@highflame/policy 2.1.14 → 2.1.16

package/dist/ai_gateway-entities.gen.d.ts

@@ -0,0 +1,11 @@
+import type { ServiceEntityMetadata, ActionEntityMetadata } from './entity-metadata-types.gen.js';
+/**
+ * AiGateway entity metadata for UI components.
+ * Extracted from Cedar schema appliesTo blocks.
+ */
+export declare const AI_GATEWAY_ENTITIES: ServiceEntityMetadata;
+/**
+ * Per-action entity mapping for AiGateway.
+ * Maps action names to their valid principals and resources.
+ */
+export declare const AI_GATEWAY_ACTION_ENTITIES: Record<string, ActionEntityMetadata>;

package/dist/ai_gateway-entities.gen.js

@@ -0,0 +1,37 @@
+// Code generated by highflame-policy-codegen. DO NOT EDIT.
+// Source: schemas/ai_gateway/schema.cedarschema
+/**
+ * AiGateway entity metadata for UI components.
+ * Extracted from Cedar schema appliesTo blocks.
+ */
+export const AI_GATEWAY_ENTITIES = {
+    principals: ['MCP_Client', 'User'],
+    resources: ['FilePath', 'LlmPrompt', 'Server', 'Tool'],
+    actions: ['call_tool', 'connect_server', 'process_prompt', 'read_file', 'write_file'],
+};
+/**
+ * Per-action entity mapping for AiGateway.
+ * Maps action names to their valid principals and resources.
+ */
+export const AI_GATEWAY_ACTION_ENTITIES = {
+    'call_tool': {
+        principals: ['MCP_Client', 'User'],
+        resources: ['Tool'],
+    },
+    'connect_server': {
+        principals: ['MCP_Client', 'User'],
+        resources: ['Server'],
+    },
+    'process_prompt': {
+        principals: ['MCP_Client', 'User'],
+        resources: ['LlmPrompt'],
+    },
+    'read_file': {
+        principals: ['MCP_Client', 'User'],
+        resources: ['FilePath'],
+    },
+    'write_file': {
+        principals: ['MCP_Client', 'User'],
+        resources: ['FilePath'],
+    },
+};

