@highflame/policy 2.1.3 → 2.1.4

package/dist/service-schemas.gen.js

@@ -1,5 +1,5 @@
 // Code generated by highflame-policy-codegen. DO NOT EDIT.
-// Source: schemas/guardrails/schema.cedarschema, schemas/overwatch/schema.cedarschema, schemas/palisade/schema.cedarschema
+// Source: schemas/guardrails/schema.cedarschema, schemas/overwatch/schema.cedarschema, schemas/palisade/schema.cedarschema, schemas/sentry/schema.cedarschema
 //
 // Service-specific Cedar schemas and context metadata.
 // Works in both browser and Node.js environments.
@@ -8,6 +8,7 @@
 //   import { GUARDRAILS_SCHEMA, GUARDRAILS_CONTEXT } from '@highflame/policy/types';
 //   import { OVERWATCH_SCHEMA, OVERWATCH_CONTEXT } from '@highflame/policy/types';
 //   import { PALISADE_SCHEMA, PALISADE_CONTEXT } from '@highflame/policy/types';
+//   import { SENTRY_SCHEMA, SENTRY_CONTEXT } from '@highflame/policy/types';
 /**
  * Guardrails Cedar schema
  *
@@ -930,6 +931,400 @@ action scan_package appliesTo {
   },
 };
 
+}
+`;
+/**
+ * Sentry Cedar schema
+ *
+ * Full Cedar schema for sentry, embedded at codegen time.
+ */
+export const SENTRY_SCHEMA = `// =============================================================================
+// Sentry Cedar Schema
+// =============================================================================
+// Browser Security — monitors AI chat interactions in the browser and enforces
+// data-protection, content-safety, and compliance policies at point of use.
+//
+// Sentry is a lightweight browser extension (JSA) that intercepts:
+//   - Messages sent to AI chat services (ChatGPT, Gemini, Claude, Copilot, etc.)
+//   - AI responses returned to the user
+//   - Cut/paste operations transferring content into AI chats
+//   - File/document uploads into AI chat services
+//
+// Architecture:
+//   User → Browser Extension → Shield Detection Engine → Cedar Policy → Allow/Block
+//
+// Threat Coverage:
+//   - Data Leakage: PII, PHI, credentials, source code, confidential documents
+//   - Content Safety: Violence, hate speech, sexual content, restricted topics
+//   - Prompt Injection: Direct and indirect injection via pasted/uploaded content
+//   - Document Sensitivity: MIP label enforcement, classification-aware blocking
+//   - Compliance: GDPR, HIPAA, PCI DSS, CCPA, EU AI Act
+//
+// Supported AI Services:
+//   - ChatGPT (chat.openai.com)
+//   - Google Gemini (gemini.google.com)
+//   - Claude (claude.ai)
+//   - GitHub Copilot Chat
+//   - Microsoft Copilot
+//   - Custom/enterprise AI chat endpoints
+
+namespace Sentry {
+
+// =============================================================================
+// ENTITIES - Tenant Hierarchy (ReBAC)
+// =============================================================================
+// Aligned with Guardrails/Overwatch entity hierarchy (Account -> Project).
+//
+// Entity hierarchy enables Cedar's \`in\` operator for policy scoping:
+//   Account (org root)
+//     └── Project in [Account]
+//           └── ChatSession in [Project]
+//
+// Policy scoping examples:
+//   resource in Sentry::Account::"<uuid>"    → org-wide
+//   resource in Sentry::Project::"<uuid>"    → project-wide
+//   resource == Sentry::ChatSession::"<id>"  → specific session
+
+/// Account represents an organization (top-level tenant)
+entity Account;
+
+/// Project represents a project within an account
+entity Project in [Account];
+
+// =============================================================================
+// ENTITIES - Principals
+// =============================================================================
+
+/// Human user interacting with AI chat in the browser
+entity User;
+
+// =============================================================================
+// ENTITIES - Resources (scoped under Project)
+// =============================================================================
+
+/// AI chat session — resource for send_message and receive_response actions
+entity ChatSession in [Project];
+
+/// Document or file being uploaded — resource for upload_file action
+entity Document in [Project];
+
+// =============================================================================
+// ACTIONS
+// =============================================================================
+
+// User sends a message (prompt) to an AI chat service
+// Threat focus: data leakage (PII, secrets, confidential data), injection, content safety
+action send_message appliesTo {
+  principal: [User],
+  resource: [ChatSession],
+  context: {
+    // --- Core Metadata ---
+    content: String,                  // Raw message content being sent
+    source: String,                   // Browser extension identifier: "sentry"
+    event: String,                    // Event type: "send_message"
+    user_email: String,               // User identifier (SSO/OAuth verified)
+    target_app: String,               // AI service: "chatgpt", "gemini", "claude", "copilot", "custom"
+    target_url?: String,              // Full URL of the AI chat service
+
+    // --- Aggregated Threat Summary (from Shield NormalizeAggregation) ---
+    threat_count: Long,               // Total threats detected
+    highest_severity: String,         // "critical", "high", "medium", "low", "none"
+    threat_categories: Set<String>,   // Threat category names
+    detected_threats: Set<String>,    // Detection rule names that matched
+    max_threat_severity: Long,        // Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)
+
+    // --- Secrets Detection (from SecretsDetector) ---
+    contains_secrets: Bool,           // Whether secrets/credentials detected
+    secret_types?: Set<String>,       // Types: "aws_access_key", "github_token", "ssh_private_key", etc.
