@highflame/policy 2.1.23 → 2.1.24

package/_schemas/guardrails/context.json

@@ -29,7 +29,7 @@
           "key": "content_type",
           "type": "string",
           "required": true,
-          "description": "Type of content being analyzed: 'prompt', 'response', 'tool_call', or 'file'"
+          "description": "Type of content being analyzed: 'prompt', 'response', 'tool_call', 'file', or 'clipboard'"
         },
         {
           "key": "detector_count",

package/_schemas/sentry/templates/defaults/clipboard.cedar

@@ -0,0 +1,76 @@
+// =============================================================================
+// Clipboard Policy (Default)
+// =============================================================================
+// Controls over paste operations into AI chat services. Covers:
+//   - Blanket paste blocking (admin-configurable)
+//   - Paste-with-secrets blocking
+//   - Paste-with-source-code blocking
+//
+// Cross-cutting secret rules (e.g. high-risk credential types) are defined
+// in secrets.cedar and apply to paste content as well.
+//
+// Category: clipboard
+// Namespace: Sentry
+// =============================================================================
+
+// Block all paste operations
+@id("sentry-org-block-all-paste")
+@name("Block all paste operations")
+@description("Unconditionally block all paste operations into AI chat services. Enable this rule to prevent any content from being pasted into AI chats regardless of content. Disable to allow paste (subject to other policy rules).")
+@severity("high")
+@tags("paste,clipboard,data-protection,organization")
+@reject_message("Paste blocked: your organization does not allow pasting content into AI services. Type your message directly or contact your administrator.")
+forbid (
+    principal,
+    action == Sentry::Action::"paste_content",
+    resource
+);
+
+// Block pasted content containing secrets
+@id("sentry-org-block-secrets-paste")
+@name("Block paste with secrets")
+@description("Block paste operations when secrets are detected. Prevents credential leakage when users paste from terminals, config files, or code editors into AI chats.")
+@severity("critical")
+@tags("secrets,paste-safety,credentials,nist-sc-28")
+@reject_message("Paste blocked: secrets or credentials detected in pasted content. Remove API keys, tokens, and passwords before pasting into AI services.")
+forbid (
+    principal,
+    action == Sentry::Action::"paste_content",
+    resource
+)
+when {
+    context has contains_secrets && context.contains_secrets
+};
+
+// Block pasted content containing PII
+@id("sentry-pii-block-paste")
+@name("Block paste with PII")
+@description("Block paste operations when PII is detected in pasted content. Prevents data leakage when employees paste content from emails, spreadsheets, or documents containing personal data into AI chats.")
+@severity("critical")
+@tags("pii,paste-safety,data-leakage,gdpr-art-32")
+@reject_message("Paste blocked: personally identifiable information detected in pasted content. Remove PII before pasting into AI services.")
+forbid (
+    principal,
+    action == Sentry::Action::"paste_content",
+    resource
+)
+when {
+    context has pii_detected && context.pii_detected
+};
+
+// Block pasted source code
+@id("sentry-org-block-code-paste")
+@name("Block pasted source code")
+@description("Block paste operations when content is primarily source code (>80%). Prevents code exfiltration via clipboard from IDEs, terminals, or code repositories into AI chats.")
+@severity("high")
+@tags("source-code,paste-safety,ip-protection,data-leakage")
+@reject_message("Paste blocked: the content appears to be primarily source code (>80%). Pasting bulk source code into AI services risks intellectual property exposure.")
+forbid (
+    principal,
+    action == Sentry::Action::"paste_content",
+    resource
+)
+when {
+    context has contains_code && context.contains_code &&
+    context has code_ratio && context.code_ratio > 80
+};

package/_schemas/sentry/templates/defaults/file_safety.cedar

@@ -97,20 +97,20 @@ when {
     context has contains_secrets && context.contains_secrets
 };
 
-// Block files with bulk PII
-@id("sentry-file-block-bulk-pii")
-@name("Block files with bulk PII")
-@description("Block file uploads containing 3 or more PII matches. Files with bulk PII likely contain customer lists, employee records, or patient data that must not be shared with AI services.")
+// Block file uploads containing PII
+@id("sentry-pii-block-uploads")
+@name("Block file uploads with PII")
+@description("Block file uploads when PII is detected in document content. Prevents sharing of documents containing personal data (customer lists, HR records, medical files) with AI services.")
 @severity("critical")
-@tags("pii,file-upload,bulk,gdpr-art-32")
-@reject_message("Upload blocked: multiple PII items detected in the file (3+). Documents containing bulk personal data must not be shared with AI services.")
+@tags("pii,file-upload,data-protection,gdpr-art-32")
+@reject_message("File upload blocked: personally identifiable information detected in the document. Files containing PII must not be shared with AI services.")
 forbid (
     principal,
     action == Sentry::Action::"upload_file",
     resource
 )
 when {
-    context has pii_count && context.pii_count >= 3
+    context has pii_detected && context.pii_detected
 };
 
 // Block files with phishing links

package/_schemas/sentry/templates/defaults/organization.cedar

@@ -1,138 +1,22 @@
 // =============================================================================
 // Organization Rules Policy (Default)
 // =============================================================================
-// Organization-wide security policies for browser AI interactions:
-//   - Credential/secret leakage prevention across all channels
-//   - Source code protection
-//   - Session-aware escalation
+// Cross-cutting organization-wide rules that don't fit other categories.
+// Secret/credential rules live in secrets.cedar; paste/clipboard rules live
+// in clipboard.cedar.
 //
-// These rules complement category-specific policies (PII, Content Safety,
-// File Safety) with cross-cutting organizational controls.
+// This template covers:
+//   - Source code protection in messages (non-paste channels)
+//   - Session-aware threat escalation
 //
 // Category: organization
 // Namespace: Sentry
 // =============================================================================
 
