@highflame/policy 2.1.2 → 2.1.4

package/dist/sentry-defaults.gen.js

@@ -0,0 +1,1235 @@
+// Code generated by highflame-policy-codegen. DO NOT EDIT.
+// Source: schemas/sentry/templates/templates.json
+//
+// Sentry default policies and templates.
+// Cedar text is embedded at build time. PolicyRule[] can be parsed at runtime
+// using parseCedarToRules().
+// =============================================================================
+// EMBEDDED CEDAR POLICY TEXT
+// =============================================================================
+const SENTRY_SENTRY_BASELINE_DEFAULT_CEDAR = `// =============================================================================
+// Baseline Permit Policy (Default)
+// =============================================================================
+// Permits all actions by default. Threat-specific forbid policies override
+// this to block when detection engines identify issues.
+//
+// Cedar is default-deny: without at least one permit rule, every request
+// is denied regardless of forbid rules. This baseline ensures the system
+// is "allow unless blocked" rather than "block everything".
+//
+// Category: organization
+// Namespace: Sentry
+// =============================================================================
+
+@id("sentry-baseline-permit-all")
+@name("Permit all actions by default")
+@description("Baseline permit for all actions — threat-specific forbid policies override this when threats are detected")
+@severity("low")
+@tags("baseline,permit-default,organization")
+permit (
+    principal,
+    action,
+    resource
+);
+`;
+const SENTRY_SENTRY_SEMANTIC_DEFAULT_CEDAR = `// =============================================================================
+// Semantic Threat Detection Policy (Default)
+// =============================================================================
+// Detects and blocks prompt injection, jailbreak attempts, and high-severity
+// threats across all browser AI interactions: messages, paste, file uploads.
+//
+// Uses multi-layered detection from Shield:
+//   1. ML classifier scores (injection_score, jailbreak_score)
+//   2. Detection engine rule triggers (detected_threats)
+//   3. Threat severity aggregation (max_threat_severity, highest_severity)
+//
+// Compliance:
+//   OWASP LLM01 (Prompt Injection) — direct + indirect
+//   OWASP LLM02 (Insecure Output Handling)
+//   MITRE ATLAS AML.T0051 (LLM Prompt Injection)
+//   MITRE ATLAS AML.T0054 (LLM Jailbreak)
+//   NIST 800-53 SI-3, SI-4
+//
+// Category: semantic
+// Namespace: Sentry
+// =============================================================================
+
+// ---------------------------------------------------------------------------
+// Section 1: Prompt Injection Detection
+// Blocks injection attempts in messages, pasted content, and uploaded files.
+// Users may inadvertently paste injection payloads from compromised sources.
+// ---------------------------------------------------------------------------
+
+// Block messages and pastes with prompt injection patterns
+@id("sentry-semantic-block-injection")
+@name("Block prompt injection")
+@description("Block messages and pasted content when detection engine rules identify prompt injection patterns. Catches instruction override, role assumption, and manipulation techniques in user input and pasted content (OWASP LLM01).")
+@severity("critical")
+@tags("injection,security,owasp-llm01,mitre-aml-t0051,baseline")
+@reject_message("Content was blocked because prompt injection patterns were detected. This prevents manipulation of AI agent behavior. Remove adversarial instructions and try again.")
+forbid (
+    principal,
+    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content"],
+    resource
+)
+when {
+    context has detected_threats && context.detected_threats.contains("prompt_injection")
+};
+
+// Block content with high ML injection confidence
+@id("sentry-semantic-block-injection-score")
+@name("Block high-confidence injection")
+@description("Block content when the ML injection classifier confidence exceeds threshold (75/100). Catches novel injection techniques including polymorphic payloads, encoding tricks, and obfuscated instructions.")
+@severity("critical")
+@tags("injection,ml-classifier,security,owasp-llm01")
+@reject_message("Your content was blocked because the ML classifier detected prompt injection with high confidence.")
+forbid (
+    principal,
+    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content", Sentry::Action::"upload_file"],
+    resource
+)
+when {
+    context has injection_score && context.injection_score >= 75
+};
+
+// Block injection payloads hidden in uploaded documents
+@id("sentry-semantic-block-file-injection")
+@name("Block injection in uploaded files")
+@description("Block file uploads when prompt injection patterns are detected in the document content. Attackers embed injection payloads in PDFs, documents, and spreadsheets to hijack AI behavior via RAG or file analysis.")
+@severity("critical")
+@tags("injection,file-upload,security,owasp-llm01")
+@reject_message("File upload was blocked because prompt injection patterns were detected in the document. Files containing adversarial instructions cannot be shared with AI services.")
+forbid (
+    principal,
+    action == Sentry::Action::"upload_file",
+    resource
+)
+when {
+    context has detected_threats && context.detected_threats.contains("prompt_injection")
+};
+
+// ---------------------------------------------------------------------------
+// Section 2: Jailbreak Detection
+// Blocks jailbreak attempts in messages sent to AI services.
+// ---------------------------------------------------------------------------
+
+// Block messages with jailbreak attempts
+@id("sentry-semantic-block-jailbreak")
+@name("Block jailbreak attempts")
+@description("Block messages when detection engine rules identify jailbreak patterns: DAN-style prompts, role-play exploits, safety bypass instructions, and constraint removal attempts (OWASP LLM02).")
+@severity("critical")
+@tags("jailbreak,bypass,security,owasp-llm02,mitre-aml-t0054,baseline")
+@reject_message("Your message was blocked because jailbreak patterns were detected. This prevents circumvention of AI safety controls.")
+forbid (
+    principal,
+    action == Sentry::Action::"send_message",
+    resource
+)
+when {
+    context has detected_threats && context.detected_threats.contains("jailbreak")
+};
+
+// Block content with high ML jailbreak confidence
+@id("sentry-semantic-block-jailbreak-score")
+@name("Block high-confidence jailbreak")
+@description("Block content when the ML jailbreak classifier exceeds threshold (75/100). Catches sophisticated jailbreak techniques including multi-turn manipulation and encoded payloads.")
+@severity("critical")
+@tags("jailbreak,ml-classifier,security,owasp-llm02")
+@reject_message("Your content was blocked because the ML classifier detected a jailbreak attempt with high confidence.")
