npm - @highflame/policy - Versions diffs - 1.2.1 → 2.0.1 - Mend

@highflame/policy 1.2.1 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (73) hide show

package/README.md +219 -0
package/_schemas/overwatch/context.json +433 -0
package/_schemas/overwatch/schema.cedarschema +179 -0
package/_schemas/palisade/context.json +325 -0
package/_schemas/palisade/schema.cedarschema +168 -0
package/dist/builder.d.ts +1 -2
package/dist/builder.d.ts.map +1 -1
package/dist/builder.js +16 -3
package/dist/builder.js.map +1 -1
package/dist/context.gen.d.ts +1 -94
package/dist/context.gen.d.ts.map +1 -1
package/dist/context.gen.js +1 -97
package/dist/context.gen.js.map +1 -1
package/dist/engine.d.ts +18 -18
package/dist/engine.d.ts.map +1 -1
package/dist/engine.js +44 -28
package/dist/engine.js.map +1 -1
package/dist/engine.test.js.map +1 -1
package/dist/entities.gen.d.ts +1 -0
package/dist/entities.gen.d.ts.map +1 -1
package/dist/entities.gen.js +1 -0
package/dist/entities.gen.js.map +1 -1
package/dist/index.d.ts +4 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +5 -0
package/dist/index.js.map +1 -1
package/dist/overwatch-context.gen.d.ts +29 -0
package/dist/overwatch-context.gen.d.ts.map +1 -0
package/dist/overwatch-context.gen.js +30 -0
package/dist/overwatch-context.gen.js.map +1 -0
package/dist/palisade-context.gen.d.ts +25 -0
package/dist/palisade-context.gen.d.ts.map +1 -0
package/dist/palisade-context.gen.js +26 -0
package/dist/palisade-context.gen.js.map +1 -0
package/dist/schema.gen.d.ts +1 -1
package/dist/schema.gen.d.ts.map +1 -1
package/dist/schema.gen.js +60 -541
package/dist/schema.gen.js.map +1 -1
package/dist/schemas.d.ts +64 -0
package/dist/schemas.d.ts.map +1 -0
package/dist/schemas.js +70 -0
package/dist/schemas.js.map +1 -0
package/dist/schemas.test.d.ts +8 -0
package/dist/schemas.test.d.ts.map +1 -0
package/dist/schemas.test.js +377 -0
package/dist/schemas.test.js.map +1 -0
package/dist/service-schemas.gen.d.ts +48 -0
package/dist/service-schemas.gen.d.ts.map +1 -0
package/dist/service-schemas.gen.js +581 -0
package/dist/service-schemas.gen.js.map +1 -0
package/dist/studio-ui.test.d.ts +8 -0
package/dist/studio-ui.test.d.ts.map +1 -0
package/dist/studio-ui.test.js +165 -0
package/dist/studio-ui.test.js.map +1 -0
package/dist/types.d.ts +4 -0
package/dist/types.d.ts.map +1 -1
package/dist/types.js +5 -0
package/dist/types.js.map +1 -1
package/package.json +9 -6
package/src/builder.ts +18 -5
package/src/context.gen.ts +0 -97
package/src/engine.test.ts +0 -1
package/src/engine.ts +62 -33
package/src/entities.gen.ts +1 -0
package/src/index.ts +17 -0
package/src/overwatch-context.gen.ts +32 -0
package/src/palisade-context.gen.ts +28 -0
package/src/schema.gen.ts +60 -541
package/src/schemas.test.ts +445 -0
package/src/schemas.ts +91 -0
package/src/service-schemas.gen.ts +608 -0
package/src/studio-ui.test.ts +207 -0
package/src/types.ts +17 -0

package/src/schema.gen.ts CHANGED Viewed

@@ -5,611 +5,130 @@
  * Embedded Cedar schema for policy validation.
  * This is the Highflame Cedar schema used across all services.
  */
-export const CEDAR_SCHEMA = `// Highflame Cedar Schema
-// ======================
-// This is the SOURCE OF TRUTH for all entity types, actions, and their relationships
-// across the Highflame platform.
+export const CEDAR_SCHEMA = `// Highflame Cedar Schema - Entity and Action Definitions
+// =======================================================
+// This file defines all entity types and actions used across Highflame services.
+// Used for code generation (EntityType and ActionType constants).
 //
-// All services (authz, Core, Guardian, Palisade) MUST use the types defined here.
