@highflame/policy 2.1.3 → 2.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/_schemas/guardrails/context.json +37 -73
- package/_schemas/overwatch/context.json +211 -1
- package/_schemas/palisade/context.json +1 -1
- package/_schemas/sentry/context.json +1165 -0
- package/_schemas/sentry/schema.cedarschema +388 -0
- package/_schemas/sentry/templates/defaults/baseline.cedar +24 -0
- package/_schemas/sentry/templates/defaults/content_safety.cedar +232 -0
- package/_schemas/sentry/templates/defaults/file_safety.cedar +174 -0
- package/_schemas/sentry/templates/defaults/organization.cedar +207 -0
- package/_schemas/sentry/templates/defaults/pii.cedar +229 -0
- package/_schemas/sentry/templates/defaults/semantic.cedar +167 -0
- package/_schemas/sentry/templates/templates.json +93 -0
- package/dist/builder.d.ts +32 -0
- package/dist/builder.js +6 -6
- package/dist/condition-groups.d.ts +69 -0
- package/dist/condition-groups.js +305 -0
- package/dist/index.d.ts +6 -1
- package/dist/index.js +6 -1
- package/dist/overwatch-context.gen.d.ts +7 -0
- package/dist/overwatch-context.gen.js +7 -0
- package/dist/sentry-context.gen.d.ts +76 -0
- package/dist/sentry-context.gen.js +77 -0
- package/dist/sentry-defaults.gen.d.ts +61 -0
- package/dist/sentry-defaults.gen.js +1235 -0
- package/dist/sentry-entities.gen.d.ts +11 -0
- package/dist/sentry-entities.gen.js +33 -0
- package/dist/service-schemas.gen.d.ts +10 -0
- package/dist/service-schemas.gen.js +659 -6
- package/dist/types.d.ts +6 -1
- package/dist/types.js +6 -1
- package/package.json +1 -1
|
@@ -41,15 +41,13 @@
|
|
|
41
41
|
"key": "injection_score",
|
|
42
42
|
"type": "number",
|
|
43
43
|
"required": false,
|
|
44
|
-
"description": "ML-based confidence score for prompt injection attacks (0-100). Higher scores indicate higher confidence. Typical threshold: >85 for high-confidence blocks"
|
|
45
|
-
"range": "0-100"
|
|
44
|
+
"description": "ML-based confidence score for prompt injection attacks (0-100). Higher scores indicate higher confidence. Typical threshold: >85 for high-confidence blocks"
|
|
46
45
|
},
|
|
47
46
|
{
|
|
48
47
|
"key": "jailbreak_score",
|
|
49
48
|
"type": "number",
|
|
50
49
|
"required": false,
|
|
51
|
-
"description": "ML-based confidence score for jailbreak attempts (0-100). Detects attempts to bypass safety guardrails. Typical threshold: >80 for blocks"
|
|
52
|
-
"range": "0-100"
|
|
50
|
+
"description": "ML-based confidence score for jailbreak attempts (0-100). Detects attempts to bypass safety guardrails. Typical threshold: >80 for blocks"
|
|
53
51
|
},
|
|
54
52
|
{
|
|
55
53
|
"key": "injection_type",
|
|
@@ -97,43 +95,37 @@
|
|
|
97
95
|
"key": "violence_score",
|
|
98
96
|
"type": "number",
|
|
99
97
|
"required": false,
|
|
100
|
-
"description": "ML-based score for violent content references (0-100). Typical threshold: >90 for critical blocks, >60 for warnings"
|
|
101
|
-
"range": "0-100"
|
|
98
|
+
"description": "ML-based score for violent content references (0-100). Typical threshold: >90 for critical blocks, >60 for warnings"
|
|
102
99
|
},
|
|
103
100
|
{
|
|
104
101
|
"key": "hate_speech_score",
|
|
105
102
|
"type": "number",
|
|
106
103
|
"required": false,
|
|
107
|
-
"description": "ML-based score for hate speech, discriminatory language, or targeted harassment (0-100). Typical threshold: >75 for blocks"
|
|
108
|
-
"range": "0-100"
|
|
104
|
+
