Graphorin API reference / @graphorin/security / / createDataFlowPolicy

Function: createDataFlowPolicy()

function createDataFlowPolicy(config): DataFlowPolicy;

Defined in: packages/security/src/dataflow/policy.ts:52

Build a DataFlowPolicy from config.

Decision procedure for a sink call:

mode === 'off' or the tool is not a sink → allow.
Arguments carry untrusted content verbatim → untrusted-to-sink.
Else, if guardTrifecta (default on) and both untrusted and secret-tier content have entered the run → lethal-trifecta.
No tainted flow → allow.
A tainted flow into a declassifySinks sink → declassify (audited, allowed). Otherwise 'shadow' → flag (audited, allowed), 'enforce' → block.

Parameters

Parameter	Type
`config`	`DataFlowPolicyConfig`

Returns

DataFlowPolicy

errors

Classes

Type Aliases

evaluator-optimizer

Interfaces

Type Aliases

Functions

factory

Functions

fallback

Interfaces

Type Aliases

Functions

fanout

Interfaces

Type Aliases

Functions

filters

Interfaces

Variables

Functions

preferred-model

Interfaces

Functions

progress

Interfaces

Functions

run-state

Interfaces

Variables

Functions

client

Classes

Interfaces

Type Aliases

errors

Classes

Type Aliases

reconnect

Interfaces

Functions

cli

Interfaces

Type Aliases

Functions

loaders

Functions

errors

Classes

Interfaces

Type Aliases

conflict

Variables

errors

Classes

facade

Interfaces

Functions

tools

Interfaces

Functions

openinference

Type Aliases

Variables

Functions

redaction

imperative-patterns

Interfaces

Type Aliases

Variables

Functions

patterns

Interfaces

Type Aliases

Variables

telemetry

Interfaces

Functions

client-message

Type Aliases