@highflame/policy 2.0.3 → 2.0.5

package/dist/overwatch-defaults.gen.js

@@ -0,0 +1,829 @@
+// Code generated by highflame-policy-codegen. DO NOT EDIT.
+// Source: schemas/overwatch/templates/templates.json
+//
+// Overwatch default policies and templates.
+// Cedar text is embedded at build time. PolicyRule[] can be parsed at runtime
+// using parseCedarToRules().
+// =============================================================================
+// EMBEDDED CEDAR POLICY TEXT
+// =============================================================================
+const OVERWATCH_SECRETS_DEFAULT_CEDAR = `// =============================================================================
+// Secrets Detection Policy (Default)
+// =============================================================================
+// Detects and blocks credential leakage across prompts, tool calls, file
+// operations, and AI response content. Combines YARA-based threat detection
+// with pattern matching for known credential formats.
+//
+// Defense layers:
+//   1. YARA scanner detection (contains_secrets, yara_threats)
+//   2. Sensitive file path blocking (.env files)
+//   3. Response content pattern matching (AWS, GitHub, SSH keys)
+//
+// Compliance: NIST 800-53 SC-28, IA-5 | OWASP A02 | MITRE T1552, T1555
+// Category: secrets
+// Namespace: Overwatch
+// =============================================================================
+
+// ---------------------------------------------------------------------------
+// Section 1: YARA-Based Secret Detection
+// ---------------------------------------------------------------------------
+
+// Block prompts containing detected secrets
+@id("secrets-block-prompts")
+@name("Block prompts with secrets")
+@description("Block prompts when YARA scanners detect API keys, tokens, or credential patterns")
+@severity("critical")
+@tags("secrets,credentials,prompts,nist-sc-28,nist-ia-5")
+forbid (
+    principal,
+    action == Overwatch::Action::"process_prompt",
+    resource
+)
+when {
+    context has contains_secrets && context.contains_secrets == true
+};
+
+// Block file reads and tool calls when secrets are detected
+@id("secrets-block-reads-and-tools")
+@name("Block file reads and tool calls with secrets")
+@description("Prevent file reads and tool execution when secrets or credentials are detected in content")
+@severity("high")
+@tags("secrets,file-access,tools,credentials,nist-sc-28")
+forbid (
+    principal,
+    action in [Overwatch::Action::"read_file", Overwatch::Action::"call_tool"],
+    resource
+)
+when {
+    context has contains_secrets && context.contains_secrets == true
+};
+
+// ---------------------------------------------------------------------------
+// Section 2: Sensitive File Path Protection
+// ---------------------------------------------------------------------------
+
+// Block .env file access across all operations
+@id("secrets-block-env-files")
+@name("Block .env file access")
+@description("Block access to .env files that commonly contain secrets, API keys, and database credentials")
+@severity("high")
+@tags("secrets,env-files,config,nist-sc-28,mitre-t1552")
+forbid (
+    principal,
+    action in [Overwatch::Action::"read_file", Overwatch::Action::"write_file", Overwatch::Action::"call_tool"],
+    resource
+)
+when {
+    context has path && context.path like "*.env*"
+};
+
+// ---------------------------------------------------------------------------
+// Section 3: Response Content Pattern Matching
+// Scans AI responses for known credential formats as defense-in-depth.
