UNPKG

@copilotkit/runtime

Version:

<img src="https://github.com/user-attachments/assets/0a6b64d9-e193-4940-a3f6-60334ac34084" alt="banner" style="border-radius: 12px; border: 2px solid #d6d4fa;" />

54 lines (53 loc) 2.43 kB
//#region src/v2/runtime/handlers/header-utils.d.ts /** * Fully-resolved inbound-header forwarding policy read by the call sites. * * Distinct from the public `ForwardHeadersConfig` option an integrator passes: * the runtime resolves that option ONCE in its constructor into this shape * (lowercasing names/prefixes, defaulting `useDefaultDenylist`, building the * `allow` set) so the predicate stays branch-simple and the policy can never be * re-resolved divergently at a call site. See `resolveForwardHeadersPolicy`. */ interface ResolvedForwardHeadersPolicy { /** When true, the built-in infra/platform denylist is active. */ useDefaultDenylist: boolean; /** Extra exact names to strip (lowercased). */ denyNames: ReadonlySet<string>; /** Extra prefixes to strip (lowercased). */ denyPrefixes: readonly string[]; /** * If set, allowlist mode: ONLY these (lowercased) names are candidates to * forward — and `denyNames` / `denyPrefixes` still subtract from them. */ allow?: ReadonlySet<string>; } /** * Public, integrator-facing config for inbound-header forwarding. Resolved into * a {@link ResolvedForwardHeadersPolicy} by {@link resolveForwardHeadersPolicy}. */ interface ForwardHeadersConfig { /** Strip the built-in infra/platform denylist. @default true */ useDefaultDenylist?: boolean; /** Additional exact header names to strip (case-insensitive). */ deny?: string[]; /** Additional header-name prefixes to strip (case-insensitive). */ denyPrefixes?: string[]; /** * If set (with at least one non-empty entry), switch to allowlist mode: ONLY * these headers are candidates to forward, overriding the default `x-*` / * `authorization` eligibility (case-insensitive). `deny` / `denyPrefixes` * still apply and subtract from this set — a header listed in both `allow` and * `deny` is NOT forwarded. * * Footgun: in allowlist mode the built-in DEFAULT denylist (and * `useDefaultDenylist`) is BYPASSED — only your `allow` set, minus your own * `deny` / `denyPrefixes`, is forwarded. Do NOT allow-list protected/platform * headers (e.g. `x-copilotcloud-public-api-key`, `x-forwarded-*`) unless you * truly intend to forward them, since the default protection does not apply * here. */ allow?: string[]; } //#endregion export { ForwardHeadersConfig, ResolvedForwardHeadersPolicy }; //# sourceMappingURL=header-utils.d.cts.map