@highflame/policy 2.1.15 → 2.1.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. package/_schemas/ai_gateway/context.json +703 -0
  2. package/_schemas/ai_gateway/schema.cedarschema +286 -0
  3. package/_schemas/ai_gateway/templates/defaults/agent_security.cedar +140 -0
  4. package/_schemas/ai_gateway/templates/defaults/baseline.cedar +23 -0
  5. package/_schemas/ai_gateway/templates/defaults/semantic.cedar +105 -0
  6. package/_schemas/ai_gateway/templates/defaults/tools.cedar +92 -0
  7. package/_schemas/ai_gateway/templates/llm_default_allow.cedar +22 -0
  8. package/_schemas/ai_gateway/templates/mcp_server_allowlist.cedar +33 -0
  9. package/_schemas/ai_gateway/templates/mcp_tool_permissions.cedar +77 -0
  10. package/_schemas/ai_gateway/templates/pii_redaction.cedar +89 -0
  11. package/_schemas/ai_gateway/templates/templates.json +117 -0
  12. package/dist/ai_gateway-context.gen.d.ts +53 -0
  13. package/dist/ai_gateway-context.gen.js +54 -0
  14. package/dist/ai_gateway-defaults.gen.d.ts +61 -0
  15. package/dist/ai_gateway-defaults.gen.js +829 -0
  16. package/dist/ai_gateway-entities.gen.d.ts +11 -0
  17. package/dist/ai_gateway-entities.gen.js +37 -0
  18. package/dist/index.d.ts +5 -5
  19. package/dist/index.js +4 -4
  20. package/dist/overwatch-defaults.gen.js +2 -2
  21. package/dist/service-schemas.gen.d.ts +10 -10
  22. package/dist/service-schemas.gen.js +667 -645
  23. package/dist/types.d.ts +5 -5
  24. package/dist/types.js +4 -4
  25. package/package.json +1 -1
package/_schemas/ai_gateway/context.json ADDED
@@ -0,0 +1,703 @@
1
+ {
2
+ "service": "ai_gateway",
3
+ "version": "2.0.0",
4
+ "description": "Context attributes for AIGateway Cedar policies (MCP + LLM)",
5
+ "actions": [
6
+ {
7
+ "name": "call_tool",
8
+ "description": "Call an MCP tool — threat focus: command injection, tool poisoning, rug pull, secrets, PII",
9
+ "context_attributes": [
10
+ {
11
+ "key": "content",
12
+ "type": "string",
13
+ "required": true,
14
+ "description": "Raw content being scanned"
15
+ },
16
+ {
17
+ "key": "tool_name",
18
+ "type": "string",
19
+ "required": false,
20
+ "description": "Tool name"
21
+ },
22
+ {
23
+ "key": "mcp_server",
24
+ "type": "string",
25
+ "required": false,
26
+ "description": "MCP server name"
27
+ },
28
+ {
29
+ "key": "mcp_tool",
30
+ "type": "string",
31
+ "required": false,
32
+ "description": "MCP tool name"
33
+ },
34
+ {
35
+ "key": "threat_count",
36
+ "type": "number",
37
+ "required": false,
38
+ "description": "Total threats detected"
39
+ },
40
+ {
41
+ "key": "highest_severity",
42
+ "type": "string",
43
+ "required": false,
44
+ "description": "Highest threat severity"
45
+ },
46
+ {
47
+ "key": "threat_categories",
48
+ "type": "array",
49
+ "required": false,
50
+ "description": "Threat category names"
51
+ },
52
+ {
53
+ "key": "detected_threats",
54
+ "type": "array",
55
+ "required": false,
56
+ "description": "Detection rule names that matched"
57
+ },
58
+ {
59
+ "key": "max_threat_severity",
60
+ "type": "number",
61
+ "required": false,
62
+ "description": "Numeric severity (0-4)"
63
+ },
64
+ {
65
+ "key": "contains_secrets",
66
+ "type": "boolean",
67
+ "required": false,
68
+ "description": "Whether secrets/credentials detected"
69
+ },
70
+ {
71
+ "key": "secret_types",
72
+ "type": "array",
73
+ "required": false,
74
+ "description": "Types of secrets found"
75
+ },
76
+ {
77
+ "key": "secret_count",
78
+ "type": "number",
79
+ "required": false,
80
+ "description": "Number of distinct secrets"
81
+ },
82
+ {
83
+ "key": "pii_detected",
84
+ "type": "boolean",
85
+ "required": false,
86
+ "description": "Whether PII detected"
87
+ },
88
+ {
89
+ "key": "pii_types",
90
+ "type": "array",
91
+ "required": false,
92
+ "description": "Types of PII detected"
