@highflame/policy 1.2.1 → 2.0.0

package/src/context.gen.ts

@@ -5,103 +5,6 @@
  * Context attribute keys for Cedar policy evaluation.
  */
 export const ContextKey = {
-    // Guardrails/Core context attributes
-    /** Name of tool being called */
-    ToolName: 'tool_name',
-    /** Name of resource being accessed */
-    ResourceName: 'resource_name',
-    /** Name of prompt */
-    PromptName: 'prompt_name',
-    /** Raw prompt text */
-    PromptText: 'prompt_text',
-    /** Response size in megabytes */
-    ResponseSizeMb: 'response_size_mb',
-    /** Set of detected YARA threat names */
-    YaraThreats: 'yara_threats',
-    /** Number of threats detected */
-    ThreatCount: 'threat_count',
-    /** Highest severity (0-4) */
-    MaxThreatSeverity: 'max_threat_severity',
-    /** User type: external or internal */
-    UserType: 'user_type',
-    /** Whether monitoring is active */
-    MonitoringEnabled: 'monitoring_enabled',
-    /** File path */
-    Path: 'path',
-    /** HTTP hostname */
-    Hostname: 'hostname',
-    /** IP address */
-    IpAddress: 'ip_address',
-    /** Whether the IP is private/loopback (set by application layer) */
-    IsPrivateIp: 'is_private_ip',
-    /** HTTP scheme */
-    Scheme: 'scheme',
-    /** Port number */
-    Port: 'port',
-
-    // Palisade context attributes
-    /** Environment: production, development, research */
-    Environment: 'environment',
-    /** Format: pickle, safetensors, gguf, onnx */
-    ArtifactFormat: 'artifact_format',
-    /** Whether artifact has signature */
-    ArtifactSigned: 'artifact_signed',
-    /** Severity: CRITICAL, HIGH, MEDIUM, LOW, INFO */
-    Severity: 'severity',
-    /** Type of security finding */
-    FindingType: 'finding_type',
-    /** Who signed the artifact */
-    ProvenanceSigner: 'provenance_signer',
-    /** RCE path found in pickle */
-    PickleExecPathDetected: 'pickle_exec_path_detected',
-    /** Malicious pattern in metadata */
-    MetadataMaliciousPattern: 'metadata_malicious_pattern',
-    /** Number of added tokens */
-    TokenizerAddedTokensCount: 'tokenizer_added_tokens_count',
-    /** Safetensors integrity failed */
-    SafetensorsIntegrityViolation: 'safetensors_integrity_violation',
-    /** Suspicious GGUF metadata */
-    GgufSuspiciousMetadata: 'gguf_suspicious_metadata',
-    /** LoRA adapter digest mismatch */
-    AdapterBaseDigestMismatch: 'adapter_base_digest_mismatch',
-    /** CoSAI maturity level (0-5) */
-    MetadataCosaiLevelNumeric: 'metadata_cosai_level_numeric',
-
-    // Overwatch context attributes
-    /** IDE source: cursor, claudecode, vscode, geminicli */
-    Source: 'source',
-    /** Hook event type: beforeShellExecution, PreToolUse, etc. */
-    Event: 'event',
-    /** The prompt/request content being evaluated */
-    Content: 'content',
-    /** User's email address (or 'anonymous') */
-    UserEmail: 'user_email',
-    /** Custom principal ID for policy evaluation */
-    CedarPrincipal: 'cedar_principal',
-    /** MCP server name: filesystem, playwright, etc. */
-    ServerName: 'server_name',
-    /** Whether the path is within the workspace */
-    IsWithinWorkspace: 'is_within_workspace',
-    /** Response content from tool execution */
-    ResponseContent: 'response_content',
-    /** Highest severity level: critical, high, medium, low */
-    HighestSeverity: 'highest_severity',
-    /** Array of threat types detected */
-    ThreatTypes: 'threat_types',
-    /** Array of threat categories found */
-    ThreatCategories: 'threat_categories',
-    /** Whether secrets were detected in the content */
-    ContainsSecrets: 'contains_secrets',
-    /** Number of concurrent calls */
-    ConcurrentCalls: 'concurrent_calls',
-    /** Request rate per minute */
-    RequestsPerMinute: 'requests_per_minute',
-    /** User trust level: high, medium, low */
-    UserTrustLevel: 'user_trust_level',
-    /** Whether alerting is enabled for this request */
-    AlertEnabled: 'alert_enabled',
-    /** Type of security scan being performed */
-    ScanType: 'scan_type',
 } as const;
 
 export type ContextKey = (typeof ContextKey)[keyof typeof ContextKey];

package/src/engine.test.ts

@@ -11,7 +11,6 @@ import {
   Decision,
   EntityType,
   ActionType,
-  ContextKey,
   InputValidationError,
   DEFAULT_LIMITS,
 } from './index.js';

package/src/engine.ts

@@ -6,7 +6,6 @@
 import * as cedar from "@cedar-policy/cedar-wasm/nodejs";
 import { EntityType, EntityUID, Entity } from "./entities.gen.js";
 import { ActionType } from "./actions.gen.js";
-import { CEDAR_SCHEMA } from "./schema.gen.js";
 
