Skip to content

Graphorin API reference v0.8.0


Graphorin API reference / @graphorin/agent / / InboundTaintSeed

Interface: InboundTaintSeed

Defined in: packages/agent/src/types.ts:469

B1.5: message-borne untrusted input entering a run from a channel gateway. Stamped into the run's taint ledger at init, BEFORE the first step, so the data-flow policy's untrusted leg is armed even though the input arrives as a user MESSAGE rather than a tool output (the Rule-of-Two deliberately excludes ordinary user messages; channel peers are authenticated but their CONTENT is attacker-influenceable). Widen-only: it can add taint, never clear it.

Stable

Properties

PropertyModifierTypeDescriptionDefined in
sensitive?readonlybooleanAlso arm the sensitive leg (rare; widen-only).packages/agent/src/types.ts:481
sourceKind?readonlystringDescriptive source kind for audit trails, e.g. 'channel:telegram'. Default 'channel-inbound'.packages/agent/src/types.ts:479
textreadonlystringThe untrusted inbound text. Recorded as verbatim spans so a later sink call whose args copy the channel text trips the probe.packages/agent/src/types.ts:474