93
+ },
94
+ {
95
+ "key": "pii_count",
96
+ "type": "number",
97
+ "required": false,
98
+ "description": "Number of PII matches"
99
+ },
100
+ {
101
+ "key": "injection_confidence",
102
+ "type": "number",
103
+ "required": false,
104
+ "description": "Injection classifier confidence (0-100)"
105
+ },
106
+ {
107
+ "key": "jailbreak_confidence",
108
+ "type": "number",
109
+ "required": false,
110
+ "description": "Jailbreak classifier confidence (0-100)"
111
+ },
112
+ {
113
+ "key": "tool_poisoning_score",
114
+ "type": "number",
115
+ "required": false,
116
+ "description": "Tool poisoning risk score (0-100)"
117
+ },
118
+ {
119
+ "key": "tool_poisoning_detected",
120
+ "type": "boolean",
121
+ "required": false,
122
+ "description": "Tool poisoning detected flag"
123
+ },
124
+ {
125
+ "key": "rug_pull_score",
126
+ "type": "number",
127
+ "required": false,
128
+ "description": "Rug pull risk score (0-100)"
129
+ },
130
+ {
131
+ "key": "rug_pull_detected",
132
+ "type": "boolean",
133
+ "required": false,
134
+ "description": "Rug pull detected flag"
135
+ },
136
+ {
137
+ "key": "indirect_injection_score",
138
+ "type": "number",
139
+ "required": false,
140
+ "description": "Indirect injection score (0-100)"
141
+ },
142
+ {
143
+ "key": "tool_risk_score",
144
+ "type": "number",
145
+ "required": false,
146
+ "description": "Computed tool risk (0-100)"
147
+ },
148
+ {
149
+ "key": "tool_category",
150
+ "type": "string",
151
+ "required": false,
152
+ "description": "Tool category: safe/sensitive/dangerous"
153
+ },
154
+ {
155
+ "key": "tool_is_sensitive",
156
+ "type": "boolean",
157
+ "required": false,
158
+ "description": "Tool sensitivity flag"
159
+ },
160
+ {
161
+ "key": "tool_is_builtin",
162
+ "type": "boolean",
163
+ "required": false,
164
+ "description": "Built-in tool flag"
165
+ },
166
+ {
167
+ "key": "mcp_server_verified",
168
+ "type": "boolean",
169
+ "required": false,
170
+ "description": "Whether server is from verified registry"
171
+ },
172
+ {
173
+ "key": "violence_score",
174
+ "type": "number",
175
+ "required": false,
176
+ "description": "Violence content score (0-100)"
177
+ },
178
+ {
179
+ "key": "weapons_score",
180
+ "type": "number",
181
+ "required": false,
182
+ "description": "Weapons content score (0-100)"
183
+ },
184
+ {
185
+ "key": "hate_speech_score",
186
+ "type": "number",
187
+ "required": false,
188
+ "description": "Hate speech score (0-100)"
189
+ },
190
+ {
191
+ "key": "crime_score",
192
+ "type": "number",
193
+ "required": false,
194
+ "description": "Crime content score (0-100)"
195
+ },
196
+ {
197
+ "key": "sexual_score",
198
+ "type": "number",
199
+ "required": false,
200
+ "description": "Sexual content score (0-100)"
201
+ },
202
+ {
203
+ "key": "profanity_score",
204
+ "type": "number",
205
+ "required": false,
206
+ "description": "Profanity score (0-100)"
207
+ },
208
+ {
209
+ "key": "contains_invisible_chars",
210
+ "type": "boolean",
211
+ "required": false,
212
+ "description": "Invisible Unicode chars detected"
213
+ },
214
+ {
215
+ "key": "invisible_chars_score",
216
+ "type": "number",
217
+ "required": false,
218
+ "description": "Unicode attack severity (0-100)"
219
+ },
220
+ {
221
+ "key": "loop_detected",
222
+ "type": "boolean",
223
+ "required": false,
224
+ "description": "Tool call loop detected"
225
+ },
226
+ {
227
+ "key": "loop_count",
228
+ "type": "number",
229
+ "required": false,
230
+ "description": "Consecutive repeat calls"
231
+ },
232
+ {
233
+ "key": "suspicious_pattern",
234
+ "type": "boolean",
235
+ "required": false,
236
+ "description": "Data exfiltration or attack sequence detected"
237
+ },
238
+ {
239
+ "key": "pattern_type",
240
+ "type": "string",
241
+ "required": false,
242