+forbid (
+    principal,
+    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content"],
+    resource
+)
+when {
+    context has jailbreak_score && context.jailbreak_score >= 75
+};
+
+// ---------------------------------------------------------------------------
+// Section 3: Threat Severity Aggregation
+// Catch-all rules based on aggregated threat severity across all detectors.
+// ---------------------------------------------------------------------------
+
+// Block any content with critical severity threats
+@id("sentry-semantic-block-critical")
+@name("Block critical threats")
+@description("Block all content when any detection engine reports critical severity. This is the ultimate catch-all for critical-severity threats regardless of type or source.")
+@severity("critical")
+@tags("critical,baseline,security,catch-all")
+@reject_message("Your content was blocked because security scanners detected a critical-severity threat. This content cannot be processed by AI services.")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has highest_severity && context.highest_severity == "critical"
+};
+
+// Block messages with high severity semantic threats
+@id("sentry-semantic-block-high-severity")
+@name("Block high severity threats")
+@description("Block messages when threat detection reports high severity (>= 3) in semantic categories. Catches threats that individually are below critical but collectively indicate adversarial intent.")
+@severity("high")
+@tags("semantic,severity,security,defense-in-depth")
+@reject_message("Your message was blocked because security scanners detected high severity issues. Review your content for manipulative or adversarial patterns.")
+forbid (
+    principal,
+    action == Sentry::Action::"send_message",
+    resource
+)
+when {
+    context has threat_categories && context has max_threat_severity &&
+    context.threat_categories.contains("injection") &&
+    context.max_threat_severity >= 3
+};
+
+// Block content with multiple concurrent threats
+@id("sentry-semantic-block-multi-threat")
+@name("Block multi-threat content")
+@description("Block content when multiple distinct threats are detected simultaneously (3+). Multiple concurrent threats strongly indicate an adversarial attack chain or compromised content.")
+@severity("high")
+@tags("multi-threat,security,defense-in-depth")
+@reject_message("Content was blocked because multiple security threats were detected simultaneously. This pattern indicates potentially adversarial content.")
+forbid (
+    principal,
+    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content", Sentry::Action::"upload_file"],
+    resource
+)
+when {
+    context has threat_count && context.threat_count >= 3
+};
+`;
+const SENTRY_SENTRY_CONTENT_SAFETY_DEFAULT_CEDAR = `// =============================================================================
+// Content Safety Policy (Default)
+// =============================================================================
+// Detects and blocks violent, harmful, hateful, sexual, and profane content
+// in AI chat interactions. Includes cut-and-paste safety rules to prevent
+// unsafe content from being transferred into AI services.
+//
+// The detection engine runs ML classifiers (toxicity, content safety) and
+// produces normalized scores (0-100) for each category.
+//
+// Compliance:
+//   NIST 800-53 SI-4 (Information System Monitoring)
+//   EU AI Act Art. 52 (Transparency for AI Systems)
+//   OWASP LLM02 (Insecure Output Handling)
+//   ISO 42001 (AI Management System)
+//
+// Category: content_safety
+// Namespace: Sentry
+// =============================================================================
+
+// ---------------------------------------------------------------------------
+// Section 1: Violence & Weapons
+// Blocks content promoting, describing, or instructing violence and weapons.
+// Applies to messages, paste, and file uploads.
+// ---------------------------------------------------------------------------
+
+// Block violent content across all input channels
+@id("sentry-cs-block-violence")
+@name("Block violent content")
+@description("Block content when the ML violence detection score exceeds threshold (80/100). Catches graphic violence descriptions, instructions for causing harm, and violent threat language in messages, pastes, and uploads.")
+@severity("critical")
+@tags("violence,content-safety,trust-safety,nist-si-4,iso-42001")
+@reject_message("Content blocked: violent content detected. AI services must not process violent content in enterprise environments. Please rephrase without violence-related language.")
+forbid (
+    principal,
+    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content", Sentry::Action::"upload_file"],
+    resource
+)
+when {
+    context has violence_score && context.violence_score >= 80
+};
+
+// Block weapons content
+@id("sentry-cs-block-weapons")
+@name("Block weapons content")
+@description("Block content when the ML weapons detection score exceeds threshold (80/100). Catches weapon manufacturing instructions, procurement guidance, and detailed specifications.")
+@severity("critical")
+@tags("weapons,content-safety,trust-safety,nist-si-4")
+@reject_message("Content blocked: weapons-related content detected. AI services must not process weapons manufacturing, procurement, or specification content.")
+forbid (
+    principal,
+    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content", Sentry::Action::"upload_file"],
+    resource
+)
+when {
+    context has weapons_score && context.weapons_score >= 80
+};
+
+// ---------------------------------------------------------------------------
+// Section 2: Hate Speech & Discrimination
+// Lower threshold (75) — enterprises have zero tolerance for hate speech.
+// ---------------------------------------------------------------------------
+
+// Block hate speech content
+@id("sentry-cs-block-hate-speech")
+@name("Block hate speech")
+@description("Block content when the ML hate speech score exceeds threshold (75/100). Lower threshold than other categories because enterprises have zero tolerance for discriminatory content. Catches slurs, dehumanizing language, and targeted harassment.")
+@severity("critical")
+@tags("hate-speech,content-safety,trust-safety,nist-si-4,eu-ai-act")
+@reject_message("Content blocked: hate speech or discriminatory content detected. AI services must not process hateful, discriminatory, or dehumanizing content.")
+forbid (
+    principal,
+    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content", Sentry::Action::"upload_file"],
+    resource
+)
+when {
+    context has hate_speech_score && context.hate_speech_score >= 75
+};
+
+// ---------------------------------------------------------------------------
+// Section 3: Criminal Content
+// ---------------------------------------------------------------------------
+
+// Block criminal content
+@id("sentry-cs-block-crime")
+@name("Block criminal content")
+@description("Block content when the ML criminal activity detection score exceeds threshold (80/100). Catches illegal activity instructions, fraud techniques, and criminal behavior content.")
+@severity("high")
+@tags("crime,content-safety,trust-safety,nist-si-4")
+@reject_message("Content blocked: criminal activity content detected. AI services must not process content related to illegal activities or fraud.")
+forbid (
+    principal,
+    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content", Sentry::Action::"upload_file"],
+    resource
+)
+when {
+    context has crime_score && context.crime_score >= 80
+};
+
+// ---------------------------------------------------------------------------
+// Section 4: Sexual Content
+// ---------------------------------------------------------------------------
+
+// Block sexual content
+@id("sentry-cs-block-sexual")
+@name("Block sexual content")
+@description("Block content when the ML sexual content score exceeds threshold (80/100). Ensures AI services do not process sexually explicit material in enterprise environments.")
