Skip to content

Commit 8e81ea0

Browse files
committed
fix: Add warning comment to createTracker public call
1 parent 1be0a1e commit 8e81ea0

1 file changed

Lines changed: 4 additions & 0 deletions

File tree

  • lib/sdk/server-ai/src/main/java/com/launchdarkly/sdk/server/ai

lib/sdk/server-ai/src/main/java/com/launchdarkly/sdk/server/ai/LDAIClient.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,10 @@ AIJudgeConfig judgeConfig(
8989
* stores the resumption token from a previous tracker (via
9090
* {@link LDAIConfigTracker#getResumptionToken()}) and passes it back here to continue tracking
9191
* against the same run.
92+
* <p>
93+
* <strong>Security note:</strong> resumption tokens embed flag-evaluation details such as the
94+
* variation key and config version. Keep tokens server-side and do not round-trip them through
95+
* untrusted clients where they could leak flag-targeting information.
9296
*
9397
* @param resumptionToken the token returned by a previous tracker; must not be {@code null}
9498
* @param context the evaluation context for the new request; must not be {@code null}

0 commit comments

Comments
 (0)