@highflame/policy 2.1.23 → 2.1.25

package/_schemas/ai_gateway/schema.cedarschema

@@ -137,6 +137,20 @@ action call_tool appliesTo {
     suspicious_pattern?: Bool,
     pattern_type?: String,
     sequence_risk?: Long,
+
+    // --- Usage Budget (multi-window, multi-dimension) ---
+    budget_remaining_pct?: Long,
+    budget_exceeded?: Bool,
+    budget_cost_micros_this_turn?: Long,
+    budget_model?: String,
+    budget_tokens_pct_session?: Long,
+    budget_tokens_pct_daily?: Long,
+    budget_tokens_pct_monthly?: Long,
+    budget_cost_pct_daily?: Long,
+    budget_cost_pct_monthly?: Long,
+    budget_exceeded_session?: Bool,
+    budget_exceeded_daily?: Bool,
+    budget_exceeded_monthly?: Bool,
   },
 };
 
@@ -176,6 +190,20 @@ action connect_server appliesTo {
     mcp_server_verified?: Bool,
     mcp_config_risk?: Bool,
     mcp_risk_score?: Long,
+
+    // --- Usage Budget (multi-window, multi-dimension) ---
+    budget_remaining_pct?: Long,
+    budget_exceeded?: Bool,
+    budget_cost_micros_this_turn?: Long,
+    budget_model?: String,
+    budget_tokens_pct_session?: Long,
+    budget_tokens_pct_daily?: Long,
+    budget_tokens_pct_monthly?: Long,
+    budget_cost_pct_daily?: Long,
+    budget_cost_pct_monthly?: Long,
+    budget_exceeded_session?: Bool,
+    budget_exceeded_daily?: Bool,
+    budget_exceeded_monthly?: Bool,
   },
 };
 
@@ -224,6 +252,20 @@ action process_prompt appliesTo {
     // --- LLM-specific ---
     model_name?: String,              // Target model name (e.g., "gpt-4", "claude-3-opus")
     model_provider?: String,          // Provider name (e.g., "openai", "anthropic", "bedrock")
+
+    // --- Usage Budget (multi-window, multi-dimension) ---
+    budget_remaining_pct?: Long,
+    budget_exceeded?: Bool,
+    budget_cost_micros_this_turn?: Long,
+    budget_model?: String,
+    budget_tokens_pct_session?: Long,
+    budget_tokens_pct_daily?: Long,
+    budget_tokens_pct_monthly?: Long,
+    budget_cost_pct_daily?: Long,
+    budget_cost_pct_monthly?: Long,
+    budget_exceeded_session?: Bool,
+    budget_exceeded_daily?: Bool,
+    budget_exceeded_monthly?: Bool,
   },
 };
 
@@ -252,6 +294,20 @@ action read_file appliesTo {
     pii_detected?: Bool,
     pii_types?: Set<String>,
     pii_count?: Long,
+
+    // --- Usage Budget (multi-window, multi-dimension) ---
+    budget_remaining_pct?: Long,
+    budget_exceeded?: Bool,
+    budget_cost_micros_this_turn?: Long,
+    budget_model?: String,
+    budget_tokens_pct_session?: Long,
+    budget_tokens_pct_daily?: Long,
+    budget_tokens_pct_monthly?: Long,
+    budget_cost_pct_daily?: Long,
+    budget_cost_pct_monthly?: Long,
+    budget_exceeded_session?: Bool,
+    budget_exceeded_daily?: Bool,
+    budget_exceeded_monthly?: Bool,
   },
 };
 
@@ -280,6 +336,20 @@ action write_file appliesTo {
     pii_detected?: Bool,
     pii_types?: Set<String>,
     pii_count?: Long,
+
+    // --- Usage Budget (multi-window, multi-dimension) ---
+    budget_remaining_pct?: Long,
+    budget_exceeded?: Bool,
+    budget_cost_micros_this_turn?: Long,
+    budget_model?: String,
+    budget_tokens_pct_session?: Long,
+    budget_tokens_pct_daily?: Long,
+    budget_tokens_pct_monthly?: Long,
+    budget_cost_pct_daily?: Long,
+    budget_cost_pct_monthly?: Long,
+    budget_exceeded_session?: Bool,
+    budget_exceeded_daily?: Bool,
+    budget_exceeded_monthly?: Bool,
   },
 };
 