+    secret_count?: Long,              // Number of distinct secrets found
+
+    // --- PII Detection (from PIIRegexDetector, normalized) ---
+    pii_detected?: Bool,              // Whether any PII patterns matched
+    pii_types?: Set<String>,          // Types: "ssn", "credit_card", "email", "phone", etc.
+    pii_count?: Long,                 // Number of PII matches
+    pii_confidence?: Long,            // PII detection confidence (0-100)
+
+    // --- Content Safety Scores (from ToxicityDetector, 0-100) ---
+    violence_score: Long,
+    weapons_score: Long,
+    hate_speech_score: Long,
+    crime_score: Long,
+    sexual_score: Long,
+    profanity_score: Long,
+
+    // --- ML Detector Confidence Scores (0-100) ---
+    injection_score: Long,            // Prompt injection score (max of InjectionDetector + DeepContextDetector)
+    jailbreak_score: Long,            // Jailbreak detection score (max of JailbreakDetector + DeepContextDetector)
+
+    // --- Topic Classification (from TopicDetector) ---
+    content_topics?: Set<String>,     // Detected topics: "controlled_substances", "weapons_manufacturing", etc.
+    topic_confidence?: Long,          // Topic classifier confidence (0-100)
+
+    // --- Encoding & Unicode Attacks (from SecurityFiltersDetector, EncodedInjectionDetector) ---
+    contains_invisible_chars?: Bool,  // Zero-width chars, bidi overrides, tag chars
+    invisible_chars_score?: Long,     // Unicode attack severity (0-100)
+    encoded_content_detected?: Bool,  // Base64, hex, unicode, URL encoded content
+    encoded_types?: Set<String>,      // Encoding types detected
+    encoded_count?: Long,             // Number of encoded segments
+    encoded_score?: Long,             // Encoded injection severity (0-100)
+
+    // --- Code Detection (from CodeDetector) ---
+    contains_code?: Bool,             // Whether content contains source code
+    code_languages?: Set<String>,     // Detected languages: "python", "javascript", etc.
+    code_ratio?: Long,                // Percentage of content that is code (0-100)
+
+    // --- Language Detection (from LanguageDetector, ScriptDetector) ---
+    detected_language?: String,       // ISO language code
+    is_english?: Bool,
+    language_confidence?: Long,       // 0-100
+    detected_script?: String,         // "latin", "cyrillic", "arabic", "unknown"
+    is_latin_script?: Bool,
+    script_confidence?: Long,         // 0-100
+
+    // --- Keyword Detection (from KeywordDetector) ---
+    keyword_matched?: Bool,           // Whether any keywords matched
+    keyword_categories?: Set<String>, // Matched keyword categories
+    keyword_count?: Long,             // Number of keyword matches
+
+    // --- Phishing Detection (from CheckPhishDetector) ---
+    phishing_detected?: Bool,         // Whether phishing URLs detected in content
+
+    // --- Session Detection History (cross-turn sticky flags) ---
+    session_pii_detected?: Bool,
+    session_pii_types?: Set<String>,
+    session_secrets_detected?: Bool,
+    session_secret_types?: Set<String>,
+    session_injection_detected?: Bool,
+    session_threat_turns?: Long,
+  },
+};
+
+// AI service responds to the user
+// Threat focus: harmful content in responses, hallucination, data leakage in output
+action receive_response appliesTo {
+  principal: [User],
+  resource: [ChatSession],
+  context: {
+    // --- Core Metadata ---
+    content: String,                  // AI response content
+    source: String,
+    event: String,                    // "receive_response"
+    user_email: String,
+    target_app: String,
+    target_url?: String,
+
+    // --- Aggregated Threat Summary ---
+    threat_count: Long,
+    highest_severity: String,
+    threat_categories: Set<String>,
+    detected_threats: Set<String>,
+    max_threat_severity: Long,
+
+    // --- Secrets Detection ---
+    contains_secrets: Bool,
+    secret_types?: Set<String>,
+    secret_count?: Long,
+
+    // --- PII Detection ---
+    pii_detected?: Bool,
+    pii_types?: Set<String>,
+    pii_count?: Long,