-// The codegen tool parses this file and generates typed constants for Go, TypeScript,
-// and Python to ensure consistency.
-//
-// Usage:
-//   - Policies are validated against this schema when created/updated
-//   - Generated types prevent typos in application code
-//   - Cedar CLI can validate: cedar validate --schema highflame.cedarschema --policies policy.cedar
+// For policy validation, use service-specific schemas:
+// - schemas/overwatch/schema.cedarschema (Guardian IDE security)
+// - schemas/palisade/schema.cedarschema (ML supply chain security)
+namespace Highflame {
 // =============================================================================
-// PRINCIPAL TYPES (Who is making the request)
+// ENTITIES
 // =============================================================================
-// Human user or service account making requests
-// Well-known IDs: "mcp_client", "threat_processor"
 entity User {
-    // User type: "external", "internal"
     user_type: String,
 };
-// AI agent or bot
 entity Agent {
-    // Agent type: "llm", "scanner", "bot", "coding_assistant"
     agent_type: String,
 };
-// Security scanner service
-// Well-known IDs: "ramparts", "palisade"
 entity Scanner {
-    // Scanner type: "ramparts", "palisade"
     scanner_type: String,
-    // Scanner version
-    version: String,
 };
-// Backend service account
 entity Service {
-    // Service name
-    service_name: String,
-    // Environment: "production", "staging", "development"
-    environment: String,
+    service_type: String,
 };
-// =============================================================================
-// RESOURCE TYPES (What is being accessed)
-// =============================================================================
-// Generic resource
-// Well-known IDs: "threat_analysis", "tools/list", "tools/call", "resources/list",
-//                 "resources/read", "prompts/list", "unknown"
 entity Resource {};
-// LLM response data
-// Well-known IDs: "response_data"
+entity LlmPrompt {
+    prompt_type: String,
+};
 entity ResponseData {};
-// MCP tool that can be called
 entity Tool {
-    // Tool name
     tool_name: String,
-    // Risk level: "safe", "moderate", "dangerous"
-    risk_level: String,
-    // Category: "file", "network", "shell", "api"
-    category: String,
 };
-// File system path
 entity FilePath {
-    // Full path
     path: String,
-    // File extension
-    extension: String,
-    // Whether file is sensitive (.env, credentials, etc.)
-    is_sensitive: Bool,
 };
-// HTTP endpoint
 entity HttpEndpoint {
-    // Hostname
     hostname: String,
-    // Scheme: "http", "https"
-    scheme: String,
-    // Port number
-    port: Long,
-    // Whether endpoint is internal
-    is_internal: Bool,
 };
-// MCP Server
 entity Server {
-    // Server name
     server_name: String,
 };
-// ML model artifact (for Palisade)
 entity Artifact {
-    // Format: "safetensors", "pickle", "gguf", "onnx"
-    artifact_type: String,
-    // Source URL or path
-    source: String,
-    // SHA256 hash
-    hash: String,
-    // Whether artifact is signed
-    is_signed: Bool,
+    artifact_format: String,
 };
-// Code repository
 entity Repository {
-    // Repository URL
-    url: String,
+    repo_url: String,
 };
-// Software package
 entity Package {
-    // Package name
-    name: String,
-    // Package version
-    version: String,
+    package_name: String,
 };
-// Git branch (for branch protection policies)
 entity GitBranch {
-    // Branch name (e.g., "main", "develop", "feature/xyz")
     branch_name: String,
-    // Whether this is a protected branch
-    is_protected: Bool,
 };
-// LLM Model (for model-specific policies)
 entity Model {
-    // Model name (e.g., "gpt-4", "claude-3-opus")
     model_name: String,
-    // Provider (e.g., "openai", "anthropic", "google")
-    provider: String,
-    // Whether model is in preview/beta
-    is_preview: Bool,
 };
-// External API endpoint (for external service calls)
 entity ExternalAPI {
-    // API name or identifier
     api_name: String,
-    // Base URL or hostname
-    base_url: String,
-    // Whether the API is trusted/verified
-    is_trusted: Bool,
 };
-// Agent memory or RAG storage
 entity Memory {
-    // Memory type: "short_term", "long_term", "rag", "vector_store"
     memory_type: String,
-    // Whether memory contains sensitive data
-    is_sensitive: Bool,
-};
-// =============================================================================
-// ACTIONS - LLM/Guardrails
-// =============================================================================
-// Process an LLM prompt
