@highflame/policy 2.1.12 → 2.1.14

package/dist/service-schemas.gen.js

@@ -1,11 +1,12 @@
 // Code generated by highflame-policy-codegen. DO NOT EDIT.
-// Source: schemas/guardrails/schema.cedarschema, schemas/overwatch/schema.cedarschema, schemas/palisade/schema.cedarschema, schemas/sentry/schema.cedarschema
+// Source: schemas/guardrails/schema.cedarschema, schemas/mcp_gateway/schema.cedarschema, schemas/overwatch/schema.cedarschema, schemas/palisade/schema.cedarschema, schemas/sentry/schema.cedarschema
 //
 // Service-specific Cedar schemas and context metadata.
 // Works in both browser and Node.js environments.
 //
 // Usage:
 //   import { GUARDRAILS_SCHEMA, GUARDRAILS_CONTEXT } from '@highflame/policy/types';
+//   import { MCP_GATEWAY_SCHEMA, MCP_GATEWAY_CONTEXT } from '@highflame/policy/types';
 //   import { OVERWATCH_SCHEMA, OVERWATCH_CONTEXT } from '@highflame/policy/types';
 //   import { PALISADE_SCHEMA, PALISADE_CONTEXT } from '@highflame/policy/types';
 //   import { SENTRY_SCHEMA, SENTRY_CONTEXT } from '@highflame/policy/types';
@@ -497,6 +498,284 @@ namespace Guardrails {
         "agent_publisher"?: String,
 
     };
+}
+`;
+/**
+ * McpGateway Cedar schema
+ *
+ * Full Cedar schema for mcp_gateway, embedded at codegen time.
+ */
+export const MCP_GATEWAY_SCHEMA = `// MCPGateway Cedar Schema
+// ===================================
+// MCP Gateway Security & Policy Enforcement
+//
+// MCPGateway protects MCP proxy operations (tool calls, server connections)
+// by evaluating threats detected by the Shield detection engine pipeline
+// against Cedar policies.
+//
+// Architecture:
+//   MCP Client -> Firehog Proxy -> Shield (detection + Cedar) -> Allow/Deny
+//
+// Threat Coverage:
+//   - OWASP Top 10 for LLM Applications 2025 (LLM01, LLM06)
+//   - OWASP Top 10 for Agentic Applications (ASI01, ASI02, ASI04)
+//   - OWASP MCP Top 10 (MCP01-MCP05)
+
+namespace MCPGateway {
+
+// =============================================================================
+// ENTITIES - Tenant Hierarchy (ReBAC)
+// =============================================================================
+// MCPGateway does not use App/Session hierarchy.
+//
+// Entity hierarchy:
+//   Account (org root)
+//     -> Project in [Account]
+//          -> Tool/Server in [Project]
+//
+// Policy scoping examples:
+//   resource == MCPGateway::Tool::"get_me"            -> specific tool
+//   resource in MCPGateway::Project::"<uuid>"          -> project-wide
+//   resource in MCPGateway::Account::"<uuid>"          -> org-wide
+
+/// Account represents an organization (top-level tenant)
+entity Account;
+
+/// Project represents a project within an account
+entity Project in [Account];
+
+// =============================================================================
+// ENTITIES - Principals
+// =============================================================================
+
+/// Human user authenticated via JWT or API key
+entity User;
+
+/// MCP client (default principal for unauthenticated requests)
+entity MCP_Client;
+
+// =============================================================================
+// ENTITIES - Resources (scoped under Project)
+// =============================================================================
+
+/// MCP tool -- resource for call_tool action
+entity Tool in [Project];
+
+/// MCP server -- resource for connect_server action
+entity Server in [Project];
+
+/// MCP prompt -- resource for process_prompt action
+entity LlmPrompt in [Project];
+
+/// File/resource path -- resource for read_file/write_file actions
+entity FilePath in [Project];
+
+// =============================================================================
+// ACTIONS
+// =============================================================================
+
+// Call an MCP tool
+// Threat focus: command injection, tool poisoning, rug pull, secrets, PII
+action call_tool appliesTo {
+  principal: [User, MCP_Client],
+  resource: [Tool],
+  context: {
+    // --- Content ---
+    content: String,                  // Raw content being scanned
+
+    // --- Tool & MCP ---
+    tool_name?: String,               // Tool name
+    mcp_server?: String,              // MCP server name
+    mcp_tool?: String,                // MCP tool name
+
