Keysat
2e70b34592
Phase 1 Workstream D. Lets the Architect ground the thesis in REAL recurring LP objections without any LP identity reaching the Claude API. Layered, defense-in-depth, fail-closed by construction (docs/redaction-rehydration.md). backend/redaction/: - scrub.py: the leak-proof core. Drops Tier-1 (labelled/structured account/wire/SSN/ IBAN/SWIFT/passport, separator-tolerant); tokenizes known LP entities (dictionary from the canonical layer, unicode-folded + hyphen-extended) and structured PII (emails, scheme-less/social URLs, intl+ext phones, currency-cued amounts, ISO/worded/numeric/ quarter dates, addresses, bare long digit runs); pre-neutralizes injected [TYPE_N] strings; single-pass rehydrate; metadata-only audit logging (the pseudonym map is the de-anon key — local-only, never logged/sent). Hardened across THREE adversarial leak-hunts (worded/coded amounts, intl phones, NFD/ligature/zero-width names, slash/ comma SSN, SWIFT, alpha-prefixed accounts, substance-preserving false-positive fixes). - client.py: Boundary — one scrub/rehydrate contract, SCRUB_BACKEND=local (default) or gateway (Spark Control /scrub + /rehydrate). Fails closed (db_path required; dictionary build errors propagate; strict rehydrate returns tokenized-not-de-anon text). - test_scrub_leak.py, test_reidentification.py: golden-file leak + re-identification suites (synthetic only, guardrail #9), regression-locking every leak-hunt vector. backend/mcp/architect_grounding.py: the flow — retrieve (local) -> minimize-first (local Qwen) -> scrub (+ local-Qwen NER backstop for unknown names) -> Claude over the de-identified register only -> re-hydrate locally -> human review. FAILS CLOSED if the local model is unreachable or a hallucinated token appears. test_grounding_boundary.py proves nothing sensitive reaches Claude and the three fail-closed paths. server.py: POST /api/architect/ground (admin) wires retrieval -> ground_objections. docker_entrypoint.sh: SCRUB_BACKEND (default local). docs/spark-control-scrub-endpoints.md: the gateway handover spec (Option 1 — caller supplies the entity dictionary). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
30 lines
1.8 KiB
TypeScript
30 lines
1.8 KiB
TypeScript
// Informational constants shared across the startos/ modules.
|
|
// The authoritative id, title and version for the package come
|
|
// from manifest/index.ts (id, title) and versions/ (version).
|
|
export const PACKAGE_ID = 'ten-database'
|
|
export const PACKAGE_TITLE = 'Ten31 Database'
|
|
// ExVer form of the current 0.4 wrapper release (upstream 0.1.0, wrapper rev 44).
|
|
// * 0.3.5 wrapper: 0.1.0.38 (legacy, aarch64)
|
|
// * First 0.4: 0.1.0:39 (shipped seed snapshot for migration)
|
|
// * Cleanup: 0.1.0:40 (seed removed + multi-threaded server + abuser auto-ban)
|
|
// * 0.1.0:41 (frontend persists auth across refreshes)
|
|
// * 0.1.0:42 (Gmail integration) / 0.1.0:43 (Gmail POST-body hotfix)
|
|
// * 0.1.0:44 (Phase-0 ingest + MCP server in image; build-index action)
|
|
// * 0.1.0:45 (Phase-1 thesis system; dual approval; merge review; in-app index)
|
|
// * 0.1.0:46 (packaging fix: ship full backend so migrations run + endpoints work)
|
|
// * 0.1.0:47 (soft-delete instead of hard-delete; source-count diagnostics)
|
|
// * 0.1.0:48 (entity model: investors vs people; fixes double-count)
|
|
// * 0.1.0:49 (Architect: Claude thesis generation + Thesis Workshop screen)
|
|
// * 0.1.0:50 (Set Anthropic API Key UI action — no terminal needed)
|
|
// * 0.1.0:51 (entity-resolution fix: people double-count + duplicate queue)
|
|
// * 0.1.0:52 (grid/contacts unification: contact_id link + grid as front door)
|
|
// * 0.1.0:53 (seed v5 thesis into the Architect Workshop)
|
|
// * 0.1.0:54 (unification polish: LinkedIn in grid inline contact editor)
|
|
// * Current: 0.1.0:55 (Architect grounding boundary: redaction/re-hydration privacy gate)
|
|
export const PACKAGE_VERSION = '0.1.0:55'
|
|
|
|
export const DATA_MOUNT_PATH = '/data'
|
|
export const WEB_PORT = 8080
|
|
export const IMAGE_ID = 'main'
|
|
export const VOLUME_ID = 'main'
|