@highflame/policy 2.1.3 → 2.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +41 -0
- package/_schemas/guardrails/context.json +466 -76
- package/_schemas/guardrails/schema.cedarschema +39 -3
- package/_schemas/guardrails/templates/defaults/injection.cedar +6 -6
- package/_schemas/guardrails/templates/profiles/chat_assistant/security.cedar +2 -2
- package/_schemas/guardrails/templates/profiles/data_pipeline/security.cedar +1 -1
- package/_schemas/overwatch/context.json +443 -5
- package/_schemas/overwatch/schema.cedarschema +42 -4
- package/_schemas/palisade/context.json +1 -1
- package/_schemas/sentry/context.json +1165 -0
- package/_schemas/sentry/schema.cedarschema +388 -0
- package/_schemas/sentry/templates/defaults/baseline.cedar +24 -0
- package/_schemas/sentry/templates/defaults/content_safety.cedar +232 -0
- package/_schemas/sentry/templates/defaults/file_safety.cedar +174 -0
- package/_schemas/sentry/templates/defaults/organization.cedar +207 -0
- package/_schemas/sentry/templates/defaults/pii.cedar +229 -0
- package/_schemas/sentry/templates/defaults/semantic.cedar +167 -0
- package/_schemas/sentry/templates/templates.json +93 -0
- package/dist/builder.d.ts +32 -0
- package/dist/builder.js +6 -6
- package/dist/condition-groups.d.ts +69 -0
- package/dist/condition-groups.js +305 -0
- package/dist/guardrails-context.gen.d.ts +19 -2
- package/dist/guardrails-context.gen.js +19 -2
- package/dist/guardrails-defaults.gen.js +9 -9
- package/dist/index.d.ts +6 -1
- package/dist/index.js +6 -1
- package/dist/overwatch-context.gen.d.ts +17 -0
- package/dist/overwatch-context.gen.js +17 -0
- package/dist/sentry-context.gen.d.ts +76 -0
- package/dist/sentry-context.gen.js +77 -0
- package/dist/sentry-defaults.gen.d.ts +61 -0
- package/dist/sentry-defaults.gen.js +1235 -0
- package/dist/sentry-entities.gen.d.ts +11 -0
- package/dist/sentry-entities.gen.js +33 -0
- package/dist/service-schemas.gen.d.ts +12 -2
- package/dist/service-schemas.gen.js +861 -25
- package/dist/types.d.ts +6 -1
- package/dist/types.js +6 -1
- package/package.json +1 -1
- package/_schemas/guardrails/templates/profiles/chat_assistant.cedar +0 -85
- package/_schemas/guardrails/templates/profiles/code_agent.cedar +0 -125
- package/_schemas/guardrails/templates/profiles/data_pipeline.cedar +0 -111
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
// Code generated by highflame-policy-codegen. DO NOT EDIT.
|
|
2
|
-
// Source: schemas/guardrails/schema.cedarschema, schemas/overwatch/schema.cedarschema, schemas/palisade/schema.cedarschema
|
|
2
|
+
// Source: schemas/guardrails/schema.cedarschema, schemas/overwatch/schema.cedarschema, schemas/palisade/schema.cedarschema, schemas/sentry/schema.cedarschema
|
|
3
3
|
//
|
|
4
4
|
// Service-specific Cedar schemas and context metadata.
|
|
5
5
|
// Works in both browser and Node.js environments.
|
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
// import { GUARDRAILS_SCHEMA, GUARDRAILS_CONTEXT } from '@highflame/policy/types';
|
|
9
9
|
// import { OVERWATCH_SCHEMA, OVERWATCH_CONTEXT } from '@highflame/policy/types';
|
|
10
10
|
// import { PALISADE_SCHEMA, PALISADE_CONTEXT } from '@highflame/policy/types';
|
|
11
|
+
// import { SENTRY_SCHEMA, SENTRY_CONTEXT } from '@highflame/policy/types';
|
|
11
12
|
/**
|
|
12
13
|
* Guardrails Cedar schema
|
|
13
14
|
*
|
|
@@ -111,8 +112,12 @@ namespace Guardrails {
|
|
|
111
112
|
"detector_count": Long,
|
|
112
113
|
|
|
113
114
|
// Security - Injection & Jailbreak (optional)
|
|
114
|
-
"
|
|
115
|
-
"
|
|
115
|
+
"injection_confidence"?: Long, // Combined injection confidence: MAX(pulse, deep_context)
|
|
116
|
+
"jailbreak_confidence"?: Long, // Combined jailbreak confidence: MAX(pulse, deep_context)
|
|
117
|
+
"injection_pulse_score"?: Long, // 0-100 Pulse single-turn classifier
|
|
118
|
+
"injection_deep_context_score"?: Long, // 0-100 DeepContext multi-turn
|
|
119
|
+
"jailbreak_pulse_score"?: Long, // 0-100 Pulse single-turn classifier
|
|
120
|
+
"jailbreak_deep_context_score"?: Long, // 0-100 DeepContext multi-turn
|
|
116
121
|
"injection_type"?: String, // "prompt" | "sql" | "command" | "none"
|
|
117
122
|
|
|
118
123
|
// Privacy - Secrets (optional)
|
|
@@ -198,6 +203,12 @@ namespace Guardrails {
|
|
|
198
203
|
"session_injection_detected"?: Bool,
|
|
199
204
|
"session_command_injection"?: Bool,
|
|
200
205
|
"session_threat_turns"?: Long,
|
|
206
|
+
"session_max_injection_score"?: Long,
|
|
207
|
+
"session_max_jailbreak_score"?: Long,
|
|
208
|
+
"session_max_command_injection_score"?: Long,
|
|
209
|
+
"session_max_pii_score"?: Long,
|
|
210
|
+
"session_max_secret_score"?: Long,
|
|
211
|
+
"session_cumulative_risk_score"?: Long,
|
|
201
212
|
|
|
202
213
|
};
|
|
203
214
|
|
|
@@ -242,7 +253,9 @@ namespace Guardrails {
|
|
|
242
253
|
"secret_types"?: Set<String>,
|
|
243
254
|
"pii_detected"?: Bool,
|
|
244
255
|
"pii_types"?: Set<String>,
|
|
245
|
-
"
|
|
256
|
+
"injection_confidence"?: Long,
|
|
257
|
+
"injection_pulse_score"?: Long, // 0-100 Pulse single-turn classifier
|
|
258
|
+
"injection_deep_context_score"?: Long, // 0-100 DeepContext multi-turn
|
|
246
259
|
|
|
247
260
|
// Security - Pattern Detection (optional)
|
|
248
261
|
"command_injection_detected"?: Bool,
|
|
@@ -291,6 +304,12 @@ namespace Guardrails {
|
|
|
291
304
|
"session_injection_detected"?: Bool,
|
|
292
305
|
"session_command_injection"?: Bool,
|
|
293
306
|
"session_threat_turns"?: Long,
|
|
307
|
+
"session_max_injection_score"?: Long,
|
|
308
|
+
"session_max_jailbreak_score"?: Long,
|
|
309
|
+
"session_max_command_injection_score"?: Long,
|
|
310
|
+
"session_max_pii_score"?: Long,
|
|
311
|
+
"session_max_secret_score"?: Long,
|
|
312
|
+
"session_cumulative_risk_score"?: Long,
|
|
294
313
|
|
|
295
314
|
};
|
|
296
315
|
|
|
@@ -319,6 +338,12 @@ namespace Guardrails {
|
|
|
319
338
|
"session_injection_detected"?: Bool,
|
|
320
339
|
"session_command_injection"?: Bool,
|
|
321
340
|
"session_threat_turns"?: Long,
|
|
341
|
+
"session_max_injection_score"?: Long,
|
|
342
|
+
"session_max_jailbreak_score"?: Long,
|
|
343
|
+
"session_max_command_injection_score"?: Long,
|
|
344
|
+
"session_max_pii_score"?: Long,
|
|
345
|
+
"session_max_secret_score"?: Long,
|
|
346
|
+
"session_cumulative_risk_score"?: Long,
|
|
322
347
|
|
|
323
348
|
};
|
|
324
349
|
|
|
@@ -347,6 +372,12 @@ namespace Guardrails {
|
|
|
347
372
|
"session_injection_detected"?: Bool,
|
|
348
373
|
"session_command_injection"?: Bool,
|
|
349
374
|
"session_threat_turns"?: Long,
|
|
375
|
+
"session_max_injection_score"?: Long,
|
|
376
|
+
"session_max_jailbreak_score"?: Long,
|
|
377
|
+
"session_max_command_injection_score"?: Long,
|
|
378
|
+
"session_max_pii_score"?: Long,
|
|
379
|
+
"session_max_secret_score"?: Long,
|
|
380
|
+
"session_cumulative_risk_score"?: Long,
|
|
350
381
|
|
|
351
382
|
};
|
|
352
383
|
|
|
@@ -383,6 +414,12 @@ namespace Guardrails {
|
|
|
383
414
|
"session_injection_detected"?: Bool,
|
|
384
415
|
"session_command_injection"?: Bool,
|
|
385
416
|
"session_threat_turns"?: Long,
|
|
417
|
+
"session_max_injection_score"?: Long,
|
|
418
|
+
"session_max_jailbreak_score"?: Long,
|
|
419
|
+
"session_max_command_injection_score"?: Long,
|
|
420
|
+
"session_max_pii_score"?: Long,
|
|
421
|
+
"session_max_secret_score"?: Long,
|
|
422
|
+
"session_cumulative_risk_score"?: Long,
|
|
386
423
|
|
|
387
424
|
};
|
|
388
425
|
}
|
|
@@ -514,8 +551,12 @@ action process_prompt appliesTo {
|
|
|
514
551
|
|
|
515
552
|
// --- ML Detector Confidence Scores (0-100) ---
|
|
516
553
|
pii_confidence: Long, // PII detection classifier confidence
|
|
517
|
-
injection_confidence: Long, //
|
|
518
|
-
jailbreak_confidence: Long, //
|
|
554
|
+
injection_confidence: Long, // Combined injection confidence: MAX(pulse, deep_context)
|
|
555
|
+
jailbreak_confidence: Long, // Combined jailbreak confidence: MAX(pulse, deep_context)
|
|
556
|
+
injection_pulse_score?: Long, // 0-100 Pulse single-turn classifier
|
|
557
|
+
injection_deep_context_score?: Long, // 0-100 DeepContext multi-turn
|
|
558
|
+
jailbreak_pulse_score?: Long, // 0-100 Pulse single-turn classifier
|
|
559
|
+
jailbreak_deep_context_score?: Long, // 0-100 DeepContext multi-turn
|
|
519
560
|
|
|
520
561
|
// --- Agent Security (0-100) ---
|
|
521
562
|
indirect_injection_score: Long, // Indirect prompt injection risk (OWASP LLM01, ASI01)
|
|
@@ -528,6 +569,12 @@ action process_prompt appliesTo {
|
|
|
528
569
|
session_injection_detected?: Bool,
|
|
529
570
|
session_command_injection?: Bool,
|
|
530
571
|
session_threat_turns?: Long,
|
|
572
|
+
session_max_injection_score?: Long,
|
|
573
|
+
session_max_jailbreak_score?: Long,
|
|
574
|
+
session_max_command_injection_score?: Long,
|
|
575
|
+
session_max_pii_score?: Long,
|
|
576
|
+
session_max_secret_score?: Long,
|
|
577
|
+
session_cumulative_risk_score?: Long,
|
|
531
578
|
|
|
532
579
|
// --- Legacy ---
|
|
533
580
|
prompt_text?: String, // Same as content (backward compatibility)
|
|
@@ -590,8 +637,12 @@ action call_tool appliesTo {
|
|
|
590
637
|
|
|
591
638
|
// --- ML Detector Confidence Scores (0-100) ---
|
|
592
639
|
pii_confidence?: Long,
|
|
593
|
-
injection_confidence?: Long,
|
|
594
|
-
jailbreak_confidence?: Long,
|
|
640
|
+
injection_confidence?: Long, // Combined injection confidence: MAX(pulse, deep_context)
|
|
641
|
+
jailbreak_confidence?: Long, // Combined jailbreak confidence: MAX(pulse, deep_context)
|
|
642
|
+
injection_pulse_score?: Long, // 0-100 Pulse single-turn classifier
|
|
643
|
+
injection_deep_context_score?: Long, // 0-100 DeepContext multi-turn