package/_schemas/guardrails/context.json

@@ -29,7 +29,7 @@
           "key": "content_type",
           "type": "string",
           "required": true,
-          "description": "Type of content being analyzed: 'prompt', 'response', 'tool_call', or 'file'"
+          "description": "Type of content being analyzed: 'prompt', 'response', 'tool_call', 'file', or 'clipboard'"
         },
         {
           "key": "detector_count",

package/_schemas/guardrails/schema.cedarschema

@@ -206,6 +206,22 @@ namespace Guardrails {
         "session_max_secret_score"?: Long,
         "session_cumulative_risk_score"?: Long,
 
+        // Usage Budget — multi-window token & cost enforcement (optional)
+        // Emitted by usage_budget detector. Enforced across session/daily/monthly windows
+        // and user/app/project/account dimensions. Percentages are 0-100.
+        "budget_remaining_pct"?: Long,          // Min remaining % across all windows
+        "budget_exceeded"?: Bool,               // Any window limit exceeded
+        "budget_cost_micros_this_turn"?: Long,  // Cost of this request in microdollars (USD * 1e6)
+        "budget_model"?: String,                // Model name used for cost calculation
+        "budget_tokens_pct_session"?: Long,     // Session token usage % (0-100)
+        "budget_tokens_pct_daily"?: Long,       // Daily token usage % (0-100)
+        "budget_tokens_pct_monthly"?: Long,     // Monthly token usage % (0-100)
+        "budget_cost_pct_daily"?: Long,         // Daily cost usage % (0-100)
+        "budget_cost_pct_monthly"?: Long,       // Monthly cost usage % (0-100)
+        "budget_exceeded_session"?: Bool,       // Session-scoped budget exceeded
+        "budget_exceeded_daily"?: Bool,         // Any daily-scoped budget exceeded
+        "budget_exceeded_monthly"?: Bool,       // Any monthly-scoped budget exceeded
+
         // Agent Identity — authenticated agent principal metadata (optional)
         // Present when the request is made by an AI agent (API key or JWT with agent claims).
         // Empty strings for human user requests. Use these to write agent-specific policies.
@@ -245,9 +261,20 @@ namespace Guardrails {
         "loop_count"?: Long,
         "loop_tool"?: String,
 
-        // Agentic - Budget Control (optional)
-        "budget_remaining_pct"?: Long,   // 0-100
-        "budget_exceeded"?: Bool,
+        // Usage Budget — multi-window token & cost enforcement (optional)
+        // See ProcessPromptContext for full documentation.
+        "budget_remaining_pct"?: Long,          // Min remaining % across all windows
+        "budget_exceeded"?: Bool,               // Any window limit exceeded
+        "budget_cost_micros_this_turn"?: Long,  // Cost of this request in microdollars
+        "budget_model"?: String,
+        "budget_tokens_pct_session"?: Long,
+        "budget_tokens_pct_daily"?: Long,
+        "budget_tokens_pct_monthly"?: Long,
+        "budget_cost_pct_daily"?: Long,
+        "budget_cost_pct_monthly"?: Long,
+        "budget_exceeded_session"?: Bool,
+        "budget_exceeded_daily"?: Bool,
+        "budget_exceeded_monthly"?: Bool,
 
         // Semantic - Topic Classification (optional)
         "content_topics"?: Set<String>,      // ["controlled_substances", "weapons_manufacturing", ...]
@@ -375,6 +402,21 @@ namespace Guardrails {
         "session_max_secret_score"?: Long,
         "session_cumulative_risk_score"?: Long,
 
