@highflame/policy 2.0.7 → 2.0.9

package/_schemas/overwatch/context.json

@@ -1,6 +1,6 @@
 {
   "service": "overwatch",
-  "version": "1.0.0",
+  "version": "2.0.0",
   "description": "Overwatch (Guardian) IDE security & policy enforcement",
   "actions": [
     {
@@ -96,6 +96,66 @@
           "type": "string",
           "required": false,
           "description": "Response content from AI (if available)"
+        },
+        {
+          "key": "violence_score",
+          "type": "number",
+          "required": false,
+          "description": "Violence content detection score (0-100)"
+        },
+        {
+          "key": "weapons_score",
+          "type": "number",
+          "required": false,
+          "description": "Weapons content detection score (0-100)"
+        },
+        {
+          "key": "hate_speech_score",
+          "type": "number",
+          "required": false,
+          "description": "Hate speech detection score (0-100)"
+        },
+        {
+          "key": "crime_score",
+          "type": "number",
+          "required": false,
+          "description": "Criminal content detection score (0-100)"
+        },
+        {
+          "key": "sexual_score",
+          "type": "number",
+          "required": false,
+          "description": "Sexual content detection score (0-100)"
+        },
+        {
+          "key": "profanity_score",
+          "type": "number",
+          "required": false,
+          "description": "Profanity detection score (0-100)"
+        },
+        {
+          "key": "pii_confidence",
+          "type": "number",
+          "required": false,
+          "description": "PII detection classifier confidence (0-100)"
+        },
+        {
+          "key": "injection_confidence",
+          "type": "number",
+          "required": false,
+          "description": "Prompt injection classifier confidence (0-100)"
+        },
+        {
+          "key": "jailbreak_confidence",
+          "type": "number",
+          "required": false,
+          "description": "Jailbreak detection classifier confidence (0-100)"
+        },
+        {
+          "key": "indirect_injection_score",
+          "type": "number",
+          "required": false,
+          "description": "Indirect prompt injection risk score (0-100)"
         }
       ]
     },
@@ -210,6 +270,84 @@
           "type": "string",
           "required": false,
           "description": "Response content (if available)"
+        },
+        {
+          "key": "violence_score",
+          "type": "number",
+          "required": false,
+          "description": "Violence content detection score (0-100)"
+        },
+        {
+          "key": "weapons_score",
+          "type": "number",
+          "required": false,
+          "description": "Weapons content detection score (0-100)"
+        },
+        {
+          "key": "hate_speech_score",
+          "type": "number",
+          "required": false,
+          "description": "Hate speech detection score (0-100)"
+        },
+        {
+          "key": "crime_score",
+          "type": "number",
+          "required": false,
+          "description": "Criminal content detection score (0-100)"
+        },
+        {
+          "key": "sexual_score",
+          "type": "number",
+          "required": false,
+          "description": "Sexual content detection score (0-100)"
+        },
+        {
+          "key": "profanity_score",
+          "type": "number",
+          "required": false,
+          "description": "Profanity detection score (0-100)"
+        },
+        {
+          "key": "pii_confidence",
+          "type": "number",
+          "required": false,
+          "description": "PII detection classifier confidence (0-100)"
+        },
+        {
+          "key": "injection_confidence",
+          "type": "number",
+          "required": false,
+          "description": "Prompt injection classifier confidence (0-100)"
+        },
+        {
+          "key": "jailbreak_confidence",
+          "type": "number",
+          "required": false,
+          "description": "Jailbreak detection classifier confidence (0-100)"
+        },
+        {
+          "key": "tool_poisoning_score",
+          "type": "number",
+          "required": false,
+          "description": "Tool description manipulation risk score (0-100)"
+        },
+        {
+          "key": "rug_pull_score",
+          "type": "number",
+          "required": false,
+          "description": "Tool behavior mismatch risk score (0-100)"
+        },
+        {
+          "key": "indirect_injection_score",
+          "type": "number",
+          "required": false,
+          "description": "Indirect prompt injection risk score (0-100)"
+        },
+        {
+          "key": "mcp_server_verified",
+          "type": "boolean",
+          "required": false,
+          "description": "Whether MCP server is from a verified registry"
         }
       ]
     },
@@ -270,6 +408,30 @@
           "type": "number",
           "required": true,
           "description": "Numeric severity (0-4)"
+        },
+        {
+          "key": "tool_poisoning_score",
+          "type": "number",
+          "required": false,
+          "description": "Tool description manipulation risk score (0-100)"
+        },
+        {
+          "key": "rug_pull_score",
+          "type": "number",
+          "required": false,
+          "description": "Tool behavior mismatch risk score (0-100)"
+        },
+        {
+          "key": "indirect_injection_score",
+          "type": "number",
+          "required": false,
+          "description": "Indirect prompt injection risk score (0-100)"
+        },
+        {
+          "key": "mcp_server_verified",
+          "type": "boolean",
+          "required": false,
+          "description": "Whether MCP server is from a verified registry"
         }
       ]
     },