+@severity("high")
+@tags("sexual,content-safety,trust-safety,eu-ai-act,iso-42001")
+@reject_message("Content blocked: sexual content detected. AI services must not process sexually explicit material in enterprise environments.")
+forbid (
+    principal,
+    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content", Sentry::Action::"upload_file"],
+    resource
+)
+when {
+    context has sexual_score && context.sexual_score >= 80
+};
+
+// ---------------------------------------------------------------------------
+// Section 5: Profanity
+// Higher threshold (90) — allows normal expression while blocking abuse.
+// ---------------------------------------------------------------------------
+
+// Block excessive profanity
+@id("sentry-cs-block-profanity")
+@name("Block profanity")
+@description("Block content when the ML profanity detection score exceeds threshold (90/100). Higher threshold allows normal expression while blocking abusive or harassing language patterns.")
+@severity("medium")
+@tags("profanity,content-safety,trust-safety")
+@reject_message("Content blocked: excessive profanity detected. Please rephrase in a professional manner.")
+forbid (
+    principal,
+    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content"],
+    resource
+)
+when {
+    context has profanity_score && context.profanity_score >= 90
+};
+
+// ---------------------------------------------------------------------------
+// Section 6: Cut & Paste Safety
+// Specific rules for content pasted from external sources into AI chats.
+// Paste operations are a primary vector for data leakage.
+// ---------------------------------------------------------------------------
+
+// Block large pastes with any detected threats
+@id("sentry-cs-block-large-paste-threats")
+@name("Block large pastes with threats")
+@description("Block large paste operations (>5000 chars) when any threats are detected. Large pastes with threats likely indicate bulk data dumps from emails, documents, or databases being leaked to AI services.")
+@severity("high")
+@tags("paste-safety,data-leakage,content-safety")
+@reject_message("Large paste operation blocked: security threats were detected in the pasted content. Large data transfers to AI services require threat-free content.")
+forbid (
+    principal,
+    action == Sentry::Action::"paste_content",
+    resource
+)
+when {
+    context has paste_length && context has threat_count &&
+    context.paste_length > 5000 && context.threat_count >= 1
+};
+
+// Block pastes containing encoded injection payloads
+@id("sentry-cs-block-paste-encoded")
+@name("Block encoded paste content")
+@description("Block paste operations when encoded injection payloads (base64, hex, unicode) are detected. Attackers use encoding to smuggle injection payloads via clipboard transfer.")
+@severity("high")
+@tags("paste-safety,encoding,injection,content-safety")
+@reject_message("Paste blocked: encoded injection payloads detected in pasted content. Content with hidden encoded instructions cannot be shared with AI services.")
+forbid (
+    principal,
+    action == Sentry::Action::"paste_content",
+    resource
+)
+when {
+    context has encoded_content_detected && context.encoded_content_detected &&
+    context has encoded_score && context.encoded_score >= 60
+};
+
+// Block pastes with invisible characters
+@id("sentry-cs-block-paste-invisible")
+@name("Block paste with invisible characters")
+@description("Block paste operations containing invisible Unicode characters (zero-width, bidi overrides). These can hide malicious instructions that appear invisible to users but are processed by AI models.")
+@severity("high")
+@tags("paste-safety,unicode,invisible-chars,content-safety")
+@reject_message("Paste blocked: invisible Unicode characters detected. Hidden characters can disguise malicious instructions that AI models process but users cannot see.")
+forbid (
+    principal,
+    action == Sentry::Action::"paste_content",
+    resource
+)
+when {
+    context has contains_invisible_chars && context.contains_invisible_chars &&
+    context has invisible_chars_score && context.invisible_chars_score >= 50
+};
+
+// ---------------------------------------------------------------------------
+// Section 7: AI Response Safety
+// Block harmful content in AI responses before user sees it.
+// ---------------------------------------------------------------------------
+
+// Block violent/harmful AI responses
+@id("sentry-cs-block-response-safety")
+@name("Block harmful AI responses")
+@description("Block AI responses containing high-severity violent, hateful, or criminal content. Prevents harmful AI-generated content from reaching users in enterprise environments.")
+@severity("critical")
+@tags("response-safety,content-safety,owasp-llm02")
+@reject_message("AI response blocked: harmful content detected in the response. The AI service generated content that violates enterprise content safety policies.")
+forbid (
+    principal,
+    action == Sentry::Action::"receive_response",
+    resource
+)
+when {
+    context has violence_score && context.violence_score >= 80
+};
+
+@id("sentry-cs-block-response-hate")
+@name("Block hateful AI responses")
+@description("Block AI responses with hate speech or discriminatory content.")
+@severity("critical")
+@tags("response-safety,hate-speech,content-safety,owasp-llm02")
+@reject_message("AI response blocked: hate speech or discriminatory content detected in the response.")
+forbid (
+    principal,
+    action == Sentry::Action::"receive_response",
+    resource
+)
+when {
+    context has hate_speech_score && context.hate_speech_score >= 75
+};
+`;
+const SENTRY_SENTRY_PII_DEFAULT_CEDAR = `// =============================================================================
+// PII Detection Policy (Default)
+// =============================================================================
+// Detects and blocks personally identifiable information across messages,
+// pasted content, file uploads, and AI responses. Uses multi-layered detection:
+//
+//   1. PII boolean flag (pii_detected) — broadest catch from detection engine
+//   2. Granular PII type matching (pii_types) — type-specific blocking
+//   3. PII confidence score (pii_confidence) — ML classifier confidence
+//   4. Detection rule triggers (detected_threats) — named rule matches
+//   5. Bulk PII exposure (pii_count) — data dump prevention
+//
+// PII Types Detected by Shield PIIRegexDetector:
+//   ssn, credit_card, email, phone_us, ip_address, date_of_birth,
+//   passport, iban, aws_key, api_key_generic
+//
+// Compliance:
+//   PCI DSS 3.4, 4.1 (Payment Card Data)
+//   GDPR Art. 32 (Security of Processing)
+//   HIPAA §164.312 (Technical Safeguards)
+//   CCPA §1798.150 (Data Protection)
+//   OWASP LLM06 (Sensitive Information Disclosure)
+//
+// Category: pii
+// Namespace: Sentry
+// =============================================================================
+
+// ---------------------------------------------------------------------------
+// Section 1: Primary PII Detection
+// Fires when the detection pipeline identifies PII in any content.