+    // --- Threat Detection (from Shield detection pipeline) ---
+    threat_count?: Long,              // Total threats detected
+    highest_severity?: String,        // "critical", "high", "medium", "low", "none"
+    threat_categories?: Set<String>,  // Threat category names
+    detected_threats?: Set<String>,   // Detection rule names that matched
+    max_threat_severity?: Long,       // Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)
+    contains_secrets?: Bool,          // Whether secrets/credentials detected
+
+    // --- Secrets (granular) ---
+    secret_types?: Set<String>,
+    secret_count?: Long,
+
+    // --- PII Detection ---
+    pii_detected?: Bool,
+    pii_types?: Set<String>,
+    pii_count?: Long,
+
+    // --- ML Detector Confidence Scores (0-100) ---
+    injection_confidence?: Long,      // Prompt injection classifier confidence
+    jailbreak_confidence?: Long,      // Jailbreak detection classifier confidence
+
+    // --- Agent Security (0-100) ---
+    tool_poisoning_score?: Long,      // Hidden instructions in tool description/args
+    tool_poisoning_detected?: Bool,
+    rug_pull_score?: Long,            // Tool behavior drift after trust establishment
+    rug_pull_detected?: Bool,
+    indirect_injection_score?: Long,  // Indirect injection via tool output
+
+    // --- Tool Risk Assessment ---
+    tool_risk_score?: Long,           // Computed tool risk (0-100)
+    tool_category?: String,           // "safe", "sensitive", "dangerous"
+    tool_is_sensitive?: Bool,
+    tool_is_builtin?: Bool,
+
+    // --- MCP Trust ---
+    mcp_server_verified?: Bool,       // Whether server is from verified registry
+
+    // --- Content Safety Scores (0-100) ---
+    violence_score?: Long,
+    weapons_score?: Long,
+    hate_speech_score?: Long,
+    crime_score?: Long,
+    sexual_score?: Long,
+    profanity_score?: Long,
+
+    // --- Encoding & Unicode Attacks ---
+    contains_invisible_chars?: Bool,
+    invisible_chars_score?: Long,
+
+    // --- Behavioral Analysis ---
+    loop_detected?: Bool,
+    loop_count?: Long,
+    loop_tool?: String,
+    suspicious_pattern?: Bool,
+    pattern_type?: String,
+    sequence_risk?: Long,
+  },
+};
+
+// Connect to an MCP server
+// Threat focus: supply chain, tool poisoning, rug pull, config risk
+action connect_server appliesTo {
+  principal: [User, MCP_Client],
+  resource: [Server],
+  context: {
+    content?: String,                 // Server config content (if available)
+    mcp_server?: String,
+
+    // --- Threat Detection ---
+    threat_count?: Long,
+    highest_severity?: String,
+    threat_categories?: Set<String>,
+    max_threat_severity?: Long,
+
+    // --- Agent Security (0-100) ---
+    tool_poisoning_score?: Long,
+    tool_poisoning_detected?: Bool,
+    rug_pull_score?: Long,
+    rug_pull_detected?: Bool,
+    indirect_injection_score?: Long,
+
+    // --- MCP Trust & Config Risk ---
+    mcp_server_verified?: Bool,
+    mcp_config_risk?: Bool,
+    mcp_risk_score?: Long,
+  },
+};
+
+// Process an MCP prompt (prompts/get, prompts/list)
+// Threat focus: injection, jailbreak, secrets, PII, content safety
+action process_prompt appliesTo {
+  principal: [User, MCP_Client],
+  resource: [LlmPrompt],
+  context: {
+    content: String,
+    mcp_server?: String,
+
+    // --- Threat Detection ---
+    threat_count?: Long,
+    highest_severity?: String,
+    threat_categories?: Set<String>,
+    detected_threats?: Set<String>,
+    max_threat_severity?: Long,
+    contains_secrets?: Bool,
+
+    // --- Secrets ---
+    secret_types?: Set<String>,
+    secret_count?: Long,
+
+    // --- PII Detection ---
+    pii_detected?: Bool,
+    pii_types?: Set<String>,
+    pii_count?: Long,
+
+    // --- ML Detector Confidence Scores (0-100) ---
+    injection_confidence?: Long,
+    jailbreak_confidence?: Long,
+
+    // --- Content Safety Scores (0-100) ---
+    violence_score?: Long,
+    weapons_score?: Long,
+    hate_speech_score?: Long,
+    crime_score?: Long,
+    sexual_score?: Long,
+    profanity_score?: Long,
+
+    // --- Encoding ---
+    contains_invisible_chars?: Bool,
+    invisible_chars_score?: Long,
+  },
+};
+
+// Read an MCP resource (resources/read, resources/list)
+// Threat focus: secrets exposure, PII exposure, sensitive paths
