npm - @highflame/policy - Versions diffs - 2.1.16 → 2.1.18 - Mend

@highflame/policy 2.1.16 → 2.1.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/overwatch-defaults.gen.js +35 -35
package/package.json +1 -1

package/dist/overwatch-defaults.gen.js CHANGED Viewed

@@ -217,13 +217,13 @@ const OVERWATCH_SEMANTIC_DEFAULT_CEDAR = `// ===================================
 // Detects and blocks injection attacks, prompt injection, jailbreak attempts,
 // and unsafe content using multi-layered detection:
 //
-//   Tier 1 — YARA rules (always available, no external dependency):
+//   Tier 1 — Pattern-based detection (always available, no external dependency):
 //     command_injection, sql_injection, path_traversal, detect_encoded
 //
-//   Tier 2 — Javelin ML classifiers (require Highflame API token):
+//   Tier 2 — Injection and jailbreak classifiers (require Highflame API token):
 //     injection_confidence, jailbreak_confidence
 //
-//   Tier 3 — Content safety ML scores (require Highflame API token):
+//   Tier 3 — Content safety scores (require Highflame API token):
 //     violence, weapons, hate_speech, crime, sexual, profanity
 //
 //
@@ -244,17 +244,17 @@ const OVERWATCH_SEMANTIC_DEFAULT_CEDAR = `// ===================================
 // ---------------------------------------------------------------------------
-// Tier 1: YARA-Based Injection Detection (always available)
-// These fire on actual YARA rule names from the detection engine.
-// No external API dependency — works offline with local YARA scanning.
+// Tier 1: Pattern-Based Injection Detection (always available)
+// These fire on detected threat names from the detection engine.
+// No external API dependency — works offline with local scanning.
 // ---------------------------------------------------------------------------
 // Block command injection in tool calls
 @id("semantic-block-command-injection-tool")
 @name("Block command injection in tool calls")
-@description("Block tool execution when YARA detects command injection — reverse shells, rm -rf, privilege escalation, code execution, pipe-to-shell, or encoding evasion. Ref: AIShellJack (41-84% success rate).")
+@description("Block tool execution when command injection is detected — reverse shells, rm -rf, privilege escalation, code execution, pipe-to-shell, or encoding evasion. Ref: AIShellJack (41-84% success rate).")
 @severity("critical")
-@tags("command-injection,yara,call-tool,mitre-t1059,owasp-asi02")
+@tags("command-injection,call-tool,mitre-t1059,owasp-asi02")
 @reject_message("Tool execution blocked: command injection pattern detected — reverse shell, destructive command, privilege escalation, or code execution attempt.")
 forbid (
     principal,
@@ -268,9 +268,9 @@ when {
 // Block command injection in prompts
 @id("semantic-block-command-injection-prompt")
 @name("Block command injection in prompts")
-@description("Block prompts when YARA detects command injection patterns. Catches prompt-level injection where the user or injected content includes shell commands.")
+@description("Block prompts when command injection patterns are detected. Catches prompt-level injection where the user or injected content includes shell commands.")
 @severity("critical")
-@tags("command-injection,yara,process-prompt,mitre-t1059")
+@tags("command-injection,process-prompt,mitre-t1059")
 @reject_message("Prompt blocked: command injection pattern detected. The prompt contains shell commands, reverse shells, or code execution patterns.")
 forbid (
     principal,
@@ -284,9 +284,9 @@ when {
 // Block SQL injection in tool calls
 @id("semantic-block-sql-injection-tool")
 @name("Block SQL injection in tool calls")
-@description("Block tool execution when YARA detects SQL injection — tautologies (OR 1=1), UNION SELECT, DROP TABLE, time-based attacks (SLEEP, WAITFOR), or system object access (information_schema).")
+@description("Block tool execution when SQL injection is detected — tautologies (OR 1=1), UNION SELECT, DROP TABLE, time-based attacks (SLEEP, WAITFOR), or system object access (information_schema).")
 @severity("high")
-@tags("sql-injection,yara,call-tool,database")
+@tags("sql-injection,call-tool,database")
 @reject_message("Tool execution blocked: SQL injection pattern detected — tautology, UNION attack, destructive SQL, or system object access.")
 forbid (
     principal,
@@ -300,9 +300,9 @@ when {
 // Block SQL injection in prompts
 @id("semantic-block-sql-injection-prompt")
 @name("Block SQL injection in prompts")
-@description("Block prompts when YARA detects SQL injection patterns.")
+@description("Block prompts when SQL injection patterns are detected.")
 @severity("high")
-@tags("sql-injection,yara,process-prompt,database")
+@tags("sql-injection,process-prompt,database")
 @reject_message("Prompt blocked: SQL injection pattern detected.")
 forbid (
     principal,
@@ -316,9 +316,9 @@ when {
 // Block path traversal attacks
 @id("semantic-block-path-traversal")
 @name("Block path traversal attacks")
-@description("Block when YARA detects path traversal — 2+ levels of ../ combined with sensitive file targets (/etc/passwd, /etc/shadow) or file read/include operations with traversal.")