package/dist/index.d.ts

@@ -9,23 +9,23 @@ export * from './errors.js';
 export * from './annotations.js';
 export * from './explain.js';
 export * from './condition-groups.js';
-export { GUARDRAILS_SCHEMA, GUARDRAILS_CONTEXT, MCP_GATEWAY_SCHEMA, MCP_GATEWAY_CONTEXT, OVERWATCH_SCHEMA, OVERWATCH_CONTEXT, PALISADE_SCHEMA, PALISADE_CONTEXT, SENTRY_SCHEMA, SENTRY_CONTEXT, } from './service-schemas.gen.js';
+export { AI_GATEWAY_SCHEMA, AI_GATEWAY_CONTEXT, GUARDRAILS_SCHEMA, GUARDRAILS_CONTEXT, OVERWATCH_SCHEMA, OVERWATCH_CONTEXT, PALISADE_SCHEMA, PALISADE_CONTEXT, SENTRY_SCHEMA, SENTRY_CONTEXT, } from './service-schemas.gen.js';
 export type { ContextAttribute, ActionContext, ServiceContext, } from './service-schemas.gen.js';
+export { AiGatewayContextKey } from './ai_gateway-context.gen.js';
 export { GuardrailsContextKey } from './guardrails-context.gen.js';
-export { McpGatewayContextKey } from './mcp_gateway-context.gen.js';
 export { OverwatchContextKey } from './overwatch-context.gen.js';
 export { PalisadeContextKey } from './palisade-context.gen.js';
 export { SentryContextKey } from './sentry-context.gen.js';
+export { AI_GATEWAY_ENTITIES, AI_GATEWAY_ACTION_ENTITIES, } from './ai_gateway-entities.gen.js';
 export { GUARDRAILS_ENTITIES, GUARDRAILS_ACTION_ENTITIES, } from './guardrails-entities.gen.js';
-export { MCP_GATEWAY_ENTITIES, MCP_GATEWAY_ACTION_ENTITIES, } from './mcp_gateway-entities.gen.js';
 export { OVERWATCH_ENTITIES, OVERWATCH_ACTION_ENTITIES, } from './overwatch-entities.gen.js';
 export { PALISADE_ENTITIES, PALISADE_ACTION_ENTITIES, } from './palisade-entities.gen.js';
 export { SENTRY_ENTITIES, SENTRY_ACTION_ENTITIES, } from './sentry-entities.gen.js';
 export type { ServiceEntityMetadata, ActionEntityMetadata } from './entity-metadata-types.gen.js';
+export { AI_GATEWAY_DEFAULTS, AI_GATEWAY_TEMPLATES, AI_GATEWAY_CATEGORIES, AI_GATEWAY_TEMPLATES_JSON, getAiGatewayDefaultsByCategory, getAiGatewayTemplatesByCategory, getAiGatewayTemplateById, } from './ai_gateway-defaults.gen.js';
+export type { AiGatewayCategory, AiGatewayCategoryInfo, AiGatewayDefaultPolicy, AiGatewayTemplate, } from './ai_gateway-defaults.gen.js';
 export { GUARDRAILS_DEFAULTS, GUARDRAILS_TEMPLATES, GUARDRAILS_CATEGORIES, GUARDRAILS_TEMPLATES_JSON, getGuardrailsDefaultsByCategory, getGuardrailsTemplatesByCategory, getGuardrailsTemplateById, } from './guardrails-defaults.gen.js';
 export type { GuardrailsCategory, GuardrailsCategoryInfo, GuardrailsDefaultPolicy, GuardrailsTemplate, } from './guardrails-defaults.gen.js';
-export { MCP_GATEWAY_DEFAULTS, MCP_GATEWAY_TEMPLATES, MCP_GATEWAY_CATEGORIES, MCP_GATEWAY_TEMPLATES_JSON, getMcpGatewayDefaultsByCategory, getMcpGatewayTemplatesByCategory, getMcpGatewayTemplateById, } from './mcp_gateway-defaults.gen.js';
-export type { McpGatewayCategory, McpGatewayCategoryInfo, McpGatewayDefaultPolicy, McpGatewayTemplate, } from './mcp_gateway-defaults.gen.js';
 export { OVERWATCH_DEFAULTS, OVERWATCH_TEMPLATES, OVERWATCH_CATEGORIES, OVERWATCH_TEMPLATES_JSON, getOverwatchDefaultsByCategory, getOverwatchTemplatesByCategory, getOverwatchTemplateById, } from './overwatch-defaults.gen.js';
 export type { OverwatchCategory, OverwatchCategoryInfo, OverwatchDefaultPolicy, OverwatchTemplate, } from './overwatch-defaults.gen.js';
 export { SENTRY_DEFAULTS, SENTRY_TEMPLATES, SENTRY_CATEGORIES, SENTRY_TEMPLATES_JSON, getSentryDefaultsByCategory, getSentryTemplatesByCategory, getSentryTemplateById, } from './sentry-defaults.gen.js';