+action read_file appliesTo {
+  principal: [User, MCP_Client],
+  resource: [FilePath],
+  context: {
+    content: String,
+    mcp_server?: String,
+
+    // --- Threat Detection ---
+    threat_count?: Long,
+    highest_severity?: String,
+    threat_categories?: Set<String>,
+    detected_threats?: Set<String>,
+    max_threat_severity?: Long,
+    contains_secrets?: Bool,
+
+    // --- Secrets ---
+    secret_types?: Set<String>,
+    secret_count?: Long,
+
+    // --- PII Detection ---
+    pii_detected?: Bool,
+    pii_types?: Set<String>,
+    pii_count?: Long,
+  },
+};
+
+// Write an MCP resource (resources/write)
+// Threat focus: secrets in output, PII in output
+action write_file appliesTo {
+  principal: [User, MCP_Client],
+  resource: [FilePath],
+  context: {
+    content: String,
+    mcp_server?: String,
+
+    // --- Threat Detection ---
+    threat_count?: Long,
+    highest_severity?: String,
+    threat_categories?: Set<String>,
+    detected_threats?: Set<String>,
+    max_threat_severity?: Long,
+    contains_secrets?: Bool,
+
+    // --- Secrets ---
+    secret_types?: Set<String>,
+    secret_count?: Long,
+
+    // --- PII Detection ---
+    pii_detected?: Bool,
+    pii_types?: Set<String>,
+    pii_count?: Long,
+  },
+};
+
 }
 `;
 /**
@@ -1778,6 +2057,149 @@ export const GUARDRAILS_CONTEXT = {
         }
     ]
 };
+/**
+ * McpGateway context metadata (parsed JSON)
+ */
+export const MCP_GATEWAY_CONTEXT = {
+    "service": "mcp_gateway",
+    "version": "1.0.0",
+    "description": "Context attributes for MCPGateway Cedar policies",
+    "actions": [
+        {
+            "name": "call_tool",
+            "description": "Call an MCP tool — threat focus: command injection, tool poisoning, rug pull, secrets, PII",
+            "context_attributes": [
+                { "key": "content", "type": "string", "required": true, "description": "Raw content being scanned" },
+                { "key": "tool_name", "type": "string", "required": false, "description": "Tool name" },
+                { "key": "mcp_server", "type": "string", "required": false, "description": "MCP server name" },
+                { "key": "mcp_tool", "type": "string", "required": false, "description": "MCP tool name" },
+                { "key": "threat_count", "type": "number", "required": false, "description": "Total threats detected" },
+                { "key": "highest_severity", "type": "string", "required": false, "description": "Highest threat severity" },
+                { "key": "threat_categories", "type": "array", "required": false, "description": "Threat category names" },
+                { "key": "detected_threats", "type": "array", "required": false, "description": "Detection rule names that matched" },
+                { "key": "max_threat_severity", "type": "number", "required": false, "description": "Numeric severity (0-4)" },
+                { "key": "contains_secrets", "type": "boolean", "required": false, "description": "Whether secrets/credentials detected" },
+                { "key": "secret_types", "type": "array", "required": false, "description": "Types of secrets found" },
+                { "key": "secret_count", "type": "number", "required": false, "description": "Number of distinct secrets" },
+                { "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII detected" },
+                { "key": "pii_types", "type": "array", "required": false, "description": "Types of PII detected" },
+                { "key": "pii_count", "type": "number", "required": false, "description": "Number of PII matches" },
+                { "key": "injection_confidence", "type": "number", "required": false, "description": "Injection classifier confidence (0-100)" },
+                { "key": "jailbreak_confidence", "type": "number", "required": false, "description": "Jailbreak classifier confidence (0-100)" },
+                { "key": "tool_poisoning_score", "type": "number", "required": false, "description": "Tool poisoning risk score (0-100)" },
+                { "key": "tool_poisoning_detected", "type": "boolean", "required": false, "description": "Tool poisoning detected flag" },
+                { "key": "rug_pull_score", "type": "number", "required": false, "description": "Rug pull risk score (0-100)" },
