@highflame/policy 2.1.3 → 2.1.4

package/dist/condition-groups.js

@@ -0,0 +1,305 @@
+/**
+ * Condition Groups — flat UI-friendly representation of ConditionExpression trees.
+ *
+ * Provides bidirectional conversion between recursive ConditionExpression ASTs
+ * and flat ConditionGroup arrays suitable for visual condition builder UIs.
+ *
+ * Also provides:
+ * - expressionToCedar(): render any AST node to valid Cedar condition text
+ * - extractContextFields(): collect all context field names from an AST
+ */
+import { conditionToCedar, sanitizeIdentifier, isValidRawCondition, } from './builder.js';
+/** Sentinel field name used for raw (unparseable) conditions. */
+export const RAW_CONDITION_FIELD = '__raw';
+// ---------------------------------------------------------------------------
+// ID generation
+// ---------------------------------------------------------------------------
+let _groupCounter = 0;
+/** Generate a unique group ID. Uses a simple counter for deterministic output. */
+function nextGroupId() {
+    return `group-${++_groupCounter}`;
+}
+/** Reset the group counter (for testing). */
+export function resetGroupCounter() {
+    _groupCounter = 0;
+}
+// ---------------------------------------------------------------------------
+// expressionToGroups
+// ---------------------------------------------------------------------------
+/**
+ * Convert a ConditionExpression AST into a flat array of ConditionGroups.
+ *
+ * The top-level AND is split into separate groups. Each OR subtree becomes
+ * a single group with `logic: 'or'`. NOT wrappers set `negated: true`.
+ * Raw nodes produce a sentinel condition with `field: "__raw"`.
+ */
+export function expressionToGroups(expr) {
+    // Top-level AND → split children into groups
+    if (expr.kind === 'and') {
+        const groups = [];
+        for (const child of expr.children) {
+            groups.push(...nodeToGroups(child));
+        }
+        return groups;
+    }
+    // Anything else → delegate
+    return nodeToGroups(expr);
+}
+/**
+ * Convert a single AST node (not a top-level AND) into one or more groups.
+ */
+function nodeToGroups(expr) {
+    switch (expr.kind) {
+        case 'and': {
+            // Nested AND within a top-level AND child → single AND group
+            const conditions = collectLeafConditions(expr.children);
+            return [{ id: nextGroupId(), logic: 'and', conditions, negated: false }];
+        }
+        case 'or': {
+            const conditions = collectLeafConditions(expr.children);
+            return [{ id: nextGroupId(), logic: 'or', conditions, negated: false }];
+        }
+        case 'not': {
+            return notToGroups(expr.child);
+        }
+        case 'raw': {
+            return [{
+                    id: nextGroupId(),
+                    logic: 'and',
+                    conditions: [{ field: RAW_CONDITION_FIELD, operator: 'eq', value: expr.text }],
+                    negated: false,
+                }];
+        }
+        default: {
+            // Leaf node → single AND group with one condition
+            const cond = leafToCondition(expr);
+            return [{ id: nextGroupId(), logic: 'and', conditions: [cond], negated: false }];
+        }
+    }
+}
+/** Convert a NOT node's inner expression into negated group(s). */
+function notToGroups(inner) {
+    switch (inner.kind) {
+        case 'or': {
+            const conditions = collectLeafConditions(inner.children);
+            return [{ id: nextGroupId(), logic: 'or', conditions, negated: true }];
+        }
+        case 'and': {
+            const conditions = collectLeafConditions(inner.children);
+            return [{ id: nextGroupId(), logic: 'and', conditions, negated: true }];
+        }
+        case 'not': {
+            // Double negation: NOT(NOT(x)) → just x
+            return nodeToGroups(inner.child);
+        }
+        case 'raw': {
+            return [{
+                    id: nextGroupId(),