package/dist/index.js

@@ -18,21 +18,21 @@ export * from './explain.js';
 // Condition groups (AST ↔ flat UI groups)
 export * from './condition-groups.js';
 // Service-specific schemas and context (inlined)
-export { GUARDRAILS_SCHEMA, GUARDRAILS_CONTEXT, MCP_GATEWAY_SCHEMA, MCP_GATEWAY_CONTEXT, OVERWATCH_SCHEMA, OVERWATCH_CONTEXT, PALISADE_SCHEMA, PALISADE_CONTEXT, SENTRY_SCHEMA, SENTRY_CONTEXT, } from './service-schemas.gen.js';
+export { AI_GATEWAY_SCHEMA, AI_GATEWAY_CONTEXT, GUARDRAILS_SCHEMA, GUARDRAILS_CONTEXT, OVERWATCH_SCHEMA, OVERWATCH_CONTEXT, PALISADE_SCHEMA, PALISADE_CONTEXT, SENTRY_SCHEMA, SENTRY_CONTEXT, } from './service-schemas.gen.js';
 // Service-specific context key enums
+export { AiGatewayContextKey } from './ai_gateway-context.gen.js';
 export { GuardrailsContextKey } from './guardrails-context.gen.js';
-export { McpGatewayContextKey } from './mcp_gateway-context.gen.js';
 export { OverwatchContextKey } from './overwatch-context.gen.js';
 export { PalisadeContextKey } from './palisade-context.gen.js';
 export { SentryContextKey } from './sentry-context.gen.js';
 // Service-specific entity metadata (for UI - principals, resources, actions)
+export { AI_GATEWAY_ENTITIES, AI_GATEWAY_ACTION_ENTITIES, } from './ai_gateway-entities.gen.js';
 export { GUARDRAILS_ENTITIES, GUARDRAILS_ACTION_ENTITIES, } from './guardrails-entities.gen.js';
-export { MCP_GATEWAY_ENTITIES, MCP_GATEWAY_ACTION_ENTITIES, } from './mcp_gateway-entities.gen.js';
 export { OVERWATCH_ENTITIES, OVERWATCH_ACTION_ENTITIES, } from './overwatch-entities.gen.js';
 export { PALISADE_ENTITIES, PALISADE_ACTION_ENTITIES, } from './palisade-entities.gen.js';
 export { SENTRY_ENTITIES, SENTRY_ACTION_ENTITIES, } from './sentry-entities.gen.js';
 // Service-specific default policies, templates, and categories
+export { AI_GATEWAY_DEFAULTS, AI_GATEWAY_TEMPLATES, AI_GATEWAY_CATEGORIES, AI_GATEWAY_TEMPLATES_JSON, getAiGatewayDefaultsByCategory, getAiGatewayTemplatesByCategory, getAiGatewayTemplateById, } from './ai_gateway-defaults.gen.js';
 export { GUARDRAILS_DEFAULTS, GUARDRAILS_TEMPLATES, GUARDRAILS_CATEGORIES, GUARDRAILS_TEMPLATES_JSON, getGuardrailsDefaultsByCategory, getGuardrailsTemplatesByCategory, getGuardrailsTemplateById, } from './guardrails-defaults.gen.js';
-export { MCP_GATEWAY_DEFAULTS, MCP_GATEWAY_TEMPLATES, MCP_GATEWAY_CATEGORIES, MCP_GATEWAY_TEMPLATES_JSON, getMcpGatewayDefaultsByCategory, getMcpGatewayTemplatesByCategory, getMcpGatewayTemplateById, } from './mcp_gateway-defaults.gen.js';
 export { OVERWATCH_DEFAULTS, OVERWATCH_TEMPLATES, OVERWATCH_CATEGORIES, OVERWATCH_TEMPLATES_JSON, getOverwatchDefaultsByCategory, getOverwatchTemplatesByCategory, getOverwatchTemplateById, } from './overwatch-defaults.gen.js';
 export { SENTRY_DEFAULTS, SENTRY_TEMPLATES, SENTRY_CATEGORIES, SENTRY_TEMPLATES_JSON, getSentryDefaultsByCategory, getSentryTemplatesByCategory, getSentryTemplateById, } from './sentry-defaults.gen.js';