+                { "key": "rug_pull_detected", "type": "boolean", "required": false, "description": "Rug pull detected flag" },
+                { "key": "indirect_injection_score", "type": "number", "required": false, "description": "Indirect injection score (0-100)" },
+                { "key": "tool_risk_score", "type": "number", "required": false, "description": "Computed tool risk (0-100)" },
+                { "key": "tool_category", "type": "string", "required": false, "description": "Tool category: safe/sensitive/dangerous" },
+                { "key": "tool_is_sensitive", "type": "boolean", "required": false, "description": "Tool sensitivity flag" },
+                { "key": "tool_is_builtin", "type": "boolean", "required": false, "description": "Built-in tool flag" },
+                { "key": "mcp_server_verified", "type": "boolean", "required": false, "description": "Whether server is from verified registry" },
+                { "key": "violence_score", "type": "number", "required": false, "description": "Violence content score (0-100)" },
+                { "key": "weapons_score", "type": "number", "required": false, "description": "Weapons content score (0-100)" },
+                { "key": "hate_speech_score", "type": "number", "required": false, "description": "Hate speech score (0-100)" },
+                { "key": "crime_score", "type": "number", "required": false, "description": "Crime content score (0-100)" },
+                { "key": "sexual_score", "type": "number", "required": false, "description": "Sexual content score (0-100)" },
+                { "key": "profanity_score", "type": "number", "required": false, "description": "Profanity score (0-100)" },
+                { "key": "contains_invisible_chars", "type": "boolean", "required": false, "description": "Invisible Unicode chars detected" },
+                { "key": "invisible_chars_score", "type": "number", "required": false, "description": "Unicode attack severity (0-100)" },
+                { "key": "loop_detected", "type": "boolean", "required": false, "description": "Tool call loop detected" },
+                { "key": "loop_count", "type": "number", "required": false, "description": "Consecutive repeat calls" },
+                { "key": "suspicious_pattern", "type": "boolean", "required": false, "description": "Data exfiltration or attack sequence detected" },
+                { "key": "pattern_type", "type": "string", "required": false, "description": "Pattern type" },
+                { "key": "sequence_risk", "type": "number", "required": false, "description": "Sequence risk score (0-100)" }
+            ]
+        },
+        {
+            "name": "connect_server",
+            "description": "Connect to an MCP server — threat focus: supply chain, tool poisoning, config risk",
+            "context_attributes": [
+                { "key": "content", "type": "string", "required": false, "description": "Server config content" },
+                { "key": "mcp_server", "type": "string", "required": false, "description": "MCP server name" },
+                { "key": "threat_count", "type": "number", "required": false, "description": "Total threats detected" },
+                { "key": "highest_severity", "type": "string", "required": false, "description": "Highest threat severity" },
+                { "key": "threat_categories", "type": "array", "required": false, "description": "Threat category names" },
+                { "key": "max_threat_severity", "type": "number", "required": false, "description": "Numeric severity (0-4)" },
+                { "key": "tool_poisoning_score", "type": "number", "required": false, "description": "Tool poisoning risk (0-100)" },
+                { "key": "tool_poisoning_detected", "type": "boolean", "required": false, "description": "Tool poisoning detected" },
+                { "key": "rug_pull_score", "type": "number", "required": false, "description": "Rug pull risk (0-100)" },
+                { "key": "rug_pull_detected", "type": "boolean", "required": false, "description": "Rug pull detected" },
+                { "key": "indirect_injection_score", "type": "number", "required": false, "description": "Indirect injection score (0-100)" },