+// ---------------------------------------------------------------------------
+
+// Block messages containing detected PII
+@id("sentry-pii-block-messages")
+@name("Block messages with PII")
+@description("Block messages when the detection engine identifies any PII patterns. Prevents employees from accidentally sharing personal data with AI chat services.")
+@severity("critical")
+@tags("pii,privacy,data-protection,gdpr-art-32,owasp-llm06")
+@reject_message("Your message was blocked because personally identifiable information was detected. Remove all PII (names, addresses, SSNs, credit cards, etc.) before sending to AI services.")
+forbid (
+    principal,
+    action == Sentry::Action::"send_message",
+    resource
+)
+when {
+    context has pii_detected && context.pii_detected
+};
+
+// Block pasted content containing PII
+@id("sentry-pii-block-paste")
+@name("Block paste with PII")
+@description("Block paste operations when PII is detected in pasted content. Prevents data leakage when employees paste content from emails, spreadsheets, or documents containing personal data into AI chats.")
+@severity("critical")
+@tags("pii,paste-safety,data-leakage,gdpr-art-32")
+@reject_message("Paste blocked: personally identifiable information detected in pasted content. Remove PII before pasting into AI services.")
+forbid (
+    principal,
+    action == Sentry::Action::"paste_content",
+    resource
+)
+when {
+    context has pii_detected && context.pii_detected
+};
+
+// Block file uploads containing PII
+@id("sentry-pii-block-uploads")
+@name("Block file uploads with PII")
+@description("Block file uploads when PII is detected in document content. Prevents sharing of documents containing personal data (customer lists, HR records, medical files) with AI services.")
+@severity("critical")
+@tags("pii,file-upload,data-protection,gdpr-art-32")
+@reject_message("File upload blocked: personally identifiable information detected in the document. Files containing PII must not be shared with AI services.")
+forbid (
+    principal,
+    action == Sentry::Action::"upload_file",
+    resource
+)
+when {
+    context has pii_detected && context.pii_detected
+};
+
+// ---------------------------------------------------------------------------
+// Section 2: Granular PII Type Blocking
+// Blocks specific PII types based on regulatory requirements.
+// ---------------------------------------------------------------------------
+
+// Block credit card numbers (PCI DSS compliance)
+@id("sentry-pii-block-credit-cards")
+@name("Block credit card numbers")
+@description("Block content containing credit card number patterns across all actions. PCI DSS 3.4 requires PANs are rendered unreadable — AI services must never receive raw card numbers.")
+@severity("critical")
+@tags("pci,credit-card,payment,compliance,pci-dss-3.4")
+@reject_message("Content blocked: credit card number patterns detected. Sharing payment card data with AI services violates PCI DSS. Use tokenized references instead.")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    (context has pii_types && context.pii_types.contains("credit_card")) ||
+    (context has detected_threats && context.detected_threats.contains("credit_card"))
+};
+
+// Block Social Security Numbers
+@id("sentry-pii-block-ssn")
+@name("Block Social Security Numbers")
+@description("Block content containing SSN patterns (XXX-XX-XXXX and variants). SSNs are high-value identity theft targets — exposure through AI services is a critical privacy violation.")
+@severity("critical")
+@tags("ssn,identity,privacy,compliance,nist-si-4")
+@reject_message("Content blocked: Social Security Number patterns detected. SSNs must never be shared with AI services.")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    (context has pii_types && context.pii_types.contains("ssn")) ||
+    (context has detected_threats && context.detected_threats.contains("ssn"))
+};
+
+// Block passport numbers
+@id("sentry-pii-block-passport")
+@name("Block passport numbers")
+@description("Block content containing passport number patterns. Passport numbers are government-issued identifiers with high identity theft risk.")
+@severity("critical")
+@tags("passport,identity,privacy,gdpr")
+@reject_message("Content blocked: passport number patterns detected. Government-issued identifiers must not be shared with AI services.")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has pii_types && context.pii_types.contains("passport")
+};
+
+// Block IBAN (International Bank Account Numbers)
+@id("sentry-pii-block-iban")
+@name("Block bank account numbers")
+@description("Block content containing IBAN patterns. Bank account numbers are sensitive financial identifiers that must not be exposed to AI services.")
+@severity("critical")
+@tags("iban,financial,privacy,gdpr,pci-dss")
+@reject_message("Content blocked: bank account number (IBAN) patterns detected. Financial account numbers must not be shared with AI services.")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has pii_types && context.pii_types.contains("iban")
+};
+
+// Block bulk PII exposure
+@id("sentry-pii-block-bulk-exposure")
+@name("Block bulk PII exposure")
+@description("Block content containing 3 or more PII matches. Multiple PII items indicate a data dump — customer lists, CSV exports, or database content being leaked to AI services.")
+@severity("critical")
+@tags("pii,bulk,data-exfiltration,gdpr-art-32,ccpa")
+@reject_message("Content blocked: multiple PII items detected (3+). Bulk personal data must never be shared with AI services. Use data masking or tokenization.")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has pii_count && context.pii_count >= 3
+};
+
+// ---------------------------------------------------------------------------
+// Section 3: PII Confidence Detection
+// Catches PII patterns via ML classifier that escape regex detection.
+// ---------------------------------------------------------------------------
+
+// Block high-confidence PII
+@id("sentry-pii-block-high-confidence")
+@name("Block high-confidence PII")
+@description("Block content when the PII confidence score exceeds threshold (80/100). Catches novel PII patterns including names, addresses, and identifiers that regex rules may miss.")
+@severity("critical")
+@tags("pii,confidence,privacy,compliance,ml-classifier")
+@reject_message("Content blocked: the ML classifier detected personally identifiable information with high confidence. The content appears to contain personal data.")
+forbid (
+    principal,
+    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content", Sentry::Action::"upload_file"],
+    resource
+)
+when {
+    context has pii_confidence && context.pii_confidence >= 80
+};
+
+// ---------------------------------------------------------------------------
+// Section 4: PII Threat Category
+// Defense-in-depth via threat aggregation layer.