 // ---------------------------------------------------------------------------
-// Section 1: Credential & Secret Leakage Prevention
-// Block secrets/credentials across messages, pastes, and file uploads.
-// Shield SecretsDetector identifies 18+ secret types via regex.
-// ---------------------------------------------------------------------------
-
-// Block messages containing secrets
-@id("sentry-org-block-secrets-messages")
-@name("Block messages with secrets")
-@description("Block messages when detection engines identify API keys, tokens, or credential patterns. First line of defense against accidental credential exposure in AI chat interactions.")
-@severity("critical")
-@tags("secrets,credentials,messages,nist-sc-28,nist-ia-5")
-@reject_message("Your message was blocked because it contains detected secrets such as API keys, tokens, or credentials. Remove all secrets before sending to AI services.")
-forbid (
-    principal,
-    action == Sentry::Action::"send_message",
-    resource
-)
-when {
-    context has contains_secrets && context.contains_secrets
-};
-
-// Block pasted content containing secrets
-@id("sentry-org-block-secrets-paste")
-@name("Block paste with secrets")
-@description("Block paste operations when secrets are detected. Prevents credential leakage when users paste from terminals, config files, or code editors into AI chats.")
-@severity("critical")
-@tags("secrets,paste-safety,credentials,nist-sc-28")
-@reject_message("Paste blocked: secrets or credentials detected in pasted content. Remove API keys, tokens, and passwords before pasting into AI services.")
-forbid (
-    principal,
-    action == Sentry::Action::"paste_content",
-    resource
-)
-when {
-    context has contains_secrets && context.contains_secrets
-};
-
-// Block high-risk secret types across all actions
-@id("sentry-org-block-high-risk-secrets")
-@name("Block high-risk credential types")
-@description("Block content containing cloud provider keys (AWS, GCP, Azure), GitHub tokens, SSH private keys, or database connection strings across all actions. These credential types pose the highest exfiltration risk.")
-@severity("critical")
-@tags("secrets,aws,github,ssh,cloud,nist-ia-5,mitre-t1552")
-@reject_message("Content blocked: high-risk credentials detected (cloud keys, GitHub tokens, SSH keys). Use a secrets manager — never share credentials with AI services.")
-forbid (
-    principal,
-    action,
-    resource
-)
-when {
-    context has secret_types &&
-    (context.secret_types.contains("aws_access_key") ||
-     context.secret_types.contains("aws_secret_key") ||
-     context.secret_types.contains("gcp_service_account") ||
-     context.secret_types.contains("azure_connection_string") ||
-     context.secret_types.contains("github_token") ||
-     context.secret_types.contains("github_fine_grained") ||
-     context.secret_types.contains("private_key"))
-};
-
-// Block API keys and tokens across all actions
-@id("sentry-org-block-api-keys")
-@name("Block API keys and tokens")
-@description("Block content containing generic API keys, JWT tokens, and OAuth credentials. These are the most commonly leaked credential types when users interact with AI services.")
-@severity("high")
-@tags("secrets,api-key,jwt,oauth,nist-ia-5")
-@reject_message("Content blocked: API keys, JWT tokens, or OAuth credentials detected. These must never be shared with AI services.")
-forbid (
-    principal,
-    action,
-    resource
-)
-when {
-    context has secret_types &&
-    (context.secret_types.contains("generic_api_key") ||
-     context.secret_types.contains("jwt_token") ||
-     context.secret_types.contains("openai_key") ||
-     context.secret_types.contains("anthropic_key") ||
-     context.secret_types.contains("stripe_key"))
-};
-
-// Block bulk secret exposure
-@id("sentry-org-block-bulk-secrets")
-@name("Block bulk secret exposure")
-@description("Block content when 3+ distinct secrets are found. Multiple secrets indicate a configuration dump, .env file paste, or credential harvesting being sent to AI services.")
-@severity("critical")
-@tags("secrets,bulk,data-exfiltration,nist-sc-28")
-@reject_message("Content blocked: multiple credentials detected (3+). Configuration dumps and credential lists must never be shared with AI services.")
-forbid (
-    principal,
-    action,
-    resource
-)
-when {
-    context has secret_count && context.secret_count >= 3
-};
-
-// Block detected credential patterns
-@id("sentry-org-block-detected-credentials")
-@name("Block detected credential patterns")
-@description("Block content flagged by detection engine rules for credential exposure, API key leaks, and token exposure. Defense-in-depth behind contains_secrets.")
-@severity("critical")
-@tags("secrets,credentials,detection-rules,nist-ia-5")
-@reject_message("Content blocked: detection engines identified credential patterns including secret exposure, API keys, or token leaks.")
-forbid (
-    principal,
-    action,
-    resource
-)
-when {
-    context has detected_threats &&
-    (context.detected_threats.contains("secret_exposure") ||
-     context.detected_threats.contains("credential_leak") ||
-     context.detected_threats.contains("api_key_exposure"))
-};
-
-// ---------------------------------------------------------------------------
-// Section 2: Source Code Protection
-// Prevent bulk source code from being shared with AI services.
+// Section 1: Source Code Protection (Messages)
+// Prevent bulk source code from being shared via messages.
+// Paste-targeted code protection is in clipboard.cedar.
 // ---------------------------------------------------------------------------
 
 // Block messages with high code content
@@ -152,25 +36,8 @@ when {
     context has code_ratio && context.code_ratio > 80
 };
 
-// Block pasted source code
-@id("sentry-org-block-code-paste")
-@name("Block pasted source code")
-@description("Block paste operations when content is primarily source code (>80%). Prevents code exfiltration via clipboard from IDEs, terminals, or code repositories into AI chats.")
-@severity("high")
-@tags("source-code,paste-safety,ip-protection,data-leakage")
-@reject_message("Paste blocked: the content appears to be primarily source code (>80%). Pasting bulk source code into AI services risks intellectual property exposure.")
-forbid (
-    principal,
-    action == Sentry::Action::"paste_content",
-    resource
-)
-when {
-    context has contains_code && context.contains_code &&
-    context has code_ratio && context.code_ratio > 80
-};
-
 // ---------------------------------------------------------------------------
-// Section 3: Session-Aware Escalation
+// Section 2: Session-Aware Escalation
 // Escalate protections when threats are detected across the session.
 // ---------------------------------------------------------------------------
 
@@ -189,19 +56,3 @@ forbid (
 when {
     context has session_threat_turns && context.session_threat_turns >= 3
 };
-
-// Block AI responses when session has leaked secrets
-@id("sentry-org-session-secrets-response")
-@name("Block responses after secret detection")
-@description("Block AI responses when secrets were detected earlier in the session. If credentials were leaked in a previous turn, the AI service may have processed them and could echo or reference them in responses.")
-@severity("high")
-@tags("session,secrets,response-safety,defense-in-depth")
-@reject_message("AI response blocked: secrets were detected in an earlier message in this session. Responses may contain or reference the exposed credentials.")
-forbid (
-    principal,
-    action == Sentry::Action::"receive_response",
-    resource
-)
-when {
-    context has session_secrets_detected && context.session_secrets_detected
-};

package/_schemas/sentry/templates/defaults/pii.cedar

@@ -46,38 +46,6 @@ when {
     context has pii_detected && context.pii_detected
 };
 
-// Block pasted content containing PII
-@id("sentry-pii-block-paste")
-@name("Block paste with PII")
-@description("Block paste operations when PII is detected in pasted content. Prevents data leakage when employees paste content from emails, spreadsheets, or documents containing personal data into AI chats.")
-@severity("critical")
-@tags("pii,paste-safety,data-leakage,gdpr-art-32")
-@reject_message("Paste blocked: personally identifiable information detected in pasted content. Remove PII before pasting into AI services.")
-forbid (
-    principal,
-    action == Sentry::Action::"paste_content",
-    resource
-)
-when {
-    context has pii_detected && context.pii_detected
-};
-
-// Block file uploads containing PII
-@id("sentry-pii-block-uploads")
-@name("Block file uploads with PII")
-@description("Block file uploads when PII is detected in document content. Prevents sharing of documents containing personal data (customer lists, HR records, medical files) with AI services.")
-@severity("critical")
-@tags("pii,file-upload,data-protection,gdpr-art-32")
-@reject_message("File upload blocked: personally identifiable information detected in the document. Files containing PII must not be shared with AI services.")
-forbid (
-    principal,
-    action == Sentry::Action::"upload_file",
-    resource
-)
-when {
-    context has pii_detected && context.pii_detected
-};
-
 // ---------------------------------------------------------------------------
 // Section 2: Granular PII Type Blocking
 // Blocks specific PII types based on regulatory requirements.