+// ---------------------------------------------------------------------------
+
+// Block responses containing AWS access keys (AKIA prefix)
+@id("secrets-block-aws-keys")
+@name("Block AWS access keys in responses")
+@description("Detect and block AWS access key IDs (AKIA prefix) in AI responses to prevent credential exfiltration")
+@severity("critical")
+@tags("secrets,aws,credentials,response-scan,nist-ia-5,mitre-t1552")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has response_content &&
+    context.response_content like "*AKIA*"
+};
+
+// Block responses containing AWS secret keys
+@id("secrets-block-aws-secrets")
+@name("Block AWS secret keys in responses")
+@description("Detect and block AWS secret access keys in AI responses")
+@severity("critical")
+@tags("secrets,aws,credentials,response-scan,nist-ia-5")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has response_content &&
+    (context.response_content like "*AWS_SECRET_ACCESS_KEY*" ||
+     context.response_content like "*aws_secret_access_key*")
+};
+
+// Block responses containing GitHub tokens
+@id("secrets-block-github-tokens")
+@name("Block GitHub tokens in responses")
+@description("Detect and block GitHub personal access tokens (ghp_), fine-grained tokens (github_pat_), and app tokens (ghs_)")
+@severity("critical")
+@tags("secrets,github,tokens,response-scan,mitre-t1552")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has response_content &&
+    (context.response_content like "*ghp_*" ||
+     context.response_content like "*github_pat_*" ||
+     context.response_content like "*ghs_*")
+};
+
+// Block responses containing SSH/RSA private keys
+@id("secrets-block-private-keys")
+@name("Block private keys in responses")
+@description("Detect and block SSH, RSA, and OpenSSH private keys in AI responses")
+@severity("critical")
+@tags("secrets,ssh,private-keys,response-scan,nist-sc-28,mitre-t1552")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has response_content &&
+    (context.response_content like "*-----BEGIN PRIVATE KEY-----*" ||
+     context.response_content like "*-----BEGIN RSA PRIVATE KEY-----*" ||
+     context.response_content like "*-----BEGIN OPENSSH PRIVATE KEY-----*")
+};
+
+// ---------------------------------------------------------------------------
+// Section 4: YARA Credential Pattern Detection
+// Catches credential types identified by YARA rule scanning.
+// ---------------------------------------------------------------------------
+
+// Block YARA-detected credential and token patterns
+@id("secrets-block-yara-credentials")
+@name("Block YARA-detected credential patterns")
+@description("Block content flagged by YARA rules for credential exposure, API key leaks, JWT tokens, and bearer tokens")
+@severity("critical")
+@tags("secrets,yara,credentials,jwt,bearer,nist-ia-5")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has yara_threats &&
+    (context.yara_threats.contains("secret_exposure") ||
+     context.yara_threats.contains("credential_leak") ||
+     context.yara_threats.contains("api_key_exposure") ||
+     context.yara_threats.contains("jwt_token_exposure") ||
+     context.yara_threats.contains("bearer_token_leak"))
+};
+`;
+const OVERWATCH_PII_DEFAULT_CEDAR = `// =============================================================================
+// PII Detection Policy (Default)
+// =============================================================================
+// Detects and blocks personally identifiable information including credit card
+// numbers, Social Security Numbers, and other PII patterns across prompts
+// and tool calls.
+//
+// Compliance: PCI DSS 3.4, 4.1 | NIST 800-53 SI-4 | GDPR Art. 32
+// Category: pii
+// Namespace: Overwatch
+// =============================================================================
+
+// Block prompts containing credit card patterns
+@id("pii-block-credit-cards")
+@name("Block credit card numbers")
+@description("Detect and block content containing credit card number patterns (PCI DSS compliance)")
+@severity("critical")
+@tags("pci,credit-card,payment,compliance,pci-dss-3.4")
+forbid (
+    principal,
+    action == Overwatch::Action::"process_prompt",
+    resource
+)
+when {
+    context has yara_threats && context.yara_threats.contains("credit_card")
+};
+
+// Block prompts containing SSN patterns
+@id("pii-block-ssn")
+@name("Block Social Security Numbers")
+@description("Detect and block content containing SSN patterns (XXX-XX-XXXX format)")
+@severity("critical")
+@tags("ssn,identity,privacy,compliance")
+forbid (
+    principal,
+    action == Overwatch::Action::"process_prompt",
+    resource
+)
+when {
+    context has yara_threats && context.yara_threats.contains("ssn")
+};
+
+// Block prompts with generic PII threats detected
+@id("pii-block-generic")
+@name("Block detected PII content")
+@description("Block content when PII-related threat categories are detected by YARA or Javelin scanners")
+@severity("high")
+@tags("pii,privacy,data-protection,gdpr")
+forbid (
+    principal,
+    action == Overwatch::Action::"process_prompt",
+    resource
+)
+when {
+    context has threat_categories && context.threat_categories.contains("pii")
+};
+
+// Block PII leakage via tool calls
+@id("pii-block-tool-calls")
+@name("Block tool calls with PII")
+@description("Prevent tool execution when PII patterns are detected in content")
+@severity("high")
+@tags("pii,tools,data-protection")
+forbid (
+    principal,
+    action == Overwatch::Action::"call_tool",
+    resource
+)
+when {
+    context has threat_categories && context.threat_categories.contains("pii")
+};
+`;
+const OVERWATCH_SEMANTIC_DEFAULT_CEDAR = `// =============================================================================
+// Semantic Threat Detection Policy (Default)
+// =============================================================================
+// Detects and blocks prompt injection, jailbreak attempts, and high-severity
+// AI security threats using YARA and Javelin scanner results. Provides
+// defense-in-depth across both prompts and tool calls.