+                { "key": "mcp_server_verified", "type": "boolean", "required": false, "description": "Verified registry status" },
+                { "key": "mcp_config_risk", "type": "boolean", "required": false, "description": "Risky server config detected" },
+                { "key": "mcp_risk_score", "type": "number", "required": false, "description": "Config risk severity (0-100)" }
+            ]
+        },
+        {
+            "name": "process_prompt",
+            "description": "Process an MCP prompt — threat focus: injection, jailbreak, secrets, PII, content safety",
+            "context_attributes": [
+                { "key": "content", "type": "string", "required": true, "description": "Raw content being scanned" },
+                { "key": "mcp_server", "type": "string", "required": false, "description": "MCP server name" },
+                { "key": "threat_count", "type": "number", "required": false, "description": "Total threats detected" },
+                { "key": "highest_severity", "type": "string", "required": false, "description": "Highest threat severity" },
+                { "key": "threat_categories", "type": "array", "required": false, "description": "Threat category names" },
+                { "key": "detected_threats", "type": "array", "required": false, "description": "Detection rule names that matched" },
+                { "key": "max_threat_severity", "type": "number", "required": false, "description": "Numeric severity (0-4)" },
+                { "key": "contains_secrets", "type": "boolean", "required": false, "description": "Whether secrets/credentials detected" },
+                { "key": "secret_types", "type": "array", "required": false, "description": "Types of secrets found" },
+                { "key": "secret_count", "type": "number", "required": false, "description": "Number of distinct secrets" },
+                { "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII detected" },
+                { "key": "pii_types", "type": "array", "required": false, "description": "Types of PII detected" },
+                { "key": "pii_count", "type": "number", "required": false, "description": "Number of PII matches" },
+                { "key": "injection_confidence", "type": "number", "required": false, "description": "Injection classifier confidence (0-100)" },
+                { "key": "jailbreak_confidence", "type": "number", "required": false, "description": "Jailbreak classifier confidence (0-100)" },
+                { "key": "violence_score", "type": "number", "required": false, "description": "Violence content score (0-100)" },
+                { "key": "weapons_score", "type": "number", "required": false, "description": "Weapons content score (0-100)" },
+                { "key": "hate_speech_score", "type": "number", "required": false, "description": "Hate speech score (0-100)" },
+                { "key": "crime_score", "type": "number", "required": false, "description": "Crime content score (0-100)" },
+                { "key": "sexual_score", "type": "number", "required": false, "description": "Sexual content score (0-100)" },
+                { "key": "profanity_score", "type": "number", "required": false, "description": "Profanity score (0-100)" },
+                { "key": "contains_invisible_chars", "type": "boolean", "required": false, "description": "Invisible Unicode chars detected" },
+                { "key": "invisible_chars_score", "type": "number", "required": false, "description": "Unicode attack severity (0-100)" }
+            ]
+        },
+        {
+            "name": "read_file",
+            "description": "Read an MCP resource — threat focus: secrets exposure, PII exposure",
+            "context_attributes": [
+                { "key": "content", "type": "string", "required": true, "description": "Raw content being scanned" },
+                { "key": "mcp_server", "type": "string", "required": false, "description": "MCP server name" },
+                { "key": "threat_count", "type": "number", "required": false, "description": "Total threats detected" },
+                { "key": "highest_severity", "type": "string", "required": false, "description": "Highest threat severity" },
+                { "key": "threat_categories", "type": "array", "required": false, "description": "Threat category names" },