+// ---------------------------------------------------------------------------
+
+// Block PII threat category
+@id("sentry-pii-block-threat-category")
+@name("Block PII threat category")
+@description("Block content when threat categorization identifies PII. Defense-in-depth behind the pii_detected boolean — catches cases where PII is flagged at the aggregation layer.")
+@severity("high")
+@tags("pii,privacy,data-protection,gdpr")
+@reject_message("Content blocked: threat scanners detected personally identifiable information. Remove all PII before submitting.")
+forbid (
+    principal,
+    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content", Sentry::Action::"upload_file"],
+    resource
+)
+when {
+    context has threat_categories && context.threat_categories.contains("pii")
+};
+
+// ---------------------------------------------------------------------------
+// Section 5: AI Response PII Blocking
+// Prevent AI responses containing PII from reaching the user.
+// ---------------------------------------------------------------------------
+
+// Block AI responses containing PII
+@id("sentry-pii-block-responses")
+@name("Block AI responses with PII")
+@description("Block AI responses when PII is detected in the output. Prevents AI services from exposing personal data in generated responses (e.g., when the model echoes back or generates PII from training data).")
+@severity("high")
+@tags("pii,response-safety,data-protection,owasp-llm06")
+@reject_message("AI response blocked: personally identifiable information detected in the AI response. The AI service generated content containing personal data.")
+forbid (
+    principal,
+    action == Sentry::Action::"receive_response",
+    resource
+)
+when {
+    context has pii_detected && context.pii_detected
+};
+`;
+const SENTRY_SENTRY_FILE_SAFETY_DEFAULT_CEDAR = `// =============================================================================
+// File & Attachment Safety Policy (Default)
+// =============================================================================
+// Enforces document sensitivity controls for files uploaded to AI chat services.
+// Integrates with Microsoft Information Protection (MIP) labels to prevent
+// confidential and restricted documents from being shared with AI.
+//
+// Detection layers:
+//   1. MIP label enforcement — sensitivity_level from document metadata
+//   2. PII/secrets in file content — from Shield PIIRegexDetector/SecretsDetector
+//   3. Injection payloads in files — from Shield InjectionDetector
+//   4. File type restrictions — block dangerous extensions
+//   5. Phishing link detection — from CheckPhishDetector
+//
+// Compliance:
+//   Microsoft Information Protection (MIP) — label-based access control
+//   NIST 800-53 SC-28 (Protection of Information at Rest)
+//   GDPR Art. 32 (Security of Processing)
+//   ISO 27001 A.8.2 (Information Classification)
+//
+// Category: file_safety
+// Namespace: Sentry
+// =============================================================================
+
+// ---------------------------------------------------------------------------
+// Section 1: MIP Label Enforcement
+// Block uploads based on Microsoft Information Protection sensitivity labels.
+// Labels are read from document metadata via MIP SDK / Graph API.
+// ---------------------------------------------------------------------------
+
+// Block restricted documents
+@id("sentry-file-block-restricted")
+@name("Block restricted documents")
+@description("Block uploads of documents with 'restricted' sensitivity level. Restricted documents contain the most sensitive data (board materials, M&A, legal privilege) and must never be shared with AI services.")
+@severity("critical")
+@tags("mip,restricted,classification,compliance,iso-27001")
+@reject_message("Upload blocked: this document is classified as RESTRICTED. Restricted documents must never be shared with AI services. Contact your security team if you need to process this content.")
+forbid (
+    principal,
+    action == Sentry::Action::"upload_file",
+    resource
+)
+when {
+    context has sensitivity_level && context.sensitivity_level == "restricted"
+};
+
+// Block confidential documents
+@id("sentry-file-block-confidential")
+@name("Block confidential documents")
+@description("Block uploads of documents with 'confidential' sensitivity level. Confidential documents (financial reports, customer data, internal strategy) should not be shared with external AI services.")
+@severity("critical")
+@tags("mip,confidential,classification,compliance,iso-27001")
+@reject_message("Upload blocked: this document is classified as CONFIDENTIAL. Confidential documents should not be shared with AI services without explicit authorization.")
+forbid (
+    principal,
+    action == Sentry::Action::"upload_file",
+    resource
+)
+when {
+    context has sensitivity_level && context.sensitivity_level == "confidential"
+};
+
+// Block rights-managed documents
+@id("sentry-file-block-rights-managed")
+@name("Block rights-managed documents")
+@description("Block uploads of documents with IRM/RMS rights management restrictions. Rights-managed documents have explicit access controls that would be bypassed by sharing with AI services.")
+@severity("critical")
+@tags("mip,irm,rms,rights-management,compliance")
+@reject_message("Upload blocked: this document has rights management restrictions that prohibit sharing with AI services.")
+forbid (
+    principal,
+    action == Sentry::Action::"upload_file",
+    resource
+)
+when {
+    context has is_rights_managed && context.is_rights_managed
+};
+
+// ---------------------------------------------------------------------------
+// Section 2: File Content Security
+// Block files containing secrets, PII, or injection payloads.
+// ---------------------------------------------------------------------------
+
+// Block files containing secrets
+@id("sentry-file-block-secrets")
+@name("Block files with secrets")
+@description("Block file uploads when secrets or credentials are detected in document content. Prevents uploading configuration files, code, or documents containing API keys, tokens, or passwords to AI services.")
+@severity("critical")
+@tags("secrets,file-upload,credentials,nist-sc-28")
+@reject_message("Upload blocked: secrets or credentials detected in the file. Files containing API keys, tokens, or passwords must not be shared with AI services.")
+forbid (
+    principal,
+    action == Sentry::Action::"upload_file",
+    resource
+)
+when {
+    context has contains_secrets && context.contains_secrets
+};
+
+// Block files with bulk PII
+@id("sentry-file-block-bulk-pii")
+@name("Block files with bulk PII")
+@description("Block file uploads containing 3 or more PII matches. Files with bulk PII likely contain customer lists, employee records, or patient data that must not be shared with AI services.")
+@severity("critical")
+@tags("pii,file-upload,bulk,gdpr-art-32")
+@reject_message("Upload blocked: multiple PII items detected in the file (3+). Documents containing bulk personal data must not be shared with AI services.")
+forbid (
+    principal,
+    action == Sentry::Action::"upload_file",
+    resource
+)
+when {
+    context has pii_count && context.pii_count >= 3
+};
+
+// Block files with phishing links
+@id("sentry-file-block-phishing")
+@name("Block files with phishing links")
+@description("Block file uploads when phishing URLs are detected in document content. Prevents sharing of compromised documents that could expose phishing links to AI processing.")