 // =============================================================================
 // INPUT VALIDATION LIMITS (consistent across all language SDKs)
@@ -35,6 +34,8 @@ export interface InputLimits {
 }
 
 export interface EngineOptions {
+  /** Cedar schema string (optional - can also use loadSchema() method) */
+  schema?: string;
   /** Custom input validation limits */
   limits?: InputLimits;
   /** Skip input validation (not recommended for production) */
@@ -142,9 +143,15 @@ export interface Decision {
 
 export interface EvaluateRequest {
   principal: EntityUID;
-  action: ActionType;
+  /**
+   * Action to evaluate. Can be:
+   * - A generated ActionType value (e.g., ActionType.CallTool)
+   * - A namespaced action string (e.g., 'Overwatch::Action::"call_tool"')
+   */
+  action: ActionType | string;
   resource: EntityUID;
   context?: Record<string, unknown>;
+  entities?: Entity[];
 }
 
 /**
@@ -170,6 +177,33 @@ function toCedarValue(value: unknown): cedar.CedarValueJson {
   return String(value);
 }
 
+/**
+ * Parse an action string into Cedar EntityUID format.
+ * Handles both non-namespaced and namespaced actions:
+ * - "call_tool" → { type: "Action", id: "call_tool" }
+ * - "Overwatch::Action::\"call_tool\"" → { type: "Overwatch::Action", id: "call_tool" }
+ * - "Overwatch::Action::call_tool" → { type: "Overwatch::Action", id: "call_tool" }
+ */
+function parseActionString(action: string): cedar.EntityUidJson {
+  // Check if action contains namespace separator
+  if (!action.includes("::")) {
+    // Non-namespaced action
+    return { type: "Action", id: action };
+  }
+
+  // Namespaced action - find the last :: separator
+  const lastSeparator = action.lastIndexOf("::");
+  const actionType = action.substring(0, lastSeparator);
+  let actionId = action.substring(lastSeparator + 2);
+
+  // Remove surrounding quotes if present (e.g., "call_tool" → call_tool)
+  if (actionId.startsWith('"') && actionId.endsWith('"')) {
+    actionId = actionId.slice(1, -1);
+  }
+
+  return { type: actionType, id: actionId };
+}
+
 /**
  * PolicyEngine wraps cedar-wasm with Highflame schema types.
  */
@@ -181,6 +215,7 @@ export class PolicyEngine {
 
   constructor(options?: EngineOptions) {
     this.options = options ?? {};
+    this.schema = options?.schema;
     this.limits = {
       maxContextKeys: options?.limits?.maxContextKeys ?? DEFAULT_LIMITS.maxContextKeys,
       maxStringLength: options?.limits?.maxStringLength ?? DEFAULT_LIMITS.maxStringLength,
@@ -198,19 +233,11 @@ export class PolicyEngine {
 
   /**
    * Load schema from a Cedar schema string.
-   * If not called, uses the embedded Highflame schema.
    */
   loadSchema(schema: string): void {
     this.schema = schema;
   }
 
-  /**
-   * Load the embedded Highflame schema.
-   */
-  loadHighflameSchema(): void {
-    this.schema = CEDAR_SCHEMA;
-  }
-
   /**
    * Evaluate a policy request and return a decision.
    * @throws InputValidationError if context validation fails
@@ -226,10 +253,7 @@ export class PolicyEngine {
       type: req.principal.type,
       id: req.principal.id,
     };
-    const action: cedar.EntityUidJson = {
-      type: "Action",
-      id: req.action,
-    };
+    const action: cedar.EntityUidJson = parseActionString(req.action);
     const resource: cedar.EntityUidJson = {
       type: req.resource.type,
       id: req.resource.id,
@@ -243,6 +267,15 @@ export class PolicyEngine {
       }
     }
 
+    // Convert entities to Cedar JSON format
+    const entities = (req.entities || []).map(e => ({
+      uid: e.uid,
+      attrs: e.attrs ? Object.fromEntries(
+        Object.entries(e.attrs).map(([k, v]) => [k, toCedarValue(v)])
+      ) : {},
+      parents: e.parents || [],
+    }));
+
     // Build the authorization call
     const call: cedar.AuthorizationCall = {
       principal,
@@ -250,7 +283,7 @@ export class PolicyEngine {
       resource,
       context,
       policies: { staticPolicies: this.policies },
-      entities: [],
+      entities,
     };
 
     // Add schema if available
@@ -284,7 +317,7 @@ export class PolicyEngine {
   evaluateSimple(
     principalType: EntityType,
     principalId: string,
-    action: ActionType,
+    action: ActionType | string,
     resourceType: EntityType,
     resourceId: string,
     context?: Record<string, unknown>
@@ -302,11 +335,13 @@ export class PolicyEngine {
    * Returns validation errors or empty array if valid.
    */
   validatePolicies(policies: string): string[] {
-    const schemaToUse = this.schema ?? CEDAR_SCHEMA;
+    if (!this.schema) {
+      throw new Error("Schema is required for validation. Provide schema via constructor options or loadSchema().");
+    }
 
     const result = cedar.validate({
       validationSettings: { mode: "strict" },
-      schema: schemaToUse,
+      schema: this.schema,
       policies: { staticPolicies: policies },
     });
 