+        // Usage Budget — multi-window token & cost enforcement (optional)
+        // See ProcessPromptContext for full documentation.
+        "budget_remaining_pct"?: Long,
+        "budget_exceeded"?: Bool,
+        "budget_cost_micros_this_turn"?: Long,
+        "budget_model"?: String,
+        "budget_tokens_pct_session"?: Long,
+        "budget_tokens_pct_daily"?: Long,
+        "budget_tokens_pct_monthly"?: Long,
+        "budget_cost_pct_daily"?: Long,
+        "budget_cost_pct_monthly"?: Long,
+        "budget_exceeded_session"?: Bool,
+        "budget_exceeded_daily"?: Bool,
+        "budget_exceeded_monthly"?: Bool,
+
         // Agent Identity — authenticated agent principal metadata (optional)
         "agent_id"?: String,
         "agent_type"?: String,
@@ -424,6 +466,21 @@ namespace Guardrails {
         "session_max_secret_score"?: Long,
         "session_cumulative_risk_score"?: Long,
 
+        // Usage Budget — multi-window token & cost enforcement (optional)
+        // See ProcessPromptContext for full documentation.
+        "budget_remaining_pct"?: Long,
+        "budget_exceeded"?: Bool,
+        "budget_cost_micros_this_turn"?: Long,
+        "budget_model"?: String,
+        "budget_tokens_pct_session"?: Long,
+        "budget_tokens_pct_daily"?: Long,
+        "budget_tokens_pct_monthly"?: Long,
+        "budget_cost_pct_daily"?: Long,
+        "budget_cost_pct_monthly"?: Long,
+        "budget_exceeded_session"?: Bool,
+        "budget_exceeded_daily"?: Bool,
+        "budget_exceeded_monthly"?: Bool,
+
         // Agent Identity — authenticated agent principal metadata (optional)
         "agent_id"?: String,
         "agent_type"?: String,
@@ -473,6 +530,21 @@ namespace Guardrails {
         "session_max_secret_score"?: Long,
         "session_cumulative_risk_score"?: Long,
 
+        // Usage Budget — multi-window token & cost enforcement (optional)
+        // See ProcessPromptContext for full documentation.
+        "budget_remaining_pct"?: Long,
+        "budget_exceeded"?: Bool,
+        "budget_cost_micros_this_turn"?: Long,
+        "budget_model"?: String,
+        "budget_tokens_pct_session"?: Long,
+        "budget_tokens_pct_daily"?: Long,
+        "budget_tokens_pct_monthly"?: Long,
+        "budget_cost_pct_daily"?: Long,
+        "budget_cost_pct_monthly"?: Long,
+        "budget_exceeded_session"?: Bool,
+        "budget_exceeded_daily"?: Bool,
+        "budget_exceeded_monthly"?: Bool,
+
         // Agent Identity — authenticated agent principal metadata (optional)
         "agent_id"?: String,
         "agent_type"?: String,

package/_schemas/mcp_gateway/schema.cedarschema

@@ -137,6 +137,20 @@ action call_tool appliesTo {
     suspicious_pattern?: Bool,
     pattern_type?: String,
     sequence_risk?: Long,
+
+    // --- Usage Budget (multi-window, multi-dimension) ---
+    budget_remaining_pct?: Long,
+    budget_exceeded?: Bool,
+    budget_cost_micros_this_turn?: Long,
+    budget_model?: String,
+    budget_tokens_pct_session?: Long,
+    budget_tokens_pct_daily?: Long,
+    budget_tokens_pct_monthly?: Long,
+    budget_cost_pct_daily?: Long,
+    budget_cost_pct_monthly?: Long,
+    budget_exceeded_session?: Bool,
+    budget_exceeded_daily?: Bool,
+    budget_exceeded_monthly?: Bool,
   },
 };
 
@@ -166,6 +180,20 @@ action connect_server appliesTo {
     mcp_server_verified?: Bool,
     mcp_config_risk?: Bool,
     mcp_risk_score?: Long,
+
+    // --- Usage Budget (multi-window, multi-dimension) ---
+    budget_remaining_pct?: Long,
+    budget_exceeded?: Bool,
+    budget_cost_micros_this_turn?: Long,
+    budget_model?: String,
+    budget_tokens_pct_session?: Long,
+    budget_tokens_pct_daily?: Long,
+    budget_tokens_pct_monthly?: Long,
+    budget_cost_pct_daily?: Long,
+    budget_cost_pct_monthly?: Long,
+    budget_exceeded_session?: Bool,
+    budget_exceeded_daily?: Bool,
+    budget_exceeded_monthly?: Bool,
   },
 };
 