-// Context: prompt_text, yara_threats, threat_count, max_threat_severity,
-//          user_type, monitoring_enabled, injection_score, content_score
-action process_prompt appliesTo {
-    principal: [User, Agent],
-    resource: [Resource],
-};
-// Process an LLM response
-// Context: response_size_mb, contains_pii, pii_types, content_category
-action process_response appliesTo {
-    principal: [User, Agent],
-    resource: [ResponseData],
-};
-// Invoke an LLM model
-// Context: model_name, model_provider, is_preview_model, estimated_tokens,
-//          max_tokens, temperature, top_p, is_streaming
-action invoke_model appliesTo {
-    principal: [User, Agent, Service],
-    resource: [Model, Resource],
 };
-// Filter content (apply content filtering policies)
-// Context: content_type, content_category, content_score, harm_categories,
-//          language, is_harmful, filter_action
-action filter_content appliesTo {
-    principal: [User, Agent, Service],
-    resource: [Resource, ResponseData],
-};
-// =============================================================================
-// ACTIONS - MCP/Tool
-// =============================================================================
-// Call an MCP tool
-// Context: tool_name, tool_arguments, risk_level
-action call_tool appliesTo {
-    principal: [User, Agent, Service],
-    resource: [Tool, Resource],
-};
-// Connect to an MCP server
-// Context: server_name, server_url, transport_type
-action connect_server appliesTo {
-    principal: [User, Agent, Service],
-    resource: [Server, Resource],
-};
-// Access a server-specific resource
-// Context: tool_name, resource_name, prompt_name
-action access_server_resource appliesTo {
-    principal: [User, Agent, Service],
-    resource: [Resource],
-};
-// Skip guardrails for an operation
-action skip_guardrails appliesTo {
-    principal: [User, Agent, Service],
-    resource: [Resource],
-};
-// =============================================================================
-// ACTIONS - File System
 // =============================================================================
-// Read a file
-// Context: path, extension, is_sensitive
-action read_file appliesTo {
-    principal: [User, Agent, Scanner],
-    resource: [FilePath, Resource],
-};
-// Write a file
-// Context: path, extension, is_sensitive, file_size_bytes
-action write_file appliesTo {
-    principal: [User, Agent],
-    resource: [FilePath, Resource],
-};
-// Delete a file
-// Context: path, extension, is_sensitive
-action delete_file appliesTo {
-    principal: [User, Agent],
-    resource: [FilePath, Resource],
-};
-// =============================================================================
-// ACTIONS - HTTP/Network
-// =============================================================================
-// Make an HTTP request
-// Context: hostname, ip_address, scheme, port, method, is_internal
-action http_request appliesTo {
-    principal: [User, Agent, Service],
-    resource: [HttpEndpoint, Resource],
-};
-// Call an external API
-// Context: api_name, endpoint_path, method, is_trusted, request_size_bytes
-action call_external_api appliesTo {
-    principal: [User, Agent, Service],
-    resource: [ExternalAPI, HttpEndpoint, Resource],
-};
-// =============================================================================
-// ACTIONS - Code Execution
-// =============================================================================
-// Execute code in a sandbox or environment
-// Context: code_language, is_sandboxed, code_size_bytes, has_network_access,
-//          has_filesystem_access, execution_timeout_ms
-action execute_code appliesTo {
-    principal: [User, Agent],
-    resource: [Resource],
-};
-// Run tests
-// Context: test_framework, test_count, is_sandboxed, code_language
-action run_tests appliesTo {
-    principal: [User, Agent, Service],
-    resource: [Repository, Resource],
-};
-// Run build process
-// Context: build_tool, is_sandboxed, code_language
-action run_build appliesTo {
-    principal: [User, Agent, Service],
-    resource: [Repository, Resource],
-};
-// =============================================================================
-// ACTIONS - Git Operations
-// =============================================================================
-// General git operation (use for policies that apply to all git actions)
-// Context: git_op, target_branch, source_branch, is_force, is_protected_branch,
-//          changed_files_count, commit_message, remote_url
-action git_operation appliesTo {
-    principal: [User, Agent],
-    resource: [Repository, GitBranch, Resource],
-};
