@highflame/policy 2.1.31 → 2.1.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/_schemas/sentry/context.json +2 -2
  2. package/_schemas/sentry/schema.cedarschema +3 -3
  3. package/_schemas/sentry/templates/defaults/clipboard.cedar +32 -10
  4. package/_schemas/sentry/templates/defaults/content_safety.cedar +12 -102
  5. package/_schemas/sentry/templates/defaults/file_safety.cedar +0 -62
  6. package/_schemas/sentry/templates/defaults/organization.cedar +1 -1
  7. package/_schemas/sentry/templates/defaults/pii.cedar +23 -41
  8. package/_schemas/sentry/templates/defaults/secrets.cedar +22 -39
  9. package/_schemas/sentry/templates/defaults/semantic.cedar +22 -21
  10. package/_schemas/sentry/templates/templates.json +8 -8
  11. package/dist/sentry-defaults.gen.js +127 -291
  12. package/dist/sentry-entities.gen.js +3 -3
  13. package/dist/service-schemas.gen.d.ts +1 -1
  14. package/dist/service-schemas.gen.js +5 -5
  15. package/package.json +1 -1
package/dist/sentry-entities.gen.js CHANGED
@@ -7,7 +7,7 @@
7
7
  export const SENTRY_ENTITIES = {
8
8
  principals: ['User'],
9
9
  resources: ['ChatSession', 'Document'],
10
- actions: ['paste_content', 'receive_response', 'send_message', 'upload_file'],
10
+ actions: ['paste_content', 'process_prompt', 'receive_response', 'upload_file'],
11
11
  };
12
12
  /**
13
13
  * Per-action entity mapping for Sentry.
@@ -18,11 +18,11 @@ export const SENTRY_ACTION_ENTITIES = {
18
18
  principals: ['User'],
19
19
  resources: ['ChatSession', 'Document'],
20
20
  },
21
- 'receive_response': {
21
+ 'process_prompt': {
22
22
  principals: ['User'],
23
23
  resources: ['ChatSession'],
24
24
  },
25
- 'send_message': {
25
+ 'receive_response': {
26
26
  principals: ['User'],
27
27
  resources: ['ChatSession'],
28
28
  },
package/dist/service-schemas.gen.d.ts CHANGED
@@ -27,7 +27,7 @@ export declare const PALISADE_SCHEMA = "// Palisade Cedar Schema\n// ===========
27
27
  *
28
28
  * Full Cedar schema for sentry, embedded at codegen time.
29
29
  */
30
- export declare const SENTRY_SCHEMA = "// =============================================================================\n// Sentry Cedar Schema\n// =============================================================================\n// Browser Security \u2014 monitors AI chat interactions in the browser and enforces\n// data-protection, content-safety, and compliance policies at point of use.\n//\n// Sentry is a lightweight browser extension (JSA) that intercepts:\n// - Messages sent to AI chat services (ChatGPT, Gemini, Claude, Copilot, etc.)\n// - AI responses returned to the user\n// - Cut/paste operations transferring content into AI chats\n// - File/document uploads into AI chat services\n//\n// Architecture:\n// User \u2192 Browser Extension \u2192 Shield Detection Engine \u2192 Cedar Policy \u2192 Allow/Block\n//\n// Threat Coverage:\n// - Data Leakage: PII, PHI, credentials, source code, confidential documents\n// - Content Safety: Violence, hate speech, sexual content, restricted topics\n// - Prompt Injection: Direct and indirect injection via pasted/uploaded content\n// - Document Sensitivity: MIP label enforcement, classification-aware blocking\n// - Compliance: GDPR, HIPAA, PCI DSS, CCPA, EU AI Act\n//\n// Supported AI Services:\n// - ChatGPT (chat.openai.com)\n// - Google Gemini (gemini.google.com)\n// - Claude (claude.ai)\n// - GitHub Copilot Chat\n// - Microsoft Copilot\n// - Custom/enterprise AI chat endpoints\n\nnamespace Sentry {\n\n// =============================================================================\n// ENTITIES - Tenant Hierarchy (ReBAC)\n// =============================================================================\n// Aligned with Guardrails/Overwatch entity hierarchy (Account -> Project).\n//\n// Entity hierarchy enables Cedar's `in` operator for policy scoping:\n// Account (org root)\n// \u2514\u2500\u2500 Project in [Account]\n// \u2514\u2500\u2500 ChatSession in [Project]\n//\n// Policy scoping examples:\n// resource in Sentry::Account::\"<uuid>\" \u2192 org-wide\n// resource in Sentry::Project::\"<uuid>\" \u2192 project-wide\n// resource == Sentry::ChatSession::\"<id>\" \u2192 specific session\n\n/// Account represents an organization (top-level tenant)\nentity Account;\n\n/// Project represents a project within an account\nentity Project in [Account];\n\n// =============================================================================\n// ENTITIES - Principals\n// =============================================================================\n\n/// Human user interacting with AI chat in the browser\nentity User;\n\n// =============================================================================\n// ENTITIES - Resources (scoped under Project)\n// =============================================================================\n\n/// AI chat session \u2014 resource for send_message and receive_response actions\nentity ChatSession in [Project];\n\n/// Document or file being uploaded \u2014 resource for upload_file action\nentity Document in [Project];\n\n// =============================================================================\n// ACTIONS\n// =============================================================================\n\n// User