+@description("Block when path traversal is detected — 2+ levels of ../ combined with sensitive file targets (/etc/passwd, /etc/shadow) or file read/include operations with traversal.")
 @severity("high")
-@tags("path-traversal,yara,file-access,mitre-t1005")
+@tags("path-traversal,file-access,mitre-t1005")
 @reject_message("Blocked: path traversal attack detected — directory traversal sequences targeting sensitive system files.")
 forbid (
     principal,
@@ -332,9 +332,9 @@ when {
 // Block encoded/obfuscated payloads in tool calls
 @id("semantic-block-encoded")
 @name("Block encoded payloads in tool calls")
-@description("Block tool calls when YARA detects base64-encoded payloads (30+ chars) or hash IOCs. Base64 detection excludes npm package paths to reduce false positives.")
+@description("Block tool calls when base64-encoded payloads (30+ chars) or hash IOCs are detected. Base64 detection excludes npm package paths to reduce false positives.")
 @severity("medium")
-@tags("encoded,obfuscation,yara,call-tool")
+@tags("encoded,obfuscation,call-tool")
 @reject_message("Tool execution blocked: encoded or obfuscated payload detected. Base64-encoded content or hash IOCs found in tool arguments.")
 forbid (
     principal,
@@ -347,7 +347,7 @@ when {
 // ---------------------------------------------------------------------------
-// Tier 2: Javelin ML-Based Detection (require Highflame API token)
+// Tier 2: Classifier-Based Detection (require Highflame API token)
 // Prompt injection and jailbreak classifiers. These are inert without
 // the API token — scores default to 0 (prompts) or are absent (tools).
 // ---------------------------------------------------------------------------
@@ -386,7 +386,7 @@ when {
 // ---------------------------------------------------------------------------
-// Tier 3: Content Safety (Javelin ML scores, require API token)
+// Tier 3: Content Safety (classifier scores, require API token)
 // Trust & safety classification scores for violence, weapons, hate speech,
 // crime, sexual content, and profanity. Ensures enterprise-appropriate
 // content thresholds.
@@ -550,7 +550,7 @@ when {
 // Section 2: Destructive Operations (opt-in — inactive by default)
 // Blocks file deletion tools. Enable when agents should not have delete access.
 // NOTE: Only matches MCP tool names, not Bash rm commands (which use
-// tool_name "shell"). Bash destructive commands are caught by YARA
+// tool_name "shell"). Bash destructive commands are caught by the
 // command_injection rule in semantic.cedar.
 // ---------------------------------------------------------------------------
@@ -581,7 +581,7 @@ when {
 // Blocks file read/write access to system directories.
 // NOTE: Targets read_file/write_file only — NOT call_tool. The path field
 // is empty for Bash commands. Bash access to system files is caught by
-// YARA rules in semantic.cedar (command_injection, path_traversal).
+// rules in semantic.cedar (command_injection, path_traversal).
 // Ref: MITRE T1005, T1552
 // ---------------------------------------------------------------------------
@@ -614,15 +614,15 @@ when {
 // ---------------------------------------------------------------------------
 // Section 4: Threat-Based Tool Blocking (active)
 // Blocks tool calls based on threat severity from detection engines.
-// This is the primary catch-all — any YARA rule with severity HIGH (3)
+// This is the primary catch-all — any rule with severity HIGH (3)
 // or CRITICAL (4) triggers this. Provides defense-in-depth behind
-// specific YARA rule policies in semantic.cedar and secrets.cedar.
+// specific rule policies in semantic.cedar and secrets.cedar.
 // ---------------------------------------------------------------------------
 // Block tool calls with high/critical severity threats
 @id("tools-block-high-severity")
 @name("Block tool calls with high severity threats")
-@description("Block tool execution when YARA or Javelin detects threats with severity >= HIGH (3). Primary catch-all defense — any YARA rule with severity HIGH or CRITICAL triggers this.")
+@description("Block tool execution when threats with severity >= HIGH (3) are detected. Primary catch-all defense — any rule with severity HIGH or CRITICAL triggers this.")
 @severity("high")
 @tags("tools,threats,severity,defense-in-depth")
 @reject_message("Tool execution blocked: high or critical severity threats detected in content by security scanners.")