+    pii_confidence?: Long,
+
+    // --- Content Safety Scores (0-100) ---
+    violence_score: Long,
+    weapons_score: Long,
+    hate_speech_score: Long,
+    crime_score: Long,
+    sexual_score: Long,
+    profanity_score: Long,
+
+    // --- ML Detector Scores (0-100) ---
+    injection_score: Long,            // Indirect injection in response content
+    jailbreak_score: Long,
+
+    // --- Hallucination Detection (from HallucinationDetector) ---
+    hallucination_score?: Long,       // Hallucination confidence (0-100)
+    factuality_score?: Long,          // Factuality score (0-100)
+
+    // --- Code in Response ---
+    contains_code?: Bool,
+    code_languages?: Set<String>,
+    code_ratio?: Long,
+
+    // --- Phishing ---
+    phishing_detected?: Bool,
+
+    // --- Session History ---
+    session_pii_detected?: Bool,
+    session_pii_types?: Set<String>,
+    session_secrets_detected?: Bool,
+    session_secret_types?: Set<String>,
+    session_injection_detected?: Bool,
+    session_threat_turns?: Long,
+  },
+};
+
+// User pastes content into an AI chat (clipboard, cross-tab, cross-app)
+// Threat focus: data leakage via cut/paste, injection payloads in pasted content
+action paste_content appliesTo {
+  principal: [User],
+  resource: [ChatSession],
+  context: {
+    // --- Core Metadata ---
+    content: String,                  // Pasted content
+    source: String,
+    event: String,                    // "paste_content"
+    user_email: String,
+    target_app: String,
+    target_url?: String,
+
+    // --- Paste Context ---
+    paste_source_app?: String,        // Source application (e.g., "outlook", "excel", "vscode", "terminal")
+    paste_source_url?: String,        // Source URL if from another browser tab
+    paste_length?: Long,              // Character length of pasted content
+
+    // --- Aggregated Threat Summary ---
+    threat_count: Long,
+    highest_severity: String,
+    threat_categories: Set<String>,
+    detected_threats: Set<String>,
+    max_threat_severity: Long,
+
+    // --- Secrets Detection ---
+    contains_secrets: Bool,
+    secret_types?: Set<String>,
+    secret_count?: Long,
+
+    // --- PII Detection ---
+    pii_detected?: Bool,
+    pii_types?: Set<String>,
+    pii_count?: Long,
+    pii_confidence?: Long,
+
+    // --- Content Safety Scores (0-100) ---
+    violence_score: Long,
+    weapons_score: Long,
+    hate_speech_score: Long,
+    crime_score: Long,
+    sexual_score: Long,
+    profanity_score: Long,
+
+    // --- ML Detector Scores (0-100) ---
+    injection_score: Long,
+    jailbreak_score: Long,
+
+    // --- Code Detection ---
+    contains_code?: Bool,
+    code_languages?: Set<String>,
+    code_ratio?: Long,
+
+    // --- Encoding Attacks ---
+    contains_invisible_chars?: Bool,
+    invisible_chars_score?: Long,
+    encoded_content_detected?: Bool,
+    encoded_types?: Set<String>,
+    encoded_count?: Long,
+    encoded_score?: Long,
+
+    // --- Keyword Detection ---
+    keyword_matched?: Bool,
+    keyword_categories?: Set<String>,
+    keyword_count?: Long,
+
+    // --- Session History ---
+    session_pii_detected?: Bool,
+    session_pii_types?: Set<String>,
+    session_secrets_detected?: Bool,
+    session_secret_types?: Set<String>,
+    session_injection_detected?: Bool,
+    session_threat_turns?: Long,
+  },
+};
+
+// User uploads a file or document into an AI chat
+// Threat focus: document sensitivity (MIP labels), PII/secrets in files, malware
+action upload_file appliesTo {
+  principal: [User],
+  resource: [Document, ChatSession],
+  context: {
+    // --- Core Metadata ---
+    content: String,                  // Extracted file text content (for scanning)
+    source: String,
+    event: String,                    // "upload_file"
+    user_email: String,
+    target_app: String,
+    target_url?: String,
+
+    // --- File Metadata ---
+    file_name?: String,               // Original file name
+    file_type?: String,               // MIME type: "application/pdf", "text/csv", etc.