package/_schemas/overwatch/schema.cedarschema

@@ -96,6 +96,22 @@ action process_prompt appliesTo {
     contains_secrets: Bool,         // Whether secrets detected
     prompt_text: String,           // Same as content (legacy)
     response_content: String,      // Response content (if available)
+
+    // Trust/Safety Scores (0-100, from Javelin/Lakera/LlamaGuard classifiers)
+    violence_score: Long,          // Violence content detection score
+    weapons_score: Long,           // Weapons content detection score
+    hate_speech_score: Long,       // Hate speech detection score
+    crime_score: Long,             // Criminal content detection score
+    sexual_score: Long,            // Sexual content detection score
+    profanity_score: Long,         // Profanity detection score
+
+    // Detector Confidence Scores (0-100, ML classifier confidence)
+    pii_confidence: Long,          // PII detection confidence
+    injection_confidence: Long,    // Prompt injection confidence
+    jailbreak_confidence: Long,    // Jailbreak detection confidence
+
+    // Agent Security (0-100)
+    indirect_injection_score: Long, // Indirect prompt injection risk
   },
 };
 
@@ -130,6 +146,27 @@ action call_tool appliesTo {
     max_threat_severity: Long,
     contains_secrets: Bool,
     response_content: String,
+
+    // Trust/Safety Scores (0-100, from Javelin/Lakera/LlamaGuard classifiers)
+    violence_score: Long,          // Violence content detection score
+    weapons_score: Long,           // Weapons content detection score
+    hate_speech_score: Long,       // Hate speech detection score
+    crime_score: Long,             // Criminal content detection score
+    sexual_score: Long,            // Sexual content detection score
+    profanity_score: Long,         // Profanity detection score
+
+    // Detector Confidence Scores (0-100, ML classifier confidence)
+    pii_confidence: Long,          // PII detection confidence
+    injection_confidence: Long,    // Prompt injection confidence
+    jailbreak_confidence: Long,    // Jailbreak detection confidence
+
+    // Agent Security (0-100)
+    tool_poisoning_score: Long,    // Tool description manipulation risk
+    rug_pull_score: Long,          // Tool behavior mismatch risk
+    indirect_injection_score: Long, // Indirect prompt injection risk
+
+    // MCP Trust
+    mcp_server_verified: Bool,     // Whether server is from verified registry
   },
 };
 
@@ -147,6 +184,14 @@ action connect_server appliesTo {
     highest_severity: String,
     threat_categories: Set<String>,
     max_threat_severity: Long,
+
+    // Agent Security (0-100)
+    tool_poisoning_score: Long,    // Tool description manipulation risk
+    rug_pull_score: Long,          // Tool behavior mismatch risk
+    indirect_injection_score: Long, // Indirect prompt injection risk
+
+    // MCP Trust
+    mcp_server_verified: Bool,     // Whether server is from verified registry
   },
 };
 

package/dist/actions.gen.d.ts

@@ -47,4 +47,3 @@ export type ActionType = (typeof ActionType)[keyof typeof ActionType];
  * Create an EntityUID for an action.
  */
 export declare function actionUID(action: ActionType): EntityUID;
-//# sourceMappingURL=actions.gen.d.ts.map

package/dist/actions.gen.js

@@ -49,4 +49,3 @@ export const ActionType = {
 export function actionUID(action) {
     return { type: 'Action', id: action };
 }
-//# sourceMappingURL=actions.gen.js.map

package/dist/annotations.d.ts

@@ -124,4 +124,3 @@ export declare function parseAnnotations(rawAnnotations: Record<string, string>
  * Uses crypto.randomUUID if available, falls back to manual generation.
  */
 export declare function generateRuleId(): string;
-//# sourceMappingURL=annotations.d.ts.map

package/dist/annotations.js

@@ -172,4 +172,3 @@ export function generateRuleId() {
         return v.toString(16);
     });
 }
-//# sourceMappingURL=annotations.js.map

package/dist/builder.d.ts

@@ -311,4 +311,3 @@ export declare class PolicyBuilder {
  * Complex hand-written policies may not parse correctly.
  */
 export declare function parseCedarPolicy(cedarText: string): PolicyJSON | null;
-//# sourceMappingURL=builder.d.ts.map