+//
+// Compliance: NIST 800-53 SI-3, SI-4 | OWASP LLM Top 10: LLM01, LLM02
+//             MITRE ATLAS: AML.T0051 (LLM Prompt Injection)
+// Category: semantic
+// Namespace: Overwatch
+// =============================================================================
+
+// Block prompts with prompt injection detected by YARA
+@id("semantic-block-injection")
+@name("Block prompt injection")
+@description("Detect and block prompt injection patterns in user input via YARA scanning (OWASP LLM01)")
+@severity("critical")
+@tags("injection,security,llm,owasp-llm01,baseline")
+forbid (
+    principal,
+    action == Overwatch::Action::"process_prompt",
+    resource
+)
+when {
+    context has yara_threats && context.yara_threats.contains("prompt_injection")
+};
+
+// Block prompts with jailbreak attempts
+@id("semantic-block-jailbreak")
+@name("Block jailbreak attempts")
+@description("Detect and block jailbreak and bypass attempts against AI agents (OWASP LLM02)")
+@severity("critical")
+@tags("jailbreak,bypass,security,owasp-llm02,baseline")
+forbid (
+    principal,
+    action == Overwatch::Action::"process_prompt",
+    resource
+)
+when {
+    context has yara_threats && context.yara_threats.contains("jailbreak")
+};
+
+// Block prompts with high severity semantic threats
+@id("semantic-block-high-severity")
+@name("Block high severity threats")
+@description("Block prompts when semantic threat scanners detect high severity issues (severity >= 3)")
+@severity("high")
+@tags("semantic,severity,security")
+forbid (
+    principal,
+    action == Overwatch::Action::"process_prompt",
+    resource
+)
+when {
+    context has threat_categories && context has max_threat_severity &&
+    context.threat_categories.contains("semantic") &&
+    context.max_threat_severity >= 3
+};
+
+// Block prompts with critical threat level
+@id("semantic-block-critical")
+@name("Block critical threats")
+@description("Block all content when any scanner detects critical severity threats")
+@severity("critical")
+@tags("critical,baseline,security")
+forbid (
+    principal,
+    action == Overwatch::Action::"process_prompt",
+    resource
+)
+when {
+    context has highest_severity && context.highest_severity == "critical"
+};
+
+// Block tool calls with prompt injection detected
+@id("semantic-block-tool-injection")
+@name("Block tool calls with injection")
+@description("Prevent tool execution when prompt injection patterns are detected in content")
+@severity("critical")
+@tags("injection,tools,security,owasp-llm01")
+forbid (
+    principal,
+    action == Overwatch::Action::"call_tool",
+    resource
+)
+when {
+    context has yara_threats && context.yara_threats.contains("prompt_injection")
+};
+`;
+const OVERWATCH_TOOLS_DEFAULT_CEDAR = `// =============================================================================
+// Tool Permissioning Policy (Default)
+// =============================================================================
+// Controls access to IDE tools, shell execution, file system paths, and MCP
+// operations. Blocks dangerous command execution tools and restricts access
+// to sensitive system directories and credential files.