+                    logic: 'and',
+                    conditions: [{ field: RAW_CONDITION_FIELD, operator: 'eq', value: inner.text }],
+                    negated: true,
+                }];
+        }
+        default: {
+            // NOT wrapping a leaf
+            const cond = leafToCondition(inner);
+            return [{ id: nextGroupId(), logic: 'and', conditions: [cond], negated: true }];
+        }
+    }
+}
+/** Collect leaf conditions from an array of children. Non-leaf children become raw fallbacks. */
+function collectLeafConditions(children) {
+    return children.map(child => {
+        if (isLeaf(child)) {
+            return leafToCondition(child);
+        }
+        // Non-leaf in OR/AND children → raw fallback with Cedar text
+        return { field: RAW_CONDITION_FIELD, operator: 'eq', value: expressionToCedar(child) };
+    });
+}
+/** Check if an expression is a leaf (comparison, contains, like, has). */
+function isLeaf(expr) {
+    return expr.kind === 'comparison' || expr.kind === 'contains'
+        || expr.kind === 'like' || expr.kind === 'has';
+}
+/** Convert a leaf expression to a PolicyCondition. */
+function leafToCondition(expr) {
+    switch (expr.kind) {
+        case 'comparison':
+            return { field: expr.field, operator: expr.operator, value: expr.value };
+        case 'contains':
+            return { field: expr.field, operator: 'contains', value: expr.value };
+        case 'like':
+            return { field: expr.field, operator: 'like', value: expr.pattern };
+        case 'has':
+            return { field: expr.field, operator: 'eq', value: true };
+        default:
+            // Fallback — shouldn't reach here for true leaves
+            return { field: RAW_CONDITION_FIELD, operator: 'eq', value: expressionToCedar(expr) };
+    }
+}
+// ---------------------------------------------------------------------------
+// groupsToExpression
+// ---------------------------------------------------------------------------
+/**
+ * Convert a flat array of ConditionGroups back into a ConditionExpression AST.
+ *
+ * Each group becomes an AND/OR node (or single leaf if only one condition).
+ * If `negated`, the group is wrapped in NOT. Multiple groups are combined
+ * with a top-level AND.
+ */
+export function groupsToExpression(groups) {
+    if (groups.length === 0) {
+        return { kind: 'and', children: [] };
+    }
+    const expressions = groups.map(groupToExpression);
+    if (expressions.length === 1) {
+        return expressions[0];
+    }
+    return { kind: 'and', children: expressions };
+}
+/** Convert a single ConditionGroup to a ConditionExpression. */
+function groupToExpression(group) {
+    const children = group.conditions.map(conditionToExpression);
+    let inner;
+    if (children.length === 1) {
+        inner = children[0];
+    }
+    else if (group.logic === 'or') {
+        inner = { kind: 'or', children };
+    }
+    else {
+        inner = { kind: 'and', children };
+    }
+    if (group.negated) {
+        return { kind: 'not', child: inner };
+    }
+    return inner;
+}
+/** Convert a PolicyCondition back to a leaf ConditionExpression. */
+function conditionToExpression(cond) {
+    // Raw sentinel → raw expression
+    if (cond.field === RAW_CONDITION_FIELD) {
+        return { kind: 'raw', text: String(cond.value) };
+    }
+    switch (cond.operator) {
+        case 'contains': {
+            // contains() checks a single value against a set — value is never string[]
+            const containsVal = Array.isArray(cond.value) ? cond.value[0] ?? '' : cond.value;
+            return { kind: 'contains', field: cond.field, value: containsVal };
+        }
+        case 'like':
+            return { kind: 'like', field: cond.field, pattern: String(cond.value) };
+        default:
+            return {
+                kind: 'comparison',
+                field: cond.field,