|
|
644
|
+
jailbreak_pulse_score?: Long, // 0-100 Pulse single-turn classifier
|
|
645
|
+
jailbreak_deep_context_score?: Long, // 0-100 DeepContext multi-turn
|
|
595
646
|
|
|
596
647
|
// --- Agent Security (0-100) --- (OWASP ASI01, ASI02, ASI04; MITRE AML.T0051)
|
|
597
648
|
tool_poisoning_score?: Long, // Hidden instructions in tool description/args
|
|
@@ -625,6 +676,12 @@ action call_tool appliesTo {
|
|
|
625
676
|
session_injection_detected?: Bool,
|
|
626
677
|
session_command_injection?: Bool,
|
|
627
678
|
session_threat_turns?: Long,
|
|
679
|
+
session_max_injection_score?: Long,
|
|
680
|
+
session_max_jailbreak_score?: Long,
|
|
681
|
+
session_max_command_injection_score?: Long,
|
|
682
|
+
session_max_pii_score?: Long,
|
|
683
|
+
session_max_secret_score?: Long,
|
|
684
|
+
session_cumulative_risk_score?: Long,
|
|
628
685
|
|
|
629
686
|
// --- Legacy ---
|
|
630
687
|
response_content?: String,
|
|
@@ -669,6 +726,12 @@ action connect_server appliesTo {
|
|
|
669
726
|
session_injection_detected?: Bool,
|
|
670
727
|
session_command_injection?: Bool,
|
|
671
728
|
session_threat_turns?: Long,
|
|
729
|
+
session_max_injection_score?: Long,
|
|
730
|
+
session_max_jailbreak_score?: Long,
|
|
731
|
+
session_max_command_injection_score?: Long,
|
|
732
|
+
session_max_pii_score?: Long,
|
|
733
|
+
session_max_secret_score?: Long,
|
|
734
|
+
session_cumulative_risk_score?: Long,
|
|
672
735
|
},
|
|
673
736
|
};
|
|
674
737
|
|
|
@@ -711,6 +774,12 @@ action read_file appliesTo {
|
|
|
711
774
|
session_injection_detected?: Bool,
|
|
712
775
|
session_command_injection?: Bool,
|
|
713
776
|
session_threat_turns?: Long,
|
|
777
|
+
session_max_injection_score?: Long,
|
|
778
|
+
session_max_jailbreak_score?: Long,
|
|
779
|
+
session_max_command_injection_score?: Long,
|
|
780
|
+
session_max_pii_score?: Long,
|
|
781
|
+
session_max_secret_score?: Long,
|
|
782
|
+
session_cumulative_risk_score?: Long,
|
|
714
783
|
},
|
|
715
784
|
};
|
|
716
785
|
|
|
@@ -753,6 +822,12 @@ action write_file appliesTo {
|
|
|
753
822
|
session_injection_detected?: Bool,
|
|
754
823
|
session_command_injection?: Bool,
|
|
755
824
|
session_threat_turns?: Long,
|
|
825
|
+
session_max_injection_score?: Long,
|
|
826
|
+
session_max_jailbreak_score?: Long,
|
|
827
|
+
session_max_command_injection_score?: Long,
|
|
828
|
+
session_max_pii_score?: Long,
|
|
829
|
+
session_max_secret_score?: Long,
|
|
830
|
+
session_cumulative_risk_score?: Long,
|
|
756
831
|
},
|
|
757
832
|
};
|
|
758
833
|
|
|
@@ -930,6 +1005,400 @@ action scan_package appliesTo {
|
|
|
930
1005
|
},
|
|
931
1006
|
};
|
|
932
1007
|
|
|
1008
|
+
}
|
|
1009
|
+
`;
|
|
1010
|
+
/**
|
|
1011
|
+
* Sentry Cedar schema
|
|
1012
|
+
*
|
|
1013
|
+
* Full Cedar schema for sentry, embedded at codegen time.
|
|
1014
|
+
*/
|
|
1015
|
+
export const SENTRY_SCHEMA = `// =============================================================================
|
|
1016
|
+
// Sentry Cedar Schema
|
|
1017
|
+
// =============================================================================
|
|
1018
|
+
// Browser Security — monitors AI chat interactions in the browser and enforces
|
|
1019
|
+
// data-protection, content-safety, and compliance policies at point of use.
|
|
1020
|
+
//
|
|
1021
|
+
// Sentry is a lightweight browser extension (JSA) that intercepts:
|
|
1022
|
+
// - Messages sent to AI chat services (ChatGPT, Gemini, Claude, Copilot, etc.)
|
|
1023
|
+
// - AI responses returned to the user
|
|
1024
|
+
// - Cut/paste operations transferring content into AI chats
|
|
1025
|
+
// - File/document uploads into AI chat services
|
|
1026
|
+
//
|
|
1027
|
+
// Architecture:
|
|
1028
|
+
// User → Browser Extension → Shield Detection Engine → Cedar Policy → Allow/Block
|
|
1029
|
+
//
|
|
1030
|
+
// Threat Coverage:
|
|
1031
|
+
// - Data Leakage: PII, PHI, credentials, source code, confidential documents
|
|
1032
|
+
// - Content Safety: Violence, hate speech, sexual content, restricted topics
|
|
1033
|
+
// - Prompt Injection: Direct and indirect injection via pasted/uploaded content
|
|
1034
|
+
// - Document Sensitivity: MIP label enforcement, classification-aware blocking
|
|
1035
|
+
// - Compliance: GDPR, HIPAA, PCI DSS, CCPA, EU AI Act
|
|
1036
|
+
//
|
|
1037
|
+
// Supported AI Services:
|
|
1038
|
+
// - ChatGPT (chat.openai.com)
|
|
1039
|
+
// - Google Gemini (gemini.google.com)
|
|
1040
|
+
// - Claude (claude.ai)
|
|
1041
|
+
// - GitHub Copilot Chat
|
|
1042
|
+
// - Microsoft Copilot
|
|
1043
|
+
// - Custom/enterprise AI chat endpoints
|
|
1044
|
+
|
|
1045
|
+
namespace Sentry {
|
|
1046
|
+
|
|
1047
|
+
// =============================================================================
|
|
1048
|
+
// ENTITIES - Tenant Hierarchy (ReBAC)
|
|
1049
|
+
// =============================================================================
|
|
1050
|
+
// Aligned with Guardrails/Overwatch entity hierarchy (Account -> Project).
|
|
1051
|
+
//
|
|
1052
|
+
// Entity hierarchy enables Cedar's \`in\` operator for policy scoping:
|
|
1053
|
+
// Account (org root)
|
|
1054
|
+
// └── Project in [Account]
|
|
1055
|
+
// └── ChatSession in [Project]
|
|
1056
|
+
//
|
|
1057
|
+
// Policy scoping examples:
|
|
1058
|
+
// resource in Sentry::Account::"<uuid>" → org-wide
|
|
1059
|
+
// resource in Sentry::Project::"<uuid>" → project-wide
|
|
1060
|
+
// resource == Sentry::ChatSession::"<id>" → specific session
|
|
1061
|
+
|
|
1062
|
+
/// Account represents an organization (top-level tenant)
|
|
1063
|
+
entity Account;
|
|
1064
|
+
|
|
1065
|
+
/// Project represents a project within an account
|
|
1066
|
+
entity Project in [Account];
|
|
1067
|
+
|
|
1068
|
+
// =============================================================================
|
|
1069
|
+
// ENTITIES - Principals
|
|
1070
|
+
// =============================================================================
|
|
1071
|
+
|
|
1072
|
+
/// Human user interacting with AI chat in the browser
|
|
1073
|
+
entity User;
|
|
1074
|
+
|
|
1075
|
+
// =============================================================================
|
|
1076
|
+
// ENTITIES - Resources (scoped under Project)
|
|
1077
|
+
// =============================================================================
|
|
1078
|
+
|
|
1079
|
+
/// AI chat session — resource for send_message and receive_response actions
|
|
1080
|
+
entity ChatSession in [Project];
|
|
1081
|
+
|
|
1082
|
+
/// Document or file being uploaded — resource for upload_file action
|
|
1083
|
+
entity Document in [Project];
|
|
1084
|
+
|
|
1085
|
+
// =============================================================================
|
|
1086
|
+
// ACTIONS
|
|
1087
|
+
// =============================================================================
|
|
1088
|
+
|
|
1089
|
+
// User sends a message (prompt) to an AI chat service
|
|
1090
|
+
// Threat focus: data leakage (PII, secrets, confidential data), injection, content safety
|
|
1091
|
+
action send_message appliesTo {
|
|
1092
|
+
principal: [User],
|
|
1093
|
+
resource: [ChatSession],
|
|
1094
|
+
context: {
|
|
1095
|
+
// --- Core Metadata ---
|
|
1096
|
+
content: String, // Raw message content being sent
|
|
1097
|
+
source: String, // Browser extension identifier: "sentry"
|
|
1098
|
+
event: String, // Event type: "send_message"
|
|
1099
|
+
user_email: String, // User identifier (SSO/OAuth verified)
|
|
1100
|
+
target_app: String, // AI service: "chatgpt", "gemini", "claude", "copilot", "custom"
|
|
1101
|
+
target_url?: String, // Full URL of the AI chat service
|
|
1102
|
+
|
|
1103
|
+
// --- Aggregated Threat Summary (from Shield NormalizeAggregation) ---
|
|
1104
|
+
threat_count: Long, // Total threats detected
|
|
1105
|
+
highest_severity: String, // "critical", "high", "medium", "low", "none"
|
|
1106
|
+
threat_categories: Set<String>, // Threat category names
|
|
1107
|
+
detected_threats: Set<String>, // Detection rule names that matched
|
|
1108
|
+
max_threat_severity: Long, // Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)
|
|
1109
|
+
|
|
1110
|
+
// --- Secrets Detection (from SecretsDetector) ---
|
|
1111
|
+
contains_secrets: Bool, // Whether secrets/credentials detected
|
|
1112
|
+
secret_types?: Set<String>, // Types: "aws_access_key", "github_token", "ssh_private_key", etc.
|
|
1113
|
+
secret_count?: Long, // Number of distinct secrets found
|
|
1114
|
+
|
|
1115
|
+
// --- PII Detection (from PIIRegexDetector, normalized) ---
|
|
1116
|
+
pii_detected?: Bool, // Whether any PII patterns matched
|
|
1117
|
+
pii_types?: Set<String>, // Types: "ssn", "credit_card", "email", "phone", etc.
|
|
1118
|
+
pii_count?: Long, // Number of PII matches
|
|
1119
|
+
pii_confidence?: Long, // PII detection confidence (0-100)
|
|
1120
|
+
|
|
1121
|
+
// --- Content Safety Scores (from ToxicityDetector, 0-100) ---
|
|
1122
|
+
violence_score: Long,
|
|
1123
|
+
weapons_score: Long,
|
|
1124
|
+
hate_speech_score: Long,
|
|
1125
|
+
crime_score: Long,
|
|
1126
|
+
sexual_score: Long,
|
|
1127
|
+
profanity_score: Long,
|
|
1128
|
+
|
|
1129
|
+
// --- ML Detector Confidence Scores (0-100) ---
|
|
1130
|
+
injection_score: Long, // Prompt injection score (max of InjectionDetector + DeepContextDetector)
|
|
1131
|
+
jailbreak_score: Long, // Jailbreak detection score (max of JailbreakDetector + DeepContextDetector)
|
|
1132
|
+
|
|
1133
|
+
// --- Topic Classification (from TopicDetector) ---
|
|
1134
|
+
content_topics?: Set<String>, // Detected topics: "controlled_substances", "weapons_manufacturing", etc.
