Skip to content

Commit 35d8b02

Browse files
committed
Merge branch 'mmccarthy/AIC-2664/ai-config-tracker-overhaul' of github.com:launchdarkly/java-core into mmccarthy/AIC-2837/java-ai-sdk-agent-graph
2 parents 77e49d4 + 121b140 commit 35d8b02

2 files changed

Lines changed: 8 additions & 0 deletions

File tree

lib/sdk/server-ai/src/main/java/com/launchdarkly/sdk/server/ai/LDAIConfigTracker.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,10 @@ public interface LDAIConfigTracker {
4141
* The resumption token encodes the run's identity and can be passed to
4242
* {@link LDAIClient#createTracker(String, com.launchdarkly.sdk.LDContext)} to reconstruct a
4343
* tracker on a subsequent request (for example, in a streaming scenario).
44+
* <p>
45+
* <strong>Security note:</strong> resumption tokens embed flag-evaluation details such as the
46+
* variation key and config version. Keep tokens server-side and do not round-trip them through
47+
* untrusted clients where they could leak flag-targeting information.
4448
*
4549
* @return the resumption token, or {@code null} if not available
4650
*/

lib/sdk/server-ai/src/main/java/com/launchdarkly/sdk/server/ai/datamodel/LDAITrackingTypes.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -575,6 +575,10 @@ public List<String> getToolCalls() {
575575

576576
/**
577577
* Returns the resumption token for this tracker.
578+
* <p>
579+
* <strong>Security note:</strong> resumption tokens embed flag-evaluation details such as the
580+
* variation key and config version. Keep tokens server-side and do not round-trip them through
581+
* untrusted clients where they could leak flag-targeting information.
578582
*
579583
* @return the resumption token, or {@code null} if not available
580584
*/

0 commit comments

Comments
 (0)