package/dist/builder.js

@@ -586,4 +586,3 @@ export function parseCedarPolicy(cedarText) {
         return null;
     }
 }
-//# sourceMappingURL=builder.js.map

package/dist/context.gen.d.ts

@@ -3,4 +3,3 @@
  */
 export declare const ContextKey: {};
 export type ContextKey = (typeof ContextKey)[keyof typeof ContextKey];
-//# sourceMappingURL=context.gen.d.ts.map

package/dist/context.gen.js

@@ -4,4 +4,3 @@
  * Context attribute keys for Cedar policy evaluation.
  */
 export const ContextKey = {};
-//# sourceMappingURL=context.gen.js.map

package/dist/engine.d.ts

@@ -143,4 +143,3 @@ export declare function validatePolicy(schema: string, policy: string): {
 };
 export { EntityType, EntityUID, Entity, newEntityUID, newEntity } from "./entities.gen.js";
 export { ActionType, actionUID } from "./actions.gen.js";
-//# sourceMappingURL=engine.d.ts.map

package/dist/engine.js

@@ -374,4 +374,3 @@ export function validatePolicy(schema, policy) {
 // Re-export types
 export { EntityType, newEntityUID, newEntity } from "./entities.gen.js";
 export { ActionType, actionUID } from "./actions.gen.js";
-//# sourceMappingURL=engine.js.map

package/dist/entities.gen.d.ts

@@ -47,4 +47,3 @@ export declare function newEntityUID(type: EntityType | string, id: string): Ent
  * Create a new Entity.
  */
 export declare function newEntity(type: EntityType | string, id: string, attrs?: Record<string, unknown>): Entity;
-//# sourceMappingURL=entities.gen.d.ts.map

package/dist/entities.gen.js

@@ -41,4 +41,3 @@ export function newEntity(type, id, attrs) {
         parents: [],
     };
 }
-//# sourceMappingURL=entities.gen.js.map

package/dist/entity-metadata-types.gen.d.ts

@@ -14,4 +14,3 @@ export interface ActionEntityMetadata {
     readonly principals: readonly string[];
     readonly resources: readonly string[];
 }
-//# sourceMappingURL=entity-metadata-types.gen.d.ts.map

package/dist/entity-metadata-types.gen.js

@@ -1,3 +1,2 @@
 // Code generated by highflame-policy-codegen. DO NOT EDIT.
 export {};
-//# sourceMappingURL=entity-metadata-types.gen.js.map

package/dist/errors.d.ts

@@ -99,4 +99,3 @@ export declare class ParserError extends Error {
     /** Action scope is nil */
     static actionScopeNil(): ParserError;
 }
-//# sourceMappingURL=errors.d.ts.map

package/dist/errors.js

@@ -124,4 +124,3 @@ export class ParserError extends Error {
         return new ParserError(ErrorCodes.ACTION_SCOPE_NIL, "Action scope is nil", { field: "action" });
     }
 }
-//# sourceMappingURL=errors.js.map

package/dist/index.d.ts

@@ -16,4 +16,3 @@ export { PALISADE_ENTITIES, PALISADE_ACTION_ENTITIES, } from './palisade-entitie
 export type { ServiceEntityMetadata, ActionEntityMetadata } from './entity-metadata-types.gen.js';
 export { OVERWATCH_DEFAULTS, OVERWATCH_TEMPLATES, OVERWATCH_CATEGORIES, OVERWATCH_TEMPLATES_JSON, getOverwatchDefaultsByCategory, getOverwatchTemplatesByCategory, getOverwatchTemplateById, } from './overwatch-defaults.gen.js';
 export type { OverwatchCategory, OverwatchCategoryInfo, OverwatchDefaultPolicy, OverwatchTemplate, } from './overwatch-defaults.gen.js';
-//# sourceMappingURL=index.d.ts.map

package/dist/index.js

@@ -23,4 +23,3 @@ export { OVERWATCH_ENTITIES, OVERWATCH_ACTION_ENTITIES, } from './overwatch-enti
 export { PALISADE_ENTITIES, PALISADE_ACTION_ENTITIES, } from './palisade-entities.gen.js';
 // Service-specific default policies, templates, and categories
 export { OVERWATCH_DEFAULTS, OVERWATCH_TEMPLATES, OVERWATCH_CATEGORIES, OVERWATCH_TEMPLATES_JSON, getOverwatchDefaultsByCategory, getOverwatchTemplatesByCategory, getOverwatchTemplateById, } from './overwatch-defaults.gen.js';
-//# sourceMappingURL=index.js.map