|
|
1135
|
+
topic_confidence?: Long, // Topic classifier confidence (0-100)
|
|
1136
|
+
|
|
1137
|
+
// --- Encoding & Unicode Attacks (from SecurityFiltersDetector, EncodedInjectionDetector) ---
|
|
1138
|
+
contains_invisible_chars?: Bool, // Zero-width chars, bidi overrides, tag chars
|
|
1139
|
+
invisible_chars_score?: Long, // Unicode attack severity (0-100)
|
|
1140
|
+
encoded_content_detected?: Bool, // Base64, hex, unicode, URL encoded content
|
|
1141
|
+
encoded_types?: Set<String>, // Encoding types detected
|
|
1142
|
+
encoded_count?: Long, // Number of encoded segments
|
|
1143
|
+
encoded_score?: Long, // Encoded injection severity (0-100)
|
|
1144
|
+
|
|
1145
|
+
// --- Code Detection (from CodeDetector) ---
|
|
1146
|
+
contains_code?: Bool, // Whether content contains source code
|
|
1147
|
+
code_languages?: Set<String>, // Detected languages: "python", "javascript", etc.
|
|
1148
|
+
code_ratio?: Long, // Percentage of content that is code (0-100)
|
|
1149
|
+
|
|
1150
|
+
// --- Language Detection (from LanguageDetector, ScriptDetector) ---
|
|
1151
|
+
detected_language?: String, // ISO language code
|
|
1152
|
+
is_english?: Bool,
|
|
1153
|
+
language_confidence?: Long, // 0-100
|
|
1154
|
+
detected_script?: String, // "latin", "cyrillic", "arabic", "unknown"
|
|
1155
|
+
is_latin_script?: Bool,
|
|
1156
|
+
script_confidence?: Long, // 0-100
|
|
1157
|
+
|
|
1158
|
+
// --- Keyword Detection (from KeywordDetector) ---
|
|
1159
|
+
keyword_matched?: Bool, // Whether any keywords matched
|
|
1160
|
+
keyword_categories?: Set<String>, // Matched keyword categories
|
|
1161
|
+
keyword_count?: Long, // Number of keyword matches
|
|
1162
|
+
|
|
1163
|
+
// --- Phishing Detection (from CheckPhishDetector) ---
|
|
1164
|
+
phishing_detected?: Bool, // Whether phishing URLs detected in content
|
|
1165
|
+
|
|
1166
|
+
// --- Session Detection History (cross-turn sticky flags) ---
|
|
1167
|
+
session_pii_detected?: Bool,
|
|
1168
|
+
session_pii_types?: Set<String>,
|
|
1169
|
+
session_secrets_detected?: Bool,
|
|
1170
|
+
session_secret_types?: Set<String>,
|
|
1171
|
+
session_injection_detected?: Bool,
|
|
1172
|
+
session_threat_turns?: Long,
|
|
1173
|
+
},
|
|
1174
|
+
};
|
|
1175
|
+
|
|
1176
|
+
// AI service responds to the user
|
|
1177
|
+
// Threat focus: harmful content in responses, hallucination, data leakage in output
|
|
1178
|
+
action receive_response appliesTo {
|
|
1179
|
+
principal: [User],
|
|
1180
|
+
resource: [ChatSession],
|
|
1181
|
+
context: {
|
|
1182
|
+
// --- Core Metadata ---
|
|
1183
|
+
content: String, // AI response content
|
|
1184
|
+
source: String,
|
|
1185
|
+
event: String, // "receive_response"
|
|
1186
|
+
user_email: String,
|
|
1187
|
+
target_app: String,
|
|
1188
|
+
target_url?: String,
|
|
1189
|
+
|
|
1190
|
+
// --- Aggregated Threat Summary ---
|
|
1191
|
+
threat_count: Long,
|
|
1192
|
+
highest_severity: String,
|
|
1193
|
+
threat_categories: Set<String>,
|
|
1194
|
+
detected_threats: Set<String>,
|
|
1195
|
+
max_threat_severity: Long,
|
|
1196
|
+
|
|
1197
|
+
// --- Secrets Detection ---
|
|
1198
|
+
contains_secrets: Bool,
|
|
1199
|
+
secret_types?: Set<String>,
|
|
1200
|
+
secret_count?: Long,
|
|
1201
|
+
|
|
1202
|
+
// --- PII Detection ---
|
|
1203
|
+
pii_detected?: Bool,
|
|
1204
|
+
pii_types?: Set<String>,
|
|
1205
|
+
pii_count?: Long,
|
|
1206
|
+
pii_confidence?: Long,
|
|
1207
|
+
|
|
1208
|
+
// --- Content Safety Scores (0-100) ---
|
|
1209
|
+
violence_score: Long,
|
|
1210
|
+
weapons_score: Long,
|
|
1211
|
+
hate_speech_score: Long,
|
|
1212
|
+
crime_score: Long,
|
|
1213
|
+
sexual_score: Long,
|
|
1214
|
+
profanity_score: Long,
|
|
1215
|
+
|
|
1216
|
+
// --- ML Detector Scores (0-100) ---
|
|
1217
|
+
injection_score: Long, // Indirect injection in response content
|
|
1218
|
+
jailbreak_score: Long,
|
|
1219
|
+
|
|
1220
|
+
// --- Hallucination Detection (from HallucinationDetector) ---
|
|
1221
|
+
hallucination_score?: Long, // Hallucination confidence (0-100)
|
|
1222
|
+
factuality_score?: Long, // Factuality score (0-100)
|
|
1223
|
+
|
|
1224
|
+
// --- Code in Response ---
|
|
1225
|
+
contains_code?: Bool,
|
|
1226
|
+
code_languages?: Set<String>,
|
|
1227
|
+
code_ratio?: Long,
|
|
1228
|
+
|
|
1229
|
+
// --- Phishing ---
|
|
1230
|
+
phishing_detected?: Bool,
|
|
1231
|
+
|
|
1232
|
+
// --- Session History ---
|
|
1233
|
+
session_pii_detected?: Bool,
|
|
1234
|
+
session_pii_types?: Set<String>,
|
|
1235
|
+
session_secrets_detected?: Bool,
|
|
1236
|
+
session_secret_types?: Set<String>,
|
|
1237
|
+
session_injection_detected?: Bool,
|
|
1238
|
+
session_threat_turns?: Long,
|
|
1239
|
+
},
|
|
1240
|
+
};
|
|
1241
|
+
|
|
1242
|
+
// User pastes content into an AI chat (clipboard, cross-tab, cross-app)
|
|
1243
|
+
// Threat focus: data leakage via cut/paste, injection payloads in pasted content
|
|
1244
|
+
action paste_content appliesTo {
|
|
1245
|
+
principal: [User],
|
|
1246
|
+
resource: [ChatSession],
|
|
1247
|
+
context: {
|
|
1248
|
+
// --- Core Metadata ---
|
|
1249
|
+
content: String, // Pasted content
|
|
1250
|
+
source: String,
|
|
1251
|
+
event: String, // "paste_content"
|
|
1252
|
+
user_email: String,
|
|
1253
|
+
target_app: String,
|
|
1254
|
+
target_url?: String,
|
|
1255
|
+
|
|
1256
|
+
// --- Paste Context ---
|
|
1257
|
+
paste_source_app?: String, // Source application (e.g., "outlook", "excel", "vscode", "terminal")
|
|
1258
|
+
paste_source_url?: String, // Source URL if from another browser tab
|
|
1259
|
+
paste_length?: Long, // Character length of pasted content
|
|
1260
|
+
|
|
1261
|
+
// --- Aggregated Threat Summary ---
|
|
1262
|
+
threat_count: Long,
|
|
1263
|
+
highest_severity: String,
|
|
1264
|
+
threat_categories: Set<String>,
|
|
1265
|
+
detected_threats: Set<String>,
|
|
1266
|
+
max_threat_severity: Long,
|
|
1267
|
+
|
|
1268
|
+
// --- Secrets Detection ---
|
|
1269
|
+
contains_secrets: Bool,
|
|
1270
|
+
secret_types?: Set<String>,
|
|
1271
|
+
secret_count?: Long,
|
|
1272
|
+
|
|
1273
|
+
// --- PII Detection ---
|
|
1274
|
+
pii_detected?: Bool,
|
|
1275
|
+
pii_types?: Set<String>,
|
|
1276
|
+
pii_count?: Long,
|
|
1277
|
+
pii_confidence?: Long,
|
|
1278
|
+
|
|
1279
|
+
// --- Content Safety Scores (0-100) ---
|
|
1280
|
+
violence_score: Long,
|
|
1281
|
+
weapons_score: Long,
|
|
1282
|
+
hate_speech_score: Long,
|
|
1283
|
+
crime_score: Long,
|
|
1284
|
+
sexual_score: Long,
|
|
1285
|
+
profanity_score: Long,
|
|
1286
|
+
|
|
1287
|
+
// --- ML Detector Scores (0-100) ---
|
|
1288
|
+
injection_score: Long,
|
|
1289
|
+
jailbreak_score: Long,
|
|
1290
|
+
|
|
1291
|
+
// --- Code Detection ---
|
|
1292
|
+
contains_code?: Bool,
|
|
1293
|
+
code_languages?: Set<String>,
|
|
1294
|
+
code_ratio?: Long,
|
|
1295
|
+
|
|
1296
|
+
// --- Encoding Attacks ---
|
|
1297
|
+
contains_invisible_chars?: Bool,
|
|
1298
|
+
invisible_chars_score?: Long,
|
|
1299
|
+
encoded_content_detected?: Bool,
|
|
1300
|
+
encoded_types?: Set<String>,
|
|
1301
|
+
encoded_count?: Long,
|
|
1302
|
+
encoded_score?: Long,
|
|
1303
|
+
|
|
1304
|
+
// --- Keyword Detection ---
|
|
1305
|
+
keyword_matched?: Bool,
|
|
1306
|
+
keyword_categories?: Set<String>,
|
|
1307
|
+
keyword_count?: Long,
|
|
1308
|
+
|
|
1309
|
+
// --- Session History ---
|
|
1310
|
+
session_pii_detected?: Bool,
|
|
1311
|
+
session_pii_types?: Set<String>,
|
|
1312
|
+
session_secrets_detected?: Bool,
|
|
1313
|
+
session_secret_types?: Set<String>,
|
|
1314
|
+
session_injection_detected?: Bool,
|
|
1315
|
+
session_threat_turns?: Long,
|
|
1316
|
+
},
|
|
1317
|
+
};
|
|
1318
|
+
|
|
1319
|
+
// User uploads a file or document into an AI chat
|
|
1320
|
+
// Threat focus: document sensitivity (MIP labels), PII/secrets in files, malware
|
|
1321
|
+
action upload_file appliesTo {
|
|
1322
|
+
principal: [User],
|
|
1323
|
+
resource: [Document, ChatSession],
|
|
1324
|
+
context: {
|
|
1325
|
+
// --- Core Metadata ---
|
|
1326
|
+
content: String, // Extracted file text content (for scanning)
|
|
1327
|
+
source: String,
|
|
1328
|
+
event: String, // "upload_file"
|
|
1329
|
+
user_email: String,
|
|
1330
|
+
target_app: String,
|
|
1331
|
+
target_url?: String,
|
|
1332
|
+
|
|
1333
|
+
// --- File Metadata ---
|
|
1334
|
+
file_name?: String, // Original file name
|
|
1335
|
+
file_type?: String, // MIME type: "application/pdf", "text/csv", etc.