+//
+// Compliance: NIST 800-53 AC-3, AC-6, CM-7 | OWASP A01, A03
+//             MITRE ATT&CK T1059 (Command/Scripting Interpreter)
+//             MITRE ATT&CK T1005 (Data from Local System)
+// Category: tools
+// Namespace: Overwatch
+// =============================================================================
+
+// ---------------------------------------------------------------------------
+// Section 1: Dangerous Tool Blocking
+// ---------------------------------------------------------------------------
+
+// Block shell and command execution tools
+@id("tools-block-shell-execution")
+@name("Block shell and command execution")
+@description("Block direct shell, bash, and command execution tools to prevent command injection (MITRE T1059)")
+@severity("critical")
+@tags("shell,command-injection,execution,nist-cm-7,mitre-t1059,baseline")
+forbid (
+    principal,
+    action == Overwatch::Action::"call_tool",
+    resource
+)
+when {
+    context has tool_name &&
+    (context.tool_name == "shell" ||
+     context.tool_name == "bash" ||
+     context.tool_name == "sh" ||
+     context.tool_name == "terminal" ||
+     context.tool_name == "system.exec" ||
+     context.tool_name == "process.spawn")
+};
+
+// Block destructive file operations
+@id("tools-block-destructive-ops")
+@name("Block destructive file operations")
+@description("Block file deletion and other destructive tool operations to prevent data loss")
+@severity("high")
+@tags("file,delete,destructive,nist-ac-3")
+forbid (
+    principal,
+    action == Overwatch::Action::"call_tool",
+    resource
+)
+when {
+    context has tool_name &&
+    (context.tool_name == "fs.delete" ||
+     context.tool_name == "fs.rmdir" ||
+     context.tool_name == "fs.unlink")
+};
+
+// ---------------------------------------------------------------------------
+// Section 2: Sensitive Path Blocking
+// ---------------------------------------------------------------------------
+
+// Block access to sensitive system paths and credential files
+@id("tools-block-sensitive-paths")
+@name("Block access to sensitive system paths")
+@description("Prevent access to system directories, credential files, SSH keys, and cloud config (MITRE T1005, T1552.001)")
+@severity("high")
+@tags("file,path,system,security,nist-ac-6,mitre-t1005")
+forbid (
+    principal,
+    action in [Overwatch::Action::"read_file", Overwatch::Action::"write_file", Overwatch::Action::"call_tool"],
+    resource
+)
+when {
+    context has path &&
+    (context.path like "/etc/*" ||
+     context.path like "/var/*" ||
+     context.path like "/proc/*" ||
+     context.path like "/sys/*" ||
+     context.path like "/root/*" ||
+     context.path like "*/.ssh/*" ||
+     context.path like "*/.aws/*" ||
+     context.path like "*/.gnupg/*" ||
+     context.path like "*.pem" ||
+     context.path like "*/id_rsa*" ||
+     context.path like "*/id_ed25519*")
+};
+
+// ---------------------------------------------------------------------------
+// Section 3: Threat-Based Tool Blocking
+// ---------------------------------------------------------------------------
+
+// Block tool calls with high severity threats detected
+@id("tools-block-high-severity-threats")
+@name("Block tool calls with high severity threats")
+@description("Prevent tool execution when high or critical severity threats are detected in content")
+@severity("high")
+@tags("tools,threats,severity,security")
+forbid (
+    principal,
+    action == Overwatch::Action::"call_tool",
+    resource
+)
+when {
+    context has threat_count && context has max_threat_severity &&
+    context.threat_count > 0 && context.max_threat_severity >= 3
+};
+`;
+const OVERWATCH_TOOLS_MCP_ALLOWLIST_CEDAR = `// MCP Server Allowlist Template
+// Only allow specific MCP servers to be used
+// Category: tools
+//
+// NOTE: Users should customize the mcp_server values in the permit rule
+// to match their allowed servers before deploying this template.
+
+@id("mcp-allowlist-permit")
+@name("Allow specific MCP servers")
+@description("Only allow connections to pre-approved MCP servers (customize the list)")
+@severity("medium")
+@tags("mcp,allowlist,server,governance")
+permit (
+    principal,
+    action == Overwatch::Action::"connect_server",
+    resource
+)
+when {
+    context.mcp_server == "filesystem" ||
+    context.mcp_server == "playwright"
+};
+
+@id("mcp-allowlist-deny")
+@name("Deny unallowed MCP servers")
+@description("Block all MCP server connections not in the allowlist")
+@severity("medium")
+@tags("mcp,deny-default,server")
+forbid (
+    principal,
+    action == Overwatch::Action::"connect_server",
+    resource
+);
+`;
+const OVERWATCH_ORG_DEFAULT_DENY_CEDAR = `// Default Deny All Template