package/_schemas/sentry/templates/defaults/secrets.cedar

@@ -0,0 +1,155 @@
+// =============================================================================
+// Secrets Detection Policy (Default)
+// =============================================================================
+// Block credential and secret leakage across messages and AI responses.
+// Shield SecretsDetector identifies 18+ secret types via regex.
+//
+// Paste-targeted secret rules live in clipboard.cedar; this file covers
+// non-paste channels (messages, responses, and cross-cutting rules).
+//
+// Category: secrets
+// Namespace: Sentry
+// =============================================================================
+
+// Block messages containing secrets
+@id("sentry-org-block-secrets-messages")
+@name("Block messages with secrets")
+@description("Block messages when detection engines identify API keys, tokens, or credential patterns. First line of defense against accidental credential exposure in AI chat interactions.")
+@severity("critical")
+@tags("secrets,credentials,messages,nist-sc-28,nist-ia-5")
+@reject_message("Your message was blocked because it contains detected secrets such as API keys, tokens, or credentials. Remove all secrets before sending to AI services.")
+forbid (
+    principal,
+    action == Sentry::Action::"send_message",
+    resource
+)
+when {
+    context has contains_secrets && context.contains_secrets
+};
+
+// Block high-risk secret types across all actions
+@id("sentry-org-block-high-risk-secrets")
+@name("Block high-risk credential types")
+@description("Block content containing cloud provider keys (AWS, GCP, Azure), GitHub tokens, SSH private keys, or database connection strings across all actions. These credential types pose the highest exfiltration risk.")
+@severity("critical")
+@tags("secrets,aws,github,ssh,cloud,nist-ia-5,mitre-t1552")
+@reject_message("Content blocked: high-risk credentials detected (cloud keys, GitHub tokens, SSH keys). Use a secrets manager — never share credentials with AI services.")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has secret_types &&
+    (context.secret_types.contains("aws_access_key") ||
+     context.secret_types.contains("aws_secret_key") ||
+     context.secret_types.contains("gcp_service_account") ||
+     context.secret_types.contains("azure_connection_string") ||
+     context.secret_types.contains("github_token") ||
+     context.secret_types.contains("github_fine_grained") ||
+     context.secret_types.contains("private_key"))
+};
+
+// Block API keys and tokens across all actions
+@id("sentry-org-block-api-keys")
+@name("Block API keys and tokens")
+@description("Block content containing generic API keys, JWT tokens, and OAuth credentials. These are the most commonly leaked credential types when users interact with AI services.")
+@severity("high")
+@tags("secrets,api-key,jwt,oauth,nist-ia-5")
+@reject_message("Content blocked: API keys, JWT tokens, or OAuth credentials detected. These must never be shared with AI services.")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has secret_types &&
+    (context.secret_types.contains("generic_api_key") ||
+     context.secret_types.contains("jwt_token") ||
+     context.secret_types.contains("openai_key") ||
+     context.secret_types.contains("anthropic_key") ||
+     context.secret_types.contains("stripe_key"))
+};
+
+// Block SSH key exposure across messages, paste, and file uploads
+@id("sentry-secrets-block-ssh-keys")
+@name("Block SSH key exposure")
+@description("Block when SSH private key content or SSH key file paths are detected. Covers messages, paste, and file uploads. AI chat services must not receive SSH credentials.")
+@severity("critical")
+@tags("secrets,ssh,credentials,nist-ia-5,mitre-t1552")
+@reject_message("Blocked: SSH private key content or key file path detected. AI chat services must not receive SSH credentials.")
+forbid (
+    principal,
+    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content", Sentry::Action::"upload_file"],
+    resource
+)
+when {
+    context has secret_types && context.secret_types.contains("ssh_key")
+};
+
+// Block PEM/certificate key exposure across messages, paste, and file uploads
+@id("sentry-secrets-block-pem-keys")
+@name("Block PEM/certificate key exposure")
+@description("Block when PEM private key content or certificate key file paths (.pem, .key, .p12, .pfx) are detected. AI chat services must not receive certificate credentials.")
+@severity("critical")
+@tags("secrets,certificates,pem,nist-ia-5,mitre-t1552")
+@reject_message("Blocked: PEM private key or certificate key file detected. AI chat services must not receive certificate credentials.")
+forbid (
+    principal,
+    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content", Sentry::Action::"upload_file"],
+    resource
+)
+when {
+    context has secret_types && context.secret_types.contains("pem_certificate")
+};
+
+// Block bulk secret exposure
+@id("sentry-org-block-bulk-secrets")
+@name("Block bulk secret exposure")
+@description("Block content when 3+ distinct secrets are found. Multiple secrets indicate a configuration dump, .env file paste, or credential harvesting being sent to AI services.")
+@severity("critical")
+@tags("secrets,bulk,data-exfiltration,nist-sc-28")
+@reject_message("Content blocked: multiple credentials detected (3+). Configuration dumps and credential lists must never be shared with AI services.")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has secret_count && context.secret_count >= 3
+};
+
+// Block detected credential patterns
+@id("sentry-org-block-detected-credentials")
+@name("Block detected credential patterns")
+@description("Block content flagged by detection engine rules for credential exposure, API key leaks, and token exposure. Defense-in-depth behind contains_secrets.")
+@severity("critical")
+@tags("secrets,credentials,detection-rules,nist-ia-5")
+@reject_message("Content blocked: detection engines identified credential patterns including secret exposure, API keys, or token leaks.")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has detected_threats &&
+    (context.detected_threats.contains("secret_exposure") ||
+     context.detected_threats.contains("credential_leak") ||
+     context.detected_threats.contains("api_key_exposure"))
+};
+
+// Block AI responses when session has leaked secrets
+@id("sentry-org-session-secrets-response")
+@name("Block responses after secret detection")
+@description("Block AI responses when secrets were detected earlier in the session. If credentials were leaked in a previous turn, the AI service may have processed them and could echo or reference them in responses.")
+@severity("high")
+@tags("session,secrets,response-safety,defense-in-depth")
+@reject_message("AI response blocked: secrets were detected in an earlier message in this session. Responses may contain or reference the exposed credentials.")
+forbid (
+    principal,
+    action == Sentry::Action::"receive_response",
+    resource
+)
+when {
+    context has session_secrets_detected && context.session_secrets_detected
+};