+@severity("high")
+@tags("phishing,file-upload,security")
+@reject_message("Upload blocked: phishing URLs detected in the file. Documents containing phishing links cannot be shared with AI services.")
+forbid (
+    principal,
+    action == Sentry::Action::"upload_file",
+    resource
+)
+when {
+    context has phishing_detected && context.phishing_detected
+};
+
+// ---------------------------------------------------------------------------
+// Section 3: File Type & Size Restrictions
+// Block potentially dangerous file types and oversized files.
+// ---------------------------------------------------------------------------
+
+// Block large file uploads with any threats
+@id("sentry-file-block-large-threats")
+@name("Block large files with threats")
+@description("Block file uploads over 10MB when any threats are detected. Large files with threats likely contain data dumps or bulk exports being exfiltrated to AI services.")
+@severity("high")
+@tags("file-upload,size-limit,data-protection")
+@reject_message("Upload blocked: security threats detected in a large file. Large data transfers to AI services require threat-free content.")
+forbid (
+    principal,
+    action == Sentry::Action::"upload_file",
+    resource
+)
+when {
+    context has file_size_bytes && context has threat_count &&
+    context.file_size_bytes > 10485760 && context.threat_count >= 1
+};
+
+// ---------------------------------------------------------------------------
+// Section 4: Source Code Protection
+// Block source code uploads to AI services.
+// ---------------------------------------------------------------------------
+
+// Block files with high code content
+@id("sentry-file-block-source-code")
+@name("Block source code uploads")
+@description("Block file uploads when source code constitutes more than 80% of the content. Prevents bulk source code exfiltration to external AI services where it may be used for training or exposed.")
+@severity("high")
+@tags("source-code,ip-protection,file-upload,data-leakage")
+@reject_message("Upload blocked: the file appears to be primarily source code (>80%). Bulk source code should not be shared with external AI services to protect intellectual property.")
+forbid (
+    principal,
+    action == Sentry::Action::"upload_file",
+    resource
+)
+when {
+    context has contains_code && context.contains_code &&
+    context has code_ratio && context.code_ratio > 80
+};
+`;
+const SENTRY_SENTRY_ORGANIZATION_DEFAULT_CEDAR = `// =============================================================================
+// Organization Rules Policy (Default)
+// =============================================================================
+// Organization-wide security policies for browser AI interactions:
+//   - Credential/secret leakage prevention across all channels
+//   - Source code protection
+//   - Session-aware escalation
+//
+// These rules complement category-specific policies (PII, Content Safety,
+// File Safety) with cross-cutting organizational controls.
+//
+// Category: organization
+// Namespace: Sentry
+// =============================================================================
+
+// ---------------------------------------------------------------------------
+// Section 1: Credential & Secret Leakage Prevention
+// Block secrets/credentials across messages, pastes, and file uploads.
+// Shield SecretsDetector identifies 18+ secret types via regex.
+// ---------------------------------------------------------------------------
+
+// Block messages containing secrets
+@id("sentry-org-block-secrets-messages")
+@name("Block messages with secrets")
+@description("Block messages when detection engines identify API keys, tokens, or credential patterns. First line of defense against accidental credential exposure in AI chat interactions.")
+@severity("critical")
+@tags("secrets,credentials,messages,nist-sc-28,nist-ia-5")
+@reject_message("Your message was blocked because it contains detected secrets such as API keys, tokens, or credentials. Remove all secrets before sending to AI services.")
+forbid (
+    principal,
+    action == Sentry::Action::"send_message",
+    resource
+)
+when {
+    context has contains_secrets && context.contains_secrets
+};
+
+// Block pasted content containing secrets
+@id("sentry-org-block-secrets-paste")
+@name("Block paste with secrets")
+@description("Block paste operations when secrets are detected. Prevents credential leakage when users paste from terminals, config files, or code editors into AI chats.")
+@severity("critical")
+@tags("secrets,paste-safety,credentials,nist-sc-28")
+@reject_message("Paste blocked: secrets or credentials detected in pasted content. Remove API keys, tokens, and passwords before pasting into AI services.")
+forbid (
+    principal,
+    action == Sentry::Action::"paste_content",
+    resource
+)
+when {
+    context has contains_secrets && context.contains_secrets
+};
+
+// Block high-risk secret types across all actions
+@id("sentry-org-block-high-risk-secrets")
+@name("Block high-risk credential types")
+@description("Block content containing cloud provider keys (AWS, GCP, Azure), GitHub tokens, SSH private keys, or database connection strings across all actions. These credential types pose the highest exfiltration risk.")
+@severity("critical")
+@tags("secrets,aws,github,ssh,cloud,nist-ia-5,mitre-t1552")
+@reject_message("Content blocked: high-risk credentials detected (cloud keys, GitHub tokens, SSH keys). Use a secrets manager — never share credentials with AI services.")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has secret_types &&
+    (context.secret_types.contains("aws_access_key") ||
+     context.secret_types.contains("aws_secret_key") ||
+     context.secret_types.contains("gcp_service_account") ||
+     context.secret_types.contains("azure_connection_string") ||
+     context.secret_types.contains("github_token") ||
+     context.secret_types.contains("github_fine_grained") ||
+     context.secret_types.contains("private_key"))
+};
+
+// Block API keys and tokens across all actions
+@id("sentry-org-block-api-keys")
+@name("Block API keys and tokens")
+@description("Block content containing generic API keys, JWT tokens, and OAuth credentials. These are the most commonly leaked credential types when users interact with AI services.")
+@severity("high")
+@tags("secrets,api-key,jwt,oauth,nist-ia-5")
+@reject_message("Content blocked: API keys, JWT tokens, or OAuth credentials detected. These must never be shared with AI services.")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has secret_types &&
+    (context.secret_types.contains("generic_api_key") ||
+     context.secret_types.contains("jwt_token") ||
+     context.secret_types.contains("openai_key") ||
+     context.secret_types.contains("anthropic_key") ||
+     context.secret_types.contains("stripe_key"))
+};
+
+// Block bulk secret exposure
+@id("sentry-org-block-bulk-secrets")
+@name("Block bulk secret exposure")
+@description("Block content when 3+ distinct secrets are found. Multiple secrets indicate a configuration dump, .env file paste, or credential harvesting being sent to AI services.")