"description": "ML-based score for hate speech, discriminatory language, or targeted harassment (0-100). Typical threshold: >75 for blocks"
|
|
109
105
|
},
|
|
110
106
|
{
|
|
111
107
|
"key": "sexual_score",
|
|
112
108
|
"type": "number",
|
|
113
109
|
"required": false,
|
|
114
|
-
"description": "ML-based score for sexual or adult content (0-100). Adjust thresholds based on your application's audience"
|
|
115
|
-
"range": "0-100"
|
|
110
|
+
"description": "ML-based score for sexual or adult content (0-100). Adjust thresholds based on your application's audience"
|
|
116
111
|
},
|
|
117
112
|
{
|
|
118
113
|
"key": "weapons_score",
|
|
119
114
|
"type": "number",
|
|
120
115
|
"required": false,
|
|
121
|
-
"description": "ML-based score for weapons references or violent imagery (0-100)"
|
|
122
|
-
"range": "0-100"
|
|
116
|
+
"description": "ML-based score for weapons references or violent imagery (0-100)"
|
|
123
117
|
},
|
|
124
118
|
{
|
|
125
119
|
"key": "crime_score",
|
|
126
120
|
"type": "number",
|
|
127
121
|
"required": false,
|
|
128
|
-
"description": "ML-based score for criminal activity discussions (0-100)"
|
|
129
|
-
"range": "0-100"
|
|
122
|
+
"description": "ML-based score for criminal activity discussions (0-100)"
|
|
130
123
|
},
|
|
131
124
|
{
|
|
132
125
|
"key": "profanity_score",
|
|
133
126
|
"type": "number",
|
|
134
127
|
"required": false,
|
|
135
|
-
"description": "ML-based score for profanity and vulgar language (0-100)"
|
|
136
|
-
"range": "0-100"
|
|
128
|
+
"description": "ML-based score for profanity and vulgar language (0-100)"
|
|
137
129
|
},
|
|
138
130
|
{
|
|
139
131
|
"key": "content_topics",
|
|
@@ -145,8 +137,7 @@
|
|
|
145
137
|
"key": "topic_confidence",
|
|
146
138
|
"type": "number",
|
|
147
139
|
"required": false,
|
|
148
|
-
"description": "Confidence score from topic classifier (0-100). Use with content_topics to tune sensitivity — higher thresholds reduce false positives"
|
|
149
|
-
"range": "0-100"
|
|
140
|
+
"description": "Confidence score from topic classifier (0-100). Use with content_topics to tune sensitivity — higher thresholds reduce false positives"
|
|
150
141
|
},
|
|
151
142
|
{
|
|
152
143
|
"key": "contains_invisible_chars",
|
|
@@ -158,8 +149,7 @@
|
|
|
158
149
|
"key": "invisible_chars_score",
|
|
159
150
|
"type": "number",
|
|
160
151
|
"required": false,
|
|
161
|
-
"description": "Density score for invisible characters in the content (0-100). Higher scores indicate more invisible characters, suggesting evasion attempts"
|
|
162
|
-
"range": "0-100"
|
|
152
|
+
"description": "Density score for invisible characters in the content (0-100). Higher scores indicate more invisible characters, suggesting evasion attempts"
|
|
163
153
|
},
|
|
164
154
|
{
|
|
165
155
|
"key": "command_injection_detected",
|
|
@@ -177,8 +167,7 @@
|
|
|
177
167
|
"key": "command_injection_score",
|
|
178
168
|
"type": "number",
|
|
179
169
|
"required": false,
|
|
180
|
-
"description": "Confidence score for command injection detection (0-100). Higher scores indicate stronger pattern matches"
|
|
181
|
-
"range": "0-100"
|
|
170
|
+
"description": "Confidence score for command injection detection (0-100). Higher scores indicate stronger pattern matches"
|
|
182
171
|
},
|
|
183
172
|
{
|
|
184
173
|
"key": "path_traversal_detected",
|
|
@@ -214,8 +203,7 @@
|
|
|
214
203
|
"key": "sql_injection_score",
|
|
215
204
|
"type": "number",
|
|
216
205
|
"required": false,
|
|
217
|
-