package/dist/overwatch-defaults.gen.js

@@ -36,17 +36,17 @@ const OVERWATCH_SECRETS_DEFAULT_CEDAR = `// ====================================
 // Secrets Detection Policy (Default)
 // =============================================================================
 // Detects and blocks credential leakage across prompts, tool calls, and file
-// operations using YARA rule name matching and file path patterns.
+// operations using Shield's secrets detector context keys and file path patterns.
 //
-// Detection layers:
-//   1. YARA rule triggers (detected_threats) — pattern-based, always available
-//   2. Sensitive file path blocking (.env, credential directories)
+// Detection:
+//   Shield's secrets detector (Tier Fast) populates:
+//     contains_secrets (bool) — true if any secret found
+//     secret_types (Set<String>) — types found: "aws_access_key", "ssh_key",
+//       "pem_certificate", "environment_variable", "github_token", etc.
+//     secret_count (long) — total secret matches
 //
-// YARA rules matched:
-//   secrets_leakage    — AWS keys, GitHub tokens, private key headers, API keys
-//   ssh_key_exposure   — SSH private key content and key file paths
-//   pem_file_access    — PEM/certificate private keys and key files
-//   environment_variable_leakage — OPENAI_API_KEY, HF_TOKEN, generic *_API_KEY
+//   Policies reference secret_types directly for per-category granularity.
+//   This works with both built-in and user-configured secret types.
 //
 // Compliance:
 //   NIST 800-53 SC-28 (Protection of Information at Rest)
@@ -60,17 +60,17 @@ const OVERWATCH_SECRETS_DEFAULT_CEDAR = `// ====================================
 // =============================================================================
 
 // ---------------------------------------------------------------------------
-// Section 1: YARA Rule — secrets_leakage
+// Section 1: General Secret Leakage
 // Detects AWS access keys, GitHub tokens, private key headers, API key
 // assignments, and bearer tokens in content.
 // ---------------------------------------------------------------------------
 
-// Block prompts containing detected secrets
+// Block prompts containing any detected secrets
 @id("secrets-block-leakage-prompt")
 @name("Block secrets in prompts")
-@description("Block prompts when YARA detects exposed secrets — AWS access keys (AKIA...), GitHub tokens (ghp_...), private key headers, bearer tokens, or API key assignments (api_key=sk-proj-...).")
+@description("Block prompts when secrets are detected — AWS access keys (AKIA...), GitHub tokens (ghp_...), private key headers, bearer tokens, or API key assignments.")
 @severity("high")
-@tags("secrets,credentials,yara,process-prompt,nist-sc-28,nist-ia-5")
+@tags("secrets,credentials,process-prompt,nist-sc-28,nist-ia-5")
 @reject_message("Prompt blocked: exposed secrets detected (AWS keys, tokens, private keys, or API key assignments). Remove sensitive credentials before submitting.")
 forbid (
     principal,
@@ -78,15 +78,15 @@ forbid (
     resource
 )
 when {
-    context.detected_threats.contains("secrets_leakage")
+    context.contains_secrets == true
 };
 
 // Block tool calls containing detected secrets
 @id("secrets-block-leakage-tool")
 @name("Block secrets in tool calls")
-@description("Block tool execution when YARA detects exposed secrets in tool arguments or command content.")
+@description("Block tool execution when secrets are detected in tool arguments or command content.")
 @severity("high")
-@tags("secrets,credentials,yara,call-tool,nist-sc-28,mitre-t1552")
+@tags("secrets,credentials,call-tool,nist-sc-28,mitre-t1552")
 @reject_message("Tool execution blocked: exposed secrets detected in command or arguments. Remove sensitive credentials before executing.")
 forbid (
     principal,
@@ -94,11 +94,11 @@ forbid (
     resource
 )
 when {
-    context has detected_threats && context.detected_threats.contains("secrets_leakage")
+    context has contains_secrets && context.contains_secrets == true
 };
 
 // ---------------------------------------------------------------------------
-// Section 2: YARA Rule — ssh_key_exposure
+// Section 2: SSH Key Exposure
 // Detects SSH private key content (BEGIN OPENSSH/RSA PRIVATE KEY) and
 // SSH key file paths (/.ssh/id_rsa, id_ed25519).
 // ---------------------------------------------------------------------------
@@ -106,9 +106,9 @@ when {
 // Block SSH key exposure across tool calls and file operations
 @id("secrets-block-ssh-keys")
 @name("Block SSH key exposure")
-@description("Block when YARA detects SSH private key content or SSH key file paths. Covers tool calls, file reads, and file writes. AI agents must not access SSH credentials.")
+@description("Block when SSH private key content or SSH key file paths are detected. Covers tool calls, file reads, and file writes. AI agents must not access SSH credentials.")
 @severity("critical")
-@tags("secrets,ssh,credentials,yara,nist-ia-5,mitre-t1552")
+@tags("secrets,ssh,credentials,nist-ia-5,mitre-t1552")
 @reject_message("Blocked: SSH private key content or key file path detected. AI agents must not access SSH credentials.")
 forbid (
     principal,
@@ -116,11 +116,11 @@ forbid (
     resource
 )
 when {
-    context has detected_threats && context.detected_threats.contains("ssh_key_exposure")
+    context has secret_types && context.secret_types.contains("ssh_key")
 };
 