+                operator: cond.operator,
+                value: cond.value,
+            };
+    }
+}
+// ---------------------------------------------------------------------------
+// expressionToCedar
+// ---------------------------------------------------------------------------
+/**
+ * Render any ConditionExpression node to valid Cedar condition text.
+ *
+ * This handles the full AST including AND, OR, NOT, and raw nodes —
+ * unlike `conditionToCedar()` which only handles leaf PolicyConditions.
+ *
+ * @param expr - The expression tree to render
+ * @param optionalFields - Optional set of field names that need `context has` guards
+ * @returns Cedar condition text (without the `when { ... }` wrapper)
+ */
+export function expressionToCedar(expr, optionalFields) {
+    switch (expr.kind) {
+        case 'comparison':
+        case 'contains':
+        case 'like':
+            return conditionToCedar(leafToCondition(expr), optionalFields);
+        case 'has': {
+            const field = sanitizeIdentifier(expr.field, 'field');
+            return `context has ${field}`;
+        }
+        case 'and': {
+            if (expr.children.length === 0)
+                return 'true';
+            if (expr.children.length === 1)
+                return expressionToCedar(expr.children[0], optionalFields);
+            return expr.children
+                .map(c => {
+                // Parenthesize OR children to preserve precedence
+                if (c.kind === 'or')
+                    return `(${expressionToCedar(c, optionalFields)})`;
+                return expressionToCedar(c, optionalFields);
+            })
+                .join(' && ');
+        }
+        case 'or': {
+            if (expr.children.length === 0)
+                return 'false';
+            if (expr.children.length === 1)
+                return expressionToCedar(expr.children[0], optionalFields);
+            return expr.children
+                .map(c => {
+                // Parenthesize AND children to preserve precedence
+                if (c.kind === 'and')
+                    return `(${expressionToCedar(c, optionalFields)})`;
+                return expressionToCedar(c, optionalFields);
+            })
+                .join(' || ');
+        }
+        case 'not': {
+            const inner = expressionToCedar(expr.child, optionalFields);
+            // If inner is a simple leaf, no parens needed after !
+            if (isLeaf(expr.child))
+                return `!${inner}`;
+            return `!(${inner})`;
+        }
+        case 'raw': {
+            if (isValidRawCondition(expr.text)) {
+                return expr.text;
+            }
+            return '/* invalid raw condition */';
+        }
+    }
+}
+// ---------------------------------------------------------------------------
+// extractContextFields
+// ---------------------------------------------------------------------------
+/**
+ * Extract all unique context field names referenced in a ConditionExpression tree.
+ *
+ * Used by Shield to determine which detectors to run — only detectors that
+ * produce fields referenced in active policies need to execute.
+ *
+ * @returns Sorted array of unique field names
+ */
+export function extractContextFields(expr) {
+    const fields = new Set();
+    collectFields(expr, fields);
+    return Array.from(fields).sort();
+}
+function collectFields(expr, fields) {
+    switch (expr.kind) {
+        case 'comparison':
+        case 'contains':
+        case 'like':
+        case 'has':
+            fields.add(expr.field);
+            break;
+        case 'and':
+        case 'or':
+            for (const child of expr.children) {
+                collectFields(child, fields);
+            }
+            break;
+        case 'not':
+            collectFields(expr.child, fields);
+            break;
+        case 'raw':
+            // Can't reliably extract fields from raw text
+            break;
+    }
+}