-// Clone a repository
-// Context: remote_url, is_shallow, depth
-action git_clone appliesTo {
-    principal: [User, Agent],
-    resource: [Repository, Resource],
-};
-// Create a commit
-// Context: commit_message, changed_files_count, author, is_amend
-action git_commit appliesTo {
-    principal: [User, Agent],
-    resource: [Repository, GitBranch, Resource],
-};
-// Push changes to remote
-// Context: target_branch, is_force_push, is_protected_branch, remote_url
-action git_push appliesTo {
-    principal: [User, Agent],
-    resource: [Repository, GitBranch, Resource],
-};
-// Pull changes from remote
-// Context: source_branch, remote_url, is_rebase
-action git_pull appliesTo {
-    principal: [User, Agent],
-    resource: [Repository, GitBranch, Resource],
-};
-// Merge branches
-// Context: source_branch, target_branch, is_protected_branch, merge_strategy
-action git_merge appliesTo {
-    principal: [User, Agent],
-    resource: [Repository, GitBranch, Resource],
-};
-// Checkout branch or commit
-// Context: target_branch, is_new_branch, commit_hash
-action git_checkout appliesTo {
-    principal: [User, Agent],
-    resource: [Repository, GitBranch, Resource],
-};
-// Reset changes (potentially destructive)
-// Context: reset_mode, target_commit, is_hard_reset
-action git_reset appliesTo {
-    principal: [User, Agent],
-    resource: [Repository, GitBranch, Resource],
-};
-// Rebase branch
-// Context: source_branch, target_branch, is_interactive
-action git_rebase appliesTo {
-    principal: [User, Agent],
-    resource: [Repository, GitBranch, Resource],
-};
-// =============================================================================
-// ACTIONS - Agent Orchestration
-// =============================================================================
-// Delegate task to another agent
-// Context: delegation_depth, parent_agent_id, task_type, is_autonomous
-action delegate_task appliesTo {
-    principal: [Agent, Service],
-    resource: [Resource],
-};
-// Spawn a subprocess or child process
-// Context: process_name, is_sandboxed, has_network_access, has_filesystem_access
-action spawn_subprocess appliesTo {
-    principal: [User, Agent, Service],
-    resource: [Resource],
-};
-// Access agent memory or RAG storage
-// Context: memory_type, operation (read, write, delete), is_sensitive
-action access_memory appliesTo {
-    principal: [Agent, Service],
-    resource: [Memory, Resource],
-};
-// =============================================================================
-// ACTIONS - Scanner
-// =============================================================================
-// Scan a target (MCP server, repository, etc.)
-action scan_target appliesTo {
-    principal: [Scanner, Service],
-    resource: [Resource, Repository, Server],
-};
-// Scan a software package
-action scan_package appliesTo {
-    principal: [Scanner, Service],
-    resource: [Package, Resource],
-};
-// =============================================================================
-// ACTIONS - Palisade/ML
-// =============================================================================
-// Scan an ML artifact
-// Context: environment, artifact_format, artifact_signed, severity, finding_type,
-//          provenance_signer, pickle_exec_path_detected, metadata_malicious_pattern,
-//          tokenizer_added_tokens_count, safetensors_integrity_violation,
-//          gguf_suspicious_metadata, adapter_base_digest_mismatch,
-//          metadata_cosai_level_numeric
-action scan_artifact appliesTo {
-    principal: [Scanner, Service],
-    resource: [Artifact, Resource],
-};
-// Validate artifact integrity
-action validate_integrity appliesTo {
-    principal: [Scanner, Service],
-    resource: [Artifact],
-};
-// Validate artifact provenance
-action validate_provenance appliesTo {
-    principal: [Scanner, Service],
-    resource: [Artifact],
-};
-// Quarantine an artifact
-action quarantine_artifact appliesTo {
-    principal: [Scanner, Service],
-    resource: [Artifact],
-};
-// Load an ML model
-action load_model appliesTo {
-    principal: [User, Agent, Service],
-    resource: [Artifact],
-};
-// Deploy an ML model
-action deploy_model appliesTo {
-    principal: [User, Service],
-    resource: [Artifact],
-};
-// =============================================================================
-// ACTIONS - Data Loss Prevention (DLP)
-// =============================================================================
-// Transfer data (for DLP policies)
-// Context: data_classification, destination_type, transfer_size_bytes,
-//          contains_pii, pii_types, is_encrypted