"description": "Confidence score for SQL injection detection (0-100). Typical threshold: >=75 for blocks"
|
|
218
|
-
"range": "0-100"
|
|
206
|
+
"description": "Confidence score for SQL injection detection (0-100). Typical threshold: >=75 for blocks"
|
|
219
207
|
},
|
|
220
208
|
{
|
|
221
209
|
"key": "cross_origin_detected",
|
|
@@ -233,8 +221,7 @@
|
|
|
233
221
|
"key": "cross_origin_score",
|
|
234
222
|
"type": "number",
|
|
235
223
|
"required": false,
|
|
236
|
-
"description": "Risk score for cross-origin escalation (0-100). Higher scores indicate more suspicious cross-boundary activity"
|
|
237
|
-
"range": "0-100"
|
|
224
|
+
"description": "Risk score for cross-origin escalation (0-100). Higher scores indicate more suspicious cross-boundary activity"
|
|
238
225
|
},
|
|
239
226
|
{
|
|
240
227
|
"key": "encoded_content_detected",
|
|
@@ -258,8 +245,7 @@
|
|
|
258
245
|
"key": "encoded_score",
|
|
259
246
|
"type": "number",
|
|
260
247
|
"required": false,
|
|
261
|
-
"description": "Risk score for encoded injection attempts (0-100). Considers encoding density and decoded content patterns"
|
|
262
|
-
"range": "0-100"
|
|
248
|
+
"description": "Risk score for encoded injection attempts (0-100). Considers encoding density and decoded content patterns"
|
|
263
249
|
},
|
|
264
250
|
{
|
|
265
251
|
"key": "detected_language",
|
|
@@ -277,8 +263,7 @@
|
|
|
277
263
|
"key": "language_confidence",
|
|
278
264
|
"type": "number",
|
|
279
265
|
"required": false,
|
|
280
|
-
"description": "Confidence score for language detection (0-100). Use with detected_language to tune sensitivity"
|
|
281
|
-
"range": "0-100"
|
|
266
|
+
"description": "Confidence score for language detection (0-100). Use with detected_language to tune sensitivity"
|
|
282
267
|
},
|
|
283
268
|
{
|
|
284
269
|
"key": "detected_script",
|
|
@@ -296,29 +281,25 @@
|
|
|
296
281
|
"key": "script_confidence",
|
|
297
282
|
"type": "number",
|
|
298
283
|
"required": false,
|
|
299
|
-
"description": "Confidence score for script detection (0-100)"
|
|
300
|
-
"range": "0-100"
|
|
284
|
+
"description": "Confidence score for script detection (0-100)"
|
|
301
285
|
},
|
|
302
286
|
{
|
|
303
287
|
"key": "hallucination_score",
|
|
304
288
|
"type": "number",
|
|
305
289
|
"required": false,
|
|
306
|
-
"description": "ML-based score for hallucinated or fabricated content (0-100). Higher scores indicate higher likelihood of non-factual claims"
|
|
307
|
-
"range": "0-100"
|
|
290
|
+
"description": "ML-based score for hallucinated or fabricated content (0-100). Higher scores indicate higher likelihood of non-factual claims"
|
|
308
291
|
},
|
|
309
292
|
{
|
|
310
293
|
"key": "factuality_score",
|
|
311
294
|
"type": "number",
|
|
312
295
|
"required": false,
|
|
313
|
-
"description": "ML-based factuality assessment score (0-100). Higher scores indicate more factually grounded content"
|
|
314
|
-
"range": "0-100"
|
|
296
|
+
"description": "ML-based factuality assessment score (0-100). Higher scores indicate more factually grounded content"
|
|
315
297
|
},
|
|
316
298
|
{
|
|
317
299
|
"key": "sentiment_score",
|
|
318
300
|
"type": "number",
|
|
319
301
|
"required": false,
|
|
320
|
-
"description": "Sentiment analysis score. Use to detect overly negative or manipulative tone in prompts or responses"
|
|
321
|
-
"range": "0-100"
|
|
302
|
+
"description": "Sentiment analysis score. Use to detect overly negative or manipulative tone in prompts or responses"