@@ -1046,7 +1046,7 @@ when {
 export const OVERWATCH_CATEGORIES = [
     { id: 'secrets', name: 'Secrets Detection', description: 'Detect and block credentials, tokens, API keys, and sensitive key patterns in prompts, tool calls, and file operations' },
     { id: 'pii', name: 'PII Detection', description: 'Detect and block personally identifiable information (PII) such as credit card numbers, SSNs, and other sensitive data' },
-    { id: 'semantic', name: 'Semantic Threat Detection', description: 'Detect and block injection attacks, prompt injection, jailbreak attempts, and unsafe content using YARA rules and ML classifiers' },
+    { id: 'semantic', name: 'Semantic Threat Detection', description: 'Detect and block injection attacks, prompt injection, jailbreak attempts, and unsafe content' },
     { id: 'tools', name: 'Tool Permissioning', description: 'Control access to shell execution, file operations, MCP servers, and sensitive system paths' },
     { id: 'organization', name: 'Organization Rules', description: 'Apply organization-wide policy baselines, team permissions, and agent-specific guardrails' },
 ];
@@ -1072,20 +1072,20 @@ export const OVERWATCH_TEMPLATES = [
     {
         id: 'secrets-default',
         name: 'Secrets Detection',
-        description: 'Detect and block credential leakage using YARA rule matching (secrets_leakage, ssh_key_exposure, pem_file_access, environment_variable_leakage) and sensitive file path protection',
+        description: 'Detect and block credential leakage (secrets_leakage, ssh_key_exposure, pem_file_access, environment_variable_leakage) and sensitive file path protection',
         category: 'secrets',
         cedarText: OVERWATCH_SECRETS_DEFAULT_CEDAR,
         severity: 'critical',
-        tags: ['secrets', 'credentials', 'aws', 'github', 'ssh', 'pem', 'yara', 'baseline'],
+        tags: ['secrets', 'credentials', 'aws', 'github', 'ssh', 'pem', 'baseline'],
     },
     {
         id: 'semantic-default',
         name: 'Semantic Threat Detection',
-        description: 'Detect and block injection attacks (command, SQL, path traversal), prompt injection, jailbreak, and unsafe content (violence, hate speech, etc.) using YARA rules and ML classifiers',
+        description: 'Detect and block injection attacks (command, SQL, path traversal), prompt injection, jailbreak, and unsafe content (violence, hate speech, etc.)',
         category: 'semantic',
         cedarText: OVERWATCH_SEMANTIC_DEFAULT_CEDAR,
         severity: 'critical',
-        tags: ['injection', 'jailbreak', 'content-safety', 'yara', 'ml', 'owasp-llm01', 'owasp-llm02', 'baseline'],
+        tags: ['injection', 'jailbreak', 'content-safety', 'ml', 'owasp-llm01', 'owasp-llm02', 'baseline'],
     },
     {
         id: 'tools-default',
@@ -1182,7 +1182,7 @@ export const OVERWATCH_TEMPLATES_JSON = `{
     {
       "id": "semantic",
       "name": "Semantic Threat Detection",
-      "description": "Detect and block injection attacks, prompt injection, jailbreak attempts, and unsafe content using YARA rules and ML classifiers"
+      "description": "Detect and block injection attacks, prompt injection, jailbreak attempts, and unsafe content"
     },
     {
       "id": "tools",
@@ -1211,20 +1211,20 @@ export const OVERWATCH_TEMPLATES_JSON = `{
     {
       "id": "secrets-default",
       "name": "Secrets Detection",
-      "description": "Detect and block credential leakage using YARA rule matching (secrets_leakage, ssh_key_exposure, pem_file_access, environment_variable_leakage) and sensitive file path protection",
+      "description": "Detect and block credential leakage (secrets_leakage, ssh_key_exposure, pem_file_access, environment_variable_leakage) and sensitive file path protection",
       "category": "secrets",
       "file": "defaults/secrets.cedar",
       "severity": "critical",
-      "tags": ["secrets", "credentials", "aws", "github", "ssh", "pem", "yara", "baseline"]
+      "tags": ["secrets", "credentials", "aws", "github", "ssh", "pem", "baseline"]
     },
     {
       "id": "semantic-default",
       "name": "Semantic Threat Detection",
-      "description": "Detect and block injection attacks (command, SQL, path traversal), prompt injection, jailbreak, and unsafe content (violence, hate speech, etc.) using YARA rules and ML classifiers",
+      "description": "Detect and block injection attacks (command, SQL, path traversal), prompt injection, jailbreak, and unsafe content (violence, hate speech, etc.)",
       "category": "semantic",
       "file": "defaults/semantic.cedar",
       "severity": "critical",
-      "tags": ["injection", "jailbreak", "content-safety", "yara", "ml", "owasp-llm01", "owasp-llm02", "baseline"]
+      "tags": ["injection", "jailbreak", "content-safety", "ml", "owasp-llm01", "owasp-llm02", "baseline"]
     },
     {
       "id": "tools-default",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@highflame/policy",
-  "version": "2.1.16",
+  "version": "2.1.18",
   "description": "Highflame Cedar policy types and engine wrapper",
   "readme": "README.md",
   "main": "dist/index.js",