|
|
1336
|
+
file_size_bytes?: Long, // File size in bytes
|
|
1337
|
+
file_extension?: String, // Extension: "pdf", "docx", "xlsx", "csv", "txt"
|
|
1338
|
+
|
|
1339
|
+
// --- Document Sensitivity (MIP Labels) ---
|
|
1340
|
+
mip_label_id?: String, // Microsoft Information Protection label ID
|
|
1341
|
+
mip_label_name?: String, // Label display name: "Public", "Internal", "Confidential", "Highly Confidential"
|
|
1342
|
+
sensitivity_level?: String, // Normalized: "public", "internal", "confidential", "restricted"
|
|
1343
|
+
is_encrypted?: Bool, // Whether file is encrypted (MIP protection)
|
|
1344
|
+
is_rights_managed?: Bool, // Whether file has rights management restrictions
|
|
1345
|
+
|
|
1346
|
+
// --- Aggregated Threat Summary ---
|
|
1347
|
+
threat_count: Long,
|
|
1348
|
+
highest_severity: String,
|
|
1349
|
+
threat_categories: Set<String>,
|
|
1350
|
+
detected_threats: Set<String>,
|
|
1351
|
+
max_threat_severity: Long,
|
|
1352
|
+
|
|
1353
|
+
// --- Secrets Detection ---
|
|
1354
|
+
contains_secrets: Bool,
|
|
1355
|
+
secret_types?: Set<String>,
|
|
1356
|
+
secret_count?: Long,
|
|
1357
|
+
|
|
1358
|
+
// --- PII Detection ---
|
|
1359
|
+
pii_detected?: Bool,
|
|
1360
|
+
pii_types?: Set<String>,
|
|
1361
|
+
pii_count?: Long,
|
|
1362
|
+
pii_confidence?: Long,
|
|
1363
|
+
|
|
1364
|
+
// --- Content Safety Scores (0-100) ---
|
|
1365
|
+
violence_score: Long,
|
|
1366
|
+
weapons_score: Long,
|
|
1367
|
+
hate_speech_score: Long,
|
|
1368
|
+
crime_score: Long,
|
|
1369
|
+
sexual_score: Long,
|
|
1370
|
+
profanity_score: Long,
|
|
1371
|
+
|
|
1372
|
+
// --- ML Detector Scores (0-100) ---
|
|
1373
|
+
injection_score: Long, // Prompt injection payloads hidden in documents
|
|
1374
|
+
jailbreak_score: Long,
|
|
1375
|
+
|
|
1376
|
+
// --- Code Detection ---
|
|
1377
|
+
contains_code?: Bool,
|
|
1378
|
+
code_languages?: Set<String>,
|
|
1379
|
+
code_ratio?: Long,
|
|
1380
|
+
|
|
1381
|
+
// --- Phishing ---
|
|
1382
|
+
phishing_detected?: Bool,
|
|
1383
|
+
|
|
1384
|
+
// --- Encoding Attacks ---
|
|
1385
|
+
contains_invisible_chars?: Bool,
|
|
1386
|
+
invisible_chars_score?: Long,
|
|
1387
|
+
encoded_content_detected?: Bool,
|
|
1388
|
+
encoded_types?: Set<String>,
|
|
1389
|
+
encoded_count?: Long,
|
|
1390
|
+
encoded_score?: Long,
|
|
1391
|
+
|
|
1392
|
+
// --- Session History ---
|
|
1393
|
+
session_pii_detected?: Bool,
|
|
1394
|
+
session_pii_types?: Set<String>,
|
|
1395
|
+
session_secrets_detected?: Bool,
|
|
1396
|
+
session_secret_types?: Set<String>,
|
|
1397
|
+
session_injection_detected?: Bool,
|
|
1398
|
+
session_threat_turns?: Long,
|
|
1399
|
+
},
|
|
1400
|
+
};
|
|
1401
|
+
|
|
933
1402
|
}
|
|
934
1403
|
`;
|
|
935
1404
|
/**
|
|
@@ -949,8 +1418,12 @@ export const GUARDRAILS_CONTEXT = {
|
|
|
949
1418
|
{ "key": "direction", "type": "string", "required": true, "description": "Content flow direction: \'input\' for user prompts, \'output\' for AI responses. Use this to apply different policies to inputs vs outputs (e.g., block PII only in outputs)" },
|
|
950
1419
|
{ "key": "content_type", "type": "string", "required": true, "description": "Type of content being analyzed: \'prompt\', \'response\', \'tool_call\', or \'file\'" },
|
|
951
1420
|
{ "key": "detector_count", "type": "number", "required": true, "description": "Number of detectors that were executed for this request" },
|
|
952
|
-
{ "key": "
|
|
953
|
-
{ "key": "
|
|
1421
|
+
{ "key": "injection_confidence", "type": "number", "required": false, "description": "Combined prompt injection confidence (0-100). MAX of all detector scores (Pulse + DeepContext). Use injection_pulse_score / injection_deep_context_score for individual detector control" },
|
|
1422
|
+
{ "key": "jailbreak_confidence", "type": "number", "required": false, "description": "Combined jailbreak detection confidence (0-100). MAX of all detector scores (Pulse + DeepContext). Use jailbreak_pulse_score / jailbreak_deep_context_score for individual detector control" },
|
|
1423
|
+
{ "key": "injection_pulse_score", "type": "number", "required": false, "description": "Highflame single-turn classifier score for prompt injection (0-100). Raw score from Pulse detector before combination with deep-context. Use for per-detector policy control" },
|
|
1424
|
+
{ "key": "injection_deep_context_score", "type": "number", "required": false, "description": "DeepContext multi-turn analyzer score for prompt injection (0-100). Tracks injection patterns across conversation history. Generally higher confidence than single-turn" },
|
|
1425
|
+
{ "key": "jailbreak_pulse_score", "type": "number", "required": false, "description": "Highflame single-turn classifier score for jailbreak attempts (0-100). Raw score from Pulse detector before combination with deep-context" },
|
|
1426
|
+
{ "key": "jailbreak_deep_context_score", "type": "number", "required": false, "description": "DeepContext multi-turn analyzer score for jailbreak attempts (0-100). Detects jailbreak escalation patterns across conversation turns" },
|
|
954
1427
|
{ "key": "injection_type", "type": "string", "required": false, "description": "Type of injection detected: \'prompt\', \'sql\', \'command\', or \'none\'. Use this to apply different policies per injection type" },
|
|
955
1428
|
{ "key": "contains_secrets", "type": "boolean", "required": false, "description": "Whether any API keys, tokens, passwords, or credentials were detected in the content. True indicates presence of secrets" },
|
|
956
1429
|
{ "key": "secret_count", "type": "number", "required": false, "description": "Total number of secret matches found. Multiple matches may indicate data dumps or accidental credential exposure" },
|
|
@@ -1004,7 +1477,20 @@ export const GUARDRAILS_CONTEXT = {
|
|
|
1004
1477
|
{ "key": "content_safety_score", "type": "number", "required": false, "description": "Aggregate content safety score (0-100). Combines multiple safety signals into a single risk indicator" },
|
|
1005
1478
|
{ "key": "content_safety_blocked", "type": "boolean", "required": false, "description": "Whether content was flagged for blocking by the content safety system" },
|
|
1006
1479
|
{ "key": "conversation_turn", "type": "number", "required": false, "description": "Current conversation turn number. Use for policies that escalate strictness over long conversations" },
|
|
1007
|
-
{ "key": "multi_turn_detection", "type": "boolean", "required": false, "description": "Whether multi-turn injection patterns were detected (attack spread across multiple conversation turns)" }
|
|
1480
|
+
{ "key": "multi_turn_detection", "type": "boolean", "required": false, "description": "Whether multi-turn injection patterns were detected (attack spread across multiple conversation turns)" },
|
|
1481
|
+
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
|
|
1482
|
+
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
|
|
1483
|
+
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
|
|
1484
|
+
{ "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
|
|
1485
|
+
{ "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
|
|
1486
|
+
{ "key": "session_command_injection", "type": "boolean", "required": false, "description": "Whether command injection was detected in any previous turn of the session" },
|
|
1487
|
+
{ "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" },
|
|
1488
|
+
{ "key": "session_max_injection_score", "type": "number", "required": false, "description": "Highest prompt injection score seen in any turn of the session (0-100). Use for tiered responses: >75 hard block, >50 restrict permissions" },
|
|
1489
|
+
{ "key": "session_max_jailbreak_score", "type": "number", "required": false, "description": "Highest jailbreak detection score seen in any turn of the session (0-100)" },
|
|
1490
|
+
{ "key": "session_max_command_injection_score", "type": "number", "required": false, "description": "Highest command injection score seen in any turn of the session (0-100)" },
|
|
1491
|
+
{ "key": "session_max_pii_score", "type": "number", "required": false, "description": "Highest PII risk score seen in any turn of the session (0-100)" },
|
|
1492
|
+
{ "key": "session_max_secret_score", "type": "number", "required": false, "description": "Highest secret detection score seen in any turn of the session (0-100)" },
|
|
1493
|
+
{ "key": "session_cumulative_risk_score", "type": "number", "required": false, "description": "Sum of per-turn risk scores across the session. Catches death-by-a-thousand-cuts where no single turn is high but cumulative risk is significant" }
|
|
1008
1494
|
]
|
|
1009
1495
|
},
|
|
1010
1496
|
{
|
|
@@ -1035,7 +1521,9 @@ export const GUARDRAILS_CONTEXT = {
|
|
|
1035
1521
|
{ "key": "secret_types", "type": "array", "required": false, "description": "Array of secret types found in tool arguments" },
|
|
1036
1522
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in tool arguments or content" },
|
|
1037
1523
|
{ "key": "pii_types", "type": "array", "required": false, "description": "Array of PII types found in tool arguments" },
|
|
1038
|
-
{ "key": "
|
|
1524
|
+
{ "key": "injection_confidence", "type": "number", "required": false, "description": "Combined prompt injection confidence in tool arguments (0-100). MAX of all detector scores (Pulse + DeepContext). Use injection_pulse_score / injection_deep_context_score for individual detector control" },
|
|
1525
|
+
{ "key": "injection_pulse_score", "type": "number", "required": false, "description": "Highflame single-turn classifier score for prompt injection in tool arguments (0-100). Raw score from Pulse detector before combination with deep-context" },
|
|
1526
|
+
{ "key": "injection_deep_context_score", "type": "number", "required": false, "description": "DeepContext multi-turn analyzer score for prompt injection in tool arguments (0-100). Tracks injection patterns across tool call history" },
|
|
1039
1527
|
{ "key": "command_injection_detected", "type": "boolean", "required": false, "description": "Whether command injection patterns were detected in tool arguments" },
|
|
1040
1528
|
{ "key": "command_injection_type", "type": "string", "required": false, "description": "Type of command injection detected in tool arguments" },
|
|
1041
1529
|
{ "key": "command_injection_score", "type": "number", "required": false, "description": "Confidence score for command injection in tool arguments (0-100)" },
|
|
@@ -1062,7 +1550,20 @@ export const GUARDRAILS_CONTEXT = {
|
|
|
1062
1550
|
{ "key": "encoded_score", "type": "number", "required": false, "description": "Risk score for encoded injection in tool arguments (0-100)" },
|
|
1063
1551
|
{ "key": "rug_pull_type", "type": "string", "required": false, "description": "Type of rug pull detected: \'risk_spike\' (sudden risk increase), \'pattern_change\' (behavioral shift), \'combined\', or \'none\'" },
|
|
1064
1552
|
{ "key": "conversation_turn", "type": "number", "required": false, "description": "Current conversation turn number for the agentic session" },
|
|
1065
|
-
{ "key": "multi_turn_detection", "type": "boolean", "required": false, "description": "Whether multi-turn injection patterns were detected across tool calls in the session" }
|
|
1553
|
+
{ "key": "multi_turn_detection", "type": "boolean", "required": false, "description": "Whether multi-turn injection patterns were detected across tool calls in the session" },
|
|
1554
|
+
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
|
|
1555
|
+
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
|
|
1556
|
+
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
|
|
1557
|
+
{ "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
|
|
1558
|
+
{ "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
|
|
1559
|
+
{ "key": "session_command_injection", "type": "boolean", "required": false, "description": "Whether command injection was detected in any previous turn of the session" },
|
|
1560
|
+
{ "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" },
|
|
1561
|
+
{ "key": "session_max_injection_score", "type": "number", "required": false, "description": "Highest prompt injection score seen in any turn of the session (0-100). Use for tiered responses: >75 hard block, >50 restrict permissions" },
|
|
1562
|
+
{ "key": "session_max_jailbreak_score", "type": "number", "required": false, "description": "Highest jailbreak detection score seen in any turn of the session (0-100)" },
|
|
1563
|
+
{ "key": "session_max_command_injection_score", "type": "number", "required": false, "description": "Highest command injection score seen in any turn of the session (0-100)" },
|
|
1564
|
+
{ "key": "session_max_pii_score", "type": "number", "required": false, "description": "Highest PII risk score seen in any turn of the session (0-100)" },
|
|
1565
|
+
{ "key": "session_max_secret_score", "type": "number", "required": false, "description": "Highest secret detection score seen in any turn of the session (0-100)" },