+                { "key": "detected_threats", "type": "array", "required": false, "description": "Detection rule names that matched" },
+                { "key": "max_threat_severity", "type": "number", "required": false, "description": "Numeric severity (0-4)" },
+                { "key": "contains_secrets", "type": "boolean", "required": false, "description": "Whether secrets/credentials detected" },
+                { "key": "secret_types", "type": "array", "required": false, "description": "Types of secrets found" },
+                { "key": "secret_count", "type": "number", "required": false, "description": "Number of distinct secrets" },
+                { "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII detected" },
+                { "key": "pii_types", "type": "array", "required": false, "description": "Types of PII detected" },
+                { "key": "pii_count", "type": "number", "required": false, "description": "Number of PII matches" }
+            ]
+        },
+        {
+            "name": "write_file",
+            "description": "Write an MCP resource — threat focus: secrets in output, PII in output",
+            "context_attributes": [
+                { "key": "content", "type": "string", "required": true, "description": "Raw content being scanned" },
+                { "key": "mcp_server", "type": "string", "required": false, "description": "MCP server name" },
+                { "key": "threat_count", "type": "number", "required": false, "description": "Total threats detected" },
+                { "key": "highest_severity", "type": "string", "required": false, "description": "Highest threat severity" },
+                { "key": "threat_categories", "type": "array", "required": false, "description": "Threat category names" },
+                { "key": "detected_threats", "type": "array", "required": false, "description": "Detection rule names that matched" },
+                { "key": "max_threat_severity", "type": "number", "required": false, "description": "Numeric severity (0-4)" },
+                { "key": "contains_secrets", "type": "boolean", "required": false, "description": "Whether secrets/credentials detected" },
+                { "key": "secret_types", "type": "array", "required": false, "description": "Types of secrets found" },
+                { "key": "secret_count", "type": "number", "required": false, "description": "Number of distinct secrets" },
+                { "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII detected" },
+                { "key": "pii_types", "type": "array", "required": false, "description": "Types of PII detected" },
+                { "key": "pii_count", "type": "number", "required": false, "description": "Number of PII matches" }
+            ]
+        }
+    ]
+};
 /**
  * Overwatch context metadata (parsed JSON)
  */

package/dist/types.d.ts

@@ -7,19 +7,23 @@ export * from './errors.js';
 export * from './annotations.js';
 export * from './explain.js';
 export * from './condition-groups.js';
-export { GUARDRAILS_SCHEMA, GUARDRAILS_CONTEXT, OVERWATCH_SCHEMA, OVERWATCH_CONTEXT, PALISADE_SCHEMA, PALISADE_CONTEXT, SENTRY_SCHEMA, SENTRY_CONTEXT, } from './service-schemas.gen.js';
+export { GUARDRAILS_SCHEMA, GUARDRAILS_CONTEXT, MCP_GATEWAY_SCHEMA, MCP_GATEWAY_CONTEXT, OVERWATCH_SCHEMA, OVERWATCH_CONTEXT, PALISADE_SCHEMA, PALISADE_CONTEXT, SENTRY_SCHEMA, SENTRY_CONTEXT, } from './service-schemas.gen.js';
 export type { ContextAttribute, ActionContext, ServiceContext, } from './service-schemas.gen.js';
 export { GuardrailsContextKey } from './guardrails-context.gen.js';
+export { McpGatewayContextKey } from './mcp_gateway-context.gen.js';
 export { OverwatchContextKey } from './overwatch-context.gen.js';
 export { PalisadeContextKey } from './palisade-context.gen.js';
 export { SentryContextKey } from './sentry-context.gen.js';
 export { GUARDRAILS_ENTITIES, GUARDRAILS_ACTION_ENTITIES, } from './guardrails-entities.gen.js';
+export { MCP_GATEWAY_ENTITIES, MCP_GATEWAY_ACTION_ENTITIES, } from './mcp_gateway-entities.gen.js';
 export { OVERWATCH_ENTITIES, OVERWATCH_ACTION_ENTITIES, } from './overwatch-entities.gen.js';
 export { PALISADE_ENTITIES, PALISADE_ACTION_ENTITIES, } from './palisade-entities.gen.js';
