File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -186,7 +186,11 @@ export class BlockExecutor {
186186 if ( isStreamingExecution ) {
187187 const streamingExec = output as StreamingExecution
188188
189- if ( ctx . onStream ) {
189+ // Streaming forwards raw chunks to the client before output redaction can
190+ // run, which would leak PII. When block-output redaction is enabled we
191+ // buffer instead of streaming — the masked final output still reaches the
192+ // client through the block-complete callback below.
193+ if ( ctx . onStream && ! ctx . piiBlockOutputRedaction ?. enabled ) {
190194 await this . handleStreamingExecution (
191195 ctx ,
192196 node ,
Original file line number Diff line number Diff line change @@ -675,6 +675,30 @@ export async function executeWorkflowCore(
675675 } )
676676 }
677677
678+ if ( piiRedaction . blockOutputs . enabled ) {
679+ // Resume / run-from-block restore prior block outputs into state. If those
680+ // predate the blockOutputs stage being enabled, re-mask them so downstream
681+ // blocks can't read unredacted PII from restored snapshot state. Masking is
682+ // idempotent, so outputs already masked in the original run are unaffected.
683+ const blockOutputOpts = {
684+ entityTypes : piiRedaction . blockOutputs . entityTypes ,
685+ language : piiRedaction . blockOutputs . language ,
686+ onFailure : 'throw' as const ,
687+ }
688+ if ( snapshot . state ?. blockStates ) {
689+ snapshot . state . blockStates = await redactObjectStrings (
690+ snapshot . state . blockStates ,
691+ blockOutputOpts
692+ )
693+ }
694+ if ( runFromBlock ?. sourceSnapshot ?. blockStates ) {
695+ runFromBlock . sourceSnapshot . blockStates = await redactObjectStrings (
696+ runFromBlock . sourceSnapshot . blockStates ,
697+ blockOutputOpts
698+ )
699+ }
700+ }
701+
678702 const contextExtensions : ContextExtensions = {
679703 stream : ! ! onStream ,
680704 selectedOutputs,
You can’t perform that action at this time.
0 commit comments