+// Organization-wide baseline: deny all unless explicitly permitted
+// Category: organization
+
+@id("org-deny-all")
+@name("Deny all actions by default")
+@description("Block all actions unless explicitly permitted by other policies - use as organization baseline")
+@severity("high")
+@tags("baseline,security,deny-by-default,organization")
+forbid (
+    principal,
+    action,
+    resource
+);
+`;
+const OVERWATCH_ORG_AUDIT_ALL_CEDAR = `// Audit All Actions Template
+// Log all agent actions for compliance and monitoring
+// Category: organization
+
+@id("org-audit-all")
+@name("Audit all actions")
+@description("Permit and log all agent actions for compliance auditing and monitoring")
+@severity("low")
+@tags("audit,compliance,logging,organization")
+permit (
+    principal,
+    action,
+    resource
+);
+`;
+const OVERWATCH_ORG_TEAM_PERMISSIONS_CEDAR = `// Team-Based Permissions (ReBAC)
+// Grant IDE access based on team membership using entity hierarchy
+// Category: organization
+// Namespace: Overwatch
+//
+// Entity hierarchy required:
+//   Organization::"acme-corp"
+//     └── Team::"dev-team"       (in Organization)
+//     │     └── Agent::"claude"  (in Team)
+//     └── Team::"support-team"   (in Organization)
+//           └── Agent::"claude-support" (in Team)
+
+// Dev Team: Full IDE access - all actions permitted
+@id("team-dev-full-access")
+@name("Dev team full IDE access")
+@description("Grant development team agents full IDE access including tools, prompts, file operations, and server connections")
+@severity("medium")
+@tags("rebac,team,dev,permissions,organization")
+permit (
+    principal in Overwatch::Team::"dev-team",
+    action,
+    resource
+);
+
+// Support Team: Read-only access - process prompts and read files only
+@id("team-support-read-only")
+@name("Support team read-only access")
+@description("Grant support team agents read-only access limited to prompt processing and file reading")
+@severity("medium")
+@tags("rebac,team,support,read-only,organization")
+permit (
+    principal in Overwatch::Team::"support-team",
+    action in [Overwatch::Action::"process_prompt", Overwatch::Action::"read_file"],
+    resource
+);
+`;
+const OVERWATCH_ORG_AGENT_GUARDRAILS_CEDAR = `// Agent-Specific Guardrails
+// Apply per-agent security policies based on agent identity
+// Category: organization
+// Namespace: Overwatch
+//
+// Different agents have different risk profiles:
+//   Claude Code → prompt injection detection
+//   Cursor      → PII leakage detection
+
+// Claude Code: Block prompt injection attempts
+@id("agent-claude-block-injection")
+@name("Claude Code injection guardrail")
+@description("Block prompt injection attempts specifically for Claude Code agent")
+@severity("critical")
+@tags("rebac,agent,claude,injection,guardrail,organization")
+forbid (
+    principal == Overwatch::Agent::"claude",
+    action == Overwatch::Action::"process_prompt",
+    resource
+)
+when {
+    context.yara_threats.contains("prompt_injection")
+};
+
+// Cursor: Block PII leakage
+@id("agent-cursor-block-pii")
+@name("Cursor PII guardrail")
+@description("Block PII content in Cursor agent prompts to prevent data leakage")
+@severity("critical")
+@tags("rebac,agent,cursor,pii,guardrail,organization")
+forbid (
+    principal == Overwatch::Agent::"cursor",
+    action == Overwatch::Action::"process_prompt",
+    resource
+)
+when {
+    context.threat_categories.contains("pii")
+};
+`;
+// =============================================================================
+// CATEGORIES
+// =============================================================================
+export const OVERWATCH_CATEGORIES = [
+    { id: 'secrets', name: 'Secrets Detection', description: 'Detect and block credentials, tokens, API keys, and sensitive key patterns in prompts, tool calls, and AI responses' },
+    { id: 'pii', name: 'PII Detection', description: 'Detect and block personally identifiable information (PII) such as credit card numbers, SSNs, and other sensitive data' },
+    { id: 'semantic', name: 'Semantic Threat Detection', description: 'Detect and block prompt injection, jailbreak attempts, and high-severity AI security threats' },
+    { id: 'tools', name: 'Tool Permissioning', description: 'Control access to shell execution, file operations, MCP servers, and sensitive system paths' },
+    { id: 'organization', name: 'Organization Rules', description: 'Apply organization-wide policy baselines, team permissions, and agent-specific guardrails' },
+];
+// =============================================================================
+// DEFAULT POLICIES