+    file_size_bytes?: Long,           // File size in bytes
+    file_extension?: String,          // Extension: "pdf", "docx", "xlsx", "csv", "txt"
+
+    // --- Document Sensitivity (MIP Labels) ---
+    mip_label_id?: String,            // Microsoft Information Protection label ID
+    mip_label_name?: String,          // Label display name: "Public", "Internal", "Confidential", "Highly Confidential"
+    sensitivity_level?: String,       // Normalized: "public", "internal", "confidential", "restricted"
+    is_encrypted?: Bool,              // Whether file is encrypted (MIP protection)
+    is_rights_managed?: Bool,         // Whether file has rights management restrictions
+
+    // --- Aggregated Threat Summary ---
+    threat_count: Long,
+    highest_severity: String,
+    threat_categories: Set<String>,
+    detected_threats: Set<String>,
+    max_threat_severity: Long,
+
+    // --- Secrets Detection ---
+    contains_secrets: Bool,
+    secret_types?: Set<String>,
+    secret_count?: Long,
+
+    // --- PII Detection ---
+    pii_detected?: Bool,
+    pii_types?: Set<String>,
+    pii_count?: Long,
+    pii_confidence?: Long,
+
+    // --- Content Safety Scores (0-100) ---
+    violence_score: Long,
+    weapons_score: Long,
+    hate_speech_score: Long,
+    crime_score: Long,
+    sexual_score: Long,
+    profanity_score: Long,
+
+    // --- ML Detector Scores (0-100) ---
+    injection_score: Long,            // Prompt injection payloads hidden in documents
+    jailbreak_score: Long,
+
+    // --- Code Detection ---
+    contains_code?: Bool,
+    code_languages?: Set<String>,
+    code_ratio?: Long,
+
+    // --- Phishing ---
+    phishing_detected?: Bool,
+
+    // --- Encoding Attacks ---
+    contains_invisible_chars?: Bool,
+    invisible_chars_score?: Long,
+    encoded_content_detected?: Bool,
+    encoded_types?: Set<String>,
+    encoded_count?: Long,
+    encoded_score?: Long,
+
+    // --- Session History ---
+    session_pii_detected?: Bool,
+    session_pii_types?: Set<String>,
+    session_secrets_detected?: Bool,
+    session_secret_types?: Set<String>,
+    session_injection_detected?: Bool,
+    session_threat_turns?: Long,
+  },
+};
+
 }
 `;
 /**
@@ -1158,7 +1553,14 @@ export const OVERWATCH_CONTEXT = {
                 { "key": "pii_confidence", "type": "number", "required": true, "description": "PII detection ML classifier confidence (0-100)" },
                 { "key": "injection_confidence", "type": "number", "required": true, "description": "Prompt injection ML classifier confidence (0-100)" },
                 { "key": "jailbreak_confidence", "type": "number", "required": true, "description": "Jailbreak detection ML classifier confidence (0-100)" },
-                { "key": "indirect_injection_score", "type": "number", "required": true, "description": "Indirect prompt injection risk score (0-100) — injection via tool outputs or retrieved content" }
+                { "key": "indirect_injection_score", "type": "number", "required": true, "description": "Indirect prompt injection risk score (0-100) — injection via tool outputs or retrieved content" },
+                { "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
+                { "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
+                { "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
+                { "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
+                { "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
+                { "key": "session_command_injection", "type": "boolean", "required": false, "description": "Whether command injection was detected in any previous turn of the session" },
+                { "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" }
             ]
         },
         {
@@ -1213,7 +1615,14 @@ export const OVERWATCH_CONTEXT = {
                 { "key": "suspicious_pattern", "type": "boolean", "required": false, "description": "Whether a suspicious action sequence was detected (exfiltration, theft, destructive)" },
                 { "key": "pattern_type", "type": "string", "required": false, "description": "Type of suspicious pattern: data_exfiltration, secret_exfiltration, credential_theft, destructive_sequence" },
                 { "key": "sequence_risk", "type": "number", "required": false, "description": "Behavioral sequence risk score (0-100)" },
-                { "key": "mcp_server_verified", "type": "boolean", "required": false, "description": "Whether the MCP server is from a verified registry" }
+                { "key": "mcp_server_verified", "type": "boolean", "required": false, "description": "Whether the MCP server is from a verified registry" },
+                { "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
+                { "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
+                { "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
+                { "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
+                { "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
+                { "key": "session_command_injection", "type": "boolean", "required": false, "description": "Whether command injection was detected in any previous turn of the session" },
+                { "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" }
             ]
         },
         {
@@ -1237,7 +1646,14 @@ export const OVERWATCH_CONTEXT = {
                 { "key": "indirect_injection_score", "type": "number", "required": false, "description": "Indirect injection risk score (0-100) — injection payloads in server responses" },
                 { "key": "mcp_server_verified", "type": "boolean", "required": false, "description": "Whether the MCP server is from a verified registry" },
                 { "key": "mcp_config_risk", "type": "boolean", "required": false, "description": "Whether risky server configuration was detected (inline code exec, mixed transports)" },
-                { "key": "mcp_risk_score", "type": "number", "required": false, "description": "MCP configuration risk severity score (0-100)" }
+                { "key": "mcp_risk_score", "type": "number", "required": false, "description": "MCP configuration risk severity score (0-100)" },
+                { "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
+                { "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
+                { "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
+                { "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
+                { "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
+                { "key": "session_command_injection", "type": "boolean", "required": false, "description": "Whether command injection was detected in any previous turn of the session" },
+                { "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" }
             ]
         },
         {
@@ -1261,7 +1677,14 @@ export const OVERWATCH_CONTEXT = {
                 { "key": "secret_count", "type": "number", "required": false, "description": "Number of distinct secrets detected in file" },