package/_schemas/sentry/templates/templates.json

@@ -3,6 +3,11 @@
   "version": "1.0.0",
   "description": "Sentry policy templates for browser AI security",
   "categories": [
+    {
+      "id": "secrets",
+      "name": "Secrets Detection",
+      "description": "Detect and block secrets, API keys, tokens, and other credentials in messages and AI responses"
+    },
     {
       "id": "pii",
       "name": "PII Detection",
@@ -23,10 +28,15 @@
       "name": "File & Attachment Safety",
       "description": "Enforce document sensitivity controls (MIP labels), block sensitive file uploads, detect secrets and PII in uploaded documents"
     },
+    {
+      "id": "clipboard",
+      "name": "Clipboard Policy",
+      "description": "Control paste operations into AI chat services — block paste outright, block when secrets or source code are detected"
+    },
     {
       "id": "organization",
       "name": "Organization Rules",
-      "description": "Organization-wide baselines, AI service allowlists, credential leakage prevention, and source code protection"
+      "description": "Cross-cutting organization-wide rules: source code protection in messages and session-aware threat escalation"
     }
   ],
   "defaults": [
@@ -39,7 +49,9 @@
       "severity": "low",
       "tags": ["baseline", "permit-default", "organization"],
       "is_active": true
-    },
+    }
+  ],
+  "templates": [
     {
       "id": "sentry-semantic-default",
       "name": "Semantic Threat Detection",
@@ -47,8 +59,7 @@
       "category": "semantic",
       "file": "defaults/semantic.cedar",
       "severity": "critical",
-      "tags": ["injection", "jailbreak", "owasp-llm01", "owasp-llm02", "baseline"],
-      "is_active": true
+      "tags": ["injection", "jailbreak", "owasp-llm01", "owasp-llm02", "baseline"]
     },
     {
       "id": "sentry-content-safety-default",
@@ -57,11 +68,17 @@
       "category": "content_safety",
       "file": "defaults/content_safety.cedar",
       "severity": "critical",
-      "tags": ["violence", "hate-speech", "sexual", "profanity", "content-safety", "paste-safety", "baseline"],
-      "is_active": true
-    }
-  ],
-  "templates": [
+      "tags": ["violence", "hate-speech", "sexual", "profanity", "content-safety", "paste-safety", "baseline"]
+    },
+    {
+      "id": "sentry-secrets-default",
+      "name": "Secrets Detection",
+      "description": "Block secrets, API keys, tokens, and credential leakage in messages and AI responses across all interactions",
+      "category": "secrets",
+      "file": "defaults/secrets.cedar",
+      "severity": "critical",
+      "tags": ["secrets", "credentials", "api-keys", "data-protection"]
+    },
     {
       "id": "sentry-pii-default",
       "name": "PII Detection",
@@ -80,14 +97,23 @@
       "severity": "critical",
       "tags": ["mip", "document-sensitivity", "file-upload", "dlp", "compliance"]
     },
+    {
+      "id": "sentry-clipboard-default",
+      "name": "Clipboard Policy",
+      "description": "Control paste into AI chat services: blanket paste blocking, secrets-in-paste blocking, and source-code-in-paste blocking",
+      "category": "clipboard",
+      "file": "defaults/clipboard.cedar",
+      "severity": "high",
+      "tags": ["paste", "clipboard", "data-protection", "source-code", "secrets"]
+    },
     {
       "id": "sentry-organization-default",
       "name": "Organization Rules",
-      "description": "Organization-wide policies: credential leakage prevention, source code protection, and secrets blocking across all interactions",
+      "description": "Cross-cutting organization-wide policies: source code protection in messages and session-aware threat escalation",
       "category": "organization",
       "file": "defaults/organization.cedar",
-      "severity": "critical",
-      "tags": ["secrets", "credentials", "source-code", "data-protection", "organization"]
+      "severity": "high",
+      "tags": ["source-code", "session", "escalation", "organization"]
     }
   ]
 }

package/dist/sentry-defaults.gen.d.ts

@@ -2,7 +2,7 @@
  * Sentry policy category identifiers.
  * Maps to UI tab names in Studio.
  */
-export type SentryCategory = 'pii' | 'semantic' | 'content_safety' | 'file_safety' | 'organization';
+export type SentryCategory = 'secrets' | 'pii' | 'semantic' | 'content_safety' | 'file_safety' | 'clipboard' | 'organization';
 /**
  * Category metadata for UI display.
  */