+// =============================================================================
+export const OVERWATCH_DEFAULTS = [
+    {
+        id: 'secrets-default',
+        name: 'Secrets Detection',
+        description: 'Detect and block credential leakage across prompts, tool calls, file operations, and AI response content',
+        category: 'secrets',
+        cedarText: OVERWATCH_SECRETS_DEFAULT_CEDAR,
+        severity: 'critical',
+        tags: ['api-keys', 'tokens', 'credentials', 'aws', 'github', 'ssh', 'baseline'],
+        isActive: true,
+    },
+    {
+        id: 'pii-default',
+        name: 'PII Detection',
+        description: 'Detect and block credit card numbers, SSN, and other sensitive personal information in prompts and tool calls',
+        category: 'pii',
+        cedarText: OVERWATCH_PII_DEFAULT_CEDAR,
+        severity: 'critical',
+        tags: ['pii', 'privacy', 'compliance', 'pci-dss', 'gdpr', 'baseline'],
+        isActive: true,
+    },
+    {
+        id: 'semantic-default',
+        name: 'Semantic Threat Detection',
+        description: 'Detect and block prompt injection, jailbreak attempts, and high-severity AI security threats',
+        category: 'semantic',
+        cedarText: OVERWATCH_SEMANTIC_DEFAULT_CEDAR,
+        severity: 'critical',
+        tags: ['prompt-injection', 'jailbreak', 'owasp-llm01', 'security', 'baseline'],
+        isActive: true,
+    },
+    {
+        id: 'tools-default',
+        name: 'Tool Permissioning',
+        description: 'Block dangerous shell execution, restrict sensitive file paths, and enforce threat-based tool access controls',
+        category: 'tools',
+        cedarText: OVERWATCH_TOOLS_DEFAULT_CEDAR,
+        severity: 'critical',
+        tags: ['shell', 'command-injection', 'file-access', 'mitre-t1059', 'baseline'],
+        isActive: false,
+    },
+];
+// =============================================================================
+// ALL TEMPLATES
+// =============================================================================
+export const OVERWATCH_TEMPLATES = [
+    {
+        id: 'tools-mcp-allowlist',
+        name: 'MCP Server Allowlist',
+        description: 'Only allow specific MCP servers to be used',
+        category: 'tools',
+        cedarText: OVERWATCH_TOOLS_MCP_ALLOWLIST_CEDAR,
+        severity: 'medium',
+        tags: ['mcp', 'allowlist', 'whitelist'],
+    },
+    {
+        id: 'org-default-deny',
+        name: 'Default Deny All',
+        description: 'Organization-wide baseline: deny all unless explicitly permitted',
+        category: 'organization',
+        cedarText: OVERWATCH_ORG_DEFAULT_DENY_CEDAR,
+        severity: 'high',
+        tags: ['baseline', 'security', 'deny-by-default'],
+    },
+    {
+        id: 'org-audit-all',
+        name: 'Audit All Actions',
+        description: 'Log all agent actions for compliance and monitoring',
+        category: 'organization',
+        cedarText: OVERWATCH_ORG_AUDIT_ALL_CEDAR,
+        severity: 'low',
+        tags: ['audit', 'compliance', 'logging'],
+    },
+    {
+        id: 'org-team-permissions',
+        name: 'Team-Based Permissions (ReBAC)',
+        description: 'Grant IDE access based on team membership using entity hierarchy - supports dev team full access and support team read-only',
+        category: 'organization',
+        cedarText: OVERWATCH_ORG_TEAM_PERMISSIONS_CEDAR,
+        severity: 'medium',
+        tags: ['rebac', 'team', 'permissions', 'hierarchy'],
+    },
+    {
+        id: 'org-agent-guardrails',
+        name: 'Agent-Specific Guardrails',
+        description: 'Apply per-agent security guardrails - injection blocking for Claude, PII blocking for Cursor',
+        category: 'organization',
+        cedarText: OVERWATCH_ORG_AGENT_GUARDRAILS_CEDAR,
+        severity: 'critical',
+        tags: ['rebac', 'agent', 'guardrails', 'per-agent'],
+    },
+];
+// =============================================================================
+// TEMPLATES METADATA
+// =============================================================================
+/** Raw templates.json metadata for the Overwatch service. */
+export const OVERWATCH_TEMPLATES_JSON = `{
+  "service": "overwatch",
+  "version": "2.0.0",
+  "description": "Overwatch policy templates for IDE security",
+  "categories": [
+    {
+      "id": "secrets",
+      "name": "Secrets Detection",
+      "description": "Detect and block credentials, tokens, API keys, and sensitive key patterns in prompts, tool calls, and AI responses"
+    },
+    {
+      "id": "pii",
+      "name": "PII Detection",
+      "description": "Detect and block personally identifiable information (PII) such as credit card numbers, SSNs, and other sensitive data"