|
|
1566
|
+
{ "key": "session_cumulative_risk_score", "type": "number", "required": false, "description": "Sum of per-turn risk scores across the session. Catches death-by-a-thousand-cuts where no single turn is high but cumulative risk is significant" }
|
|
1066
1567
|
]
|
|
1067
1568
|
},
|
|
1068
1569
|
{
|
|
@@ -1077,7 +1578,20 @@ export const GUARDRAILS_CONTEXT = {
|
|
|
1077
1578
|
{ "key": "pii_types", "type": "array", "required": false, "description": "Array of PII types found in file content" },
|
|
1078
1579
|
{ "key": "path_traversal_detected", "type": "boolean", "required": false, "description": "Whether path traversal patterns were detected in the file path being read" },
|
|
1079
1580
|
{ "key": "path_traversal_severity", "type": "string", "required": false, "description": "Severity of path traversal in the file read path" },
|
|
1080
|
-
{ "key": "path_traversal_type", "type": "string", "required": false, "description": "Type of path traversal detected in the file read path" }
|
|
1581
|
+
{ "key": "path_traversal_type", "type": "string", "required": false, "description": "Type of path traversal detected in the file read path" },
|
|
1582
|
+
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
|
|
1583
|
+
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
|
|
1584
|
+
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
|
|
1585
|
+
{ "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
|
|
1586
|
+
{ "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
|
|
1587
|
+
{ "key": "session_command_injection", "type": "boolean", "required": false, "description": "Whether command injection was detected in any previous turn of the session" },
|
|
1588
|
+
{ "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" },
|
|
1589
|
+
{ "key": "session_max_injection_score", "type": "number", "required": false, "description": "Highest prompt injection score seen in any turn of the session (0-100). Use for tiered responses: >75 hard block, >50 restrict permissions" },
|
|
1590
|
+
{ "key": "session_max_jailbreak_score", "type": "number", "required": false, "description": "Highest jailbreak detection score seen in any turn of the session (0-100)" },
|
|
1591
|
+
{ "key": "session_max_command_injection_score", "type": "number", "required": false, "description": "Highest command injection score seen in any turn of the session (0-100)" },
|
|
1592
|
+
{ "key": "session_max_pii_score", "type": "number", "required": false, "description": "Highest PII risk score seen in any turn of the session (0-100)" },
|
|
1593
|
+
{ "key": "session_max_secret_score", "type": "number", "required": false, "description": "Highest secret detection score seen in any turn of the session (0-100)" },
|
|
1594
|
+
{ "key": "session_cumulative_risk_score", "type": "number", "required": false, "description": "Sum of per-turn risk scores across the session. Catches death-by-a-thousand-cuts where no single turn is high but cumulative risk is significant" }
|
|
1081
1595
|
]
|
|
1082
1596
|
},
|
|
1083
1597
|
{
|
|
@@ -1092,7 +1606,20 @@ export const GUARDRAILS_CONTEXT = {
|
|
|
1092
1606
|
{ "key": "pii_types", "type": "array", "required": false, "description": "Array of PII types found in write content" },
|
|
1093
1607
|
{ "key": "path_traversal_detected", "type": "boolean", "required": false, "description": "Whether path traversal patterns were detected in the file path being written" },
|
|
1094
1608
|
{ "key": "path_traversal_severity", "type": "string", "required": false, "description": "Severity of path traversal in the file write path" },
|
|
1095
|
-
{ "key": "path_traversal_type", "type": "string", "required": false, "description": "Type of path traversal detected in the file write path" }
|
|
1609
|
+
{ "key": "path_traversal_type", "type": "string", "required": false, "description": "Type of path traversal detected in the file write path" },
|
|
1610
|
+
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
|
|
1611
|
+
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
|
|
1612
|
+
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
|
|
1613
|
+
{ "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
|
|
1614
|
+
{ "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
|
|
1615
|
+
{ "key": "session_command_injection", "type": "boolean", "required": false, "description": "Whether command injection was detected in any previous turn of the session" },
|
|
1616
|
+
{ "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" },
|
|
1617
|
+
{ "key": "session_max_injection_score", "type": "number", "required": false, "description": "Highest prompt injection score seen in any turn of the session (0-100). Use for tiered responses: >75 hard block, >50 restrict permissions" },
|
|
1618
|
+
{ "key": "session_max_jailbreak_score", "type": "number", "required": false, "description": "Highest jailbreak detection score seen in any turn of the session (0-100)" },
|
|
1619
|
+
{ "key": "session_max_command_injection_score", "type": "number", "required": false, "description": "Highest command injection score seen in any turn of the session (0-100)" },
|
|
1620
|
+
{ "key": "session_max_pii_score", "type": "number", "required": false, "description": "Highest PII risk score seen in any turn of the session (0-100)" },
|
|
1621
|
+
{ "key": "session_max_secret_score", "type": "number", "required": false, "description": "Highest secret detection score seen in any turn of the session (0-100)" },
|
|
1622
|
+
{ "key": "session_cumulative_risk_score", "type": "number", "required": false, "description": "Sum of per-turn risk scores across the session. Catches death-by-a-thousand-cuts where no single turn is high but cumulative risk is significant" }
|
|
1096
1623
|
]
|
|
1097
1624
|
},
|
|
1098
1625
|
{
|
|
@@ -1111,7 +1638,20 @@ export const GUARDRAILS_CONTEXT = {
|
|
|
1111
1638
|
{ "key": "mcp_risk_score", "type": "number", "required": false, "description": "Risk score for MCP configuration issues (0-100)" },
|
|
1112
1639
|
{ "key": "cross_origin_detected", "type": "boolean", "required": false, "description": "Whether cross-origin escalation patterns were detected in the MCP server connection" },
|
|
1113
1640
|
{ "key": "cross_origin_type", "type": "string", "required": false, "description": "Type of cross-origin escalation detected in server connection" },
|
|
1114
|
-
{ "key": "cross_origin_score", "type": "number", "required": false, "description": "Risk score for cross-origin escalation in server connection (0-100)" }
|
|
1641
|
+
{ "key": "cross_origin_score", "type": "number", "required": false, "description": "Risk score for cross-origin escalation in server connection (0-100)" },
|
|
1642
|
+
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
|
|
1643
|
+
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
|
|
1644
|
+
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
|
|
1645
|
+
{ "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
|
|
1646
|
+
{ "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
|
|
1647
|
+
{ "key": "session_command_injection", "type": "boolean", "required": false, "description": "Whether command injection was detected in any previous turn of the session" },
|
|
1648
|
+
{ "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" },
|
|
1649
|
+
{ "key": "session_max_injection_score", "type": "number", "required": false, "description": "Highest prompt injection score seen in any turn of the session (0-100). Use for tiered responses: >75 hard block, >50 restrict permissions" },
|
|
1650
|
+
{ "key": "session_max_jailbreak_score", "type": "number", "required": false, "description": "Highest jailbreak detection score seen in any turn of the session (0-100)" },
|
|
1651
|
+
{ "key": "session_max_command_injection_score", "type": "number", "required": false, "description": "Highest command injection score seen in any turn of the session (0-100)" },
|
|
1652
|
+
{ "key": "session_max_pii_score", "type": "number", "required": false, "description": "Highest PII risk score seen in any turn of the session (0-100)" },
|
|
1653
|
+
{ "key": "session_max_secret_score", "type": "number", "required": false, "description": "Highest secret detection score seen in any turn of the session (0-100)" },
|
|
1654
|
+
{ "key": "session_cumulative_risk_score", "type": "number", "required": false, "description": "Sum of per-turn risk scores across the session. Catches death-by-a-thousand-cuts where no single turn is high but cumulative risk is significant" }
|
|
1115
1655
|
]
|
|
1116
1656
|
}
|
|
1117
1657
|
]
|
|
@@ -1156,9 +1696,26 @@ export const OVERWATCH_CONTEXT = {
|
|
|
1156
1696
|
{ "key": "sexual_score", "type": "number", "required": true, "description": "Sexual content detection score (0-100)" },
|
|
1157
1697
|
{ "key": "profanity_score", "type": "number", "required": true, "description": "Profanity detection score (0-100)" },
|
|
1158
1698
|
{ "key": "pii_confidence", "type": "number", "required": true, "description": "PII detection ML classifier confidence (0-100)" },
|
|
1159
|
-
{ "key": "injection_confidence", "type": "number", "required": true, "description": "
|
|
1160
|
-
{ "key": "jailbreak_confidence", "type": "number", "required": true, "description": "
|
|
1161
|
-
{ "key": "
|
|
1699
|
+
{ "key": "injection_confidence", "type": "number", "required": true, "description": "Combined prompt injection confidence (0-100). MAX of all detector scores (Pulse + DeepContext). Use injection_pulse_score / injection_deep_context_score for individual detector control" },
|
|
1700
|
+
{ "key": "jailbreak_confidence", "type": "number", "required": true, "description": "Combined jailbreak detection confidence (0-100). MAX of all detector scores (Pulse + DeepContext). Use jailbreak_pulse_score / jailbreak_deep_context_score for individual detector control" },
|
|
1701
|
+
{ "key": "injection_pulse_score", "type": "number", "required": false, "description": "Highflame single-turn classifier score for prompt injection (0-100). Raw score from Pulse detector before combination with deep-context. Use for per-detector policy control" },
|
|
1702
|
+
{ "key": "injection_deep_context_score", "type": "number", "required": false, "description": "DeepContext multi-turn analyzer score for prompt injection (0-100). Tracks injection patterns across conversation history. Generally higher confidence than single-turn" },
|
|
1703
|
+
{ "key": "jailbreak_pulse_score", "type": "number", "required": false, "description": "Highflame single-turn classifier score for jailbreak attempts (0-100). Raw score from Pulse detector before combination with deep-context" },
|
|
1704
|
+
{ "key": "jailbreak_deep_context_score", "type": "number", "required": false, "description": "DeepContext multi-turn analyzer score for jailbreak attempts (0-100). Detects jailbreak escalation patterns across conversation turns" },
|
|
1705
|
+
{ "key": "indirect_injection_score", "type": "number", "required": true, "description": "Indirect prompt injection risk score (0-100) — injection via tool outputs or retrieved content" },
|
|
1706
|
+
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
|
|
1707
|
+
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
|
|
1708
|
+
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
|
|
1709
|
+
{ "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
|
|
1710
|
+
{ "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
|
|
1711
|
+
{ "key": "session_command_injection", "type": "boolean", "required": false, "description": "Whether command injection was detected in any previous turn of the session" },
|
|
1712
|
+
{ "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" },
|
|
1713
|
+
{ "key": "session_max_injection_score", "type": "number", "required": false, "description": "Highest prompt injection score seen in any turn of the session (0-100). Use for tiered responses: >75 hard block, >50 restrict permissions" },
|
|
1714
|
+
{ "key": "session_max_jailbreak_score", "type": "number", "required": false, "description": "Highest jailbreak detection score seen in any turn of the session (0-100)" },
|
|
1715
|
+
{ "key": "session_max_command_injection_score", "type": "number", "required": false, "description": "Highest command injection score seen in any turn of the session (0-100)" },
|
|
1716
|
+
{ "key": "session_max_pii_score", "type": "number", "required": false, "description": "Highest PII risk score seen in any turn of the session (0-100)" },
|
|
1717
|
+
{ "key": "session_max_secret_score", "type": "number", "required": false, "description": "Highest secret detection score seen in any turn of the session (0-100)" },
|
|
1718
|
+
{ "key": "session_cumulative_risk_score", "type": "number", "required": false, "description": "Sum of per-turn risk scores across the session. Catches death-by-a-thousand-cuts where no single turn is high but cumulative risk is significant" }
|
|
1162
1719
|
]
|
|
1163
1720
|
},
|
|
1164
1721
|
{