@@ -326,10 +361,11 @@ export class PolicyValidator {
   private schema: string;
 
   /**
-   * Create a validator with the embedded Highflame schema.
+   * Create a validator with a Cedar schema.
+   * @param schema Cedar schema string (required)
    */
-  constructor(schema?: string) {
-    this.schema = schema ?? CEDAR_SCHEMA;
+  constructor(schema: string) {
+    this.schema = schema;
   }
 
   /**
@@ -375,23 +411,16 @@ export class PolicyValidator {
 }
 
 /**
- * Validate a Cedar policy against the Highflame schema.
+ * Validate a Cedar policy against a schema.
  * Convenience function that doesn't require creating a validator instance.
+ * @param schema Cedar schema string
+ * @param policy Policy text to validate
  */
-export function validatePolicy(policy: string): { valid: boolean; errors: string[] } {
-  const validator = new PolicyValidator();
+export function validatePolicy(schema: string, policy: string): { valid: boolean; errors: string[] } {
+  const validator = new PolicyValidator(schema);
   return validator.validate(policy);
 }
 
-/**
- * Get the embedded Highflame Cedar schema.
- */
-export function getHighflameSchema(): string {
-  return CEDAR_SCHEMA;
-}
-
 // Re-export types
 export { EntityType, EntityUID, Entity, newEntityUID, newEntity } from "./entities.gen.js";
 export { ActionType, actionUID } from "./actions.gen.js";
-export * from "./context.gen.js";
-export { CEDAR_SCHEMA } from "./schema.gen.js";

package/src/entities.gen.ts

@@ -11,6 +11,7 @@ export const EntityType = {
     FilePath: 'FilePath',
     GitBranch: 'GitBranch',
     HttpEndpoint: 'HttpEndpoint',
+    LlmPrompt: 'LlmPrompt',
     Memory: 'Memory',
     Model: 'Model',
     Package: 'Package',

package/src/overwatch-context.gen.ts

@@ -0,0 +1,34 @@
+// Code generated by highflame-policy-codegen. DO NOT EDIT.
+// Source: schemas/overwatch/context.json
+
+/**
+ * Context attribute keys for Overwatch Overwatch (Guardian) IDE security & policy enforcement.
+ * 
+ * These constants correspond to the context attributes defined in the
+ * Overwatch Cedar schema and are used at policy evaluation time.
+ */
+export const OverwatchContextKey = {
+  ContainsSecrets: 'contains_secrets',
+  Content: 'content',
+  Cwd: 'cwd',
+  Event: 'event',
+  FilePath: 'file_path',
+  HighestSeverity: 'highest_severity',
+  MaxThreatSeverity: 'max_threat_severity',
+  McpServer: 'mcp_server',
+  McpTool: 'mcp_tool',
+  Path: 'path',
+  PromptText: 'prompt_text',
+  ResponseContent: 'response_content',
+  ServerName: 'server_name',
+  Source: 'source',
+  ThreatCategories: 'threat_categories',
+  ThreatCount: 'threat_count',
+  ThreatTypes: 'threat_types',
+  ToolName: 'tool_name',
+  UserEmail: 'user_email',
+  WorkspaceRoot: 'workspace_root',
+  YaraThreats: 'yara_threats',
+} as const;
+
+export type OverwatchContextKey = (typeof OverwatchContextKey)[keyof typeof OverwatchContextKey];

package/src/palisade-context.gen.ts

@@ -0,0 +1,28 @@
+// Code generated by highflame-policy-codegen. DO NOT EDIT.
+// Source: schemas/palisade/context.json
+
+/**
+ * Context attribute keys for Palisade Palisade ML supply chain security & artifact scanning.
+ * 
+ * These constants correspond to the context attributes defined in the
+ * Palisade Cedar schema and are used at policy evaluation time.
+ */
+export const PalisadeContextKey = {
+  AdapterBaseDigestMismatch: 'adapter_base_digest_mismatch',
+  ArtifactFormat: 'artifact_format',
+  ArtifactSigned: 'artifact_signed',
+  Environment: 'environment',
+  FindingType: 'finding_type',
+  GgufSuspiciousMetadata: 'gguf_suspicious_metadata',
+  MatchCount: 'match_count',
+  MetadataCosaiLevelNumeric: 'metadata_cosai_level_numeric',
+  MetadataMaliciousPattern: 'metadata_malicious_pattern',
+  Path: 'path',
+  PickleExecPathDetected: 'pickle_exec_path_detected',
+  ProvenanceSigner: 'provenance_signer',
+  SafetensorsIntegrityViolation: 'safetensors_integrity_violation',
+  Severity: 'severity',
+  TokenizerAddedTokensCount: 'tokenizer_added_tokens_count',
+} as const;
+
+export type PalisadeContextKey = (typeof PalisadeContextKey)[keyof typeof PalisadeContextKey];