+    },
+    {
+      "id": "semantic",
+      "name": "Semantic Threat Detection",
+      "description": "Detect and block prompt injection, jailbreak attempts, and high-severity AI security threats"
+    },
+    {
+      "id": "tools",
+      "name": "Tool Permissioning",
+      "description": "Control access to shell execution, file operations, MCP servers, and sensitive system paths"
+    },
+    {
+      "id": "organization",
+      "name": "Organization Rules",
+      "description": "Apply organization-wide policy baselines, team permissions, and agent-specific guardrails"
+    }
+  ],
+  "defaults": [
+    {
+      "id": "secrets-default",
+      "name": "Secrets Detection",
+      "description": "Detect and block credential leakage across prompts, tool calls, file operations, and AI response content",
+      "category": "secrets",
+      "file": "defaults/secrets.cedar",
+      "severity": "critical",
+      "tags": ["api-keys", "tokens", "credentials", "aws", "github", "ssh", "baseline"],
+      "is_active": true
+    },
+    {
+      "id": "pii-default",
+      "name": "PII Detection",
+      "description": "Detect and block credit card numbers, SSN, and other sensitive personal information in prompts and tool calls",
+      "category": "pii",
+      "file": "defaults/pii.cedar",
+      "severity": "critical",
+      "tags": ["pii", "privacy", "compliance", "pci-dss", "gdpr", "baseline"],
+      "is_active": true
+    },
+    {
+      "id": "semantic-default",
+      "name": "Semantic Threat Detection",
+      "description": "Detect and block prompt injection, jailbreak attempts, and high-severity AI security threats",
+      "category": "semantic",
+      "file": "defaults/semantic.cedar",
+      "severity": "critical",
+      "tags": ["prompt-injection", "jailbreak", "owasp-llm01", "security", "baseline"],
+      "is_active": true
+    },
+    {
+      "id": "tools-default",
+      "name": "Tool Permissioning",
+      "description": "Block dangerous shell execution, restrict sensitive file paths, and enforce threat-based tool access controls",
+      "category": "tools",
+      "file": "defaults/tools.cedar",
+      "severity": "critical",
+      "tags": ["shell", "command-injection", "file-access", "mitre-t1059", "baseline"],
+      "is_active": false
+    }
+  ],
+  "templates": [
+    {
+      "id": "tools-mcp-allowlist",
+      "name": "MCP Server Allowlist",
+      "description": "Only allow specific MCP servers to be used",
+      "category": "tools",
+      "file": "mcp_server_allowlist.cedar",
+      "severity": "medium",
+      "tags": ["mcp", "allowlist", "whitelist"]
+    },
+    {
+      "id": "org-default-deny",
+      "name": "Default Deny All",
+      "description": "Organization-wide baseline: deny all unless explicitly permitted",
+      "category": "organization",
+      "file": "default_deny_all.cedar",
+      "severity": "high",
+      "tags": ["baseline", "security", "deny-by-default"]
+    },
+    {
+      "id": "org-audit-all",
+      "name": "Audit All Actions",
+      "description": "Log all agent actions for compliance and monitoring",
+      "category": "organization",
+      "file": "audit_all_actions.cedar",
+      "severity": "low",
+      "tags": ["audit", "compliance", "logging"]
+    },
+    {
+      "id": "org-team-permissions",
+      "name": "Team-Based Permissions (ReBAC)",
+      "description": "Grant IDE access based on team membership using entity hierarchy - supports dev team full access and support team read-only",
+      "category": "organization",
+      "file": "team_permissions.cedar",
+      "severity": "medium",
+      "tags": ["rebac", "team", "permissions", "hierarchy"]
+    },
+    {
+      "id": "org-agent-guardrails",
+      "name": "Agent-Specific Guardrails",
+      "description": "Apply per-agent security guardrails - injection blocking for Claude, PII blocking for Cursor",
+      "category": "organization",
+      "file": "agent_guardrails.cedar",
+      "severity": "critical",
+      "tags": ["rebac", "agent", "guardrails", "per-agent"]
+    }
+  ]
+}
+`;
+// =============================================================================
+// HELPER FUNCTIONS
+// =============================================================================
+export function getOverwatchDefaultsByCategory(category) {
+    return OVERWATCH_DEFAULTS.filter(d => d.category === category);
+}
+export function getOverwatchTemplatesByCategory(category) {
+    return OVERWATCH_TEMPLATES.filter(t => t.category === category);
+}
+export function getOverwatchTemplateById(id) {
+    return OVERWATCH_TEMPLATES.find(t => t.id === id);
+}
+//# sourceMappingURL=overwatch-defaults.gen.js.map