+ "description": "Pattern type"
243
+ },
244
+ {
245
+ "key": "sequence_risk",
246
+ "type": "number",
247
+ "required": false,
248
+ "description": "Sequence risk score (0-100)"
249
+ }
250
+ ]
251
+ },
252
+ {
253
+ "name": "connect_server",
254
+ "description": "Connect to an MCP server — threat focus: supply chain, tool poisoning, config risk",
255
+ "context_attributes": [
256
+ {
257
+ "key": "content",
258
+ "type": "string",
259
+ "required": false,
260
+ "description": "Server config content"
261
+ },
262
+ {
263
+ "key": "mcp_server",
264
+ "type": "string",
265
+ "required": false,
266
+ "description": "MCP server name"
267
+ },
268
+ {
269
+ "key": "threat_count",
270
+ "type": "number",
271
+ "required": false,
272
+ "description": "Total threats detected"
273
+ },
274
+ {
275
+ "key": "highest_severity",
276
+ "type": "string",
277
+ "required": false,
278
+ "description": "Highest threat severity"
279
+ },
280
+ {
281
+ "key": "threat_categories",
282
+ "type": "array",
283
+ "required": false,
284
+ "description": "Threat category names"
285
+ },
286
+ {
287
+ "key": "max_threat_severity",
288
+ "type": "number",
289
+ "required": false,
290
+ "description": "Numeric severity (0-4)"
291
+ },
292
+ {
293
+ "key": "tool_poisoning_score",
294
+ "type": "number",
295
+ "required": false,
296
+ "description": "Tool poisoning risk (0-100)"
297
+ },
298
+ {
299
+ "key": "tool_poisoning_detected",
300
+ "type": "boolean",
301
+ "required": false,
302
+ "description": "Tool poisoning detected"
303
+ },
304
+ {
305
+ "key": "rug_pull_score",
306
+ "type": "number",
307
+ "required": false,
308
+ "description": "Rug pull risk (0-100)"
309
+ },
310
+ {
311
+ "key": "rug_pull_detected",
312
+ "type": "boolean",
313
+ "required": false,
314
+ "description": "Rug pull detected"
315
+ },
316
+ {
317
+ "key": "indirect_injection_score",
318
+ "type": "number",
319
+ "required": false,
320
+ "description": "Indirect injection score (0-100)"
321
+ },
322
+ {
323
+ "key": "contains_secrets",
324
+ "type": "boolean",
325
+ "required": false,
326
+ "description": "Whether secrets/credentials detected"
327
+ },
328
+ {
329
+ "key": "secret_types",
330
+ "type": "array",
331
+ "required": false,
332
+ "description": "Types of secrets found"
333
+ },
334
+ {
335
+ "key": "secret_count",
336
+ "type": "number",
337
+ "required": false,
338
+ "description": "Number of distinct secrets"
339
+ },
340
+ {
341
+ "key": "pii_detected",
342
+ "type": "boolean",
343
+ "required": false,
344
+ "description": "Whether PII detected"
345
+ },
346
+ {
347
+ "key": "pii_types",
348
+ "type": "array",
349
+ "required": false,
350
+ "description": "Types of PII detected"
351
+ },
352
+ {
353
+ "key": "pii_count",
354
+ "type": "number",
355
+ "required": false,
356
+ "description": "Number of PII matches"
357
+ },
358
+ {
359
+ "key": "mcp_server_verified",
360
+ "type": "boolean",
361
+ "required": false,
362
+ "description": "Verified registry status"
363
+ },
364
+ {
365
+ "key": "mcp_config_risk",
366
+ "type": "boolean",
367
+ "required": false,
368
+ "description": "Risky server config detected"
369
+ },
370
+ {
371
+ "key": "mcp_risk_score",
372
+ "type": "number",
373
+ "required": false,
374
+ "description": "Config risk severity (0-100)"
375
+ }
376
+ ]
377
+ },
378
+ {
379
+ "name": "process_prompt",
380
+ "description": "Process a prompt (MCP or LLM chat completion) — threat focus: injection, jailbreak, secrets, PII, content safety",
381
+ "context_attributes": [
382
+ {
383
+ "key": "content",
384
+ "type": "string",
385
+ "required": true,
386
+ "description": "Raw content being scanned"
387
+ },
388
+ {
389
+ "key": "mcp_server",
390
+ "type": "string",
391
+ "required": false,
392
+ "description": "MCP server name"
393
+ },
394