package/dist/sentry-defaults.gen.js

@@ -433,6 +433,162 @@ when {
     context has hate_speech_score && context.hate_speech_score >= 75
 };
 `;
+const SENTRY_SENTRY_SECRETS_DEFAULT_CEDAR = `// =============================================================================
+// Secrets Detection Policy (Default)
+// =============================================================================
+// Block credential and secret leakage across messages and AI responses.
+// Shield SecretsDetector identifies 18+ secret types via regex.
+//
+// Paste-targeted secret rules live in clipboard.cedar; this file covers
+// non-paste channels (messages, responses, and cross-cutting rules).
+//
+// Category: secrets
+// Namespace: Sentry
+// =============================================================================
+
+// Block messages containing secrets
+@id("sentry-org-block-secrets-messages")
+@name("Block messages with secrets")
+@description("Block messages when detection engines identify API keys, tokens, or credential patterns. First line of defense against accidental credential exposure in AI chat interactions.")
+@severity("critical")
+@tags("secrets,credentials,messages,nist-sc-28,nist-ia-5")
+@reject_message("Your message was blocked because it contains detected secrets such as API keys, tokens, or credentials. Remove all secrets before sending to AI services.")
+forbid (
+    principal,
+    action == Sentry::Action::"send_message",
+    resource
+)
+when {
+    context has contains_secrets && context.contains_secrets
+};
+
+// Block high-risk secret types across all actions
+@id("sentry-org-block-high-risk-secrets")
+@name("Block high-risk credential types")
+@description("Block content containing cloud provider keys (AWS, GCP, Azure), GitHub tokens, SSH private keys, or database connection strings across all actions. These credential types pose the highest exfiltration risk.")
+@severity("critical")
+@tags("secrets,aws,github,ssh,cloud,nist-ia-5,mitre-t1552")
+@reject_message("Content blocked: high-risk credentials detected (cloud keys, GitHub tokens, SSH keys). Use a secrets manager — never share credentials with AI services.")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has secret_types &&
+    (context.secret_types.contains("aws_access_key") ||
+     context.secret_types.contains("aws_secret_key") ||
+     context.secret_types.contains("gcp_service_account") ||
+     context.secret_types.contains("azure_connection_string") ||
+     context.secret_types.contains("github_token") ||
+     context.secret_types.contains("github_fine_grained") ||
+     context.secret_types.contains("private_key"))
+};
+
+// Block API keys and tokens across all actions
+@id("sentry-org-block-api-keys")
+@name("Block API keys and tokens")
+@description("Block content containing generic API keys, JWT tokens, and OAuth credentials. These are the most commonly leaked credential types when users interact with AI services.")
+@severity("high")
+@tags("secrets,api-key,jwt,oauth,nist-ia-5")
+@reject_message("Content blocked: API keys, JWT tokens, or OAuth credentials detected. These must never be shared with AI services.")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has secret_types &&
+    (context.secret_types.contains("generic_api_key") ||
+     context.secret_types.contains("jwt_token") ||
+     context.secret_types.contains("openai_key") ||
+     context.secret_types.contains("anthropic_key") ||
+     context.secret_types.contains("stripe_key"))
+};
+
+// Block SSH key exposure across messages, paste, and file uploads
+@id("sentry-secrets-block-ssh-keys")
+@name("Block SSH key exposure")
+@description("Block when SSH private key content or SSH key file paths are detected. Covers messages, paste, and file uploads. AI chat services must not receive SSH credentials.")
+@severity("critical")
+@tags("secrets,ssh,credentials,nist-ia-5,mitre-t1552")
+@reject_message("Blocked: SSH private key content or key file path detected. AI chat services must not receive SSH credentials.")
+forbid (
+    principal,
+    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content", Sentry::Action::"upload_file"],
+    resource
+)
+when {
+    context has secret_types && context.secret_types.contains("ssh_key")
+};
+
+// Block PEM/certificate key exposure across messages, paste, and file uploads
+@id("sentry-secrets-block-pem-keys")
+@name("Block PEM/certificate key exposure")
+@description("Block when PEM private key content or certificate key file paths (.pem, .key, .p12, .pfx) are detected. AI chat services must not receive certificate credentials.")
+@severity("critical")
+@tags("secrets,certificates,pem,nist-ia-5,mitre-t1552")
+@reject_message("Blocked: PEM private key or certificate key file detected. AI chat services must not receive certificate credentials.")
+forbid (
+    principal,
+    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content", Sentry::Action::"upload_file"],
+    resource
+)
+when {
+    context has secret_types && context.secret_types.contains("pem_certificate")
+};
+
+// Block bulk secret exposure
+@id("sentry-org-block-bulk-secrets")
+@name("Block bulk secret exposure")
+@description("Block content when 3+ distinct secrets are found. Multiple secrets indicate a configuration dump, .env file paste, or credential harvesting being sent to AI services.")
+@severity("critical")
+@tags("secrets,bulk,data-exfiltration,nist-sc-28")
+@reject_message("Content blocked: multiple credentials detected (3+). Configuration dumps and credential lists must never be shared with AI services.")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has secret_count && context.secret_count >= 3
+};
+
+// Block detected credential patterns
+@id("sentry-org-block-detected-credentials")
+@name("Block detected credential patterns")
+@description("Block content flagged by detection engine rules for credential exposure, API key leaks, and token exposure. Defense-in-depth behind contains_secrets.")
+@severity("critical")
+@tags("secrets,credentials,detection-rules,nist-ia-5")
+@reject_message("Content blocked: detection engines identified credential patterns including secret exposure, API keys, or token leaks.")
+forbid (
+    principal,
+    action,
+    resource
+)
+when {
+    context has detected_threats &&
+    (context.detected_threats.contains("secret_exposure") ||
+     context.detected_threats.contains("credential_leak") ||
+     context.detected_threats.contains("api_key_exposure"))
+};
+
+// Block AI responses when session has leaked secrets
+@id("sentry-org-session-secrets-response")
+@name("Block responses after secret detection")
+@description("Block AI responses when secrets were detected earlier in the session. If credentials were leaked in a previous turn, the AI service may have processed them and could echo or reference them in responses.")
+@severity("high")
+@tags("session,secrets,response-safety,defense-in-depth")
+@reject_message("AI response blocked: secrets were detected in an earlier message in this session. Responses may contain or reference the exposed credentials.")
+forbid (
+    principal,
+    action == Sentry::Action::"receive_response",
+    resource
+)
+when {
+    context has session_secrets_detected && context.session_secrets_detected
+};
+`;
 const SENTRY_SENTRY_PII_DEFAULT_CEDAR = `// =============================================================================
 // PII Detection Policy (Default)
 // =============================================================================
@@ -481,38 +637,6 @@ when {
     context has pii_detected && context.pii_detected
 };
 
-// Block pasted content containing PII
-@id("sentry-pii-block-paste")
-@name("Block paste with PII")
-@description("Block paste operations when PII is detected in pasted content. Prevents data leakage when employees paste content from emails, spreadsheets, or documents containing personal data into AI chats.")
-@severity("critical")
-@tags("pii,paste-safety,data-leakage,gdpr-art-32")
-@reject_message("Paste blocked: personally identifiable information detected in pasted content. Remove PII before pasting into AI services.")
-forbid (
-    principal,
-    action == Sentry::Action::"paste_content",
-    resource
-)
-when {
-    context has pii_detected && context.pii_detected
-};
-
-// Block file uploads containing PII
-@id("sentry-pii-block-uploads")
-@name("Block file uploads with PII")
-@description("Block file uploads when PII is detected in document content. Prevents sharing of documents containing personal data (customer lists, HR records, medical files) with AI services.")
-@severity("critical")
-@tags("pii,file-upload,data-protection,gdpr-art-32")
-@reject_message("File upload blocked: personally identifiable information detected in the document. Files containing PII must not be shared with AI services.")
-forbid (
-    principal,
-    action == Sentry::Action::"upload_file",
-    resource
-)
-when {
-    context has pii_detected && context.pii_detected
-};
-
 // ---------------------------------------------------------------------------
 // Section 2: Granular PII Type Blocking
 // Blocks specific PII types based on regulatory requirements.
@@ -762,20 +886,20 @@ when {
     context has contains_secrets && context.contains_secrets
 };
 
-// Block files with bulk PII
-@id("sentry-file-block-bulk-pii")
-@name("Block files with bulk PII")
-@description("Block file uploads containing 3 or more PII matches. Files with bulk PII likely contain customer lists, employee records, or patient data that must not be shared with AI services.")
+// Block file uploads containing PII
+@id("sentry-pii-block-uploads")
+@name("Block file uploads with PII")
+@description("Block file uploads when PII is detected in document content. Prevents sharing of documents containing personal data (customer lists, HR records, medical files) with AI services.")
 @severity("critical")
-@tags("pii,file-upload,bulk,gdpr-art-32")
-@reject_message("Upload blocked: multiple PII items detected in the file (3+). Documents containing bulk personal data must not be shared with AI services.")
+@tags("pii,file-upload,data-protection,gdpr-art-32")
+@reject_message("File upload blocked: personally identifiable information detected in the document. Files containing PII must not be shared with AI services.")
 forbid (
     principal,
     action == Sentry::Action::"upload_file",
     resource
 )
 when {
-    context has pii_count && context.pii_count >= 3
+    context has pii_detected && context.pii_detected
 };
 
