Taint Rules

Taint rules restrict data flow between capabilities. Data is labeled with taint labels; rules prevent labeled data from flowing to certain destinations.

Schema

taint_rules:
  - name: string
    deny_flow:
      from_labels: [string]
      to_capabilities: [string]

Fields

name

Rule identifier. Used in audit logs.

deny_flow

Defines the forbidden data flow.

FieldDescription
from_labelsSource taint labels
to_capabilitiesDestination capabilities that cannot receive this data

How It Works

  1. Capabilities define taint_labels on their responses
  2. The proxy tracks which data has which labels
  3. Before executing a request, the proxy checks if any input data has labels that are denied flow to the target capability
  4. If a violation is detected, the request is blocked

Example

Prevent contact information from being sent to an LLM:

capabilities:
  - name: crm-lookup
    api:
      method: GET
      url_pattern: "https://crm.example.com/contacts/**"
    taint_labels: [contact_info, pii]

  - name: llm-chat
    api:
      method: POST
      url_pattern: "https://api.openai.com/v1/chat/completions"
    taint_labels: []

taint_rules:
  - name: no-pii-to-llm
    deny_flow:
      from_labels: [pii, contact_info]
      to_capabilities: [llm-chat]

With this configuration:

  • Data from crm-lookup is labeled contact_info and pii
  • Any request to llm-chat containing this data is blocked
  • The audit log records the blocked flow attempt