 // ---------------------------------------------------------------------------
-// Section 3: YARA Rule — pem_file_access
+// Section 3: PEM / Certificate Key Exposure
 // Detects PEM private key content (BEGIN ENCRYPTED/RSA/EC/DSA PRIVATE KEY)
 // and key file paths (.pem, .key, .p12, .pfx).
 // ---------------------------------------------------------------------------
@@ -128,9 +128,9 @@ when {
 // Block PEM/certificate key exposure
 @id("secrets-block-pem-keys")
 @name("Block PEM/certificate key exposure")
-@description("Block when YARA detects PEM private key content or certificate key file paths (.pem, .key, .p12, .pfx). AI agents must not access certificate credentials.")
+@description("Block when PEM private key content or certificate key file paths (.pem, .key, .p12, .pfx) are detected. AI agents must not access certificate credentials.")
 @severity("critical")
-@tags("secrets,certificates,pem,yara,nist-ia-5,mitre-t1552")
+@tags("secrets,certificates,pem,nist-ia-5,mitre-t1552")
 @reject_message("Blocked: PEM private key or certificate key file detected. AI agents must not access certificate credentials.")
 forbid (
     principal,
@@ -138,11 +138,11 @@ forbid (
     resource
 )
 when {
-    context has detected_threats && context.detected_threats.contains("pem_file_access")
+    context has secret_types && context.secret_types.contains("pem_certificate")
 };
 
 // ---------------------------------------------------------------------------
-// Section 4: YARA Rule — environment_variable_leakage
+// Section 4: Environment Variable Leakage
 // Detects OPENAI_API_KEY=sk-..., HF_TOKEN=hf_..., and generic
 // <NAME>_API_KEY=<value> (16+ chars) patterns.
 // ---------------------------------------------------------------------------
@@ -150,9 +150,9 @@ when {
 // Block environment variable secret exposure
 @id("secrets-block-env-vars")
 @name("Block environment variable leakage")
-@description("Block when YARA detects environment variable secret assignments — OPENAI_API_KEY, HF_TOKEN, or generic <NAME>_API_KEY=<value> patterns with 16+ character values.")
+@description("Block when environment variable secret assignments are detected — OPENAI_API_KEY, HF_TOKEN, or generic <NAME>_API_KEY=<value> patterns with 16+ character values.")
 @severity("high")
-@tags("secrets,environment,yara,nist-ia-5")
+@tags("secrets,environment,nist-ia-5")
 @reject_message("Blocked: environment variable secret detected (API keys, tokens). Remove sensitive values before proceeding.")
 forbid (
     principal,
@@ -160,7 +160,7 @@ forbid (
     resource
 )
 when {
-    context has detected_threats && context.detected_threats.contains("environment_variable_leakage")
+    context has secret_types && context.secret_types.contains("environment_variable")
 };
 
 // ---------------------------------------------------------------------------
@@ -168,7 +168,7 @@ when {
 // Blocks file read/write access to credential directories and .env files.
 // NOTE: Targets read_file/write_file only — NOT call_tool. The path field
 // is empty for Bash commands (extractor reads tool_input.file_path which is
-// undefined for Bash). SSH key access via Bash is caught by YARA rules above.
+// undefined for Bash). SSH key access via Bash is caught by rules above.
 // ---------------------------------------------------------------------------
 