+@severity("critical")
+@tags("secrets,bulk,data-exfiltration,nist-sc-28")
+@reject_message("Content blocked: multiple credentials detected (3+). Configuration dumps and credential lists must never be shared with AI services.")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has secret_count && context.secret_count >= 3
+};
+
+// Block detected credential patterns
+@id("sentry-org-block-detected-credentials")
+@name("Block detected credential patterns")
+@description("Block content flagged by detection engine rules for credential exposure, API key leaks, and token exposure. Defense-in-depth behind contains_secrets.")
+@severity("critical")
+@tags("secrets,credentials,detection-rules,nist-ia-5")
+@reject_message("Content blocked: detection engines identified credential patterns including secret exposure, API keys, or token leaks.")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has detected_threats &&
+    (context.detected_threats.contains("secret_exposure") ||
+     context.detected_threats.contains("credential_leak") ||
+     context.detected_threats.contains("api_key_exposure"))
+};
+
+// ---------------------------------------------------------------------------
+// Section 2: Source Code Protection
+// Prevent bulk source code from being shared with AI services.
+// ---------------------------------------------------------------------------
+
+// Block messages with high code content
+@id("sentry-org-block-code-messages")
+@name("Block messages with source code")
+@description("Block messages when source code constitutes more than 80% of the content. Prevents bulk source code exfiltration to external AI services.")
+@severity("high")
+@tags("source-code,ip-protection,data-leakage")
+@reject_message("Message blocked: the content appears to be primarily source code (>80%). Bulk source code should not be shared with external AI services to protect intellectual property.")
+forbid (
+    principal,
+    action == Sentry::Action::"send_message",
+    resource
+)
+when {
+    context has contains_code && context.contains_code &&
+    context has code_ratio && context.code_ratio > 80
+};
+
+// Block pasted source code
+@id("sentry-org-block-code-paste")
+@name("Block pasted source code")
+@description("Block paste operations when content is primarily source code (>80%). Prevents code exfiltration via clipboard from IDEs, terminals, or code repositories into AI chats.")
+@severity("high")
+@tags("source-code,paste-safety,ip-protection,data-leakage")
+@reject_message("Paste blocked: the content appears to be primarily source code (>80%). Pasting bulk source code into AI services risks intellectual property exposure.")
+forbid (
+    principal,
+    action == Sentry::Action::"paste_content",
+    resource
+)
+when {
+    context has contains_code && context.contains_code &&
+    context has code_ratio && context.code_ratio > 80
+};
+
+// ---------------------------------------------------------------------------
+// Section 3: Session-Aware Escalation
+// Escalate protections when threats are detected across the session.
+// ---------------------------------------------------------------------------
+
+// Block all actions after repeated threat detection
+@id("sentry-org-session-threat-escalation")
+@name("Escalate after repeated threats")
+@description("Block all actions when threats have been detected in 3+ turns of the session. Repeated threat detections indicate either a persistent attacker or a compromised data source requiring investigation.")
+@severity("high")
+@tags("session,escalation,behavioral,defense-in-depth")
+@reject_message("Session blocked: security threats have been detected in multiple turns of this conversation. This session has been flagged for review. Please start a new session or contact your security team.")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has session_threat_turns && context.session_threat_turns >= 3
+};
+
+// Block AI responses when session has leaked secrets
+@id("sentry-org-session-secrets-response")
+@name("Block responses after secret detection")
+@description("Block AI responses when secrets were detected earlier in the session. If credentials were leaked in a previous turn, the AI service may have processed them and could echo or reference them in responses.")
+@severity("high")
+@tags("session,secrets,response-safety,defense-in-depth")
+@reject_message("AI response blocked: secrets were detected in an earlier message in this session. Responses may contain or reference the exposed credentials.")
+forbid (
+    principal,
+    action == Sentry::Action::"receive_response",
+    resource
+)
+when {
+    context has session_secrets_detected && context.session_secrets_detected
+};
+`;
+// =============================================================================
+// CATEGORIES
+// =============================================================================
+export const SENTRY_CATEGORIES = [
+    { id: 'pii', name: 'PII Detection', description: 'Detect and block personally identifiable information (PII) such as credit card numbers, SSNs, health data, and other sensitive personal data from being shared with AI chat services' },
+    { id: 'semantic', name: 'Semantic Threat Detection', description: 'Detect and block prompt injection, jailbreak attempts, and high-severity threats in messages, pasted content, and uploaded files' },
+    { id: 'content_safety', name: 'Content Safety', description: 'Detect and block violent, harmful, hateful, sexual, and profane content in AI interactions, including cut-and-paste safety rules' },
+    { id: 'file_safety', name: 'File & Attachment Safety', description: 'Enforce document sensitivity controls (MIP labels), block sensitive file uploads, detect secrets and PII in uploaded documents' },
+    { id: 'organization', name: 'Organization Rules', description: 'Organization-wide baselines, AI service allowlists, credential leakage prevention, and source code protection' },
+];
+// =============================================================================
+// DEFAULT POLICIES
+// =============================================================================
+export const SENTRY_DEFAULTS = [
+    {
+        id: 'sentry-baseline-default',
+        name: 'Baseline Permit',
+        description: 'Permits all actions by default — threat-specific forbid policies override this when threats are detected',
+        category: 'organization',
+        cedarText: SENTRY_SENTRY_BASELINE_DEFAULT_CEDAR,
+        severity: 'low',
+        tags: ['baseline', 'permit-default', 'organization'],
+        isActive: true,
+    },
+    {
+        id: 'sentry-semantic-default',
+        name: 'Semantic Threat Detection',
+        description: 'Detect and block prompt injection, jailbreak attempts, and high-severity threats across messages, paste, and file uploads',
+        category: 'semantic',
+        cedarText: SENTRY_SENTRY_SEMANTIC_DEFAULT_CEDAR,
+        severity: 'critical',
+        tags: ['injection', 'jailbreak', 'owasp-llm01', 'owasp-llm02', 'baseline'],