@@ -210,6 +238,20 @@ action process_prompt appliesTo {
     // --- Encoding ---
     contains_invisible_chars?: Bool,
     invisible_chars_score?: Long,
+
+    // --- Usage Budget (multi-window, multi-dimension) ---
+    budget_remaining_pct?: Long,
+    budget_exceeded?: Bool,
+    budget_cost_micros_this_turn?: Long,
+    budget_model?: String,
+    budget_tokens_pct_session?: Long,
+    budget_tokens_pct_daily?: Long,
+    budget_tokens_pct_monthly?: Long,
+    budget_cost_pct_daily?: Long,
+    budget_cost_pct_monthly?: Long,
+    budget_exceeded_session?: Bool,
+    budget_exceeded_daily?: Bool,
+    budget_exceeded_monthly?: Bool,
   },
 };
 
@@ -238,6 +280,20 @@ action read_file appliesTo {
     pii_detected?: Bool,
     pii_types?: Set<String>,
     pii_count?: Long,
+
+    // --- Usage Budget (multi-window, multi-dimension) ---
+    budget_remaining_pct?: Long,
+    budget_exceeded?: Bool,
+    budget_cost_micros_this_turn?: Long,
+    budget_model?: String,
+    budget_tokens_pct_session?: Long,
+    budget_tokens_pct_daily?: Long,
+    budget_tokens_pct_monthly?: Long,
+    budget_cost_pct_daily?: Long,
+    budget_cost_pct_monthly?: Long,
+    budget_exceeded_session?: Bool,
+    budget_exceeded_daily?: Bool,
+    budget_exceeded_monthly?: Bool,
   },
 };
 
@@ -266,6 +322,20 @@ action write_file appliesTo {
     pii_detected?: Bool,
     pii_types?: Set<String>,
     pii_count?: Long,
+
+    // --- Usage Budget (multi-window, multi-dimension) ---
+    budget_remaining_pct?: Long,
+    budget_exceeded?: Bool,
+    budget_cost_micros_this_turn?: Long,
+    budget_model?: String,
+    budget_tokens_pct_session?: Long,
+    budget_tokens_pct_daily?: Long,
+    budget_tokens_pct_monthly?: Long,
+    budget_cost_pct_daily?: Long,
+    budget_cost_pct_monthly?: Long,
+    budget_exceeded_session?: Bool,
+    budget_exceeded_daily?: Bool,
+    budget_exceeded_monthly?: Bool,
   },
 };
 

package/_schemas/sentry/templates/defaults/clipboard.cedar

@@ -0,0 +1,76 @@
+// =============================================================================
+// Clipboard Policy (Default)
+// =============================================================================
+// Controls over paste operations into AI chat services. Covers:
+//   - Blanket paste blocking (admin-configurable)
+//   - Paste-with-secrets blocking
+//   - Paste-with-source-code blocking
+//
+// Cross-cutting secret rules (e.g. high-risk credential types) are defined
+// in secrets.cedar and apply to paste content as well.
+//
+// Category: clipboard
+// Namespace: Sentry
+// =============================================================================
+
+// Block all paste operations
+@id("sentry-org-block-all-paste")
+@name("Block all paste operations")
+@description("Unconditionally block all paste operations into AI chat services. Enable this rule to prevent any content from being pasted into AI chats regardless of content. Disable to allow paste (subject to other policy rules).")
+@severity("high")
+@tags("paste,clipboard,data-protection,organization")
+@reject_message("Paste blocked: your organization does not allow pasting content into AI services. Type your message directly or contact your administrator.")
+forbid (
+    principal,
+    action == Sentry::Action::"paste_content",
+    resource
+);
+
+// Block pasted content containing secrets
+@id("sentry-org-block-secrets-paste")
+@name("Block paste with secrets")
+@description("Block paste operations when secrets are detected. Prevents credential leakage when users paste from terminals, config files, or code editors into AI chats.")
+@severity("critical")
+@tags("secrets,paste-safety,credentials,nist-sc-28")
+@reject_message("Paste blocked: secrets or credentials detected in pasted content. Remove API keys, tokens, and passwords before pasting into AI services.")
+forbid (
+    principal,
+    action == Sentry::Action::"paste_content",
+    resource
+)
+when {
+    context has contains_secrets && context.contains_secrets
+};
+
+// Block pasted content containing PII
+@id("sentry-pii-block-paste")
+@name("Block paste with PII")
+@description("Block paste operations when PII is detected in pasted content. Prevents data leakage when employees paste content from emails, spreadsheets, or documents containing personal data into AI chats.")
+@severity("critical")
+@tags("pii,paste-safety,data-leakage,gdpr-art-32")
+@reject_message("Paste blocked: personally identifiable information detected in pasted content. Remove PII before pasting into AI services.")
+forbid (
+    principal,
+    action == Sentry::Action::"paste_content",
+    resource
+)
+when {
+    context has pii_detected && context.pii_detected
+};
+
+// Block pasted source code
+@id("sentry-org-block-code-paste")
+@name("Block pasted source code")
+@description("Block paste operations when content is primarily source code (>80%). Prevents code exfiltration via clipboard from IDEs, terminals, or code repositories into AI chats.")
+@severity("high")
+@tags("source-code,paste-safety,ip-protection,data-leakage")
+@reject_message("Paste blocked: the content appears to be primarily source code (>80%). Pasting bulk source code into AI services risks intellectual property exposure.")
+forbid (
+    principal,
+    action == Sentry::Action::"paste_content",
+    resource
+)
+when {
+    context has contains_code && context.contains_code &&
+    context has code_ratio && context.code_ratio > 80
+};

