Graphorin API reference v0.12.1
Graphorin API reference / @graphorin/security / / DataFlowEvaluation
Interface: DataFlowEvaluation
Defined in: packages/security/src/dataflow/types.ts:257
The signal a DataFlowPolicy evaluates for one candidate sink call. Populated by the enforcement point from the resolved tool's metadata plus the run's TaintLedger.
Stable
Properties
| Property | Modifier | Type | Description | Defined in |
|---|---|---|---|---|
carriesUntrustedVerbatim | readonly | boolean | true when the sink's arguments carry untrusted content verbatim. | packages/security/src/dataflow/types.ts:273 |
sensitiveSeen | readonly | boolean | true when secret-tier content has entered the run. | packages/security/src/dataflow/types.ts:277 |
sideEffectClass | readonly | SideEffectClass | The sink's resolved side-effect class. | packages/security/src/dataflow/types.ts:261 |
sinkKind? | readonly | "tool" | "assistant-output" | B4 (item 14): what KIND of sink this evaluation describes. 'tool' (default when absent) - a tool call gated by its side-effect class. 'assistant-output' - the run's outgoing assistant text, a sink by definition regardless of side-effect class (the reply surface exfiltrates to whoever reads it). Declassify matching stays on toolName (e.g. the stable id 'assistant-output' in declassifySinks). | packages/security/src/dataflow/types.ts:271 |
sourceKinds | readonly | readonly string[] | Untrusted source kinds relevant to this flow (matched + observed). | packages/security/src/dataflow/types.ts:279 |
toolName | readonly | string | Name of the sink tool about to run (the stable sink id). | packages/security/src/dataflow/types.ts:259 |
untrustedSeen | readonly | boolean | true when untrusted content has entered the run. | packages/security/src/dataflow/types.ts:275 |