|
|
322
303
|
},
|
|
323
304
|
{
|
|
324
305
|
"key": "contains_code",
|
|
@@ -336,8 +317,7 @@
|
|
|
336
317
|
"key": "code_ratio",
|
|
337
318
|
"type": "number",
|
|
338
319
|
"required": false,
|
|
339
|
-
"description": "Percentage of content that consists of code (0-100). High values may indicate code dumps or automated content"
|
|
340
|
-
"range": "0-100"
|
|
320
|
+
"description": "Percentage of content that consists of code (0-100). High values may indicate code dumps or automated content"
|
|
341
321
|
},
|
|
342
322
|
{
|
|
343
323
|
"key": "keyword_matched",
|
|
@@ -373,8 +353,7 @@
|
|
|
373
353
|
"key": "content_safety_score",
|
|
374
354
|
"type": "number",
|
|
375
355
|
"required": false,
|
|
376
|
-
"description": "Aggregate content safety score (0-100). Combines multiple safety signals into a single risk indicator"
|
|
377
|
-
"range": "0-100"
|
|
356
|
+
"description": "Aggregate content safety score (0-100). Combines multiple safety signals into a single risk indicator"
|
|
378
357
|
},
|
|
379
358
|
{
|
|
380
359
|
"key": "content_safety_blocked",
|
|
@@ -422,8 +401,7 @@
|
|
|
422
401
|
"key": "tool_risk_score",
|
|
423
402
|
"type": "number",
|
|
424
403
|
"required": false,
|
|
425
|
-
"description": "Computed risk score for this tool call (0-100). Considers tool sensitivity, argument patterns, and MCP verification status. Typical threshold: >85 for dangerous tools"
|
|
426
|
-
"range": "0-100"
|
|
404
|
+
"description": "Computed risk score for this tool call (0-100). Considers tool sensitivity, argument patterns, and MCP verification status. Typical threshold: >85 for dangerous tools"
|
|
427
405
|
},
|
|
428
406
|
{
|
|
429
407
|
"key": "tool_is_sensitive",
|
|
@@ -477,8 +455,7 @@
|
|
|
477
455
|
"key": "sequence_risk",
|
|
478
456
|
"type": "number",
|
|
479
457
|
"required": false,
|
|
480
|
-
"description": "Risk score from action sequence analysis (0-100). Analyzes history of tool calls to detect attack patterns. Typical threshold: >80 for blocks"
|
|
481
|
-
"range": "0-100"
|
|
458
|
+
"description": "Risk score from action sequence analysis (0-100). Analyzes history of tool calls to detect attack patterns. Typical threshold: >80 for blocks"
|
|
482
459
|
},
|
|
483
460
|
{
|
|
484
461
|
"key": "loop_detected",
|
|
@@ -502,8 +479,7 @@
|
|
|
502
479
|
"key": "budget_remaining_pct",
|
|
503
480
|
"type": "number",
|
|
504
481
|
"required": false,
|
|
505
|
-
"description": "Remaining token budget as percentage (0-100). Use this to warn or block when budget is low. Requires session with token budget configuration"
|
|
506
|
-
"range": "0-100"
|
|
482
|
+
"description": "Remaining token budget as percentage (0-100). Use this to warn or block when budget is low. Requires session with token budget configuration"
|
|
507
483
|
},
|
|
508
484
|
{
|
|
509
485
|
"key": "budget_exceeded",
|
|
@@ -521,8 +497,7 @@
|
|
|
521
497
|
"key": "topic_confidence",
|
|
522
498
|
"type": "number",
|
|
523
499
|
"required": false,
|
|
524
|
-
"description": "Confidence score from topic classifier for tool content (0-100)"
|
|
525
|
-
"range": "0-100"
|
|
500
|
+
"description": "Confidence score from topic classifier for tool content (0-100)"
|
|
526
501
|
},
|
|
527
502
|
{
|
|
528
503
|
"key": "contains_secrets",
|
|
@@ -552,8 +527,7 @@
|
|
|
552
527
|
"key": "injection_score",
|
|
553
528
|
"type": "number",
|
|
554
529
|
"required": false,
|
|
555
|
-