+        isActive: true,
+    },
+    {
+        id: 'sentry-content-safety-default',
+        name: 'Content Safety',
+        description: 'Detect and block violent, harmful, hateful, sexual, and profane content including cut-and-paste safety enforcement',
+        category: 'content_safety',
+        cedarText: SENTRY_SENTRY_CONTENT_SAFETY_DEFAULT_CEDAR,
+        severity: 'critical',
+        tags: ['violence', 'hate-speech', 'sexual', 'profanity', 'content-safety', 'paste-safety', 'baseline'],
+        isActive: true,
+    },
+];
+// =============================================================================
+// ALL TEMPLATES
+// =============================================================================
+export const SENTRY_TEMPLATES = [
+    {
+        id: 'sentry-pii-default',
+        name: 'PII Detection',
+        description: 'Detect and block credit card numbers, SSNs, health data, and other PII in messages, pasted content, file uploads, and AI responses',
+        category: 'pii',
+        cedarText: SENTRY_SENTRY_PII_DEFAULT_CEDAR,
+        severity: 'critical',
+        tags: ['pii', 'privacy', 'compliance', 'pci-dss', 'gdpr', 'hipaa', 'baseline'],
+    },
+    {
+        id: 'sentry-file-safety-default',
+        name: 'File & Attachment Safety',
+        description: 'Enforce MIP sensitivity labels, block confidential document uploads, detect secrets and PII in files, and restrict file types',
+        category: 'file_safety',
+        cedarText: SENTRY_SENTRY_FILE_SAFETY_DEFAULT_CEDAR,
+        severity: 'critical',
+        tags: ['mip', 'document-sensitivity', 'file-upload', 'dlp', 'compliance'],
+    },
+    {
+        id: 'sentry-organization-default',
+        name: 'Organization Rules',
+        description: 'Organization-wide policies: credential leakage prevention, source code protection, and secrets blocking across all interactions',
+        category: 'organization',
+        cedarText: SENTRY_SENTRY_ORGANIZATION_DEFAULT_CEDAR,
+        severity: 'critical',
+        tags: ['secrets', 'credentials', 'source-code', 'data-protection', 'organization'],
+    },
+];
+// =============================================================================
+// TEMPLATES METADATA
+// =============================================================================
+/** Raw templates.json metadata for the Sentry service. */
+export const SENTRY_TEMPLATES_JSON = `{
+  "service": "sentry",
+  "version": "1.0.0",
+  "description": "Sentry policy templates for browser AI security",
+  "categories": [
+    {
+      "id": "pii",
+      "name": "PII Detection",
+      "description": "Detect and block personally identifiable information (PII) such as credit card numbers, SSNs, health data, and other sensitive personal data from being shared with AI chat services"
+    },
+    {
+      "id": "semantic",
+      "name": "Semantic Threat Detection",
+      "description": "Detect and block prompt injection, jailbreak attempts, and high-severity threats in messages, pasted content, and uploaded files"
+    },
+    {
+      "id": "content_safety",
+      "name": "Content Safety",
+      "description": "Detect and block violent, harmful, hateful, sexual, and profane content in AI interactions, including cut-and-paste safety rules"
+    },
+    {
+      "id": "file_safety",
+      "name": "File & Attachment Safety",
+      "description": "Enforce document sensitivity controls (MIP labels), block sensitive file uploads, detect secrets and PII in uploaded documents"
+    },
+    {
+      "id": "organization",
+      "name": "Organization Rules",
+      "description": "Organization-wide baselines, AI service allowlists, credential leakage prevention, and source code protection"
+    }
+  ],
+  "defaults": [
+    {
+      "id": "sentry-baseline-default",
+      "name": "Baseline Permit",
+      "description": "Permits all actions by default — threat-specific forbid policies override this when threats are detected",
+      "category": "organization",
+      "file": "defaults/baseline.cedar",
+      "severity": "low",
+      "tags": ["baseline", "permit-default", "organization"],
+      "is_active": true
+    },
+    {
+      "id": "sentry-semantic-default",
+      "name": "Semantic Threat Detection",
+      "description": "Detect and block prompt injection, jailbreak attempts, and high-severity threats across messages, paste, and file uploads",
+      "category": "semantic",
+      "file": "defaults/semantic.cedar",
+      "severity": "critical",
+      "tags": ["injection", "jailbreak", "owasp-llm01", "owasp-llm02", "baseline"],
+      "is_active": true
+    },
+    {
+      "id": "sentry-content-safety-default",
+      "name": "Content Safety",
+      "description": "Detect and block violent, harmful, hateful, sexual, and profane content including cut-and-paste safety enforcement",
+      "category": "content_safety",
+      "file": "defaults/content_safety.cedar",
+      "severity": "critical",
+      "tags": ["violence", "hate-speech", "sexual", "profanity", "content-safety", "paste-safety", "baseline"],
+      "is_active": true
+    }
+  ],
+  "templates": [
+    {
+      "id": "sentry-pii-default",
+      "name": "PII Detection",
+      "description": "Detect and block credit card numbers, SSNs, health data, and other PII in messages, pasted content, file uploads, and AI responses",
+      "category": "pii",
+      "file": "defaults/pii.cedar",
+      "severity": "critical",
+      "tags": ["pii", "privacy", "compliance", "pci-dss", "gdpr", "hipaa", "baseline"]
+    },
+    {
+      "id": "sentry-file-safety-default",
+      "name": "File & Attachment Safety",
+      "description": "Enforce MIP sensitivity labels, block confidential document uploads, detect secrets and PII in files, and restrict file types",
+      "category": "file_safety",
+      "file": "defaults/file_safety.cedar",
+      "severity": "critical",
+      "tags": ["mip", "document-sensitivity", "file-upload", "dlp", "compliance"]
+    },
+    {
+      "id": "sentry-organization-default",
+      "name": "Organization Rules",
+      "description": "Organization-wide policies: credential leakage prevention, source code protection, and secrets blocking across all interactions",
+      "category": "organization",
+      "file": "defaults/organization.cedar",
+      "severity": "critical",
+      "tags": ["secrets", "credentials", "source-code", "data-protection", "organization"]
+    }
+  ]
+}
+`;
+// =============================================================================
+// HELPER FUNCTIONS
+// =============================================================================
+export function getSentryDefaultsByCategory(category) {
+    return SENTRY_DEFAULTS.filter(d => d.category === category);
+}
+export function getSentryTemplatesByCategory(category) {
+    return SENTRY_TEMPLATES.filter(t => t.category === category);
+}
+export function getSentryTemplateById(id) {
+    return SENTRY_TEMPLATES.find(t => t.id === id);
+}