834c6db075
Some checks failed
Workflow Lint / actionlint (push) Has been cancelled
Build CI Image / build (push) Has been cancelled
Skill Docs Freshness / check-freshness (push) Has been cancelled
Periodic Evals / build-image (push) Has been cancelled
Periodic Evals / evals (map[file:test/codex-e2e.test.ts name:e2e-codex]) (push) Has been cancelled
Periodic Evals / evals (map[file:test/gemini-e2e.test.ts name:e2e-gemini]) (push) Has been cancelled
Periodic Evals / evals (map[file:test/skill-e2e-design.test.ts name:e2e-design]) (push) Has been cancelled
Periodic Evals / evals (map[file:test/skill-e2e-plan.test.ts name:e2e-plan]) (push) Has been cancelled
Periodic Evals / evals (map[file:test/skill-e2e-qa-bugs.test.ts name:e2e-qa-bugs]) (push) Has been cancelled
Periodic Evals / evals (map[file:test/skill-e2e-qa-workflow.test.ts name:e2e-qa-workflow]) (push) Has been cancelled
Periodic Evals / evals (map[file:test/skill-e2e-review.test.ts name:e2e-review]) (push) Has been cancelled
Periodic Evals / evals (map[file:test/skill-e2e-workflow.test.ts name:e2e-workflow]) (push) Has been cancelled
Periodic Evals / evals (map[file:test/skill-routing-e2e.test.ts name:e2e-routing]) (push) Has been cancelled
Source: https://github.com/garrytan/gstack/commit/026751e
45 lines
1.9 KiB
SQL
45 lines
1.9 KiB
SQL
-- gstack attack telemetry — schema extension for prompt injection events.
|
|
--
|
|
-- Ships alongside the gstack-telemetry-log `--event-type attack_attempt`
|
|
-- flag (bin/gstack-telemetry-log, commits 28ce883c + f68fa4a9). These
|
|
-- columns are nullable so the existing skill_run events continue inserting
|
|
-- unchanged.
|
|
--
|
|
-- Fields (1:1 with gstack-telemetry-log flags):
|
|
-- security_url_domain — hostname only, never path/query
|
|
-- security_payload_hash — salted SHA-256 hex
|
|
-- security_confidence — 0..1 numeric, clamped client-side
|
|
-- security_layer — stackone_content | testsavant_content
|
|
-- | transcript_classifier | aria_regex | canary
|
|
-- | deberta_content
|
|
-- security_verdict — block | warn | log_only
|
|
--
|
|
-- Indices:
|
|
-- * (security_url_domain, event_timestamp) — for "top domains last 7 days"
|
|
-- * (security_layer, event_timestamp) WHERE event_type='attack_attempt'
|
|
-- — for layer-distribution queries
|
|
--
|
|
-- Privacy rules (enforced client-side, documented here):
|
|
-- * domain only, never path or query string
|
|
-- * payload_hash is a salted hash, not the payload
|
|
-- * salt is per-device local file (~/.gstack/security/device-salt) —
|
|
-- preventing cross-device rainbow table attacks
|
|
|
|
ALTER TABLE telemetry_events
|
|
ADD COLUMN security_url_domain TEXT,
|
|
ADD COLUMN security_payload_hash TEXT,
|
|
ADD COLUMN security_confidence NUMERIC,
|
|
ADD COLUMN security_layer TEXT,
|
|
ADD COLUMN security_verdict TEXT;
|
|
|
|
-- Top-domains query: ORDER BY count DESC WHERE event_type='attack_attempt'
|
|
-- AND event_timestamp > now() - interval '7 days'
|
|
CREATE INDEX idx_telemetry_attack_domain
|
|
ON telemetry_events (security_url_domain, event_timestamp)
|
|
WHERE event_type = 'attack_attempt';
|
|
|
|
-- Layer-distribution query
|
|
CREATE INDEX idx_telemetry_attack_layer
|
|
ON telemetry_events (security_layer, event_timestamp)
|
|
WHERE event_type = 'attack_attempt';
|