                 { "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether any PII patterns were matched in file content" },
                 { "key": "pii_types", "type": "array", "required": false, "description": "Specific PII types found in file" },
-                { "key": "pii_count", "type": "number", "required": false, "description": "Number of PII pattern matches in file" }
+                { "key": "pii_count", "type": "number", "required": false, "description": "Number of PII pattern matches in file" },
+                { "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
+                { "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
+                { "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
+                { "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
+                { "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
+                { "key": "session_command_injection", "type": "boolean", "required": false, "description": "Whether command injection was detected in any previous turn of the session" },
+                { "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" }
             ]
         },
         {
@@ -1286,7 +1709,14 @@ export const OVERWATCH_CONTEXT = {
                 { "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether any PII patterns were matched in content being written" },
                 { "key": "pii_types", "type": "array", "required": false, "description": "Specific PII types found" },
                 { "key": "pii_count", "type": "number", "required": false, "description": "Number of PII pattern matches" },
-                { "key": "contains_invisible_chars", "type": "boolean", "required": false, "description": "Whether invisible Unicode characters were detected in content being written" }
+                { "key": "contains_invisible_chars", "type": "boolean", "required": false, "description": "Whether invisible Unicode characters were detected in content being written" },
+                { "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
+                { "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
+                { "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
+                { "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
+                { "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
+                { "key": "session_command_injection", "type": "boolean", "required": false, "description": "Whether command injection was detected in any previous turn of the session" },
+                { "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" }
             ]
         }
     ]
@@ -1389,3 +1819,226 @@ export const PALISADE_CONTEXT = {
         }
     ]
 };
+/**
+ * Sentry context metadata (parsed JSON)
+ */
+export const SENTRY_CONTEXT = {
+    "service": "sentry",
+    "version": "1.0.0",
+    "description": "Sentry browser security — monitors AI chat interactions and enforces data-protection, content-safety, and compliance policies",
+    "actions": [
+        {
+            "name": "send_message",
+            "description": "User sends a message (prompt) to an AI chat service via the browser",
+            "context_attributes": [
+                { "key": "content", "type": "string", "required": true, "description": "Raw message content being sent to the AI service" },
+                { "key": "source", "type": "string", "required": true, "description": "Browser extension identifier (always \'sentry\')" },
+                { "key": "event", "type": "string", "required": true, "description": "Event type (always \'send_message\')" },
+                { "key": "user_email", "type": "string", "required": true, "description": "User identifier (SSO/OAuth verified)" },
+                { "key": "target_app", "type": "string", "required": true, "description": "AI service being used: chatgpt, gemini, claude, copilot, custom" },
+                { "key": "target_url", "type": "string", "required": false, "description": "Full URL of the AI chat service" },
+                { "key": "threat_count", "type": "number", "required": true, "description": "Total number of threats detected by Shield detection pipeline" },
+                { "key": "highest_severity", "type": "string", "required": true, "description": "Highest severity level: critical, high, medium, low, none" },
+                { "key": "threat_categories", "type": "array", "required": true, "description": "Threat category names from the detection aggregator" },
+                { "key": "detected_threats", "type": "array", "required": true, "description": "Detection rule names that matched (e.g., prompt_injection, credit_card, secret_exposure)" },
+                { "key": "max_threat_severity", "type": "number", "required": true, "description": "Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)" },
+                { "key": "contains_secrets", "type": "boolean", "required": true, "description": "Whether secrets or credentials were detected in the message" },
+                { "key": "secret_types", "type": "array", "required": false, "description": "Specific secret types: aws_access_key, aws_secret_key, github_token, github_fine_grained, slack_token, gcp_service_account, gcp_api_key, azure_connection_string, private_key, jwt_token, generic_api_key, stripe_key, openai_key, anthropic_key" },
+                { "key": "secret_count", "type": "number", "required": false, "description": "Number of distinct secrets detected" },
+                { "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether any PII patterns were matched" },
+                { "key": "pii_types", "type": "array", "required": false, "description": "Specific PII types: ssn, credit_card, email, phone_us, ip_address, date_of_birth, passport, iban, aws_key, api_key_generic" },
+                { "key": "pii_count", "type": "number", "required": false, "description": "Number of PII pattern matches" },
+                { "key": "pii_confidence", "type": "number", "required": false, "description": "PII detection confidence (0-100). Fixed 80 when regex PII detected, else 0" },
+                { "key": "violence_score", "type": "number", "required": true, "description": "Violence content detection score (0-100, from ToxicityDetector)" },
+                { "key": "weapons_score", "type": "number", "required": true, "description": "Weapons content detection score (0-100)" },
+                { "key": "hate_speech_score", "type": "number", "required": true, "description": "Hate speech detection score (0-100)" },
+                { "key": "crime_score", "type": "number", "required": true, "description": "Criminal content detection score (0-100)" },
+                { "key": "sexual_score", "type": "number", "required": true, "description": "Sexual content detection score (0-100)" },
+                { "key": "profanity_score", "type": "number", "required": true, "description": "Profanity detection score (0-100)" },