package/dist/index.d.ts

@@ -8,16 +8,21 @@ export * from './parser.js';
 export * from './errors.js';
 export * from './annotations.js';
 export * from './explain.js';
-export { GUARDRAILS_SCHEMA, GUARDRAILS_CONTEXT, OVERWATCH_SCHEMA, OVERWATCH_CONTEXT, PALISADE_SCHEMA, PALISADE_CONTEXT, } from './service-schemas.gen.js';
+export * from './condition-groups.js';
+export { GUARDRAILS_SCHEMA, GUARDRAILS_CONTEXT, OVERWATCH_SCHEMA, OVERWATCH_CONTEXT, PALISADE_SCHEMA, PALISADE_CONTEXT, SENTRY_SCHEMA, SENTRY_CONTEXT, } from './service-schemas.gen.js';
 export type { ContextAttribute, ActionContext, ServiceContext, } from './service-schemas.gen.js';
 export { GuardrailsContextKey } from './guardrails-context.gen.js';
 export { OverwatchContextKey } from './overwatch-context.gen.js';
 export { PalisadeContextKey } from './palisade-context.gen.js';
+export { SentryContextKey } from './sentry-context.gen.js';
 export { GUARDRAILS_ENTITIES, GUARDRAILS_ACTION_ENTITIES, } from './guardrails-entities.gen.js';
 export { OVERWATCH_ENTITIES, OVERWATCH_ACTION_ENTITIES, } from './overwatch-entities.gen.js';
 export { PALISADE_ENTITIES, PALISADE_ACTION_ENTITIES, } from './palisade-entities.gen.js';
+export { SENTRY_ENTITIES, SENTRY_ACTION_ENTITIES, } from './sentry-entities.gen.js';
 export type { ServiceEntityMetadata, ActionEntityMetadata } from './entity-metadata-types.gen.js';
 export { GUARDRAILS_DEFAULTS, GUARDRAILS_TEMPLATES, GUARDRAILS_CATEGORIES, GUARDRAILS_TEMPLATES_JSON, getGuardrailsDefaultsByCategory, getGuardrailsTemplatesByCategory, getGuardrailsTemplateById, } from './guardrails-defaults.gen.js';
 export type { GuardrailsCategory, GuardrailsCategoryInfo, GuardrailsDefaultPolicy, GuardrailsTemplate, } from './guardrails-defaults.gen.js';
 export { OVERWATCH_DEFAULTS, OVERWATCH_TEMPLATES, OVERWATCH_CATEGORIES, OVERWATCH_TEMPLATES_JSON, getOverwatchDefaultsByCategory, getOverwatchTemplatesByCategory, getOverwatchTemplateById, } from './overwatch-defaults.gen.js';
 export type { OverwatchCategory, OverwatchCategoryInfo, OverwatchDefaultPolicy, OverwatchTemplate, } from './overwatch-defaults.gen.js';
+export { SENTRY_DEFAULTS, SENTRY_TEMPLATES, SENTRY_CATEGORIES, SENTRY_TEMPLATES_JSON, getSentryDefaultsByCategory, getSentryTemplatesByCategory, getSentryTemplateById, } from './sentry-defaults.gen.js';
+export type { SentryCategory, SentryCategoryInfo, SentryDefaultPolicy, SentryTemplate, } from './sentry-defaults.gen.js';

package/dist/index.js

@@ -15,16 +15,21 @@ export * from './errors.js';
 export * from './annotations.js';
 // Decision explanation
 export * from './explain.js';
+// Condition groups (AST ↔ flat UI groups)
+export * from './condition-groups.js';
 // Service-specific schemas and context (inlined)
-export { GUARDRAILS_SCHEMA, GUARDRAILS_CONTEXT, OVERWATCH_SCHEMA, OVERWATCH_CONTEXT, PALISADE_SCHEMA, PALISADE_CONTEXT, } from './service-schemas.gen.js';
+export { GUARDRAILS_SCHEMA, GUARDRAILS_CONTEXT, OVERWATCH_SCHEMA, OVERWATCH_CONTEXT, PALISADE_SCHEMA, PALISADE_CONTEXT, SENTRY_SCHEMA, SENTRY_CONTEXT, } from './service-schemas.gen.js';
 // Service-specific context key enums
 export { GuardrailsContextKey } from './guardrails-context.gen.js';
 export { OverwatchContextKey } from './overwatch-context.gen.js';
 export { PalisadeContextKey } from './palisade-context.gen.js';
+export { SentryContextKey } from './sentry-context.gen.js';
 // Service-specific entity metadata (for UI - principals, resources, actions)
 export { GUARDRAILS_ENTITIES, GUARDRAILS_ACTION_ENTITIES, } from './guardrails-entities.gen.js';
 export { OVERWATCH_ENTITIES, OVERWATCH_ACTION_ENTITIES, } from './overwatch-entities.gen.js';
 export { PALISADE_ENTITIES, PALISADE_ACTION_ENTITIES, } from './palisade-entities.gen.js';
+export { SENTRY_ENTITIES, SENTRY_ACTION_ENTITIES, } from './sentry-entities.gen.js';
 // Service-specific default policies, templates, and categories
 export { GUARDRAILS_DEFAULTS, GUARDRAILS_TEMPLATES, GUARDRAILS_CATEGORIES, GUARDRAILS_TEMPLATES_JSON, getGuardrailsDefaultsByCategory, getGuardrailsTemplatesByCategory, getGuardrailsTemplateById, } from './guardrails-defaults.gen.js';
 export { OVERWATCH_DEFAULTS, OVERWATCH_TEMPLATES, OVERWATCH_CATEGORIES, OVERWATCH_TEMPLATES_JSON, getOverwatchDefaultsByCategory, getOverwatchTemplatesByCategory, getOverwatchTemplateById, } from './overwatch-defaults.gen.js';
+export { SENTRY_DEFAULTS, SENTRY_TEMPLATES, SENTRY_CATEGORIES, SENTRY_TEMPLATES_JSON, getSentryDefaultsByCategory, getSentryTemplatesByCategory, getSentryTemplateById, } from './sentry-defaults.gen.js';