"description": "ML-based confidence score for prompt injection in tool arguments (0-100)"
|
|
556
|
-
"range": "0-100"
|
|
530
|
+
"description": "ML-based confidence score for prompt injection in tool arguments (0-100)"
|
|
557
531
|
},
|
|
558
532
|
{
|
|
559
533
|
"key": "command_injection_detected",
|
|
@@ -571,8 +545,7 @@
|
|
|
571
545
|
"key": "command_injection_score",
|
|
572
546
|
"type": "number",
|
|
573
547
|
"required": false,
|
|
574
|
-
"description": "Confidence score for command injection in tool arguments (0-100)"
|
|
575
|
-
"range": "0-100"
|
|
548
|
+
"description": "Confidence score for command injection in tool arguments (0-100)"
|
|
576
549
|
},
|
|
577
550
|
{
|
|
578
551
|
"key": "path_traversal_detected",
|
|
@@ -608,8 +581,7 @@
|
|
|
608
581
|
"key": "sql_injection_score",
|
|
609
582
|
"type": "number",
|
|
610
583
|
"required": false,
|
|
611
|
-
"description": "Confidence score for SQL injection in tool arguments (0-100)"
|
|
612
|
-
"range": "0-100"
|
|
584
|
+
"description": "Confidence score for SQL injection in tool arguments (0-100)"
|
|
613
585
|
},
|
|
614
586
|
{
|
|
615
587
|
"key": "tool_poisoning_detected",
|
|
@@ -621,8 +593,7 @@
|
|
|
621
593
|
"key": "tool_poisoning_score",
|
|
622
594
|
"type": "number",
|
|
623
595
|
"required": false,
|
|
624
|
-
"description": "Confidence score for tool poisoning detection (0-100). Typical threshold: >=70 for blocks"
|
|
625
|
-
"range": "0-100"
|
|
596
|
+
"description": "Confidence score for tool poisoning detection (0-100). Typical threshold: >=70 for blocks"
|
|
626
597
|
},
|
|
627
598
|
{
|
|
628
599
|
"key": "tool_poisoning_type",
|
|
@@ -640,8 +611,7 @@
|
|
|
640
611
|
"key": "rug_pull_score",
|
|
641
612
|
"type": "number",
|
|
642
613
|
"required": false,
|
|
643
|
-
"description": "Confidence score for rug pull detection based on behavioral drift analysis (0-100)"
|
|
644
|
-
"range": "0-100"
|
|
614
|
+
"description": "Confidence score for rug pull detection based on behavioral drift analysis (0-100)"
|
|
645
615
|
},
|
|
646
616
|
{
|
|
647
617
|
"key": "mcp_config_risk",
|
|
@@ -659,8 +629,7 @@
|
|
|
659
629
|
"key": "mcp_risk_score",
|
|
660
630
|
"type": "number",
|
|
661
631
|
"required": false,
|
|
662
|
-
"description": "Risk score for MCP configuration issues (0-100). Typical threshold: >=70 for blocks"
|
|
663
|
-
"range": "0-100"
|
|
632
|
+
"description": "Risk score for MCP configuration issues (0-100). Typical threshold: >=70 for blocks"
|
|
664
633
|
},
|
|
665
634
|
{
|
|
666
635
|
"key": "cross_origin_detected",
|
|
@@ -678,8 +647,7 @@
|
|
|
678
647
|
"key": "cross_origin_score",
|
|
679
648
|
"type": "number",
|
|
680
649
|
"required": false,
|
|
681
|
-
"description": "Risk score for cross-origin escalation in tool calls (0-100)"
|
|
682
|
-
"range": "0-100"
|
|
650
|
+
"description": "Risk score for cross-origin escalation in tool calls (0-100)"
|
|
683
651
|
},
|
|
684
652
|
{
|
|
685
653
|
"key": "encoded_content_detected",
|
|
@@ -703,8 +671,7 @@
|
|
|
703
671
|
"key": "encoded_score",
|
|
704
672
|
"type": "number",
|
|
705
673
|
"required": false,
|
|
706
|
-
"description": "Risk score for encoded injection in tool arguments (0-100)"
|
|
707
|
-
"range": "0-100"
|
|
674
|
+
"description": "Risk score for encoded injection in tool arguments (0-100)"
|
|
708
675
|
},
|
|
709
676
|
{
|
|
710
677
|
"key": "rug_pull_type",
|
|
@@ -884,8 +851,7 @@
|
|
|
884
851
|
"key": "tool_poisoning_score",
|
|
885
852
|