 export { SENTRY_ENTITIES, SENTRY_ACTION_ENTITIES, } from './sentry-entities.gen.js';
 export type { ServiceEntityMetadata, ActionEntityMetadata } from './entity-metadata-types.gen.js';
 export { GUARDRAILS_DEFAULTS, GUARDRAILS_TEMPLATES, GUARDRAILS_CATEGORIES, GUARDRAILS_TEMPLATES_JSON, getGuardrailsDefaultsByCategory, getGuardrailsTemplatesByCategory, getGuardrailsTemplateById, } from './guardrails-defaults.gen.js';
 export type { GuardrailsCategory, GuardrailsCategoryInfo, GuardrailsDefaultPolicy, GuardrailsTemplate, } from './guardrails-defaults.gen.js';
+export { MCP_GATEWAY_DEFAULTS, MCP_GATEWAY_TEMPLATES, MCP_GATEWAY_CATEGORIES, MCP_GATEWAY_TEMPLATES_JSON, getMcpGatewayDefaultsByCategory, getMcpGatewayTemplatesByCategory, getMcpGatewayTemplateById, } from './mcp_gateway-defaults.gen.js';
+export type { McpGatewayCategory, McpGatewayCategoryInfo, McpGatewayDefaultPolicy, McpGatewayTemplate, } from './mcp_gateway-defaults.gen.js';
 export { OVERWATCH_DEFAULTS, OVERWATCH_TEMPLATES, OVERWATCH_CATEGORIES, OVERWATCH_TEMPLATES_JSON, getOverwatchDefaultsByCategory, getOverwatchTemplatesByCategory, getOverwatchTemplateById, } from './overwatch-defaults.gen.js';
 export type { OverwatchCategory, OverwatchCategoryInfo, OverwatchDefaultPolicy, OverwatchTemplate, } from './overwatch-defaults.gen.js';
 export { SENTRY_DEFAULTS, SENTRY_TEMPLATES, SENTRY_CATEGORIES, SENTRY_TEMPLATES_JSON, getSentryDefaultsByCategory, getSentryTemplatesByCategory, getSentryTemplateById, } from './sentry-defaults.gen.js';

package/dist/types.js

@@ -20,18 +20,21 @@ export * from './explain.js';
 // Condition groups - works in browser (no WASM dependency)
 export * from './condition-groups.js';
 // Service-specific schemas and context (inlined, browser-safe)
-export { GUARDRAILS_SCHEMA, GUARDRAILS_CONTEXT, OVERWATCH_SCHEMA, OVERWATCH_CONTEXT, PALISADE_SCHEMA, PALISADE_CONTEXT, SENTRY_SCHEMA, SENTRY_CONTEXT, } from './service-schemas.gen.js';
+export { GUARDRAILS_SCHEMA, GUARDRAILS_CONTEXT, MCP_GATEWAY_SCHEMA, MCP_GATEWAY_CONTEXT, OVERWATCH_SCHEMA, OVERWATCH_CONTEXT, PALISADE_SCHEMA, PALISADE_CONTEXT, SENTRY_SCHEMA, SENTRY_CONTEXT, } from './service-schemas.gen.js';
 // Service-specific context key enums
 export { GuardrailsContextKey } from './guardrails-context.gen.js';
+export { McpGatewayContextKey } from './mcp_gateway-context.gen.js';
 export { OverwatchContextKey } from './overwatch-context.gen.js';
 export { PalisadeContextKey } from './palisade-context.gen.js';
 export { SentryContextKey } from './sentry-context.gen.js';
 // Service-specific entity metadata (for UI - principals, resources, actions)
 export { GUARDRAILS_ENTITIES, GUARDRAILS_ACTION_ENTITIES, } from './guardrails-entities.gen.js';
+export { MCP_GATEWAY_ENTITIES, MCP_GATEWAY_ACTION_ENTITIES, } from './mcp_gateway-entities.gen.js';
 export { OVERWATCH_ENTITIES, OVERWATCH_ACTION_ENTITIES, } from './overwatch-entities.gen.js';
 export { PALISADE_ENTITIES, PALISADE_ACTION_ENTITIES, } from './palisade-entities.gen.js';
 export { SENTRY_ENTITIES, SENTRY_ACTION_ENTITIES, } from './sentry-entities.gen.js';
 // Service-specific default policies, templates, and categories
 export { GUARDRAILS_DEFAULTS, GUARDRAILS_TEMPLATES, GUARDRAILS_CATEGORIES, GUARDRAILS_TEMPLATES_JSON, getGuardrailsDefaultsByCategory, getGuardrailsTemplatesByCategory, getGuardrailsTemplateById, } from './guardrails-defaults.gen.js';
+export { MCP_GATEWAY_DEFAULTS, MCP_GATEWAY_TEMPLATES, MCP_GATEWAY_CATEGORIES, MCP_GATEWAY_TEMPLATES_JSON, getMcpGatewayDefaultsByCategory, getMcpGatewayTemplatesByCategory, getMcpGatewayTemplateById, } from './mcp_gateway-defaults.gen.js';
 export { OVERWATCH_DEFAULTS, OVERWATCH_TEMPLATES, OVERWATCH_CATEGORIES, OVERWATCH_TEMPLATES_JSON, getOverwatchDefaultsByCategory, getOverwatchTemplatesByCategory, getOverwatchTemplateById, } from './overwatch-defaults.gen.js';
 export { SENTRY_DEFAULTS, SENTRY_TEMPLATES, SENTRY_CATEGORIES, SENTRY_TEMPLATES_JSON, getSentryDefaultsByCategory, getSentryTemplatesByCategory, getSentryTemplateById, } from './sentry-defaults.gen.js';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@highflame/policy",
-  "version": "2.1.12",
+  "version": "2.1.14",
   "description": "Highflame Cedar policy types and engine wrapper",
   "readme": "README.md",
   "main": "dist/index.js",