 // Block access to credential directories
@@ -639,20 +639,16 @@ const OVERWATCH_PII_DEFAULT_CEDAR = `// ========================================
 // PII Detection Policy (Default)
 // =============================================================================
 // Detects and blocks personally identifiable information across prompts, tool
-// calls, and file operations using YARA rule name matching and ML classifiers.
+// calls, and file operations using Shield's PII detector context keys.
 //
-// Detection layers:
-//   1. YARA rule triggers (detected_threats) — pattern-based, always available
+// Detection:
+//   Shield's pii_regex (Tier Fast) and gcp_dlp (Tier Slow) detectors populate:
+//     pii_detected (bool) — true if any PII found
+//     pii_types (Set<String>) — types found: "ssn", "credit_card", "email", etc.
+//     pii_count (long) — total PII matches
 //
-// YARA rules matched:
-//   pii_ssn            — US Social Security Numbers (XXX-XX-XXXX)
-//   pii_credit_card    — Credit card numbers (13-19 digits)
-//   pii_passport       — Passport numbers (1-2 letters + 6-9 digits)
-//   pii_iban           — International Bank Account Numbers
-//   pii_email          — Email addresses
-//   pii_phone_us       — US phone numbers
-//   pii_date_of_birth  — Dates in MM/DD/YYYY format
-//   pii_ip_address     — IPv4 addresses
+//   Policies reference pii_types directly for per-type granularity. This works
+//   with both built-in and user-configured PII types (via ConfigReloader).
 //
 // Compliance:
 //   PCI DSS 3.4, 4.1 (Payment Card Data)
@@ -677,7 +673,7 @@ const OVERWATCH_PII_DEFAULT_CEDAR = `// ========================================
 @name("Block Social Security Numbers")
 @description("Block content containing SSN patterns (XXX-XX-XXXX). SSNs are high-value identity theft targets — exposure through AI agents is a critical privacy violation.")
 @severity("critical")
-@tags("pii,ssn,identity,yara,pci-dss,nist-si-4")
+@tags("pii,ssn,identity,pci-dss,nist-si-4")
 @reject_message("Content blocked: Social Security Number patterns detected. SSNs must never be processed through AI agents.")
 forbid (
     principal,
@@ -685,7 +681,7 @@ forbid (
     resource
 )
 when {
-    context has detected_threats && context.detected_threats.contains("pii_ssn")
+    context has pii_types && context.pii_types.contains("ssn")
 };
 
 // Block credit card numbers (PCI DSS compliance)
@@ -693,7 +689,7 @@ when {
 @name("Block credit card numbers")
 @description("Block content containing credit card number patterns (13-19 digits). PCI DSS 3.4 requires PANs are rendered unreadable — AI agents must never process raw card numbers.")
 @severity("critical")
-@tags("pii,credit-card,payment,yara,pci-dss-3.4,pci-dss-4.1")
+@tags("pii,credit-card,payment,pci-dss-3.4,pci-dss-4.1")
 @reject_message("Content blocked: credit card number patterns detected. Sharing payment card data through AI agents violates PCI DSS. Use tokenized references instead.")
 forbid (
     principal,
@@ -701,7 +697,7 @@ forbid (
     resource
 )
 when {
-    context has detected_threats && context.detected_threats.contains("pii_credit_card")
+    context has pii_types && context.pii_types.contains("credit_card")
 };
 
 // ---------------------------------------------------------------------------
@@ -715,7 +711,7 @@ when {
 @name("Block passport numbers")
 @description("Block content containing passport number patterns (1-2 letters + 6-9 digits). Passport numbers are government-issued identifiers with high identity theft risk.")
 @severity("high")
-@tags("pii,passport,identity,yara,gdpr-art-32")
+@tags("pii,passport,identity,gdpr-art-32")
 @reject_message("Content blocked: passport number patterns detected. Government-issued identifiers must not be processed through AI agents.")
 forbid (
     principal,
@@ -723,7 +719,7 @@ forbid (
     resource
 )
 when {
-    context has detected_threats && context.detected_threats.contains("pii_passport")
+    context has pii_types && context.pii_types.contains("passport")
 };
 