-action transfer_data appliesTo {
-    principal: [User, Agent, Service],
-    resource: [Resource],
-};
-// Export data (for DLP policies)
-// Context: export_format, data_classification, destination_type, is_encrypted
-action export_data appliesTo {
-    principal: [User, Agent, Service],
-    resource: [Resource],
-};
-// =============================================================================
-// CONTEXT ATTRIBUTES REFERENCE (Documentation Only)
-// =============================================================================
-// Cedar context is dynamic and not enforced by schema, but these are the
-// standard attributes used across Highflame services:
-//
-// -----------------------------------------------------------------------------
-// GUARDRAILS/CORE
-// -----------------------------------------------------------------------------
-//   tool_name: String           - Name of tool being called
-//   resource_name: String       - Name of resource being accessed
-//   prompt_name: String         - Name of prompt
-//   prompt_text: String         - Raw prompt text (for injection detection)
-//   response_size_mb: Long      - Response size in megabytes
-//   yara_threats: Set<String>   - Set of detected YARA threat names
-//   threat_count: Long          - Number of threats detected
-//   max_threat_severity: Long   - Highest severity (0=INFO, 4=CRITICAL)
-//   user_type: String           - "external" or "internal"
-//   monitoring_enabled: Bool    - Whether monitoring is active
-//   path: String                - File path
-//   hostname: String            - HTTP hostname
-//   ip_address: String          - IP address (for SSRF detection)
-//   scheme: String              - HTTP scheme
-//   port: Long                  - Port number
-//
-// -----------------------------------------------------------------------------
-// MODEL INVOCATION
-// -----------------------------------------------------------------------------
-//   model_name: String          - Name of the model (e.g., "gpt-4", "claude-3-opus")
-//   model_provider: String      - Provider name (e.g., "openai", "anthropic", "google", "azure", "bedrock")
-//   is_preview_model: Bool      - Whether model is in preview/beta
-//   estimated_tokens: Long      - Estimated input + output tokens
-//   max_tokens: Long            - Maximum tokens allowed for response
-//   temperature: Long           - Temperature setting (scaled by 100, e.g., 70 = 0.7)
-//   top_p: Long                 - Top-p sampling (scaled by 100)
-//   is_streaming: Bool          - Whether response is streamed
-//
-// -----------------------------------------------------------------------------
-// CONTENT FILTERING
-// -----------------------------------------------------------------------------
-//   content_type: String        - Type of content ("text", "code", "image", "audio", "video")
-//   content_category: String    - Category ("general", "adult", "violence", "hate", etc.)
-//   content_score: Long         - Content risk score (0-100)
-//   injection_score: Long       - Prompt injection detection score (0-100)
-//   jailbreak_score: Long       - Jailbreak attempt detection score (0-100)
-//   contains_pii: Bool          - Whether content contains PII
-//   pii_types: Set<String>      - Types of PII detected ("email", "phone", "ssn", "credit_card", etc.)
-//   language: String            - Detected language code (e.g., "en", "es", "zh")
-//   is_harmful: Bool            - Whether content is harmful
-//   harm_categories: Set<String> - Categories of harm ("violence", "hate", "self_harm", "sexual", etc.)
-//   filter_action: String       - Action to take ("inspect", "mask", "redact", "replace", "anonymize", "reject")
-//   csam_detected: Bool         - Whether CSAM was detected
-//   hallucination_score: Long   - Hallucination detection score (0-100)
-//
-// -----------------------------------------------------------------------------
-// RATE LIMITING
-// -----------------------------------------------------------------------------
-//   concurrent_calls: Long      - Current number of concurrent calls
-//   requests_per_minute: Long   - Current requests per minute
-//   tokens_per_minute: Long     - Current tokens per minute
-//   rate_limit_bucket: String   - Rate limit bucket identifier
-//   is_rate_limited: Bool       - Whether rate limit is exceeded
-//
-// -----------------------------------------------------------------------------
-// GIT OPERATIONS
-// -----------------------------------------------------------------------------
-//   git_op: String              - Type of git operation ("clone", "commit", "push", "pull", etc.)