package/_schemas/sentry/templates/defaults/file_safety.cedar

@@ -97,20 +97,20 @@ when {
     context has contains_secrets && context.contains_secrets
 };
 
-// Block files with bulk PII
-@id("sentry-file-block-bulk-pii")
-@name("Block files with bulk PII")
-@description("Block file uploads containing 3 or more PII matches. Files with bulk PII likely contain customer lists, employee records, or patient data that must not be shared with AI services.")
+// Block file uploads containing PII
+@id("sentry-pii-block-uploads")
+@name("Block file uploads with PII")
+@description("Block file uploads when PII is detected in document content. Prevents sharing of documents containing personal data (customer lists, HR records, medical files) with AI services.")
 @severity("critical")
-@tags("pii,file-upload,bulk,gdpr-art-32")
-@reject_message("Upload blocked: multiple PII items detected in the file (3+). Documents containing bulk personal data must not be shared with AI services.")
+@tags("pii,file-upload,data-protection,gdpr-art-32")
+@reject_message("File upload blocked: personally identifiable information detected in the document. Files containing PII must not be shared with AI services.")
 forbid (
     principal,
     action == Sentry::Action::"upload_file",
     resource
 )
 when {
-    context has pii_count && context.pii_count >= 3
+    context has pii_detected && context.pii_detected
 };
 
 // Block files with phishing links

package/_schemas/sentry/templates/defaults/organization.cedar

@@ -1,138 +1,22 @@
 // =============================================================================
 // Organization Rules Policy (Default)
 // =============================================================================
-// Organization-wide security policies for browser AI interactions:
-//   - Credential/secret leakage prevention across all channels
-//   - Source code protection
-//   - Session-aware escalation
+// Cross-cutting organization-wide rules that don't fit other categories.
+// Secret/credential rules live in secrets.cedar; paste/clipboard rules live
+// in clipboard.cedar.
 //
-// These rules complement category-specific policies (PII, Content Safety,
-// File Safety) with cross-cutting organizational controls.
+// This template covers:
+//   - Source code protection in messages (non-paste channels)
+//   - Session-aware threat escalation
 //
 // Category: organization
 // Namespace: Sentry
 // =============================================================================
 