 // Block IBAN (International Bank Account Numbers)
@@ -731,7 +727,7 @@ when {
 @name("Block bank account numbers")
 @description("Block content containing IBAN patterns. Bank account numbers are sensitive financial identifiers that must not be exposed through AI agents.")
 @severity("high")
-@tags("pii,iban,financial,yara,gdpr-art-32,pci-dss")
+@tags("pii,iban,financial,gdpr-art-32,pci-dss")
 @reject_message("Content blocked: bank account number (IBAN) patterns detected. Financial account numbers must not be processed through AI agents.")
 forbid (
     principal,
@@ -739,7 +735,7 @@ forbid (
     resource
 )
 when {
-    context has detected_threats && context.detected_threats.contains("pii_iban")
+    context has pii_types && context.pii_types.contains("iban")
 };
 
 // ---------------------------------------------------------------------------
@@ -753,7 +749,7 @@ when {
 @name("Block email addresses")
 @description("Block prompts and tool calls containing email address patterns. Prevents accidental sharing of personal email addresses with AI agents.")
 @severity("medium")
-@tags("pii,email,contact,yara,gdpr-art-32")
+@tags("pii,email,contact,gdpr-art-32")
 @reject_message("Content blocked: email address patterns detected. Remove personal email addresses before submitting to AI agents.")
 forbid (
     principal,
@@ -761,7 +757,7 @@ forbid (
     resource
 )
 when {
-    context has detected_threats && context.detected_threats.contains("pii_email")
+    context has pii_types && context.pii_types.contains("email")
 };
 
 // Block US phone numbers
@@ -769,7 +765,7 @@ when {
 @name("Block phone numbers")
 @description("Block prompts and tool calls containing US phone number patterns. Prevents accidental sharing of personal phone numbers with AI agents.")
 @severity("medium")
-@tags("pii,phone,contact,yara,ccpa")
+@tags("pii,phone,contact,ccpa")
 @reject_message("Content blocked: phone number patterns detected. Remove personal phone numbers before submitting to AI agents.")
 forbid (
     principal,
@@ -777,7 +773,7 @@ forbid (
     resource
 )
 when {
-    context has detected_threats && context.detected_threats.contains("pii_phone_us")
+    context has pii_types && context.pii_types.contains("phone")
 };
 
 // Block dates of birth
@@ -785,7 +781,7 @@ when {
 @name("Block dates of birth")
 @description("Block prompts and tool calls containing date of birth patterns (MM/DD/YYYY). Date of birth combined with other identifiers enables identity theft.")
 @severity("medium")
-@tags("pii,dob,identity,yara,hipaa-164.312")
+@tags("pii,dob,identity,hipaa-164.312")
 @reject_message("Content blocked: date of birth patterns detected. Remove personal dates before submitting to AI agents.")
 forbid (
     principal,
@@ -793,7 +789,7 @@ forbid (
     resource
 )
 when {
-    context has detected_threats && context.detected_threats.contains("pii_date_of_birth")
+    context has pii_types && context.pii_types.contains("date_of_birth")
 };
 
 // ---------------------------------------------------------------------------
@@ -807,7 +803,7 @@ when {
 @name("Block IP addresses in prompts")
 @description("Block prompts containing IPv4 address patterns. Only targets prompts — IP addresses are too common in source code and config files to block in tool calls or file operations.")
 @severity("low")
-@tags("pii,ip-address,network,yara")
+@tags("pii,ip-address,network")
 @reject_message("Content blocked: IP address patterns detected in prompt. Remove network identifiers before submitting.")
 forbid (
     principal,
@@ -815,9 +811,8 @@ forbid (
     resource
 )
 when {
-    context.detected_threats.contains("pii_ip_address")
+    context has pii_types && context.pii_types.contains("ip_address")
 };
-
 `;
 const OVERWATCH_TOOLS_MCP_ALLOWLIST_CEDAR = `// MCP Server Allowlist Template
 // Only allow specific MCP servers to be used