|
|
@@ -1196,8 +1753,12 @@ export const OVERWATCH_CONTEXT = {
|
|
|
1196
1753
|
{ "key": "sexual_score", "type": "number", "required": false, "description": "Sexual content detection score (0-100)" },
|
|
1197
1754
|
{ "key": "profanity_score", "type": "number", "required": false, "description": "Profanity detection score (0-100)" },
|
|
1198
1755
|
{ "key": "pii_confidence", "type": "number", "required": false, "description": "PII detection ML classifier confidence (0-100)" },
|
|
1199
|
-
{ "key": "injection_confidence", "type": "number", "required": false, "description": "
|
|
1200
|
-
{ "key": "jailbreak_confidence", "type": "number", "required": false, "description": "
|
|
1756
|
+
{ "key": "injection_confidence", "type": "number", "required": false, "description": "Combined prompt injection confidence (0-100). MAX of all detector scores (Pulse + DeepContext). Use injection_pulse_score / injection_deep_context_score for individual detector control" },
|
|
1757
|
+
{ "key": "jailbreak_confidence", "type": "number", "required": false, "description": "Combined jailbreak detection confidence (0-100). MAX of all detector scores (Pulse + DeepContext). Use jailbreak_pulse_score / jailbreak_deep_context_score for individual detector control" },
|
|
1758
|
+
{ "key": "injection_pulse_score", "type": "number", "required": false, "description": "Highflame single-turn classifier score for prompt injection in tool arguments (0-100). Raw score from Pulse detector before combination with deep-context" },
|
|
1759
|
+
{ "key": "injection_deep_context_score", "type": "number", "required": false, "description": "DeepContext multi-turn analyzer score for prompt injection in tool arguments (0-100). Tracks injection patterns across tool call history" },
|
|
1760
|
+
{ "key": "jailbreak_pulse_score", "type": "number", "required": false, "description": "Highflame single-turn classifier score for jailbreak in tool arguments (0-100). Raw score from Pulse detector before combination with deep-context" },
|
|
1761
|
+
{ "key": "jailbreak_deep_context_score", "type": "number", "required": false, "description": "DeepContext multi-turn analyzer score for jailbreak in tool arguments (0-100). Detects jailbreak escalation patterns across tool call turns" },
|
|
1201
1762
|
{ "key": "tool_poisoning_score", "type": "number", "required": false, "description": "Tool description manipulation risk score (0-100) — hidden instructions in tool descriptions or arguments" },
|
|
1202
1763
|
{ "key": "tool_poisoning_detected", "type": "boolean", "required": false, "description": "Whether tool poisoning patterns were explicitly detected" },
|
|
1203
1764
|
{ "key": "rug_pull_score", "type": "number", "required": false, "description": "Tool behavioral drift score (0-100) — deviation from established tool behavior patterns" },
|
|
@@ -1213,7 +1774,20 @@ export const OVERWATCH_CONTEXT = {
|
|
|
1213
1774
|
{ "key": "suspicious_pattern", "type": "boolean", "required": false, "description": "Whether a suspicious action sequence was detected (exfiltration, theft, destructive)" },
|
|
1214
1775
|
{ "key": "pattern_type", "type": "string", "required": false, "description": "Type of suspicious pattern: data_exfiltration, secret_exfiltration, credential_theft, destructive_sequence" },
|
|
1215
1776
|
{ "key": "sequence_risk", "type": "number", "required": false, "description": "Behavioral sequence risk score (0-100)" },
|
|
1216
|
-
{ "key": "mcp_server_verified", "type": "boolean", "required": false, "description": "Whether the MCP server is from a verified registry" }
|
|
1777
|
+
{ "key": "mcp_server_verified", "type": "boolean", "required": false, "description": "Whether the MCP server is from a verified registry" },
|
|
1778
|
+
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
|
|
1779
|
+
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
|
|
1780
|
+
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
|
|
1781
|
+
{ "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
|
|
1782
|
+
{ "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
|
|
1783
|
+
{ "key": "session_command_injection", "type": "boolean", "required": false, "description": "Whether command injection was detected in any previous turn of the session" },
|
|
1784
|
+
{ "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" },
|
|
1785
|
+
{ "key": "session_max_injection_score", "type": "number", "required": false, "description": "Highest prompt injection score seen in any turn of the session (0-100). Use for tiered responses: >75 hard block, >50 restrict permissions" },
|
|
1786
|
+
{ "key": "session_max_jailbreak_score", "type": "number", "required": false, "description": "Highest jailbreak detection score seen in any turn of the session (0-100)" },
|
|
1787
|
+
{ "key": "session_max_command_injection_score", "type": "number", "required": false, "description": "Highest command injection score seen in any turn of the session (0-100)" },
|
|
1788
|
+
{ "key": "session_max_pii_score", "type": "number", "required": false, "description": "Highest PII risk score seen in any turn of the session (0-100)" },
|
|
1789
|
+
{ "key": "session_max_secret_score", "type": "number", "required": false, "description": "Highest secret detection score seen in any turn of the session (0-100)" },
|
|
1790
|
+
{ "key": "session_cumulative_risk_score", "type": "number", "required": false, "description": "Sum of per-turn risk scores across the session. Catches death-by-a-thousand-cuts where no single turn is high but cumulative risk is significant" }
|
|
1217
1791
|
]
|
|
1218
1792
|
},
|
|
1219
1793
|
{
|
|
@@ -1237,7 +1811,20 @@ export const OVERWATCH_CONTEXT = {
|
|
|
1237
1811
|
{ "key": "indirect_injection_score", "type": "number", "required": false, "description": "Indirect injection risk score (0-100) — injection payloads in server responses" },
|
|
1238
1812
|
{ "key": "mcp_server_verified", "type": "boolean", "required": false, "description": "Whether the MCP server is from a verified registry" },
|
|
1239
1813
|
{ "key": "mcp_config_risk", "type": "boolean", "required": false, "description": "Whether risky server configuration was detected (inline code exec, mixed transports)" },
|
|
1240
|
-
{ "key": "mcp_risk_score", "type": "number", "required": false, "description": "MCP configuration risk severity score (0-100)" }
|
|
1814
|
+
{ "key": "mcp_risk_score", "type": "number", "required": false, "description": "MCP configuration risk severity score (0-100)" },
|
|
1815
|
+
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
|
|
1816
|
+
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
|
|
1817
|
+
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
|
|
1818
|
+
{ "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
|
|
1819
|
+
{ "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
|
|
1820
|
+
{ "key": "session_command_injection", "type": "boolean", "required": false, "description": "Whether command injection was detected in any previous turn of the session" },
|
|
1821
|
+
{ "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" },
|
|
1822
|
+
{ "key": "session_max_injection_score", "type": "number", "required": false, "description": "Highest prompt injection score seen in any turn of the session (0-100). Use for tiered responses: >75 hard block, >50 restrict permissions" },
|
|
1823
|
+
{ "key": "session_max_jailbreak_score", "type": "number", "required": false, "description": "Highest jailbreak detection score seen in any turn of the session (0-100)" },
|
|
1824
|
+
{ "key": "session_max_command_injection_score", "type": "number", "required": false, "description": "Highest command injection score seen in any turn of the session (0-100)" },
|
|
1825
|
+
{ "key": "session_max_pii_score", "type": "number", "required": false, "description": "Highest PII risk score seen in any turn of the session (0-100)" },
|
|
1826
|
+
{ "key": "session_max_secret_score", "type": "number", "required": false, "description": "Highest secret detection score seen in any turn of the session (0-100)" },
|
|
1827
|
+
{ "key": "session_cumulative_risk_score", "type": "number", "required": false, "description": "Sum of per-turn risk scores across the session. Catches death-by-a-thousand-cuts where no single turn is high but cumulative risk is significant" }
|
|
1241
1828
|
]
|
|
1242
1829
|
},
|
|
1243
1830
|
{
|
|
@@ -1261,7 +1848,20 @@ export const OVERWATCH_CONTEXT = {
|
|
|
1261
1848
|
{ "key": "secret_count", "type": "number", "required": false, "description": "Number of distinct secrets detected in file" },
|
|
1262
1849
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether any PII patterns were matched in file content" },
|
|
1263
1850
|
{ "key": "pii_types", "type": "array", "required": false, "description": "Specific PII types found in file" },
|
|
1264
|
-
{ "key": "pii_count", "type": "number", "required": false, "description": "Number of PII pattern matches in file" }
|
|
1851
|
+
{ "key": "pii_count", "type": "number", "required": false, "description": "Number of PII pattern matches in file" },
|
|
1852
|
+
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
|
|
1853
|
+
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
|
|
1854
|
+
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
|
|
1855
|
+
{ "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
|
|
1856
|
+
{ "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
|
|
1857
|
+
{ "key": "session_command_injection", "type": "boolean", "required": false, "description": "Whether command injection was detected in any previous turn of the session" },
|
|
1858
|
+
{ "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" },
|
|
1859
|
+
{ "key": "session_max_injection_score", "type": "number", "required": false, "description": "Highest prompt injection score seen in any turn of the session (0-100). Use for tiered responses: >75 hard block, >50 restrict permissions" },
|
|
1860
|
+
{ "key": "session_max_jailbreak_score", "type": "number", "required": false, "description": "Highest jailbreak detection score seen in any turn of the session (0-100)" },
|
|
1861
|
+
{ "key": "session_max_command_injection_score", "type": "number", "required": false, "description": "Highest command injection score seen in any turn of the session (0-100)" },
|
|
1862
|
+
{ "key": "session_max_pii_score", "type": "number", "required": false, "description": "Highest PII risk score seen in any turn of the session (0-100)" },
|
|
1863
|
+
{ "key": "session_max_secret_score", "type": "number", "required": false, "description": "Highest secret detection score seen in any turn of the session (0-100)" },
|
|
1864
|
+
{ "key": "session_cumulative_risk_score", "type": "number", "required": false, "description": "Sum of per-turn risk scores across the session. Catches death-by-a-thousand-cuts where no single turn is high but cumulative risk is significant" }
|
|
1265
1865
|
]
|
|
1266
1866
|
},
|
|
1267
1867
|
{
|
|
@@ -1286,7 +1886,20 @@ export const OVERWATCH_CONTEXT = {
|
|
|
1286
1886
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether any PII patterns were matched in content being written" },
|
|
1287
1887
|
{ "key": "pii_types", "type": "array", "required": false, "description": "Specific PII types found" },
|
|
1288
1888
|
{ "key": "pii_count", "type": "number", "required": false, "description": "Number of PII pattern matches" },
|
|
1289
|
-
{ "key": "contains_invisible_chars", "type": "boolean", "required": false, "description": "Whether invisible Unicode characters were detected in content being written" }
|
|
1889
|
+
{ "key": "contains_invisible_chars", "type": "boolean", "required": false, "description": "Whether invisible Unicode characters were detected in content being written" },
|
|
1890
|
+
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
|
|
1891
|
+
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
|
|
1892
|
+
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
|
|
1893
|
+
{ "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
|
|
1894
|
+
{ "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
|
|
1895
|
+
{ "key": "session_command_injection", "type": "boolean", "required": false, "description": "Whether command injection was detected in any previous turn of the session" },
|
|
1896
|
+
{ "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" },
|
|
1897
|
+
{ "key": "session_max_injection_score", "type": "number", "required": false, "description": "Highest prompt injection score seen in any turn of the session (0-100). Use for tiered responses: >75 hard block, >50 restrict permissions" },
|
|
1898
|
+
{ "key": "session_max_jailbreak_score", "type": "number", "required": false, "description": "Highest jailbreak detection score seen in any turn of the session (0-100)" },
|
|
1899
|
+
{ "key": "session_max_command_injection_score", "type": "number", "required": false, "description": "Highest command injection score seen in any turn of the session (0-100)" },
|
|