 // Block files with phishing links
@@ -838,42 +962,33 @@ when {
     context has code_ratio && context.code_ratio > 80
 };
 `;
-const SENTRY_SENTRY_ORGANIZATION_DEFAULT_CEDAR = `// =============================================================================
-// Organization Rules Policy (Default)
+const SENTRY_SENTRY_CLIPBOARD_DEFAULT_CEDAR = `// =============================================================================
+// Clipboard Policy (Default)
 // =============================================================================
-// Organization-wide security policies for browser AI interactions:
-//   - Credential/secret leakage prevention across all channels
-//   - Source code protection
-//   - Session-aware escalation
+// Controls over paste operations into AI chat services. Covers:
+//   - Blanket paste blocking (admin-configurable)
+//   - Paste-with-secrets blocking
+//   - Paste-with-source-code blocking
 //
-// These rules complement category-specific policies (PII, Content Safety,
-// File Safety) with cross-cutting organizational controls.
+// Cross-cutting secret rules (e.g. high-risk credential types) are defined
+// in secrets.cedar and apply to paste content as well.
 //
-// Category: organization
+// Category: clipboard
 // Namespace: Sentry
 // =============================================================================
 
-// ---------------------------------------------------------------------------
-// Section 1: Credential & Secret Leakage Prevention
-// Block secrets/credentials across messages, pastes, and file uploads.
-// Shield SecretsDetector identifies 18+ secret types via regex.
-// ---------------------------------------------------------------------------
-
-// Block messages containing secrets
-@id("sentry-org-block-secrets-messages")
-@name("Block messages with secrets")
-@description("Block messages when detection engines identify API keys, tokens, or credential patterns. First line of defense against accidental credential exposure in AI chat interactions.")
-@severity("critical")
-@tags("secrets,credentials,messages,nist-sc-28,nist-ia-5")
-@reject_message("Your message was blocked because it contains detected secrets such as API keys, tokens, or credentials. Remove all secrets before sending to AI services.")
+// Block all paste operations
+@id("sentry-org-block-all-paste")
+@name("Block all paste operations")
+@description("Unconditionally block all paste operations into AI chat services. Enable this rule to prevent any content from being pasted into AI chats regardless of content. Disable to allow paste (subject to other policy rules).")
+@severity("high")
+@tags("paste,clipboard,data-protection,organization")
+@reject_message("Paste blocked: your organization does not allow pasting content into AI services. Type your message directly or contact your administrator.")
 forbid (
     principal,
-    action == Sentry::Action::"send_message",
+    action == Sentry::Action::"paste_content",
     resource
-)
-when {
-    context has contains_secrets && context.contains_secrets
-};
+);
 
 // Block pasted content containing secrets
 @id("sentry-org-block-secrets-paste")
@@ -891,88 +1006,58 @@ when {
     context has contains_secrets && context.contains_secrets
 };
 
-// Block high-risk secret types across all actions
-@id("sentry-org-block-high-risk-secrets")
-@name("Block high-risk credential types")
-@description("Block content containing cloud provider keys (AWS, GCP, Azure), GitHub tokens, SSH private keys, or database connection strings across all actions. These credential types pose the highest exfiltration risk.")
+// Block pasted content containing PII
+@id("sentry-pii-block-paste")
+@name("Block paste with PII")
+@description("Block paste operations when PII is detected in pasted content. Prevents data leakage when employees paste content from emails, spreadsheets, or documents containing personal data into AI chats.")
 @severity("critical")
-@tags("secrets,aws,github,ssh,cloud,nist-ia-5,mitre-t1552")
-@reject_message("Content blocked: high-risk credentials detected (cloud keys, GitHub tokens, SSH keys). Use a secrets manager — never share credentials with AI services.")
+@tags("pii,paste-safety,data-leakage,gdpr-art-32")
+@reject_message("Paste blocked: personally identifiable information detected in pasted content. Remove PII before pasting into AI services.")
 forbid (
     principal,
-    action,
+    action == Sentry::Action::"paste_content",
     resource
 )
 when {
-    context has secret_types &&
-    (context.secret_types.contains("aws_access_key") ||
-     context.secret_types.contains("aws_secret_key") ||
-     context.secret_types.contains("gcp_service_account") ||
-     context.secret_types.contains("azure_connection_string") ||
-     context.secret_types.contains("github_token") ||
-     context.secret_types.contains("github_fine_grained") ||
-     context.secret_types.contains("private_key"))
+    context has pii_detected && context.pii_detected
 };
 
-// Block API keys and tokens across all actions
-@id("sentry-org-block-api-keys")
-@name("Block API keys and tokens")
-@description("Block content containing generic API keys, JWT tokens, and OAuth credentials. These are the most commonly leaked credential types when users interact with AI services.")
+// Block pasted source code
+@id("sentry-org-block-code-paste")
+@name("Block pasted source code")
+@description("Block paste operations when content is primarily source code (>80%). Prevents code exfiltration via clipboard from IDEs, terminals, or code repositories into AI chats.")
 @severity("high")
-@tags("secrets,api-key,jwt,oauth,nist-ia-5")
-@reject_message("Content blocked: API keys, JWT tokens, or OAuth credentials detected. These must never be shared with AI services.")
-forbid (
-    principal,
-    action,
-    resource
-)
-when {
-    context has secret_types &&
-    (context.secret_types.contains("generic_api_key") ||
-     context.secret_types.contains("jwt_token") ||
-     context.secret_types.contains("openai_key") ||
-     context.secret_types.contains("anthropic_key") ||
-     context.secret_types.contains("stripe_key"))
-};
-
-// Block bulk secret exposure
-@id("sentry-org-block-bulk-secrets")
-@name("Block bulk secret exposure")
-@description("Block content when 3+ distinct secrets are found. Multiple secrets indicate a configuration dump, .env file paste, or credential harvesting being sent to AI services.")
-@severity("critical")
-@tags("secrets,bulk,data-exfiltration,nist-sc-28")
-@reject_message("Content blocked: multiple credentials detected (3+). Configuration dumps and credential lists must never be shared with AI services.")
-forbid (
-    principal,
-    action,
-    resource
-)
-when {
-    context has secret_count && context.secret_count >= 3
-};
-
-// Block detected credential patterns
-@id("sentry-org-block-detected-credentials")
-@name("Block detected credential patterns")
-@description("Block content flagged by detection engine rules for credential exposure, API key leaks, and token exposure. Defense-in-depth behind contains_secrets.")
-@severity("critical")
-@tags("secrets,credentials,detection-rules,nist-ia-5")
-@reject_message("Content blocked: detection engines identified credential patterns including secret exposure, API keys, or token leaks.")
+@tags("source-code,paste-safety,ip-protection,data-leakage")
+@reject_message("Paste blocked: the content appears to be primarily source code (>80%). Pasting bulk source code into AI services risks intellectual property exposure.")
 forbid (
     principal,
-    action,
+    action == Sentry::Action::"paste_content",
     resource
 )
 when {
-    context has detected_threats &&
-    (context.detected_threats.contains("secret_exposure") ||
-     context.detected_threats.contains("credential_leak") ||
-     context.detected_threats.contains("api_key_exposure"))
+    context has contains_code && context.contains_code &&
+    context has code_ratio && context.code_ratio > 80
 };
+`;
+const SENTRY_SENTRY_ORGANIZATION_DEFAULT_CEDAR = `// =============================================================================
+// Organization Rules Policy (Default)
+// =============================================================================
+// Cross-cutting organization-wide rules that don't fit other categories.
+// Secret/credential rules live in secrets.cedar; paste/clipboard rules live
+// in clipboard.cedar.
+//
+// This template covers:
+//   - Source code protection in messages (non-paste channels)
+//   - Session-aware threat escalation
+//
+// Category: organization
+// Namespace: Sentry
+// =============================================================================
 
