Source Code Leak Prevention Guide¶
Risk Scenarios¶
- Developers sending internal confidential information to external APIs via unrestricted copy-paste
- Inadequate access control for prompt log storage
- Third-party extensions extracting data via pre-encryption hooks
Control Layers¶
| Layer | Specific Measures | Metrics |
|---|---|---|
| Policy | Classification levels (PUBLIC/INT/CONF) | Label assignment rate |
| Tooling | Pre-send scanner (PII/secret keywords) | Block count |
| Infrastructure | Transparent encryption / KMS key rotation | Key rotation interval |
| Logging | Transmission hash + minimal trace | Recoverability |
| Education | Least privilege & exception procedures | Training completion rate |
Pre-Prompt Transmission Inspection Flow¶
- Extract diff & isolate changed lines only
- Inspect for secret patterns/PII
- Confidentiality threshold score > threshold → mask or block
- Store hash + emit audit event
Back to: index.md