package/dist/overwatch-context.gen.d.ts

@@ -7,23 +7,35 @@
 export declare const OverwatchContextKey: {
     readonly ContainsSecrets: "contains_secrets";
     readonly Content: "content";
+    readonly CrimeScore: "crime_score";
     readonly Cwd: "cwd";
     readonly Event: "event";
+    readonly HateSpeechScore: "hate_speech_score";
     readonly HighestSeverity: "highest_severity";
+    readonly IndirectInjectionScore: "indirect_injection_score";
+    readonly InjectionConfidence: "injection_confidence";
+    readonly JailbreakConfidence: "jailbreak_confidence";
     readonly MaxThreatSeverity: "max_threat_severity";
     readonly McpServer: "mcp_server";
+    readonly McpServerVerified: "mcp_server_verified";
     readonly McpTool: "mcp_tool";
     readonly Path: "path";
+    readonly PiiConfidence: "pii_confidence";
+    readonly ProfanityScore: "profanity_score";
     readonly PromptText: "prompt_text";
     readonly ResponseContent: "response_content";
+    readonly RugPullScore: "rug_pull_score";
+    readonly SexualScore: "sexual_score";
     readonly Source: "source";
     readonly ThreatCategories: "threat_categories";
     readonly ThreatCount: "threat_count";
     readonly ThreatTypes: "threat_types";
     readonly ToolName: "tool_name";
+    readonly ToolPoisoningScore: "tool_poisoning_score";
     readonly UserEmail: "user_email";
+    readonly ViolenceScore: "violence_score";
+    readonly WeaponsScore: "weapons_score";
     readonly WorkspaceRoot: "workspace_root";
     readonly YaraThreats: "yara_threats";
 };
 export type OverwatchContextKey = (typeof OverwatchContextKey)[keyof typeof OverwatchContextKey];
-//# sourceMappingURL=overwatch-context.gen.d.ts.map

package/dist/overwatch-context.gen.js

@@ -9,22 +9,34 @@
 export const OverwatchContextKey = {
     ContainsSecrets: 'contains_secrets',
     Content: 'content',
+    CrimeScore: 'crime_score',
     Cwd: 'cwd',
     Event: 'event',
+    HateSpeechScore: 'hate_speech_score',
     HighestSeverity: 'highest_severity',
+    IndirectInjectionScore: 'indirect_injection_score',
+    InjectionConfidence: 'injection_confidence',
+    JailbreakConfidence: 'jailbreak_confidence',
     MaxThreatSeverity: 'max_threat_severity',
     McpServer: 'mcp_server',
+    McpServerVerified: 'mcp_server_verified',
     McpTool: 'mcp_tool',
     Path: 'path',
+    PiiConfidence: 'pii_confidence',
+    ProfanityScore: 'profanity_score',
     PromptText: 'prompt_text',
     ResponseContent: 'response_content',
+    RugPullScore: 'rug_pull_score',
+    SexualScore: 'sexual_score',
     Source: 'source',
     ThreatCategories: 'threat_categories',
     ThreatCount: 'threat_count',
     ThreatTypes: 'threat_types',
     ToolName: 'tool_name',
+    ToolPoisoningScore: 'tool_poisoning_score',
     UserEmail: 'user_email',
+    ViolenceScore: 'violence_score',
+    WeaponsScore: 'weapons_score',
     WorkspaceRoot: 'workspace_root',
     YaraThreats: 'yara_threats',
 };
-//# sourceMappingURL=overwatch-context.gen.js.map

package/dist/overwatch-defaults.gen.d.ts

@@ -2,7 +2,7 @@
  * Overwatch policy category identifiers.
  * Maps to UI tab names in Studio.
  */
-export type OverwatchCategory = 'secrets' | 'pii' | 'semantic' | 'tools' | 'organization';
+export type OverwatchCategory = 'secrets' | 'pii' | 'semantic' | 'tools' | 'organization' | 'trust_safety' | 'agent_security';
 /**
  * Category metadata for UI display.
  */
@@ -59,4 +59,3 @@ export declare const OVERWATCH_TEMPLATES_JSON: string;
 export declare function getOverwatchDefaultsByCategory(category: OverwatchCategory): OverwatchDefaultPolicy[];
 export declare function getOverwatchTemplatesByCategory(category: OverwatchCategory): OverwatchTemplate[];
 export declare function getOverwatchTemplateById(id: string): OverwatchTemplate | undefined;
-//# sourceMappingURL=overwatch-defaults.gen.d.ts.map