1900
|
+
{ "key": "session_max_pii_score", "type": "number", "required": false, "description": "Highest PII risk score seen in any turn of the session (0-100)" },
|
|
1901
|
+
{ "key": "session_max_secret_score", "type": "number", "required": false, "description": "Highest secret detection score seen in any turn of the session (0-100)" },
|
|
1902
|
+
{ "key": "session_cumulative_risk_score", "type": "number", "required": false, "description": "Sum of per-turn risk scores across the session. Catches death-by-a-thousand-cuts where no single turn is high but cumulative risk is significant" }
|
|
1290
1903
|
]
|
|
1291
1904
|
}
|
|
1292
1905
|
]
|
|
@@ -1389,3 +2002,226 @@ export const PALISADE_CONTEXT = {
|
|
|
1389
2002
|
}
|
|
1390
2003
|
]
|
|
1391
2004
|
};
|
|
2005
|
+
/**
|
|
2006
|
+
* Sentry context metadata (parsed JSON)
|
|
2007
|
+
*/
|
|
2008
|
+
export const SENTRY_CONTEXT = {
|
|
2009
|
+
"service": "sentry",
|
|
2010
|
+
"version": "1.0.0",
|
|
2011
|
+
"description": "Sentry browser security — monitors AI chat interactions and enforces data-protection, content-safety, and compliance policies",
|
|
2012
|
+
"actions": [
|
|
2013
|
+
{
|
|
2014
|
+
"name": "send_message",
|
|
2015
|
+
"description": "User sends a message (prompt) to an AI chat service via the browser",
|
|
2016
|
+
"context_attributes": [
|
|
2017
|
+
{ "key": "content", "type": "string", "required": true, "description": "Raw message content being sent to the AI service" },
|
|
2018
|
+
{ "key": "source", "type": "string", "required": true, "description": "Browser extension identifier (always \'sentry\')" },
|
|
2019
|
+
{ "key": "event", "type": "string", "required": true, "description": "Event type (always \'send_message\')" },
|
|
2020
|
+
{ "key": "user_email", "type": "string", "required": true, "description": "User identifier (SSO/OAuth verified)" },
|
|
2021
|
+
{ "key": "target_app", "type": "string", "required": true, "description": "AI service being used: chatgpt, gemini, claude, copilot, custom" },
|
|
2022
|
+
{ "key": "target_url", "type": "string", "required": false, "description": "Full URL of the AI chat service" },
|
|
2023
|
+
{ "key": "threat_count", "type": "number", "required": true, "description": "Total number of threats detected by Shield detection pipeline" },
|
|
2024
|
+
{ "key": "highest_severity", "type": "string", "required": true, "description": "Highest severity level: critical, high, medium, low, none" },
|
|
2025
|
+
{ "key": "threat_categories", "type": "array", "required": true, "description": "Threat category names from the detection aggregator" },
|
|
2026
|
+
{ "key": "detected_threats", "type": "array", "required": true, "description": "Detection rule names that matched (e.g., prompt_injection, credit_card, secret_exposure)" },
|
|
2027
|
+
{ "key": "max_threat_severity", "type": "number", "required": true, "description": "Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)" },
|
|
2028
|
+
{ "key": "contains_secrets", "type": "boolean", "required": true, "description": "Whether secrets or credentials were detected in the message" },
|
|
2029
|
+
{ "key": "secret_types", "type": "array", "required": false, "description": "Specific secret types: aws_access_key, aws_secret_key, github_token, github_fine_grained, slack_token, gcp_service_account, gcp_api_key, azure_connection_string, private_key, jwt_token, generic_api_key, stripe_key, openai_key, anthropic_key" },
|
|
2030
|
+
{ "key": "secret_count", "type": "number", "required": false, "description": "Number of distinct secrets detected" },
|
|
2031
|
+
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether any PII patterns were matched" },
|
|
2032
|
+
{ "key": "pii_types", "type": "array", "required": false, "description": "Specific PII types: ssn, credit_card, email, phone_us, ip_address, date_of_birth, passport, iban, aws_key, api_key_generic" },
|
|
2033
|
+
{ "key": "pii_count", "type": "number", "required": false, "description": "Number of PII pattern matches" },
|
|
2034
|
+
{ "key": "pii_confidence", "type": "number", "required": false, "description": "PII detection confidence (0-100). Fixed 80 when regex PII detected, else 0" },
|
|
2035
|
+
{ "key": "violence_score", "type": "number", "required": true, "description": "Violence content detection score (0-100, from ToxicityDetector)" },
|
|
2036
|
+
{ "key": "weapons_score", "type": "number", "required": true, "description": "Weapons content detection score (0-100)" },
|
|
2037
|
+
{ "key": "hate_speech_score", "type": "number", "required": true, "description": "Hate speech detection score (0-100)" },
|
|
2038
|
+
{ "key": "crime_score", "type": "number", "required": true, "description": "Criminal content detection score (0-100)" },
|
|
2039
|
+
{ "key": "sexual_score", "type": "number", "required": true, "description": "Sexual content detection score (0-100)" },
|
|
2040
|
+
{ "key": "profanity_score", "type": "number", "required": true, "description": "Profanity detection score (0-100)" },
|
|
2041
|
+
{ "key": "injection_score", "type": "number", "required": true, "description": "Prompt injection score (0-100, max of InjectionDetector + DeepContextDetector)" },
|
|
2042
|
+
{ "key": "jailbreak_score", "type": "number", "required": true, "description": "Jailbreak detection score (0-100, max of JailbreakDetector + DeepContextDetector)" },
|
|
2043
|
+
{ "key": "content_topics", "type": "array", "required": false, "description": "Detected topics from TopicDetector: controlled_substances, weapons_manufacturing, etc." },
|
|
2044
|
+
{ "key": "topic_confidence", "type": "number", "required": false, "description": "Topic classifier confidence (0-100)" },
|
|
2045
|
+
{ "key": "contains_invisible_chars", "type": "boolean", "required": false, "description": "Whether invisible Unicode characters (zero-width, bidi overrides, tag chars) were detected" },
|
|
2046
|
+
{ "key": "invisible_chars_score", "type": "number", "required": false, "description": "Invisible character attack severity score (0-100)" },
|
|
2047
|
+
{ "key": "encoded_content_detected", "type": "boolean", "required": false, "description": "Whether encoded content (base64, hex, unicode, URL) was detected" },
|
|
2048
|
+
{ "key": "encoded_types", "type": "array", "required": false, "description": "Encoding types detected: base64, hex, unicode, url" },
|
|
2049
|
+
{ "key": "encoded_count", "type": "number", "required": false, "description": "Number of encoded segments detected" },
|
|
2050
|
+
{ "key": "encoded_score", "type": "number", "required": false, "description": "Encoded injection severity score (0-100)" },
|
|
2051
|
+
{ "key": "contains_code", "type": "boolean", "required": false, "description": "Whether content contains source code" },
|
|
2052
|
+
{ "key": "code_languages", "type": "array", "required": false, "description": "Detected programming languages: python, javascript, go, etc." },
|
|
2053
|
+
{ "key": "code_ratio", "type": "number", "required": false, "description": "Percentage of content that is code (0-100)" },
|
|
2054
|
+
{ "key": "detected_language", "type": "string", "required": false, "description": "Detected natural language ISO code from LanguageDetector" },
|
|
2055
|
+
{ "key": "is_english", "type": "boolean", "required": false, "description": "Whether detected language is English" },
|
|
2056
|
+
{ "key": "language_confidence", "type": "number", "required": false, "description": "Language detection confidence (0-100)" },
|
|
2057
|
+
{ "key": "detected_script", "type": "string", "required": false, "description": "Unicode script: latin, cyrillic, arabic, unknown" },
|
|
2058
|
+
{ "key": "is_latin_script", "type": "boolean", "required": false, "description": "Whether detected script is Latin" },
|
|
2059
|
+
{ "key": "script_confidence", "type": "number", "required": false, "description": "Script detection confidence (0-100)" },
|
|
2060
|
+
{ "key": "keyword_matched", "type": "boolean", "required": false, "description": "Whether any keywords from KeywordDetector matched" },
|
|
2061
|
+
{ "key": "keyword_categories", "type": "array", "required": false, "description": "Matched keyword categories" },
|
|
2062
|
+
{ "key": "keyword_count", "type": "number", "required": false, "description": "Number of keyword matches" },
|
|
2063
|
+
{ "key": "phishing_detected", "type": "boolean", "required": false, "description": "Whether phishing URLs detected by CheckPhishDetector" },
|
|
2064
|
+
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
|
|
2065
|
+
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
|
|
2066
|
+
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
|
|
2067
|
+
{ "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
|
|
2068
|
+
{ "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
|
|
2069
|
+
{ "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" }
|
|
2070
|
+
]
|
|
2071
|
+
},
|
|
2072
|
+
{
|
|
2073
|
+
"name": "receive_response",
|
|
2074
|
+
"description": "AI service responds to the user — scan response content for harmful output",
|
|
2075
|
+
"context_attributes": [
|
|
2076
|
+
{ "key": "content", "type": "string", "required": true, "description": "AI response content" },
|
|
2077
|
+
{ "key": "source", "type": "string", "required": true, "description": "Browser extension identifier" },
|
|
2078
|
+
{ "key": "event", "type": "string", "required": true, "description": "Event type (always \'receive_response\')" },
|
|
2079
|
+
{ "key": "user_email", "type": "string", "required": true, "description": "User identifier" },
|
|
2080
|
+
{ "key": "target_app", "type": "string", "required": true, "description": "AI service: chatgpt, gemini, claude, copilot, custom" },
|
|
2081
|
+
{ "key": "target_url", "type": "string", "required": false, "description": "Full URL of the AI chat service" },
|
|
2082
|
+
{ "key": "threat_count", "type": "number", "required": true, "description": "Total number of threats detected" },
|
|
2083
|
+
{ "key": "highest_severity", "type": "string", "required": true, "description": "Highest severity level: critical, high, medium, low, none" },
|
|
2084
|
+
{ "key": "threat_categories", "type": "array", "required": true, "description": "Threat category names" },
|
|
2085
|
+
{ "key": "detected_threats", "type": "array", "required": true, "description": "Detection rule names that matched" },
|
|
2086
|
+
{ "key": "max_threat_severity", "type": "number", "required": true, "description": "Numeric severity (0-4)" },
|
|
2087
|
+
{ "key": "contains_secrets", "type": "boolean", "required": true, "description": "Whether secrets detected in AI response" },
|
|
2088
|
+
{ "key": "secret_types", "type": "array", "required": false, "description": "Secret types in response" },
|
|
2089
|
+
{ "key": "secret_count", "type": "number", "required": false, "description": "Number of secrets in response" },
|
|
2090
|
+
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII detected in response" },
|
|
2091
|
+
{ "key": "pii_types", "type": "array", "required": false, "description": "PII types in response" },
|
|
2092
|
+
{ "key": "pii_count", "type": "number", "required": false, "description": "Number of PII matches in response" },
|
|
2093
|
+
{ "key": "pii_confidence", "type": "number", "required": false, "description": "PII detection confidence (0-100)" },
|
|
2094
|
+
{ "key": "violence_score", "type": "number", "required": true, "description": "Violence score (0-100)" },
|
|
2095
|
+
{ "key": "weapons_score", "type": "number", "required": true, "description": "Weapons score (0-100)" },
|
|
2096
|
+
{ "key": "hate_speech_score", "type": "number", "required": true, "description": "Hate speech score (0-100)" },
|
|
2097
|
+
{ "key": "crime_score", "type": "number", "required": true, "description": "Crime score (0-100)" },
|
|
2098
|
+
{ "key": "sexual_score", "type": "number", "required": true, "description": "Sexual content score (0-100)" },
|
|
2099
|
+
{ "key": "profanity_score", "type": "number", "required": true, "description": "Profanity score (0-100)" },
|
|
2100
|
+
{ "key": "injection_score", "type": "number", "required": true, "description": "Indirect injection score in response (0-100)" },
|
|
2101
|
+
{ "key": "jailbreak_score", "type": "number", "required": true, "description": "Jailbreak score (0-100)" },
|
|
2102
|
+
{ "key": "hallucination_score", "type": "number", "required": false, "description": "Hallucination confidence (0-100, from HallucinationDetector)" },
|
|
2103
|
+
{ "key": "factuality_score", "type": "number", "required": false, "description": "Factuality score (0-100)" },
|
|
2104
|
+
{ "key": "contains_code", "type": "boolean", "required": false, "description": "Whether response contains code" },
|
|
2105
|
+
{ "key": "code_languages", "type": "array", "required": false, "description": "Code languages in response" },
|
|
2106
|
+
{ "key": "code_ratio", "type": "number", "required": false, "description": "Code ratio (0-100)" },
|
|
2107
|
+