"type": "number",
|
|
886
853
|
"required": false,
|
|
887
|
-
"description": "Confidence score for tool poisoning in MCP server tools (0-100)"
|
|
888
|
-
"range": "0-100"
|
|
854
|
+
"description": "Confidence score for tool poisoning in MCP server tools (0-100)"
|
|
889
855
|
},
|
|
890
856
|
{
|
|
891
857
|
"key": "tool_poisoning_type",
|
|
@@ -909,8 +875,7 @@
|
|
|
909
875
|
"key": "mcp_risk_score",
|
|
910
876
|
"type": "number",
|
|
911
877
|
"required": false,
|
|
912
|
-
"description": "Risk score for MCP configuration issues (0-100)"
|
|
913
|
-
"range": "0-100"
|
|
878
|
+
"description": "Risk score for MCP configuration issues (0-100)"
|
|
914
879
|
},
|
|
915
880
|
{
|
|
916
881
|
"key": "cross_origin_detected",
|
|
@@ -928,10 +893,9 @@
|
|
|
928
893
|
"key": "cross_origin_score",
|
|
929
894
|
"type": "number",
|
|
930
895
|
"required": false,
|
|
931
|
-
"description": "Risk score for cross-origin escalation in server connection (0-100)"
|
|
932
|
-
"range": "0-100"
|
|
896
|
+
"description": "Risk score for cross-origin escalation in server connection (0-100)"
|
|
933
897
|
}
|
|
934
898
|
]
|
|
935
899
|
}
|
|
936
900
|
]
|
|
937
|
-
}
|
|
901
|
+
}
|
|
@@ -192,6 +192,48 @@
|
|
|
192
192
|
"type": "number",
|
|
193
193
|
"required": true,
|
|
194
194
|
"description": "Indirect prompt injection risk score (0-100) — injection via tool outputs or retrieved content"
|
|
195
|
+
},
|
|
196
|
+
{
|
|
197
|
+
"key": "session_pii_detected",
|
|
198
|
+
"type": "boolean",
|
|
199
|
+
"required": false,
|
|
200
|
+
"description": "Whether PII was detected in any previous turn of the session"
|
|
201
|
+
},
|
|
202
|
+
{
|
|
203
|
+
"key": "session_pii_types",
|
|
204
|
+
"type": "array",
|
|
205
|
+
"required": false,
|
|
206
|
+
"description": "PII types detected across the session (accumulated)"
|
|
207
|
+
},
|
|
208
|
+
{
|
|
209
|
+
"key": "session_secrets_detected",
|
|
210
|
+
"type": "boolean",
|
|
211
|
+
"required": false,
|
|
212
|
+
"description": "Whether secrets were detected in any previous turn of the session"
|
|
213
|
+
},
|
|
214
|
+
{
|
|
215
|
+
"key": "session_secret_types",
|
|
216
|
+
"type": "array",
|
|
217
|
+
"required": false,
|
|
218
|
+
"description": "Secret types detected across the session (accumulated)"
|
|
219
|
+
},
|
|
220
|
+
{
|
|
221
|
+
"key": "session_injection_detected",
|
|
222
|
+
"type": "boolean",
|
|
223
|
+
"required": false,
|
|
224
|
+
"description": "Whether prompt injection was detected in any previous turn of the session"
|
|
225
|
+
},
|
|
226
|
+
{
|
|
227
|
+
"key": "session_command_injection",
|
|
228
|
+
"type": "boolean",
|
|
229
|
+
"required": false,
|
|
230
|
+
"description": "Whether command injection was detected in any previous turn of the session"
|
|
231
|
+
},
|
|
232
|
+
{
|
|
233
|
+
"key": "session_threat_turns",
|
|
234
|
+
"type": "number",
|
|
235
|
+
"required": false,
|
|
236
|
+
"description": "Number of turns in the session where threats were detected"
|
|
195
237
|
}
|
|
196
238
|
]
|
|
197
239
|
},
|
|
@@ -492,6 +534,48 @@
|
|
|
492
534
|
"type": "boolean",
|
|
493
535
|
"required": false,
|
|
494
536
|
"description": "Whether the MCP server is from a verified registry"
|
|
537
|
+
},
|
|
538
|
+
{
|
|
539
|
+
"key": "session_pii_detected",
|
|
540
|
+
"type": "boolean",
|
|
541
|
+
"required": false,
|
|
542
|
+
"description": "Whether PII was detected in any previous turn of the session"
|
|
543
|
+
},
|
|
544
|
+
{