+                { "key": "injection_score", "type": "number", "required": true, "description": "Prompt injection score (0-100, max of InjectionDetector + DeepContextDetector)" },
+                { "key": "jailbreak_score", "type": "number", "required": true, "description": "Jailbreak detection score (0-100, max of JailbreakDetector + DeepContextDetector)" },
+                { "key": "content_topics", "type": "array", "required": false, "description": "Detected topics from TopicDetector: controlled_substances, weapons_manufacturing, etc." },
+                { "key": "topic_confidence", "type": "number", "required": false, "description": "Topic classifier confidence (0-100)" },
+                { "key": "contains_invisible_chars", "type": "boolean", "required": false, "description": "Whether invisible Unicode characters (zero-width, bidi overrides, tag chars) were detected" },
+                { "key": "invisible_chars_score", "type": "number", "required": false, "description": "Invisible character attack severity score (0-100)" },
+                { "key": "encoded_content_detected", "type": "boolean", "required": false, "description": "Whether encoded content (base64, hex, unicode, URL) was detected" },
+                { "key": "encoded_types", "type": "array", "required": false, "description": "Encoding types detected: base64, hex, unicode, url" },
+                { "key": "encoded_count", "type": "number", "required": false, "description": "Number of encoded segments detected" },
+                { "key": "encoded_score", "type": "number", "required": false, "description": "Encoded injection severity score (0-100)" },
+                { "key": "contains_code", "type": "boolean", "required": false, "description": "Whether content contains source code" },
+                { "key": "code_languages", "type": "array", "required": false, "description": "Detected programming languages: python, javascript, go, etc." },
+                { "key": "code_ratio", "type": "number", "required": false, "description": "Percentage of content that is code (0-100)" },
+                { "key": "detected_language", "type": "string", "required": false, "description": "Detected natural language ISO code from LanguageDetector" },
+                { "key": "is_english", "type": "boolean", "required": false, "description": "Whether detected language is English" },
+                { "key": "language_confidence", "type": "number", "required": false, "description": "Language detection confidence (0-100)" },
+                { "key": "detected_script", "type": "string", "required": false, "description": "Unicode script: latin, cyrillic, arabic, unknown" },
+                { "key": "is_latin_script", "type": "boolean", "required": false, "description": "Whether detected script is Latin" },
+                { "key": "script_confidence", "type": "number", "required": false, "description": "Script detection confidence (0-100)" },
+                { "key": "keyword_matched", "type": "boolean", "required": false, "description": "Whether any keywords from KeywordDetector matched" },
+                { "key": "keyword_categories", "type": "array", "required": false, "description": "Matched keyword categories" },
+                { "key": "keyword_count", "type": "number", "required": false, "description": "Number of keyword matches" },
+                { "key": "phishing_detected", "type": "boolean", "required": false, "description": "Whether phishing URLs detected by CheckPhishDetector" },
+                { "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
+                { "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
+                { "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
+                { "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
+                { "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
+                { "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" }
+            ]
+        },
+        {
+            "name": "receive_response",
+            "description": "AI service responds to the user — scan response content for harmful output",
+            "context_attributes": [
+                { "key": "content", "type": "string", "required": true, "description": "AI response content" },
+                { "key": "source", "type": "string", "required": true, "description": "Browser extension identifier" },
+                { "key": "event", "type": "string", "required": true, "description": "Event type (always \'receive_response\')" },
+                { "key": "user_email", "type": "string", "required": true, "description": "User identifier" },
+                { "key": "target_app", "type": "string", "required": true, "description": "AI service: chatgpt, gemini, claude, copilot, custom" },
+                { "key": "target_url", "type": "string", "required": false, "description": "Full URL of the AI chat service" },
+                { "key": "threat_count", "type": "number", "required": true, "description": "Total number of threats detected" },
+                { "key": "highest_severity", "type": "string", "required": true, "description": "Highest severity level: critical, high, medium, low, none" },
+                { "key": "threat_categories", "type": "array", "required": true, "description": "Threat category names" },
+                { "key": "detected_threats", "type": "array", "required": true, "description": "Detection rule names that matched" },
+                { "key": "max_threat_severity", "type": "number", "required": true, "description": "Numeric severity (0-4)" },
+                { "key": "contains_secrets", "type": "boolean", "required": true, "description": "Whether secrets detected in AI response" },
+                { "key": "secret_types", "type": "array", "required": false, "description": "Secret types in response" },
+                { "key": "secret_count", "type": "number", "required": false, "description": "Number of secrets in response" },
+                { "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII detected in response" },
+                { "key": "pii_types", "type": "array", "required": false, "description": "PII types in response" },
+                { "key": "pii_count", "type": "number", "required": false, "description": "Number of PII matches in response" },
+                { "key": "pii_confidence", "type": "number", "required": false, "description": "PII detection confidence (0-100)" },
+                { "key": "violence_score", "type": "number", "required": true, "description": "Violence score (0-100)" },
+                { "key": "weapons_score", "type": "number", "required": true, "description": "Weapons score (0-100)" },
+                { "key": "hate_speech_score", "type": "number", "required": true, "description": "Hate speech score (0-100)" },
+                { "key": "crime_score", "type": "number", "required": true, "description": "Crime score (0-100)" },
+                { "key": "sexual_score", "type": "number", "required": true, "description": "Sexual content score (0-100)" },
