Graphorin API reference v0.4.0
Graphorin API reference / @graphorin/tools / / DataFlowGuard
Interface: DataFlowGuard
Defined in: packages/tools/src/executor/executor.ts:180
Provenance / data-flow guard the executor consults at the tool boundary. Decisions and per-run taint state live in the implementation; the executor only enforces the DataFlowVerdict and audits it. See @graphorin/security/dataflow.
Methods
inspect()
inspect(input): DataFlowVerdict;Defined in: packages/tools/src/executor/executor.ts:187
Sink gate: decide whether a side-effecting / external-stateful tool may run given what untrusted/sensitive content has entered the run. Called only for sinks. Pure w.r.t. the executor (no I/O); the executor emits the audit row and enforces a 'block'.
Parameters
| Parameter | Type |
|---|---|
input | DataFlowInspectInput |
Returns
record()
record(input): void;Defined in: packages/tools/src/executor/executor.ts:192
Record one successful output's provenance so later sink gates can detect untrusted-to-sink flows. Called for every successful result.
Parameters
| Parameter | Type |
|---|---|
input | DataFlowRecordInput |
Returns
void