UNPKG

traceprompt-node

Version:

Client-side encrypted, audit-ready logging for LLM applications

50 lines (41 loc) 1.33 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import { buildClient, CommitmentPolicy } from "@aws-crypto/client-node"; import { buildKeyring } from "../keyring"; import { EncryptedBundle } from "../types"; import { encryptHist } from "../metrics"; import { ConfigManager } from "../config"; import { log } from "../utils/logger"; const { encrypt, decrypt } = buildClient( CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT ); export async function encryptBuffer(plain: Buffer): Promise<EncryptedBundle> { const endTimer = encryptHist.startTimer(); try { log.info("Encrypting buffer", { orgId: ConfigManager.cfg.orgId, }); const keyring = buildKeyring(); const { result, messageHeader } = await encrypt(keyring, plain, { encryptionContext: { org_id: ConfigManager.cfg.orgId, }, }); const bundle = { ciphertext: Buffer.from(result).toString("base64"), encryptedDataKey: Buffer.from( messageHeader.encryptedDataKeys[0].encryptedDataKey ).toString("base64"), suiteId: messageHeader.suiteId, }; return bundle; } finally { endTimer(); } } export async function decryptBundle(bundle: EncryptedBundle): Promise<Buffer> { const keyring = buildKeyring(); const { plaintext } = await decrypt( keyring, Buffer.from(bundle.ciphertext, "base64") ); return plaintext; }