|
|
545
|
+
"key": "session_pii_types",
|
|
546
|
+
"type": "array",
|
|
547
|
+
"required": false,
|
|
548
|
+
"description": "PII types detected across the session (accumulated)"
|
|
549
|
+
},
|
|
550
|
+
{
|
|
551
|
+
"key": "session_secrets_detected",
|
|
552
|
+
"type": "boolean",
|
|
553
|
+
"required": false,
|
|
554
|
+
"description": "Whether secrets were detected in any previous turn of the session"
|
|
555
|
+
},
|
|
556
|
+
{
|
|
557
|
+
"key": "session_secret_types",
|
|
558
|
+
"type": "array",
|
|
559
|
+
"required": false,
|
|
560
|
+
"description": "Secret types detected across the session (accumulated)"
|
|
561
|
+
},
|
|
562
|
+
{
|
|
563
|
+
"key": "session_injection_detected",
|
|
564
|
+
"type": "boolean",
|
|
565
|
+
"required": false,
|
|
566
|
+
"description": "Whether prompt injection was detected in any previous turn of the session"
|
|
567
|
+
},
|
|
568
|
+
{
|
|
569
|
+
"key": "session_command_injection",
|
|
570
|
+
"type": "boolean",
|
|
571
|
+
"required": false,
|
|
572
|
+
"description": "Whether command injection was detected in any previous turn of the session"
|
|
573
|
+
},
|
|
574
|
+
{
|
|
575
|
+
"key": "session_threat_turns",
|
|
576
|
+
"type": "number",
|
|
577
|
+
"required": false,
|
|
578
|
+
"description": "Number of turns in the session where threats were detected"
|
|
495
579
|
}
|
|
496
580
|
]
|
|
497
581
|
},
|
|
@@ -606,6 +690,48 @@
|
|
|
606
690
|
"type": "number",
|
|
607
691
|
"required": false,
|
|
608
692
|
"description": "MCP configuration risk severity score (0-100)"
|
|
693
|
+
},
|
|
694
|
+
{
|
|
695
|
+
"key": "session_pii_detected",
|
|
696
|
+
"type": "boolean",
|
|
697
|
+
"required": false,
|
|
698
|
+
"description": "Whether PII was detected in any previous turn of the session"
|
|
699
|
+
},
|
|
700
|
+
{
|
|
701
|
+
"key": "session_pii_types",
|
|
702
|
+
"type": "array",
|
|
703
|
+
"required": false,
|
|
704
|
+
"description": "PII types detected across the session (accumulated)"
|
|
705
|
+
},
|
|
706
|
+
{
|
|
707
|
+
"key": "session_secrets_detected",
|
|
708
|
+
"type": "boolean",
|
|
709
|
+
"required": false,
|
|
710
|
+
"description": "Whether secrets were detected in any previous turn of the session"
|
|
711
|
+
},
|
|
712
|
+
{
|
|
713
|
+
"key": "session_secret_types",
|
|
714
|
+
"type": "array",
|
|
715
|
+
"required": false,
|
|
716
|
+
"description": "Secret types detected across the session (accumulated)"
|
|
717
|
+
},
|
|
718
|
+
{
|
|
719
|
+
"key": "session_injection_detected",
|
|
720
|
+
"type": "boolean",
|
|
721
|
+
"required": false,
|
|
722
|
+
"description": "Whether prompt injection was detected in any previous turn of the session"
|
|
723
|
+
},
|
|
724
|
+
{
|
|
725
|
+
"key": "session_command_injection",
|
|
726
|
+
"type": "boolean",
|
|
727
|
+
"required": false,
|
|
728
|
+
"description": "Whether command injection was detected in any previous turn of the session"
|
|
729
|
+
},
|
|
730
|
+
{
|
|
731
|
+
"key": "session_threat_turns",
|
|
732
|
+
"type": "number",
|
|
733
|
+
"required": false,
|
|
734
|
+
"description": "Number of turns in the session where threats were detected"
|
|
609
735
|
}
|
|
610
736
|
]
|
|
611
737
|
},
|
|
@@ -720,6 +846,48 @@
|
|
|
720
846
|
"type": "number",
|
|
721
847
|
"required": false,
|
|
722
848
|
"description": "Number of PII pattern matches in file"
|
|
849
|
+
},
|
|
850
|
+
{
|
|
851
|
+
"key": "session_pii_detected",
|
|
852
|
+
"type": "boolean",
|
|