+                { "key": "profanity_score", "type": "number", "required": true, "description": "Profanity score (0-100)" },
+                { "key": "injection_score", "type": "number", "required": true, "description": "Indirect injection score in response (0-100)" },
+                { "key": "jailbreak_score", "type": "number", "required": true, "description": "Jailbreak score (0-100)" },
+                { "key": "hallucination_score", "type": "number", "required": false, "description": "Hallucination confidence (0-100, from HallucinationDetector)" },
+                { "key": "factuality_score", "type": "number", "required": false, "description": "Factuality score (0-100)" },
+                { "key": "contains_code", "type": "boolean", "required": false, "description": "Whether response contains code" },
+                { "key": "code_languages", "type": "array", "required": false, "description": "Code languages in response" },
+                { "key": "code_ratio", "type": "number", "required": false, "description": "Code ratio (0-100)" },
+                { "key": "phishing_detected", "type": "boolean", "required": false, "description": "Whether phishing URLs detected in response" },
+                { "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
+                { "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
+                { "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
+                { "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
+                { "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
+                { "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" }
+            ]
+        },
+        {
+            "name": "paste_content",
+            "description": "User pastes content into an AI chat (clipboard, cross-tab, cross-app)",
+            "context_attributes": [
+                { "key": "content", "type": "string", "required": true, "description": "Pasted content" },
+                { "key": "source", "type": "string", "required": true, "description": "Browser extension identifier" },
+                { "key": "event", "type": "string", "required": true, "description": "Event type (always \'paste_content\')" },
+                { "key": "user_email", "type": "string", "required": true, "description": "User identifier" },
+                { "key": "target_app", "type": "string", "required": true, "description": "AI service: chatgpt, gemini, claude, copilot, custom" },
+                { "key": "target_url", "type": "string", "required": false, "description": "Full URL of the AI chat service" },
+                { "key": "paste_source_app", "type": "string", "required": false, "description": "Source application for the paste: outlook, excel, vscode, terminal, slack, etc." },
+                { "key": "paste_source_url", "type": "string", "required": false, "description": "Source URL if content pasted from another browser tab" },
+                { "key": "paste_length", "type": "number", "required": false, "description": "Character length of pasted content" },
+                { "key": "threat_count", "type": "number", "required": true, "description": "Total threats detected" },
+                { "key": "highest_severity", "type": "string", "required": true, "description": "Highest severity: critical, high, medium, low, none" },
+                { "key": "threat_categories", "type": "array", "required": true, "description": "Threat category names" },
+                { "key": "detected_threats", "type": "array", "required": true, "description": "Detection rule names that matched" },
+                { "key": "max_threat_severity", "type": "number", "required": true, "description": "Numeric severity (0-4)" },
+                { "key": "contains_secrets", "type": "boolean", "required": true, "description": "Whether secrets detected in pasted content" },
+                { "key": "secret_types", "type": "array", "required": false, "description": "Secret types in pasted content" },
+                { "key": "secret_count", "type": "number", "required": false, "description": "Number of secrets" },
+                { "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII detected in pasted content" },
+                { "key": "pii_types", "type": "array", "required": false, "description": "PII types in pasted content" },
+                { "key": "pii_count", "type": "number", "required": false, "description": "PII match count" },
+                { "key": "pii_confidence", "type": "number", "required": false, "description": "PII detection confidence (0-100)" },
+                { "key": "violence_score", "type": "number", "required": true, "description": "Violence score (0-100)" },
+                { "key": "weapons_score", "type": "number", "required": true, "description": "Weapons score (0-100)" },
+                { "key": "hate_speech_score", "type": "number", "required": true, "description": "Hate speech score (0-100)" },
+                { "key": "crime_score", "type": "number", "required": true, "description": "Crime score (0-100)" },
+                { "key": "sexual_score", "type": "number", "required": true, "description": "Sexual score (0-100)" },
+                { "key": "profanity_score", "type": "number", "required": true, "description": "Profanity score (0-100)" },
+                { "key": "injection_score", "type": "number", "required": true, "description": "Injection score (0-100)" },
+                { "key": "jailbreak_score", "type": "number", "required": true, "description": "Jailbreak score (0-100)" },
+                { "key": "contains_code", "type": "boolean", "required": false, "description": "Whether pasted content contains code" },
+                { "key": "code_languages", "type": "array", "required": false, "description": "Code languages in pasted content" },
+                { "key": "code_ratio", "type": "number", "required": false, "description": "Code ratio (0-100)" },
+                { "key": "contains_invisible_chars", "type": "boolean", "required": false, "description": "Whether invisible Unicode characters detected" },
+                { "key": "invisible_chars_score", "type": "number", "required": false, "description": "Invisible chars severity (0-100)" },
+                { "key": "encoded_content_detected", "type": "boolean", "required": false, "description": "Whether encoded content detected" },
+                { "key": "encoded_types", "type": "array", "required": false, "description": "Encoding types" },
+                { "key": "encoded_count", "type": "number", "required": false, "description": "Encoded segment count" },
+                { "key": "encoded_score", "type": "number", "required": false, "description": "Encoded injection severity (0-100)" },
+                { "key": "keyword_matched", "type": "boolean", "required": false, "description": "Whether keywords matched" },
+                { "key": "keyword_categories", "type": "array", "required": false, "description": "Keyword categories" },
+                { "key": "keyword_count", "type": "number", "required": false, "description": "Keyword match count" },