 // ---------------------------------------------------------------------------
-// Section 1: Credential & Secret Leakage Prevention
-// Block secrets/credentials across messages, pastes, and file uploads.
-// Shield SecretsDetector identifies 18+ secret types via regex.
-// ---------------------------------------------------------------------------
-
-// Block messages containing secrets
-@id("sentry-org-block-secrets-messages")
-@name("Block messages with secrets")
-@description("Block messages when detection engines identify API keys, tokens, or credential patterns. First line of defense against accidental credential exposure in AI chat interactions.")
-@severity("critical")
-@tags("secrets,credentials,messages,nist-sc-28,nist-ia-5")
-@reject_message("Your message was blocked because it contains detected secrets such as API keys, tokens, or credentials. Remove all secrets before sending to AI services.")
-forbid (
-    principal,
-    action == Sentry::Action::"send_message",
-    resource
-)
-when {
-    context has contains_secrets && context.contains_secrets
-};
-
-// Block pasted content containing secrets
-@id("sentry-org-block-secrets-paste")
-@name("Block paste with secrets")
-@description("Block paste operations when secrets are detected. Prevents credential leakage when users paste from terminals, config files, or code editors into AI chats.")
-@severity("critical")
-@tags("secrets,paste-safety,credentials,nist-sc-28")
-@reject_message("Paste blocked: secrets or credentials detected in pasted content. Remove API keys, tokens, and passwords before pasting into AI services.")
-forbid (
-    principal,
-    action == Sentry::Action::"paste_content",
-    resource
-)
-when {
-    context has contains_secrets && context.contains_secrets
-};
-
-// Block high-risk secret types across all actions
-@id("sentry-org-block-high-risk-secrets")
-@name("Block high-risk credential types")
-@description("Block content containing cloud provider keys (AWS, GCP, Azure), GitHub tokens, SSH private keys, or database connection strings across all actions. These credential types pose the highest exfiltration risk.")
-@severity("critical")
-@tags("secrets,aws,github,ssh,cloud,nist-ia-5,mitre-t1552")
-@reject_message("Content blocked: high-risk credentials detected (cloud keys, GitHub tokens, SSH keys). Use a secrets manager — never share credentials with AI services.")
-forbid (
-    principal,
-    action,
-    resource
-)
-when {
-    context has secret_types &&
-    (context.secret_types.contains("aws_access_key") ||
-     context.secret_types.contains("aws_secret_key") ||
-     context.secret_types.contains("gcp_service_account") ||
-     context.secret_types.contains("azure_connection_string") ||
-     context.secret_types.contains("github_token") ||
-     context.secret_types.contains("github_fine_grained") ||
-     context.secret_types.contains("private_key"))
-};
-
-// Block API keys and tokens across all actions
-@id("sentry-org-block-api-keys")
-@name("Block API keys and tokens")
-@description("Block content containing generic API keys, JWT tokens, and OAuth credentials. These are the most commonly leaked credential types when users interact with AI services.")
-@severity("high")
-@tags("secrets,api-key,jwt,oauth,nist-ia-5")
-@reject_message("Content blocked: API keys, JWT tokens, or OAuth credentials detected. These must never be shared with AI services.")
-forbid (
-    principal,
-    action,
-    resource
-)
-when {
-    context has secret_types &&
-    (context.secret_types.contains("generic_api_key") ||
-     context.secret_types.contains("jwt_token") ||
-     context.secret_types.contains("openai_key") ||
-     context.secret_types.contains("anthropic_key") ||
-     context.secret_types.contains("stripe_key"))
-};
-
-// Block bulk secret exposure
-@id("sentry-org-block-bulk-secrets")
-@name("Block bulk secret exposure")
-@description("Block content when 3+ distinct secrets are found. Multiple secrets indicate a configuration dump, .env file paste, or credential harvesting being sent to AI services.")
-@severity("critical")
-@tags("secrets,bulk,data-exfiltration,nist-sc-28")
-@reject_message("Content blocked: multiple credentials detected (3+). Configuration dumps and credential lists must never be shared with AI services.")
-forbid (
-    principal,
-    action,
-    resource
-)
-when {
-    context has secret_count && context.secret_count >= 3
-};
-
-// Block detected credential patterns
-@id("sentry-org-block-detected-credentials")
-@name("Block detected credential patterns")
-@description("Block content flagged by detection engine rules for credential exposure, API key leaks, and token exposure. Defense-in-depth behind contains_secrets.")
-@severity("critical")
-@tags("secrets,credentials,detection-rules,nist-ia-5")
-@reject_message("Content blocked: detection engines identified credential patterns including secret exposure, API keys, or token leaks.")
-forbid (
-    principal,
-    action,
-    resource
-)
-when {
-    context has detected_threats &&
-    (context.detected_threats.contains("secret_exposure") ||
-     context.detected_threats.contains("credential_leak") ||
-     context.detected_threats.contains("api_key_exposure"))
-};
-
-// ---------------------------------------------------------------------------
-// Section 2: Source Code Protection
-// Prevent bulk source code from being shared with AI services.
+// Section 1: Source Code Protection (Messages)
+// Prevent bulk source code from being shared via messages.
+// Paste-targeted code protection is in clipboard.cedar.
 // ---------------------------------------------------------------------------
 