853
|
+
"required": false,
|
|
854
|
+
"description": "Whether PII was detected in any previous turn of the session"
|
|
855
|
+
},
|
|
856
|
+
{
|
|
857
|
+
"key": "session_pii_types",
|
|
858
|
+
"type": "array",
|
|
859
|
+
"required": false,
|
|
860
|
+
"description": "PII types detected across the session (accumulated)"
|
|
861
|
+
},
|
|
862
|
+
{
|
|
863
|
+
"key": "session_secrets_detected",
|
|
864
|
+
"type": "boolean",
|
|
865
|
+
"required": false,
|
|
866
|
+
"description": "Whether secrets were detected in any previous turn of the session"
|
|
867
|
+
},
|
|
868
|
+
{
|
|
869
|
+
"key": "session_secret_types",
|
|
870
|
+
"type": "array",
|
|
871
|
+
"required": false,
|
|
872
|
+
"description": "Secret types detected across the session (accumulated)"
|
|
873
|
+
},
|
|
874
|
+
{
|
|
875
|
+
"key": "session_injection_detected",
|
|
876
|
+
"type": "boolean",
|
|
877
|
+
"required": false,
|
|
878
|
+
"description": "Whether prompt injection was detected in any previous turn of the session"
|
|
879
|
+
},
|
|
880
|
+
{
|
|
881
|
+
"key": "session_command_injection",
|
|
882
|
+
"type": "boolean",
|
|
883
|
+
"required": false,
|
|
884
|
+
"description": "Whether command injection was detected in any previous turn of the session"
|
|
885
|
+
},
|
|
886
|
+
{
|
|
887
|
+
"key": "session_threat_turns",
|
|
888
|
+
"type": "number",
|
|
889
|
+
"required": false,
|
|
890
|
+
"description": "Number of turns in the session where threats were detected"
|
|
723
891
|
}
|
|
724
892
|
]
|
|
725
893
|
},
|
|
@@ -840,8 +1008,50 @@
|
|
|
840
1008
|
"type": "boolean",
|
|
841
1009
|
"required": false,
|
|
842
1010
|
"description": "Whether invisible Unicode characters were detected in content being written"
|
|
1011
|
+
},
|
|
1012
|
+
{
|
|
1013
|
+
"key": "session_pii_detected",
|
|
1014
|
+
"type": "boolean",
|
|
1015
|
+
"required": false,
|
|
1016
|
+
"description": "Whether PII was detected in any previous turn of the session"
|
|
1017
|
+
},
|
|
1018
|
+
{
|
|
1019
|
+
"key": "session_pii_types",
|
|
1020
|
+
"type": "array",
|
|
1021
|
+
"required": false,
|
|
1022
|
+
"description": "PII types detected across the session (accumulated)"
|
|
1023
|
+
},
|
|
1024
|
+
{
|
|
1025
|
+
"key": "session_secrets_detected",
|
|
1026
|
+
"type": "boolean",
|
|
1027
|
+
"required": false,
|
|
1028
|
+
"description": "Whether secrets were detected in any previous turn of the session"
|
|
1029
|
+
},
|
|
1030
|
+
{
|
|
1031
|
+
"key": "session_secret_types",
|
|
1032
|
+
"type": "array",
|
|
1033
|
+
"required": false,
|
|
1034
|
+
"description": "Secret types detected across the session (accumulated)"
|
|
1035
|
+
},
|
|
1036
|
+
{
|
|
1037
|
+
"key": "session_injection_detected",
|
|
1038
|
+
"type": "boolean",
|
|
1039
|
+
"required": false,
|
|
1040
|
+
"description": "Whether prompt injection was detected in any previous turn of the session"
|
|
1041
|
+
},
|
|
1042
|
+
{
|
|
1043
|
+
"key": "session_command_injection",
|
|
1044
|
+
"type": "boolean",
|
|
1045
|
+
"required": false,
|
|
1046
|
+
"description": "Whether command injection was detected in any previous turn of the session"
|
|
1047
|
+
},
|
|
1048
|
+
{
|
|
1049
|
+
"key": "session_threat_turns",
|
|
1050
|
+
"type": "number",
|
|
1051
|
+
"required": false,
|
|
1052
|
+
"description": "Number of turns in the session where threats were detected"
|
|
843
1053
|
}
|
|
844
1054
|
]
|
|
845
1055
|
}
|
|
846
1056
|
]
|
|
847
|
-
}
|
|
1057
|
+
}
|