+                { "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
+                { "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
+                { "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
+                { "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
+                { "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
+                { "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" }
+            ]
+        },
+        {
+            "name": "upload_file",
+            "description": "User uploads a file or document into an AI chat service",
+            "context_attributes": [
+                { "key": "content", "type": "string", "required": true, "description": "Extracted file text content (for scanning)" },
+                { "key": "source", "type": "string", "required": true, "description": "Browser extension identifier" },
+                { "key": "event", "type": "string", "required": true, "description": "Event type (always \'upload_file\')" },
+                { "key": "user_email", "type": "string", "required": true, "description": "User identifier" },
+                { "key": "target_app", "type": "string", "required": true, "description": "AI service: chatgpt, gemini, claude, copilot, custom" },
+                { "key": "target_url", "type": "string", "required": false, "description": "Full URL of the AI chat service" },
+                { "key": "file_name", "type": "string", "required": false, "description": "Original file name" },
+                { "key": "file_type", "type": "string", "required": false, "description": "MIME type: application/pdf, text/csv, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet, etc." },
+                { "key": "file_size_bytes", "type": "number", "required": false, "description": "File size in bytes" },
+                { "key": "file_extension", "type": "string", "required": false, "description": "File extension: pdf, docx, xlsx, csv, txt, py, js, etc." },
+                { "key": "mip_label_id", "type": "string", "required": false, "description": "Microsoft Information Protection label GUID" },
+                { "key": "mip_label_name", "type": "string", "required": false, "description": "MIP label display name: Public, General, Confidential, Highly Confidential" },
+                { "key": "sensitivity_level", "type": "string", "required": false, "description": "Normalized sensitivity: public, internal, confidential, restricted" },
+                { "key": "is_encrypted", "type": "boolean", "required": false, "description": "Whether file is encrypted via MIP protection" },
+                { "key": "is_rights_managed", "type": "boolean", "required": false, "description": "Whether file has rights management (IRM/RMS) restrictions" },
+                { "key": "threat_count", "type": "number", "required": true, "description": "Total threats detected" },
+                { "key": "highest_severity", "type": "string", "required": true, "description": "Highest severity: critical, high, medium, low, none" },
+                { "key": "threat_categories", "type": "array", "required": true, "description": "Threat category names" },
+                { "key": "detected_threats", "type": "array", "required": true, "description": "Detection rule names that matched" },
+                { "key": "max_threat_severity", "type": "number", "required": true, "description": "Numeric severity (0-4)" },
+                { "key": "contains_secrets", "type": "boolean", "required": true, "description": "Whether secrets detected in file content" },
+                { "key": "secret_types", "type": "array", "required": false, "description": "Secret types in file" },
+                { "key": "secret_count", "type": "number", "required": false, "description": "Number of secrets" },
+                { "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII detected in file" },
+                { "key": "pii_types", "type": "array", "required": false, "description": "PII types in file" },
+                { "key": "pii_count", "type": "number", "required": false, "description": "PII match count" },
+                { "key": "pii_confidence", "type": "number", "required": false, "description": "PII confidence (0-100)" },
+                { "key": "violence_score", "type": "number", "required": true, "description": "Violence score (0-100)" },
+                { "key": "weapons_score", "type": "number", "required": true, "description": "Weapons score (0-100)" },
+                { "key": "hate_speech_score", "type": "number", "required": true, "description": "Hate speech score (0-100)" },
+                { "key": "crime_score", "type": "number", "required": true, "description": "Crime score (0-100)" },
+                { "key": "sexual_score", "type": "number", "required": true, "description": "Sexual score (0-100)" },
+                { "key": "profanity_score", "type": "number", "required": true, "description": "Profanity score (0-100)" },
+                { "key": "injection_score", "type": "number", "required": true, "description": "Injection score in file content (0-100)" },
+                { "key": "jailbreak_score", "type": "number", "required": true, "description": "Jailbreak score (0-100)" },
+                { "key": "contains_code", "type": "boolean", "required": false, "description": "Whether file contains source code" },
+                { "key": "code_languages", "type": "array", "required": false, "description": "Code languages in file" },
+                { "key": "code_ratio", "type": "number", "required": false, "description": "Code ratio (0-100)" },
+                { "key": "phishing_detected", "type": "boolean", "required": false, "description": "Whether phishing URLs detected in file" },
+                { "key": "contains_invisible_chars", "type": "boolean", "required": false, "description": "Whether invisible chars detected in file" },
+                { "key": "invisible_chars_score", "type": "number", "required": false, "description": "Invisible chars severity (0-100)" },
+                { "key": "encoded_content_detected", "type": "boolean", "required": false, "description": "Whether encoded content detected in file" },
+                { "key": "encoded_types", "type": "array", "required": false, "description": "Encoding types in file" },
+                { "key": "encoded_count", "type": "number", "required": false, "description": "Encoded segment count" },
+                { "key": "encoded_score", "type": "number", "required": false, "description": "Encoded injection severity (0-100)" },
+                { "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
+                { "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
+                { "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
+                { "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
+                { "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
+                { "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" }
+            ]
+        }
+    ]
+};