package/dist/overwatch-context.gen.d.ts

@@ -41,6 +41,13 @@ export declare const OverwatchContextKey: {
     readonly SecretCount: "secret_count";
     readonly SecretTypes: "secret_types";
     readonly SequenceRisk: "sequence_risk";
+    readonly SessionCommandInjection: "session_command_injection";
+    readonly SessionInjectionDetected: "session_injection_detected";
+    readonly SessionPiiDetected: "session_pii_detected";
+    readonly SessionPiiTypes: "session_pii_types";
+    readonly SessionSecretTypes: "session_secret_types";
+    readonly SessionSecretsDetected: "session_secrets_detected";
+    readonly SessionThreatTurns: "session_threat_turns";
     readonly SexualScore: "sexual_score";
     readonly Source: "source";
     readonly SuspiciousPattern: "suspicious_pattern";

package/dist/overwatch-context.gen.js

@@ -43,6 +43,13 @@ export const OverwatchContextKey = {
     SecretCount: 'secret_count',
     SecretTypes: 'secret_types',
     SequenceRisk: 'sequence_risk',
+    SessionCommandInjection: 'session_command_injection',
+    SessionInjectionDetected: 'session_injection_detected',
+    SessionPiiDetected: 'session_pii_detected',
+    SessionPiiTypes: 'session_pii_types',
+    SessionSecretTypes: 'session_secret_types',
+    SessionSecretsDetected: 'session_secrets_detected',
+    SessionThreatTurns: 'session_threat_turns',
     SexualScore: 'sexual_score',
     Source: 'source',
     SuspiciousPattern: 'suspicious_pattern',

