative TaintLedger.untrustedSeen/sensitiveSeen flags are never lossy: they are the load-bearing signal for the lethal-trifecta gate.

Parameters

ParameterTypeDescription
opts?{ initial?: TaintLedgerSnapshot; maxTrackedChars?: number; minSpanLength?: number; piiSensitivity?: (text) => boolean; }-
opts.initial?TaintLedgerSnapshotAG-19: rehydrate the coarse trifecta-gate flags from a prior TaintLedger.snapshot, so a resumed run does not start with an empty ledger that silently un-gates sinks exposed before the suspend. Spans are not restored (they are untrusted text and are not persisted), so the verbatim-carry probe restarts while the load-bearing gate is preserved.
opts.maxTrackedChars?number-
opts.minSpanLength?number-
opts.piiSensitivity?(text) => booleanSDF-8 / FIDES-lattice: optional predicate run over each tool output. When it returns true, the read counts toward sensitiveSeen even if the tool's declared sensitivity is not 'secret' - so PII/user-content exfiltration trips the lethal-trifecta leg. Wire containsPii here to opt in; omit for byte-identical behaviour.

Returns

TaintLedger

Stable