-//   target_branch: String       - Target branch name
-//   source_branch: String       - Source branch name
-//   is_force_push: Bool         - Whether this is a force push
-//   is_protected_branch: Bool   - Whether target is a protected branch
-//   changed_files_count: Long   - Number of files changed
-//   commit_message: String      - Commit message text
-//   remote_url: String          - Remote repository URL
-//   is_shallow: Bool            - Whether clone is shallow
-//   depth: Long                 - Clone depth for shallow clones
-//   is_amend: Bool              - Whether commit is an amend
-//   merge_strategy: String      - Merge strategy ("merge", "rebase", "squash")
-//   is_hard_reset: Bool         - Whether reset is hard (destructive)
-//   reset_mode: String          - Reset mode ("soft", "mixed", "hard")
-//   is_interactive: Bool        - Whether operation is interactive
-//
-// -----------------------------------------------------------------------------
-// CODE EXECUTION
-// -----------------------------------------------------------------------------
-//   code_language: String       - Programming language ("python", "javascript", "go", etc.)
-//   is_sandboxed: Bool          - Whether code runs in a sandbox
-//   code_size_bytes: Long       - Size of code in bytes
-//   has_network_access: Bool    - Whether code has network access
-//   has_filesystem_access: Bool - Whether code has filesystem access
-//   execution_timeout_ms: Long  - Execution timeout in milliseconds
-//   test_framework: String      - Test framework being used
-//   test_count: Long            - Number of tests being run
-//   build_tool: String          - Build tool being used
-//
-// -----------------------------------------------------------------------------
-// AGENT ORCHESTRATION
-// -----------------------------------------------------------------------------
-//   delegation_depth: Long      - Current delegation nesting depth
-//   parent_agent_id: String     - ID of parent agent (if delegated)
-//   task_type: String           - Type of task being performed
-//   is_autonomous: Bool         - Whether agent is operating autonomously
-//   session_id: String          - Agent session identifier
-//   process_name: String        - Name of subprocess being spawned
-//
-// -----------------------------------------------------------------------------
-// MEMORY/RAG
-// -----------------------------------------------------------------------------
-//   memory_type: String         - Type of memory ("short_term", "long_term", "rag", "vector_store")
-//   memory_operation: String    - Operation being performed ("read", "write", "delete", "search")
-//   memory_is_sensitive: Bool   - Whether memory contains sensitive data
-//
-// -----------------------------------------------------------------------------
-// DATA LOSS PREVENTION (DLP)
-// -----------------------------------------------------------------------------
-//   data_classification: String - Classification level ("public", "internal", "confidential", "restricted")
-//   destination_type: String    - Where data is going ("internal", "external", "cloud", "email")
-//   transfer_size_bytes: Long   - Size of data being transferred
-//   is_encrypted: Bool          - Whether data is encrypted
-//   export_format: String       - Format of exported data ("json", "csv", "pdf", etc.)
-//
-// -----------------------------------------------------------------------------
-// PALISADE/ML
-// -----------------------------------------------------------------------------
-//   environment: String                    - "production", "development", "research"
-//   artifact_format: String                - "pickle", "safetensors", "gguf", "onnx"
-//   artifact_signed: Bool                  - Whether artifact has signature
-//   severity: String                       - "CRITICAL", "HIGH", "MEDIUM", "LOW", "INFO"
-//   finding_type: String                   - Type of security finding
-//   provenance_signer: String              - Who signed ("unknown", "unsigned", or name)
-//   pickle_exec_path_detected: Bool        - RCE path found in pickle
-//   metadata_malicious_pattern: Bool       - Malicious pattern in metadata
-//   tokenizer_added_tokens_count: Long     - Number of added tokens
-//   safetensors_integrity_violation: Bool  - Safetensors integrity failed
-//   gguf_suspicious_metadata: Bool         - Suspicious GGUF metadata
-//   adapter_base_digest_mismatch: Bool     - LoRA adapter digest mismatch
-//   metadata_cosai_level_numeric: Long     - CoSAI maturity level (0-5)
-//
+// ACTIONS
+// =============================================================================
+action process_prompt;
+action process_response;
+action invoke_model;
+action filter_content;
+action call_tool;
+action connect_server;
+action access_server_resource;
+action skip_guardrails;
+action read_file;
+action write_file;
+action delete_file;
+action http_request;
+action call_external_api;
+action execute_code;
+action run_tests;
+action run_build;
+action git_operation;
+action git_clone;
+action git_commit;
+action git_push;
+action git_pull;
+action git_merge;
+action git_checkout;
+action git_reset;
+action git_rebase;
+action delegate_task;
+action spawn_subprocess;
+action access_memory;
+action scan_target;
+action scan_package;
+action scan_artifact;
+action validate_integrity;
+action validate_provenance;
+action quarantine_artifact;
+action load_model;
+action deploy_model;
+action transfer_data;
+action export_data;
+}
 `;