package/dist/sentry-context.gen.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Context attribute keys for Sentry Sentry browser security — monitors AI chat interactions and enforces data-protection, content-safety, and compliance policies.
+ *
+ * These constants correspond to the context attributes defined in the
+ * Sentry Cedar schema and are used at policy evaluation time.
+ */
+export declare const SentryContextKey: {
+    readonly CodeLanguages: "code_languages";
+    readonly CodeRatio: "code_ratio";
+    readonly ContainsCode: "contains_code";
+    readonly ContainsInvisibleChars: "contains_invisible_chars";
+    readonly ContainsSecrets: "contains_secrets";
+    readonly Content: "content";
+    readonly ContentTopics: "content_topics";
+    readonly CrimeScore: "crime_score";
+    readonly DetectedLanguage: "detected_language";
+    readonly DetectedScript: "detected_script";
+    readonly DetectedThreats: "detected_threats";
+    readonly EncodedContentDetected: "encoded_content_detected";
+    readonly EncodedCount: "encoded_count";
+    readonly EncodedScore: "encoded_score";
+    readonly EncodedTypes: "encoded_types";
+    readonly Event: "event";
+    readonly FactualityScore: "factuality_score";
+    readonly FileExtension: "file_extension";
+    readonly FileName: "file_name";
+    readonly FileSizeBytes: "file_size_bytes";
+    readonly FileType: "file_type";
+    readonly HallucinationScore: "hallucination_score";
+    readonly HateSpeechScore: "hate_speech_score";
+    readonly HighestSeverity: "highest_severity";
+    readonly InjectionScore: "injection_score";
+    readonly InvisibleCharsScore: "invisible_chars_score";
+    readonly IsEncrypted: "is_encrypted";
+    readonly IsEnglish: "is_english";
+    readonly IsLatinScript: "is_latin_script";
+    readonly IsRightsManaged: "is_rights_managed";
+    readonly JailbreakScore: "jailbreak_score";
+    readonly KeywordCategories: "keyword_categories";
+    readonly KeywordCount: "keyword_count";
+    readonly KeywordMatched: "keyword_matched";
+    readonly LanguageConfidence: "language_confidence";
+    readonly MaxThreatSeverity: "max_threat_severity";
+    readonly MipLabelId: "mip_label_id";
+    readonly MipLabelName: "mip_label_name";
+    readonly PasteLength: "paste_length";
+    readonly PasteSourceApp: "paste_source_app";
+    readonly PasteSourceUrl: "paste_source_url";
+    readonly PhishingDetected: "phishing_detected";
+    readonly PiiConfidence: "pii_confidence";
+    readonly PiiCount: "pii_count";
+    readonly PiiDetected: "pii_detected";
+    readonly PiiTypes: "pii_types";
+    readonly ProfanityScore: "profanity_score";
+    readonly ScriptConfidence: "script_confidence";
+    readonly SecretCount: "secret_count";
+    readonly SecretTypes: "secret_types";
+    readonly SensitivityLevel: "sensitivity_level";
+    readonly SessionInjectionDetected: "session_injection_detected";
+    readonly SessionPiiDetected: "session_pii_detected";
+    readonly SessionPiiTypes: "session_pii_types";
+    readonly SessionSecretTypes: "session_secret_types";
+    readonly SessionSecretsDetected: "session_secrets_detected";
+    readonly SessionThreatTurns: "session_threat_turns";
+    readonly SexualScore: "sexual_score";
+    readonly Source: "source";
+    readonly TargetApp: "target_app";
+    readonly TargetUrl: "target_url";
+    readonly ThreatCategories: "threat_categories";
+    readonly ThreatCount: "threat_count";
+    readonly TopicConfidence: "topic_confidence";
+    readonly UserEmail: "user_email";
+    readonly ViolenceScore: "violence_score";
+    readonly WeaponsScore: "weapons_score";
+};
+export type SentryContextKey = (typeof SentryContextKey)[keyof typeof SentryContextKey];