{ "key": "phishing_detected", "type": "boolean", "required": false, "description": "Whether phishing URLs detected in response" },
|
|
2108
|
+
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
|
|
2109
|
+
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
|
|
2110
|
+
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
|
|
2111
|
+
{ "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
|
|
2112
|
+
{ "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
|
|
2113
|
+
{ "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" }
|
|
2114
|
+
]
|
|
2115
|
+
},
|
|
2116
|
+
{
|
|
2117
|
+
"name": "paste_content",
|
|
2118
|
+
"description": "User pastes content into an AI chat (clipboard, cross-tab, cross-app)",
|
|
2119
|
+
"context_attributes": [
|
|
2120
|
+
{ "key": "content", "type": "string", "required": true, "description": "Pasted content" },
|
|
2121
|
+
{ "key": "source", "type": "string", "required": true, "description": "Browser extension identifier" },
|
|
2122
|
+
{ "key": "event", "type": "string", "required": true, "description": "Event type (always \'paste_content\')" },
|
|
2123
|
+
{ "key": "user_email", "type": "string", "required": true, "description": "User identifier" },
|
|
2124
|
+
{ "key": "target_app", "type": "string", "required": true, "description": "AI service: chatgpt, gemini, claude, copilot, custom" },
|
|
2125
|
+
{ "key": "target_url", "type": "string", "required": false, "description": "Full URL of the AI chat service" },
|
|
2126
|
+
{ "key": "paste_source_app", "type": "string", "required": false, "description": "Source application for the paste: outlook, excel, vscode, terminal, slack, etc." },
|
|
2127
|
+
{ "key": "paste_source_url", "type": "string", "required": false, "description": "Source URL if content pasted from another browser tab" },
|
|
2128
|
+
{ "key": "paste_length", "type": "number", "required": false, "description": "Character length of pasted content" },
|
|
2129
|
+
{ "key": "threat_count", "type": "number", "required": true, "description": "Total threats detected" },
|
|
2130
|
+
{ "key": "highest_severity", "type": "string", "required": true, "description": "Highest severity: critical, high, medium, low, none" },
|
|
2131
|
+
{ "key": "threat_categories", "type": "array", "required": true, "description": "Threat category names" },
|
|
2132
|
+
{ "key": "detected_threats", "type": "array", "required": true, "description": "Detection rule names that matched" },
|
|
2133
|
+
{ "key": "max_threat_severity", "type": "number", "required": true, "description": "Numeric severity (0-4)" },
|
|
2134
|
+
{ "key": "contains_secrets", "type": "boolean", "required": true, "description": "Whether secrets detected in pasted content" },
|
|
2135
|
+
{ "key": "secret_types", "type": "array", "required": false, "description": "Secret types in pasted content" },
|
|
2136
|
+
{ "key": "secret_count", "type": "number", "required": false, "description": "Number of secrets" },
|
|
2137
|
+
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII detected in pasted content" },
|
|
2138
|
+
{ "key": "pii_types", "type": "array", "required": false, "description": "PII types in pasted content" },
|
|
2139
|
+
{ "key": "pii_count", "type": "number", "required": false, "description": "PII match count" },
|
|
2140
|
+
{ "key": "pii_confidence", "type": "number", "required": false, "description": "PII detection confidence (0-100)" },
|
|
2141
|
+
{ "key": "violence_score", "type": "number", "required": true, "description": "Violence score (0-100)" },
|
|
2142
|
+
{ "key": "weapons_score", "type": "number", "required": true, "description": "Weapons score (0-100)" },
|
|
2143
|
+
{ "key": "hate_speech_score", "type": "number", "required": true, "description": "Hate speech score (0-100)" },
|
|
2144
|
+
{ "key": "crime_score", "type": "number", "required": true, "description": "Crime score (0-100)" },
|
|
2145
|
+
{ "key": "sexual_score", "type": "number", "required": true, "description": "Sexual score (0-100)" },
|
|
2146
|
+
{ "key": "profanity_score", "type": "number", "required": true, "description": "Profanity score (0-100)" },
|
|
2147
|
+
{ "key": "injection_score", "type": "number", "required": true, "description": "Injection score (0-100)" },
|
|
2148
|
+
{ "key": "jailbreak_score", "type": "number", "required": true, "description": "Jailbreak score (0-100)" },
|
|
2149
|
+
{ "key": "contains_code", "type": "boolean", "required": false, "description": "Whether pasted content contains code" },
|
|
2150
|
+
{ "key": "code_languages", "type": "array", "required": false, "description": "Code languages in pasted content" },
|
|
2151
|
+
{ "key": "code_ratio", "type": "number", "required": false, "description": "Code ratio (0-100)" },
|
|
2152
|
+
{ "key": "contains_invisible_chars", "type": "boolean", "required": false, "description": "Whether invisible Unicode characters detected" },
|
|
2153
|
+
{ "key": "invisible_chars_score", "type": "number", "required": false, "description": "Invisible chars severity (0-100)" },
|
|
2154
|
+
{ "key": "encoded_content_detected", "type": "boolean", "required": false, "description": "Whether encoded content detected" },
|
|
2155
|
+
{ "key": "encoded_types", "type": "array", "required": false, "description": "Encoding types" },
|
|
2156
|
+
{ "key": "encoded_count", "type": "number", "required": false, "description": "Encoded segment count" },
|
|
2157
|
+
{ "key": "encoded_score", "type": "number", "required": false, "description": "Encoded injection severity (0-100)" },
|
|
2158
|
+
{ "key": "keyword_matched", "type": "boolean", "required": false, "description": "Whether keywords matched" },
|
|
2159
|
+
{ "key": "keyword_categories", "type": "array", "required": false, "description": "Keyword categories" },
|
|
2160
|
+
{ "key": "keyword_count", "type": "number", "required": false, "description": "Keyword match count" },
|
|
2161
|
+
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
|
|
2162
|
+
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
|
|
2163
|
+
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
|
|
2164
|
+
{ "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
|
|
2165
|
+
{ "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
|
|
2166
|
+
{ "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" }
|
|
2167
|
+
]
|
|
2168
|
+
},
|
|
2169
|
+
{
|
|
2170
|
+
"name": "upload_file",
|
|
2171
|
+
"description": "User uploads a file or document into an AI chat service",
|
|
2172
|
+
"context_attributes": [
|
|
2173
|
+
{ "key": "content", "type": "string", "required": true, "description": "Extracted file text content (for scanning)" },
|
|
2174
|
+
{ "key": "source", "type": "string", "required": true, "description": "Browser extension identifier" },
|
|
2175
|
+
{ "key": "event", "type": "string", "required": true, "description": "Event type (always \'upload_file\')" },
|
|
2176
|
+
{ "key": "user_email", "type": "string", "required": true, "description": "User identifier" },
|
|
2177
|
+
{ "key": "target_app", "type": "string", "required": true, "description": "AI service: chatgpt, gemini, claude, copilot, custom" },
|
|
2178
|
+
{ "key": "target_url", "type": "string", "required": false, "description": "Full URL of the AI chat service" },
|
|
2179
|
+
{ "key": "file_name", "type": "string", "required": false, "description": "Original file name" },
|
|
2180
|
+
{ "key": "file_type", "type": "string", "required": false, "description": "MIME type: application/pdf, text/csv, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet, etc." },
|
|
2181
|
+
{ "key": "file_size_bytes", "type": "number", "required": false, "description": "File size in bytes" },
|
|
2182
|
+
{ "key": "file_extension", "type": "string", "required": false, "description": "File extension: pdf, docx, xlsx, csv, txt, py, js, etc." },
|
|
2183
|
+
{ "key": "mip_label_id", "type": "string", "required": false, "description": "Microsoft Information Protection label GUID" },
|
|
2184
|
+
{ "key": "mip_label_name", "type": "string", "required": false, "description": "MIP label display name: Public, General, Confidential, Highly Confidential" },
|
|
2185
|
+
{ "key": "sensitivity_level", "type": "string", "required": false, "description": "Normalized sensitivity: public, internal, confidential, restricted" },
|
|
2186
|
+
{ "key": "is_encrypted", "type": "boolean", "required": false, "description": "Whether file is encrypted via MIP protection" },
|
|
2187
|
+
{ "key": "is_rights_managed", "type": "boolean", "required": false, "description": "Whether file has rights management (IRM/RMS) restrictions" },
|
|
2188
|
+
{ "key": "threat_count", "type": "number", "required": true, "description": "Total threats detected" },
|
|
2189
|
+
{ "key": "highest_severity", "type": "string", "required": true, "description": "Highest severity: critical, high, medium, low, none" },
|
|
2190
|
+
{ "key": "threat_categories", "type": "array", "required": true, "description": "Threat category names" },
|
|
2191
|
+
{ "key": "detected_threats", "type": "array", "required": true, "description": "Detection rule names that matched" },
|
|
2192
|
+
{ "key": "max_threat_severity", "type": "number", "required": true, "description": "Numeric severity (0-4)" },
|
|
2193
|
+
{ "key": "contains_secrets", "type": "boolean", "required": true, "description": "Whether secrets detected in file content" },
|
|
2194
|
+
{ "key": "secret_types", "type": "array", "required": false, "description": "Secret types in file" },
|
|
2195
|
+
{ "key": "secret_count", "type": "number", "required": false, "description": "Number of secrets" },
|
|
2196
|
+
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII detected in file" },
|
|
2197
|
+
{ "key": "pii_types", "type": "array", "required": false, "description": "PII types in file" },
|
|
2198
|
+
{ "key": "pii_count", "type": "number", "required": false, "description": "PII match count" },
|
|
2199
|
+
{ "key": "pii_confidence", "type": "number", "required": false, "description": "PII confidence (0-100)" },
|
|
2200
|
+
{ "key": "violence_score", "type": "number", "required": true, "description": "Violence score (0-100)" },
|
|
2201
|
+
{ "key": "weapons_score", "type": "number", "required": true, "description": "Weapons score (0-100)" },
|
|
2202
|
+
{ "key": "hate_speech_score", "type": "number", "required": true, "description": "Hate speech score (0-100)" },
|
|
2203
|
+
{ "key": "crime_score", "type": "number", "required": true, "description": "Crime score (0-100)" },
|
|
2204
|
+
{ "key": "sexual_score", "type": "number", "required": true, "description": "Sexual score (0-100)" },
|
|
2205
|
+
{ "key": "profanity_score", "type": "number", "required": true, "description": "Profanity score (0-100)" },
|
|
2206
|
+
{ "key": "injection_score", "type": "number", "required": true, "description": "Injection score in file content (0-100)" },
|
|
2207
|
+
{ "key": "jailbreak_score", "type": "number", "required": true, "description": "Jailbreak score (0-100)" },
|
|
2208
|
+
{ "key": "contains_code", "type": "boolean", "required": false, "description": "Whether file contains source code" },
|
|
2209
|
+
{ "key": "code_languages", "type": "array", "required": false, "description": "Code languages in file" },
|
|
2210
|
+
{ "key": "code_ratio", "type": "number", "required": false, "description": "Code ratio (0-100)" },
|
|
2211
|
+
{ "key": "phishing_detected", "type": "boolean", "required": false, "description": "Whether phishing URLs detected in file" },
|
|
2212
|
+
{ "key": "contains_invisible_chars", "type": "boolean", "required": false, "description": "Whether invisible chars detected in file" },
|
|
2213
|
+
{ "key": "invisible_chars_score", "type": "number", "required": false, "description": "Invisible chars severity (0-100)" },
|
|
2214
|
+
{ "key": "encoded_content_detected", "type": "boolean", "required": false, "description": "Whether encoded content detected in file" },
|
|
2215
|
+
{ "key": "encoded_types", "type": "array", "required": false, "description": "Encoding types in file" },
|
|
2216
|
+
{ "key": "encoded_count", "type": "number", "required": false, "description": "Encoded segment count" },
|
|
2217
|
+
{ "key": "encoded_score", "type": "number", "required": false, "description": "Encoded injection severity (0-100)" },
|
|
2218
|
+
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
|
|
2219
|
+
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
|
|
2220
|
+
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
|
|
2221
|
+
{ "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types detected across the session (accumulated)" },
|
|
2222
|
+
{ "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Whether prompt injection was detected in any previous turn of the session" },
|
|
2223
|
+
{ "key": "session_threat_turns", "type": "number", "required": false, "description": "Number of turns in the session where threats were detected" }
|
|
2224
|
+
]
|
|
2225
|
+
}
|
|
2226
|
+
]
|
|
2227
|
+
};
|