Skip to content

Commit 121b140

Browse files
committed
fix: Add security note to MetricSummary.getResumptionToken()
1 parent 3aa5d08 commit 121b140

1 file changed

Lines changed: 4 additions & 0 deletions

File tree

lib/sdk/server-ai/src/main/java/com/launchdarkly/sdk/server/ai/datamodel/LDAITrackingTypes.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -575,6 +575,10 @@ public List<String> getToolCalls() {
575575

576576
/**
577577
* Returns the resumption token for this tracker.
578+
* <p>
579+
* <strong>Security note:</strong> resumption tokens embed flag-evaluation details such as the
580+
* variation key and config version. Keep tokens server-side and do not round-trip them through
581+
* untrusted clients where they could leak flag-targeting information.
578582
*
579583
* @return the resumption token, or {@code null} if not available
580584
*/

0 commit comments

Comments
 (0)