 // ---------------------------------------------------------------------------
-// Section 2: Source Code Protection
-// Prevent bulk source code from being shared with AI services.
+// Section 1: Source Code Protection (Messages)
+// Prevent bulk source code from being shared via messages.
+// Paste-targeted code protection is in clipboard.cedar.
 // ---------------------------------------------------------------------------
 
 // Block messages with high code content
@@ -992,25 +1077,8 @@ when {
     context has code_ratio && context.code_ratio > 80
 };
 
-// Block pasted source code
-@id("sentry-org-block-code-paste")
-@name("Block pasted source code")
-@description("Block paste operations when content is primarily source code (>80%). Prevents code exfiltration via clipboard from IDEs, terminals, or code repositories into AI chats.")
-@severity("high")
-@tags("source-code,paste-safety,ip-protection,data-leakage")
-@reject_message("Paste blocked: the content appears to be primarily source code (>80%). Pasting bulk source code into AI services risks intellectual property exposure.")
-forbid (
-    principal,
-    action == Sentry::Action::"paste_content",
-    resource
-)
-when {
-    context has contains_code && context.contains_code &&
-    context has code_ratio && context.code_ratio > 80
-};
-
 // ---------------------------------------------------------------------------
-// Section 3: Session-Aware Escalation
+// Section 2: Session-Aware Escalation
 // Escalate protections when threats are detected across the session.
 // ---------------------------------------------------------------------------
 
