Graphorin API reference v0.7.0
Graphorin API reference / @graphorin/security / / SupplyChainPolicy
Interface: SupplyChainPolicy
Defined in: packages/security/src/supply-chain/types.ts:122
Allow / deny / framework-denylist policy resolved from the operator configuration.
Stable
Properties
| Property | Modifier | Type | Description | Defined in |
|---|---|---|---|---|
allowlist? | readonly | readonly string[] | - | packages/security/src/supply-chain/types.ts:123 |
denylist? | readonly | readonly string[] | - | packages/security/src/supply-chain/types.ts:124 |
graphorinDenylist? | readonly | "off" | "auto" | 'auto' is reserved for the post-MVP optional pull from a framework-curated denylist. The MVP only supports the operator- managed denylist; 'off' is the only practical value. | packages/security/src/supply-chain/types.ts:130 |
precedence? | readonly | "allow-wins" | "deny-wins" | Conflict resolution when a package matches BOTH the allowlist and a deny list. 'allow-wins' (the default) lets the allowlist short-circuit, so an operator can deny a whole scope yet allow specific exceptions inside it. 'deny-wins' evaluates the deny lists first, so an explicit denylist entry is never overridden by a broad allowlist glob - the safer posture when the denylist is the security-critical list. SPL-20: defaults to 'allow-wins' (byte-identical to prior behaviour). | packages/security/src/supply-chain/types.ts:141 |