+ {
395
+ "key": "threat_count",
396
+ "type": "number",
397
+ "required": false,
398
+ "description": "Total threats detected"
399
+ },
400
+ {
401
+ "key": "highest_severity",
402
+ "type": "string",
403
+ "required": false,
404
+ "description": "Highest threat severity"
405
+ },
406
+ {
407
+ "key": "threat_categories",
408
+ "type": "array",
409
+ "required": false,
410
+ "description": "Threat category names"
411
+ },
412
+ {
413
+ "key": "detected_threats",
414
+ "type": "array",
415
+ "required": false,
416
+ "description": "Detection rule names that matched"
417
+ },
418
+ {
419
+ "key": "max_threat_severity",
420
+ "type": "number",
421
+ "required": false,
422
+ "description": "Numeric severity (0-4)"
423
+ },
424
+ {
425
+ "key": "contains_secrets",
426
+ "type": "boolean",
427
+ "required": false,
428
+ "description": "Whether secrets/credentials detected"
429
+ },
430
+ {
431
+ "key": "secret_types",
432
+ "type": "array",
433
+ "required": false,
434
+ "description": "Types of secrets found"
435
+ },
436
+ {
437
+ "key": "secret_count",
438
+ "type": "number",
439
+ "required": false,
440
+ "description": "Number of distinct secrets"
441
+ },
442
+ {
443
+ "key": "pii_detected",
444
+ "type": "boolean",
445
+ "required": false,
446
+ "description": "Whether PII detected"
447
+ },
448
+ {
449
+ "key": "pii_types",
450
+ "type": "array",
451
+ "required": false,
452
+ "description": "Types of PII detected"
453
+ },
454
+ {
455
+ "key": "pii_count",
456
+ "type": "number",
457
+ "required": false,
458
+ "description": "Number of PII matches"
459
+ },
460
+ {
461
+ "key": "injection_confidence",
462
+ "type": "number",
463
+ "required": false,
464
+ "description": "Injection classifier confidence (0-100)"
465
+ },
466
+ {
467
+ "key": "jailbreak_confidence",
468
+ "type": "number",
469
+ "required": false,
470
+ "description": "Jailbreak classifier confidence (0-100)"
471
+ },
472
+ {
473
+ "key": "violence_score",
474
+ "type": "number",
475
+ "required": false,
476
+ "description": "Violence content score (0-100)"
477
+ },
478
+ {
479
+ "key": "weapons_score",
480
+ "type": "number",
481
+ "required": false,
482
+ "description": "Weapons content score (0-100)"
483
+ },
484
+ {
485
+ "key": "hate_speech_score",
486
+ "type": "number",
487
+ "required": false,
488
+ "description": "Hate speech score (0-100)"
489
+ },
490
+ {
491
+ "key": "crime_score",
492
+ "type": "number",
493
+ "required": false,
494
+ "description": "Crime content score (0-100)"
495
+ },
496
+ {
497
+ "key": "sexual_score",
498
+ "type": "number",
499
+ "required": false,
500
+ "description": "Sexual content score (0-100)"
501
+ },
502
+ {
503
+ "key": "profanity_score",
504
+ "type": "number",
505
+ "required": false,
506
+ "description": "Profanity score (0-100)"
507
+ },
508
+ {
509
+ "key": "contains_invisible_chars",
510
+ "type": "boolean",
511
+ "required": false,
512
+ "description": "Invisible Unicode chars detected"
513
+ },
514
+ {
515
+ "key": "invisible_chars_score",
516
+ "type": "number",
517
+ "required": false,
518
+ "description": "Unicode attack severity (0-100)"
519
+ },
520
+ {
521
+ "key": "model_name",
522
+ "type": "string",
523
+ "required": false,
524
+ "description": "Target model name (e.g., gpt-4, claude-3-opus)"
525
+ },
526
+ {
527
+ "key": "model_provider",
528
+ "type": "string",
529
+ "required": false,
530
+ "description": "Provider name (e.g., openai, anthropic, bedrock)"
531
+ }
532
+ ]
533
+ },
534
+ {
535
+ "name": "read_file",
536
+ "description": "Read an MCP resource — threat focus: secrets exposure, PII exposure",
537
+ "context_attributes": [
538
+ {
539
+ "key": "content",
540
+ "type": "string",
541
+ "required": true,
542
+ "description": "Raw content being scanned"
543
+ },
544
+ {
545