@@ -1029,32 +1097,18 @@ forbid (
 when {
     context has session_threat_turns && context.session_threat_turns >= 3
 };
-
-// Block AI responses when session has leaked secrets
-@id("sentry-org-session-secrets-response")
-@name("Block responses after secret detection")
-@description("Block AI responses when secrets were detected earlier in the session. If credentials were leaked in a previous turn, the AI service may have processed them and could echo or reference them in responses.")
-@severity("high")
-@tags("session,secrets,response-safety,defense-in-depth")
-@reject_message("AI response blocked: secrets were detected in an earlier message in this session. Responses may contain or reference the exposed credentials.")
-forbid (
-    principal,
-    action == Sentry::Action::"receive_response",
-    resource
-)
-when {
-    context has session_secrets_detected && context.session_secrets_detected
-};
 `;
 // =============================================================================
 // CATEGORIES
 // =============================================================================
 export const SENTRY_CATEGORIES = [
+    { id: 'secrets', name: 'Secrets Detection', description: 'Detect and block secrets, API keys, tokens, and other credentials in messages and AI responses' },
     { id: 'pii', name: 'PII Detection', description: 'Detect and block personally identifiable information (PII) such as credit card numbers, SSNs, health data, and other sensitive personal data from being shared with AI chat services' },
     { id: 'semantic', name: 'Semantic Threat Detection', description: 'Detect and block prompt injection, jailbreak attempts, and high-severity threats in messages, pasted content, and uploaded files' },
     { id: 'content_safety', name: 'Content Safety', description: 'Detect and block violent, harmful, hateful, sexual, and profane content in AI interactions, including cut-and-paste safety rules' },
     { id: 'file_safety', name: 'File & Attachment Safety', description: 'Enforce document sensitivity controls (MIP labels), block sensitive file uploads, detect secrets and PII in uploaded documents' },
-    { id: 'organization', name: 'Organization Rules', description: 'Organization-wide baselines, AI service allowlists, credential leakage prevention, and source code protection' },
+    { id: 'clipboard', name: 'Clipboard Policy', description: 'Control paste operations into AI chat services — block paste outright, block when secrets or source code are detected' },
+    { id: 'organization', name: 'Organization Rules', description: 'Cross-cutting organization-wide rules: source code protection in messages and session-aware threat escalation' },
 ];
 // =============================================================================
 // DEFAULT POLICIES
@@ -1070,6 +1124,11 @@ export const SENTRY_DEFAULTS = [
         tags: ['baseline', 'permit-default', 'organization'],
         isActive: true,
     },
+];
+// =============================================================================
+// ALL TEMPLATES
+// =============================================================================
+export const SENTRY_TEMPLATES = [
     {
         id: 'sentry-semantic-default',
         name: 'Semantic Threat Detection',
@@ -1078,7 +1137,6 @@ export const SENTRY_DEFAULTS = [
         cedarText: SENTRY_SENTRY_SEMANTIC_DEFAULT_CEDAR,
         severity: 'critical',
         tags: ['injection', 'jailbreak', 'owasp-llm01', 'owasp-llm02', 'baseline'],
-        isActive: true,
     },
     {
         id: 'sentry-content-safety-default',
@@ -1088,13 +1146,16 @@ export const SENTRY_DEFAULTS = [
         cedarText: SENTRY_SENTRY_CONTENT_SAFETY_DEFAULT_CEDAR,
         severity: 'critical',
         tags: ['violence', 'hate-speech', 'sexual', 'profanity', 'content-safety', 'paste-safety', 'baseline'],
-        isActive: true,
     },
-];
-// =============================================================================
-// ALL TEMPLATES
-// =============================================================================
-export const SENTRY_TEMPLATES = [
+    {
+        id: 'sentry-secrets-default',
+        name: 'Secrets Detection',
+        description: 'Block secrets, API keys, tokens, and credential leakage in messages and AI responses across all interactions',
+        category: 'secrets',
+        cedarText: SENTRY_SENTRY_SECRETS_DEFAULT_CEDAR,
+        severity: 'critical',
+        tags: ['secrets', 'credentials', 'api-keys', 'data-protection'],
+    },
     {
         id: 'sentry-pii-default',
         name: 'PII Detection',
@@ -1113,14 +1174,23 @@ export const SENTRY_TEMPLATES = [
         severity: 'critical',
         tags: ['mip', 'document-sensitivity', 'file-upload', 'dlp', 'compliance'],
     },
+    {
+        id: 'sentry-clipboard-default',
+        name: 'Clipboard Policy',
+        description: 'Control paste into AI chat services: blanket paste blocking, secrets-in-paste blocking, and source-code-in-paste blocking',
+        category: 'clipboard',
+        cedarText: SENTRY_SENTRY_CLIPBOARD_DEFAULT_CEDAR,
+        severity: 'high',
+        tags: ['paste', 'clipboard', 'data-protection', 'source-code', 'secrets'],
+    },
     {
         id: 'sentry-organization-default',
         name: 'Organization Rules',
-        description: 'Organization-wide policies: credential leakage prevention, source code protection, and secrets blocking across all interactions',
+        description: 'Cross-cutting organization-wide policies: source code protection in messages and session-aware threat escalation',
         category: 'organization',
         cedarText: SENTRY_SENTRY_ORGANIZATION_DEFAULT_CEDAR,
-        severity: 'critical',
-        tags: ['secrets', 'credentials', 'source-code', 'data-protection', 'organization'],
+        severity: 'high',
+        tags: ['source-code', 'session', 'escalation', 'organization'],
     },
 ];
 // =============================================================================
@@ -1132,6 +1202,11 @@ export const SENTRY_TEMPLATES_JSON = `{
   "version": "1.0.0",
   "description": "Sentry policy templates for browser AI security",
   "categories": [
+    {
+      "id": "secrets",
+      "name": "Secrets Detection",
+      "description": "Detect and block secrets, API keys, tokens, and other credentials in messages and AI responses"
+    },
     {
       "id": "pii",
       "name": "PII Detection",
@@ -1152,10 +1227,15 @@ export const SENTRY_TEMPLATES_JSON = `{
       "name": "File & Attachment Safety",
       "description": "Enforce document sensitivity controls (MIP labels), block sensitive file uploads, detect secrets and PII in uploaded documents"
     },
+    {
+      "id": "clipboard",
+      "name": "Clipboard Policy",
+      "description": "Control paste operations into AI chat services — block paste outright, block when secrets or source code are detected"
+    },
     {
       "id": "organization",
       "name": "Organization Rules",
-      "description": "Organization-wide baselines, AI service allowlists, credential leakage prevention, and source code protection"
+      "description": "Cross-cutting organization-wide rules: source code protection in messages and session-aware threat escalation"
     }
   ],
   "defaults": [
@@ -1168,7 +1248,9 @@ export const SENTRY_TEMPLATES_JSON = `{
       "severity": "low",
       "tags": ["baseline", "permit-default", "organization"],
       "is_active": true
-    },
+    }
+  ],
+  "templates": [
     {
       "id": "sentry-semantic-default",
       "name": "Semantic Threat Detection",
@@ -1176,8 +1258,7 @@ export const SENTRY_TEMPLATES_JSON = `{
       "category": "semantic",
       "file": "defaults/semantic.cedar",
       "severity": "critical",
-      "tags": ["injection", "jailbreak", "owasp-llm01", "owasp-llm02", "baseline"],
-      "is_active": true
+      "tags": ["injection", "jailbreak", "owasp-llm01", "owasp-llm02", "baseline"]
     },
     {
       "id": "sentry-content-safety-default",
@@ -1186,11 +1267,17 @@ export const SENTRY_TEMPLATES_JSON = `{
       "category": "content_safety",
       "file": "defaults/content_safety.cedar",
       "severity": "critical",
-      "tags": ["violence", "hate-speech", "sexual", "profanity", "content-safety", "paste-safety", "baseline"],
-      "is_active": true
-    }
-  ],
-  "templates": [
+      "tags": ["violence", "hate-speech", "sexual", "profanity", "content-safety", "paste-safety", "baseline"]
+    },
+    {
+      "id": "sentry-secrets-default",
+      "name": "Secrets Detection",
+      "description": "Block secrets, API keys, tokens, and credential leakage in messages and AI responses across all interactions",
+      "category": "secrets",
+      "file": "defaults/secrets.cedar",
+      "severity": "critical",
+      "tags": ["secrets", "credentials", "api-keys", "data-protection"]
+    },
     {
       "id": "sentry-pii-default",
       "name": "PII Detection",
@@ -1209,14 +1296,23 @@ export const SENTRY_TEMPLATES_JSON = `{
       "severity": "critical",
       "tags": ["mip", "document-sensitivity", "file-upload", "dlp", "compliance"]
     },
+    {
+      "id": "sentry-clipboard-default",
+      "name": "Clipboard Policy",
+      "description": "Control paste into AI chat services: blanket paste blocking, secrets-in-paste blocking, and source-code-in-paste blocking",
+      "category": "clipboard",
+      "file": "defaults/clipboard.cedar",
+      "severity": "high",
+      "tags": ["paste", "clipboard", "data-protection", "source-code", "secrets"]
+    },
     {
       "id": "sentry-organization-default",
       "name": "Organization Rules",
-      "description": "Organization-wide policies: credential leakage prevention, source code protection, and secrets blocking across all interactions",
+      "description": "Cross-cutting organization-wide policies: source code protection in messages and session-aware threat escalation",
       "category": "organization",
       "file": "defaults/organization.cedar",
-      "severity": "critical",
-      "tags": ["secrets", "credentials", "source-code", "data-protection", "organization"]
+      "severity": "high",
+      "tags": ["source-code", "session", "escalation", "organization"]
     }
   ]
 }

package/dist/service-schemas.gen.js

@@ -1941,7 +1941,7 @@ export const GUARDRAILS_CONTEXT = {
                 { "key": "request_id", "type": "string", "required": true, "description": "Unique identifier for this request, useful for audit trails and debugging" },
                 { "key": "timestamp", "type": "number", "required": true, "description": "Unix timestamp in milliseconds when the request was processed" },
                 { "key": "direction", "type": "string", "required": true, "description": "Content flow direction: \'input\' for user prompts, \'output\' for AI responses. Use this to apply different policies to inputs vs outputs (e.g., block PII only in outputs)" },
-                { "key": "content_type", "type": "string", "required": true, "description": "Type of content being analyzed: \'prompt\', \'response\', \'tool_call\', or \'file\'" },
+                { "key": "content_type", "type": "string", "required": true, "description": "Type of content being analyzed: \'prompt\', \'response\', \'tool_call\', \'file\', or \'clipboard\'" },
                 { "key": "detector_count", "type": "number", "required": true, "description": "Number of detectors that were executed for this request" },
                 { "key": "injection_confidence", "type": "number", "required": false, "description": "Combined prompt injection confidence (0-100). MAX of all detector scores (Pulse + DeepContext). Use injection_pulse_score / injection_deep_context_score for individual detector control" },
                 { "key": "jailbreak_confidence", "type": "number", "required": false, "description": "Combined jailbreak detection confidence (0-100). MAX of all detector scores (Pulse + DeepContext). Use jailbreak_pulse_score / jailbreak_deep_context_score for individual detector control" },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@highflame/policy",
-  "version": "2.1.23",
+  "version": "2.1.24",
   "engines": {
     "node": ">=18"
   },