 // Block messages with high code content
@@ -152,25 +36,8 @@ when {
     context has code_ratio && context.code_ratio > 80
 };
 
-// Block pasted source code
-@id("sentry-org-block-code-paste")
-@name("Block pasted source code")
-@description("Block paste operations when content is primarily source code (>80%). Prevents code exfiltration via clipboard from IDEs, terminals, or code repositories into AI chats.")
-@severity("high")
-@tags("source-code,paste-safety,ip-protection,data-leakage")
-@reject_message("Paste blocked: the content appears to be primarily source code (>80%). Pasting bulk source code into AI services risks intellectual property exposure.")
-forbid (
-    principal,
-    action == Sentry::Action::"paste_content",
-    resource
-)
-when {
-    context has contains_code && context.contains_code &&
-    context has code_ratio && context.code_ratio > 80
-};
-
 // ---------------------------------------------------------------------------
-// Section 3: Session-Aware Escalation
+// Section 2: Session-Aware Escalation
 // Escalate protections when threats are detected across the session.
 // ---------------------------------------------------------------------------
 
@@ -189,19 +56,3 @@ forbid (
 when {
     context has session_threat_turns && context.session_threat_turns >= 3
 };
-
-// Block AI responses when session has leaked secrets
-@id("sentry-org-session-secrets-response")
-@name("Block responses after secret detection")
-@description("Block AI responses when secrets were detected earlier in the session. If credentials were leaked in a previous turn, the AI service may have processed them and could echo or reference them in responses.")
-@severity("high")
-@tags("session,secrets,response-safety,defense-in-depth")
-@reject_message("AI response blocked: secrets were detected in an earlier message in this session. Responses may contain or reference the exposed credentials.")
-forbid (
-    principal,
-    action == Sentry::Action::"receive_response",
-    resource
-)
-when {
-    context has session_secrets_detected && context.session_secrets_detected
-};

package/_schemas/sentry/templates/defaults/pii.cedar

@@ -46,38 +46,6 @@ when {
     context has pii_detected && context.pii_detected
 };
 
-// Block pasted content containing PII
-@id("sentry-pii-block-paste")
-@name("Block paste with PII")
-@description("Block paste operations when PII is detected in pasted content. Prevents data leakage when employees paste content from emails, spreadsheets, or documents containing personal data into AI chats.")
-@severity("critical")
-@tags("pii,paste-safety,data-leakage,gdpr-art-32")
-@reject_message("Paste blocked: personally identifiable information detected in pasted content. Remove PII before pasting into AI services.")
-forbid (
-    principal,
-    action == Sentry::Action::"paste_content",
-    resource
-)
-when {
-    context has pii_detected && context.pii_detected
-};
-
-// Block file uploads containing PII
-@id("sentry-pii-block-uploads")
-@name("Block file uploads with PII")
-@description("Block file uploads when PII is detected in document content. Prevents sharing of documents containing personal data (customer lists, HR records, medical files) with AI services.")
-@severity("critical")
-@tags("pii,file-upload,data-protection,gdpr-art-32")
-@reject_message("File upload blocked: personally identifiable information detected in the document. Files containing PII must not be shared with AI services.")
-forbid (
-    principal,
-    action == Sentry::Action::"upload_file",
-    resource
-)
-when {
-    context has pii_detected && context.pii_detected
-};
-
 // ---------------------------------------------------------------------------
 // Section 2: Granular PII Type Blocking
 // Blocks specific PII types based on regulatory requirements.