Graphorin API reference v0.4.0
Graphorin API reference / @graphorin/security / / deriveTaintLabel
Function: deriveTaintLabel()
ts
function deriveTaintLabel(input): TaintLabel;Defined in: packages/security/src/dataflow/derive.ts:33
Derive the provenance label for a tool's output from its resolved trust class, source, and declared sensitivity.
untrustedis keyed off the ToolTrustClass:mcp-derived,web-search, andskill-untrustedproduce untrusted output.sensitiveistrueonly for the'secret'tier.'internal'is the default tier for ordinary user content, so counting it would make the lethal-trifecta gate fire on essentially every run; operators who want a broader gate widen it via policy, not here.
Parameters
| Parameter | Type |
|---|---|
input | { sensitivity?: Sensitivity; source?: ToolSource; trustClass: ToolTrustClass; } |
input.sensitivity? | Sensitivity |
input.source? | ToolSource |
input.trustClass | ToolTrustClass |