Skip to content

Graphorin API reference v0.7.0


Graphorin API reference / @graphorin/security / / TaintLedger

Interface: TaintLedger

Defined in: packages/security/src/dataflow/types.ts:123

Per-run taint state. Records the provenance of each tool output and answers two questions a sink check needs: has untrusted/sensitive content entered this run? and do these specific arguments carry untrusted content verbatim?

Implementations are stateful and run-scoped; create one per run.

Stable

Properties

PropertyModifierTypeDescriptionDefined in
sensitiveSeenreadonlybooleantrue once any secret-tier output has entered the run.packages/security/src/dataflow/types.ts:140
untrustedSeenreadonlybooleantrue once any untrusted-source output has entered the run.packages/security/src/dataflow/types.ts:138
untrustedSourceKindsreadonlyreadonly string[]Distinct untrusted source kinds observed so far.packages/security/src/dataflow/types.ts:142

Methods

inspectArgs()

ts
inspectArgs(argsText): ArgsTaintProbe;

Defined in: packages/security/src/dataflow/types.ts:136

Probe a sink's serialized arguments for verbatim untrusted carry.

Parameters

ParameterType
argsTextstring

Returns

ArgsTaintProbe


recordAssistantOutput()?

ts
optional recordAssistantOutput(text): void;

Defined in: packages/security/src/dataflow/types.ts:134

C6: record the MODEL's own output as derived-untrusted once untrusted content has entered the run. Tracks the text as untrusted spans (source kind 'llm-derived') so a later sink call whose args copy the model's paraphrase-adjacent phrasing still trips the verbatim probe. No-op while the run is untainted. Optional so third-party ledgers keep compiling; the built-in ledger implements it.

Parameters

ParameterType
textstring

Returns

void


recordOutput()

ts
recordOutput(label, outputText): void;

Defined in: packages/security/src/dataflow/types.ts:125

Record one tool output's provenance (and its text, if untrusted).

Parameters

ParameterType
labelTaintLabel
outputTextstring

Returns

void


snapshot()

ts
snapshot(): TaintLedgerSnapshot;

Defined in: packages/security/src/dataflow/types.ts:150

Coarse, serializable summary of the load-bearing trifecta-gate signal - the untrusted/sensitive/source-kind flags only, never the tracked verbatim spans (those are untrusted text and must not be persisted). Used to rehydrate the ledger across a suspend/resume so the sink gate is not silently weakened on the HITL boundary (AG-19).

Returns

TaintLedgerSnapshot