Graphorin API reference v0.7.0
Graphorin API reference / @graphorin/security / / TaintLedger
Interface: TaintLedger
Defined in: packages/security/src/dataflow/types.ts:123
Per-run taint state. Records the provenance of each tool output and answers two questions a sink check needs: has untrusted/sensitive content entered this run? and do these specific arguments carry untrusted content verbatim?
Implementations are stateful and run-scoped; create one per run.
Stable
Properties
| Property | Modifier | Type | Description | Defined in |
|---|---|---|---|---|
sensitiveSeen | readonly | boolean | true once any secret-tier output has entered the run. | packages/security/src/dataflow/types.ts:140 |
untrustedSeen | readonly | boolean | true once any untrusted-source output has entered the run. | packages/security/src/dataflow/types.ts:138 |
untrustedSourceKinds | readonly | readonly string[] | Distinct untrusted source kinds observed so far. | packages/security/src/dataflow/types.ts:142 |
Methods
inspectArgs()
inspectArgs(argsText): ArgsTaintProbe;Defined in: packages/security/src/dataflow/types.ts:136
Probe a sink's serialized arguments for verbatim untrusted carry.
Parameters
| Parameter | Type |
|---|---|
argsText | string |
Returns
recordAssistantOutput()?
optional recordAssistantOutput(text): void;Defined in: packages/security/src/dataflow/types.ts:134
C6: record the MODEL's own output as derived-untrusted once untrusted content has entered the run. Tracks the text as untrusted spans (source kind 'llm-derived') so a later sink call whose args copy the model's paraphrase-adjacent phrasing still trips the verbatim probe. No-op while the run is untainted. Optional so third-party ledgers keep compiling; the built-in ledger implements it.
Parameters
| Parameter | Type |
|---|---|
text | string |
Returns
void
recordOutput()
recordOutput(label, outputText): void;Defined in: packages/security/src/dataflow/types.ts:125
Record one tool output's provenance (and its text, if untrusted).
Parameters
| Parameter | Type |
|---|---|
label | TaintLabel |
outputText | string |
Returns
void
snapshot()
snapshot(): TaintLedgerSnapshot;Defined in: packages/security/src/dataflow/types.ts:150
Coarse, serializable summary of the load-bearing trifecta-gate signal - the untrusted/sensitive/source-kind flags only, never the tracked verbatim spans (those are untrusted text and must not be persisted). Used to rehydrate the ledger across a suspend/resume so the sink gate is not silently weakened on the HITL boundary (AG-19).