package/dist/sentry-context.gen.js

@@ -0,0 +1,77 @@
+// Code generated by highflame-policy-codegen. DO NOT EDIT.
+// Source: schemas/sentry/context.json
+/**
+ * Context attribute keys for Sentry Sentry browser security — monitors AI chat interactions and enforces data-protection, content-safety, and compliance policies.
+ *
+ * These constants correspond to the context attributes defined in the
+ * Sentry Cedar schema and are used at policy evaluation time.
+ */
+export const SentryContextKey = {
+    CodeLanguages: 'code_languages',
+    CodeRatio: 'code_ratio',
+    ContainsCode: 'contains_code',
+    ContainsInvisibleChars: 'contains_invisible_chars',
+    ContainsSecrets: 'contains_secrets',
+    Content: 'content',
+    ContentTopics: 'content_topics',
+    CrimeScore: 'crime_score',
+    DetectedLanguage: 'detected_language',
+    DetectedScript: 'detected_script',
+    DetectedThreats: 'detected_threats',
+    EncodedContentDetected: 'encoded_content_detected',
+    EncodedCount: 'encoded_count',
+    EncodedScore: 'encoded_score',
+    EncodedTypes: 'encoded_types',
+    Event: 'event',
+    FactualityScore: 'factuality_score',
+    FileExtension: 'file_extension',
+    FileName: 'file_name',
+    FileSizeBytes: 'file_size_bytes',
+    FileType: 'file_type',
+    HallucinationScore: 'hallucination_score',
+    HateSpeechScore: 'hate_speech_score',
+    HighestSeverity: 'highest_severity',
+    InjectionScore: 'injection_score',
+    InvisibleCharsScore: 'invisible_chars_score',
+    IsEncrypted: 'is_encrypted',
+    IsEnglish: 'is_english',
+    IsLatinScript: 'is_latin_script',
+    IsRightsManaged: 'is_rights_managed',
+    JailbreakScore: 'jailbreak_score',
+    KeywordCategories: 'keyword_categories',
+    KeywordCount: 'keyword_count',
+    KeywordMatched: 'keyword_matched',
+    LanguageConfidence: 'language_confidence',
+    MaxThreatSeverity: 'max_threat_severity',
+    MipLabelId: 'mip_label_id',
+    MipLabelName: 'mip_label_name',
+    PasteLength: 'paste_length',
+    PasteSourceApp: 'paste_source_app',
+    PasteSourceUrl: 'paste_source_url',
+    PhishingDetected: 'phishing_detected',
+    PiiConfidence: 'pii_confidence',
+    PiiCount: 'pii_count',
+    PiiDetected: 'pii_detected',
+    PiiTypes: 'pii_types',
+    ProfanityScore: 'profanity_score',
+    ScriptConfidence: 'script_confidence',
+    SecretCount: 'secret_count',
+    SecretTypes: 'secret_types',
+    SensitivityLevel: 'sensitivity_level',
+    SessionInjectionDetected: 'session_injection_detected',
+    SessionPiiDetected: 'session_pii_detected',
+    SessionPiiTypes: 'session_pii_types',
+    SessionSecretTypes: 'session_secret_types',
+    SessionSecretsDetected: 'session_secrets_detected',
+    SessionThreatTurns: 'session_threat_turns',
+    SexualScore: 'sexual_score',
+    Source: 'source',
+    TargetApp: 'target_app',
+    TargetUrl: 'target_url',
+    ThreatCategories: 'threat_categories',
+    ThreatCount: 'threat_count',
+    TopicConfidence: 'topic_confidence',
+    UserEmail: 'user_email',
+    ViolenceScore: 'violence_score',
+    WeaponsScore: 'weapons_score',
+};

package/dist/sentry-defaults.gen.d.ts

@@ -0,0 +1,61 @@
+/**
+ * Sentry policy category identifiers.
+ * Maps to UI tab names in Studio.
+ */
+export type SentryCategory = 'pii' | 'semantic' | 'content_safety' | 'file_safety' | 'organization';
+/**
+ * Category metadata for UI display.
+ */
+export interface SentryCategoryInfo {
+    id: SentryCategory;
+    name: string;
+    description: string;
+}
+/**
+ * A default policy that is auto-created for new projects.
+ */
+export interface SentryDefaultPolicy {
+    /** Template identifier */
+    id: string;
+    /** Human-readable name */
+    name: string;
+    /** Description for UI display */
+    description: string;
+    /** Policy category */
+    category: SentryCategory;
+    /** Cedar policy text (source of truth) */
+    cedarText: string;
+    /** Severity level */
+    severity: string;
+    /** Tags for filtering */
+    tags: string[];
+    /** Whether this default should be activated immediately */
+    isActive: boolean;
+}
+/**
+ * A policy template available for users to create from.
+ */
+export interface SentryTemplate {
+    /** Template identifier */
+    id: string;
+    /** Human-readable name */
+    name: string;
+    /** Description for UI display */
+    description: string;
+    /** Policy category */
+    category: SentryCategory;
+    /** Cedar policy text */
+    cedarText: string;
+    /** Severity level */
+    severity: string;
+    /** Tags for filtering */
+    tags: string[];
+}
+export declare const SENTRY_CATEGORIES: SentryCategoryInfo[];
+export declare const SENTRY_DEFAULTS: SentryDefaultPolicy[];
+export declare const SENTRY_TEMPLATES: SentryTemplate[];
+/** Raw templates.json metadata for the Sentry service. */
+export declare const SENTRY_TEMPLATES_JSON: string;
+export declare function getSentryDefaultsByCategory(category: SentryCategory): SentryDefaultPolicy[];
+export declare function getSentryTemplatesByCategory(category: SentryCategory): SentryTemplate[];
+export declare function getSentryTemplateById(id: string): SentryTemplate | undefined;