+ "key": "mcp_server",
546
+ "type": "string",
547
+ "required": false,
548
+ "description": "MCP server name"
549
+ },
550
+ {
551
+ "key": "threat_count",
552
+ "type": "number",
553
+ "required": false,
554
+ "description": "Total threats detected"
555
+ },
556
+ {
557
+ "key": "highest_severity",
558
+ "type": "string",
559
+ "required": false,
560
+ "description": "Highest threat severity"
561
+ },
562
+ {
563
+ "key": "threat_categories",
564
+ "type": "array",
565
+ "required": false,
566
+ "description": "Threat category names"
567
+ },
568
+ {
569
+ "key": "detected_threats",
570
+ "type": "array",
571
+ "required": false,
572
+ "description": "Detection rule names that matched"
573
+ },
574
+ {
575
+ "key": "max_threat_severity",
576
+ "type": "number",
577
+ "required": false,
578
+ "description": "Numeric severity (0-4)"
579
+ },
580
+ {
581
+ "key": "contains_secrets",
582
+ "type": "boolean",
583
+ "required": false,
584
+ "description": "Whether secrets/credentials detected"
585
+ },
586
+ {
587
+ "key": "secret_types",
588
+ "type": "array",
589
+ "required": false,
590
+ "description": "Types of secrets found"
591
+ },
592
+ {
593
+ "key": "secret_count",
594
+ "type": "number",
595
+ "required": false,
596
+ "description": "Number of distinct secrets"
597
+ },
598
+ {
599
+ "key": "pii_detected",
600
+ "type": "boolean",
601
+ "required": false,
602
+ "description": "Whether PII detected"
603
+ },
604
+ {
605
+ "key": "pii_types",
606
+ "type": "array",
607
+ "required": false,
608
+ "description": "Types of PII detected"
609
+ },
610
+ {
611
+ "key": "pii_count",
612
+ "type": "number",
613
+ "required": false,
614
+ "description": "Number of PII matches"
615
+ }
616
+ ]
617
+ },
618
+ {
619
+ "name": "write_file",
620
+ "description": "Write an MCP resource — threat focus: secrets in output, PII in output",
621
+ "context_attributes": [
622
+ {
623
+ "key": "content",
624
+ "type": "string",
625
+ "required": true,
626
+ "description": "Raw content being scanned"
627
+ },
628
+ {
629
+ "key": "mcp_server",
630
+ "type": "string",
631
+ "required": false,
632
+ "description": "MCP server name"
633
+ },
634
+ {
635
+ "key": "threat_count",
636
+ "type": "number",
637
+ "required": false,
638
+ "description": "Total threats detected"
639
+ },
640
+ {
641
+ "key": "highest_severity",
642
+ "type": "string",
643
+ "required": false,
644
+ "description": "Highest threat severity"
645
+ },
646
+ {
647
+ "key": "threat_categories",
648
+ "type": "array",
649
+ "required": false,
650
+ "description": "Threat category names"
651
+ },
652
+ {
653
+ "key": "detected_threats",
654
+ "type": "array",
655
+ "required": false,
656
+ "description": "Detection rule names that matched"
657
+ },
658
+ {
659
+ "key": "max_threat_severity",
660
+ "type": "number",
661
+ "required": false,
662
+ "description": "Numeric severity (0-4)"
663
+ },
664
+ {
665
+ "key": "contains_secrets",
666
+ "type": "boolean",
667
+ "required": false,
668
+ "description": "Whether secrets/credentials detected"
669
+ },
670
+ {
671
+ "key": "secret_types",
672
+ "type": "array",
673
+ "required": false,
674
+ "description": "Types of secrets found"
675
+ },
676
+ {
677
+ "key": "secret_count",
678
+ "type": "number",
679
+ "required": false,
680
+ "description": "Number of distinct secrets"
681
+ },
682
+ {
683
+ "key": "pii_detected",
684
+ "type": "boolean",
685
+ "required": false,
686
+ "description": "Whether PII detected"
687
+ },
688
+ {
689
+ "key": "pii_types",
690
+ "type": "array",
691
+ "required": false,
692
+ "description": "Types of PII detected"
693
+ },
694
+ {
695
+ "key": "pii_count",
696
+ "type": "number",
697
+ "required": false,
698
+ "description": "Number of PII matches"
699
+ }
700
+ ]
701
+ }
702
+ ]
703
+ }