sends a message (prompt) to an AI chat service\n// Threat focus: data leakage (PII, secrets, confidential data), injection, content safety\naction send_message appliesTo {\n principal: [User],\n resource: [ChatSession],\n context: {\n // --- Core Metadata ---\n content: String, // Raw message content being sent\n source: String, // Browser extension identifier: \"sentry\"\n event: String, // Event type: \"send_message\"\n user_email: String, // User identifier (SSO/OAuth verified)\n target_app: String, // AI service: \"chatgpt\", \"gemini\", \"claude\", \"copilot\", \"custom\"\n target_url?: String, // Full URL of the AI chat service\n\n // --- Aggregated Threat Summary (from Shield NormalizeAggregation) ---\n threat_count: Long, // Total threats detected\n highest_severity: String, // \"critical\", \"high\", \"medium\", \"low\", \"none\"\n threat_categories: Set<String>, // Threat category names\n detected_threats: Set<String>, // Detection rule names that matched\n max_threat_severity: Long, // Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)\n\n // --- Secrets Detection (from SecretsDetector) ---\n contains_secrets: Bool, // Whether secrets/credentials detected\n secret_types?: Set<String>, // Types: \"aws_access_key\", \"github_token\", \"ssh_private_key\", etc.\n secret_count?: Long, // Number of distinct secrets found\n\n // --- PII Detection (from PIIRegexDetector, normalized) ---\n pii_detected?: Bool, // Whether any PII patterns matched\n pii_types?: Set<String>, // Types: \"ssn\", \"credit_card\", \"email\", \"phone\", etc.\n pii_count?: Long, // Number of PII matches\n pii_confidence?: Long, // PII detection confidence (0-100)\n\n // --- Content Safety Scores (from ToxicityDetector, 0-100) ---\n violence_score: Long,\n weapons_score: Long,\n hate_speech_score: Long,\n crime_score: Long,\n sexual_score: Long,\n profanity_score: Long,\n\n // --- ML Detector Confidence Scores (0-100) ---\n injection_score: Long, // Prompt injection score (max of InjectionDetector + DeepContextDetector)\n jailbreak_score: Long, // Jailbreak detection score (max of JailbreakDetector + DeepContextDetector)\n\n // --- Topic Classification (from TopicDetector) ---\n content_topics?: Set<String>, // Detected topics: \"controlled_substances\", \"weapons_manufacturing\", etc.\n topic_confidence?: Long, // Topic classifier confidence (0-100)\n\n // --- Encoding & Unicode Attacks (from SecurityFiltersDetector, EncodedInjectionDetector) ---\n contains_invisible_chars?: Bool, // Zero-width chars, bidi overrides, tag chars\n invisible_chars_score?: Long, // Unicode attack severity (0-100)\n encoded_content_detected?: Bool, // Base64, hex, unicode, URL encoded content\n encoded_types?: Set<String>, // Encoding types detected\n encoded_count?: Long, // Number of encoded segments\n encoded_score?: Long, // Encoded injection severity (0-100)\n\n // --- Code Detection (from CodeDetector) ---\n contains_code?: Bool, // Whether content contains source code\n code_languages?: Set<String>, // Detected languages: \"python\", \"javascript\", etc.\n code_ratio?: Long, // Percentage of content that is code (0-100)\n\n // --- Language Detection (from LanguageDetector, ScriptDetector) ---\n detected_language?: String, // ISO language code\n is_english?: Bool,\n language_confidence?: Long, // 0-100\n detected_script?: String, // \"latin\", \"cyrillic\", \"arabic\", \"unknown\"\n is_latin_script?: Bool,\n script_confidence?: Long, // 0-100\n\n // --- Keyword Detection (from KeywordDetector) ---\n keyword_matched?: Bool, // Whether any keywords matched\n keyword_categories?: Set<String>, // Matched keyword categories\n keyword_count?: Long, // Number of keyword matches\n\n // --- Phishing Detection (from CheckPhishDetector) ---\n phishing_detected?: Bool, // Whether phishing URLs detected in content\n\n // --- Session Detection History (cross-turn sticky flags) ---\n session_pii_detected?: Bool,\n session_pii_types?: Set<String>,\n session_secrets_detected?: Bool,\n session_secret_types?: Set<String>,\n session_injection_detected?: Bool,\n session_threat_turns?: Long,\n },\n};\n\n// AI service responds to the user\n// Threat focus: harmful content in responses, hallucination, data leakage in output\naction receive_response appliesTo {\n principal: [User],\n resource: [ChatSession],\n context: {\n // --- Core Metadata ---\n content: String, // AI response content\n source: String,\n event: String, // \"receive_response\"\n user_email: String,\n target_app: String,\n target_url?: String,\n\n // --- Aggregated Threat Summary ---\n threat_count: Long,\n highest_severity: String,\n threat_categories: Set<String>,\n detected_threats: Set<String>,\n max_threat_severity: Long,\n\n // --- Secrets Detection ---\n contains_secrets: Bool,\n secret_types?: Set<String>,\n secret_count?: Long,\n\n // --- PII Detection ---\n pii_detected?: Bool,\n pii_types?: Set<String>,\n pii_count?: Long,\n pii_confidence?: Long,\n\n // --- Content Safety Scores (0-100) ---\n violence_score: Long,\n weapons_score: Long,\n hate_speech_score: Long,\n crime_score: Long,\n sexual_score: Long,\n profanity_score: Long,\n\n // --- ML Detector Scores (0-100) ---\n injection_score: Long, // Indirect injection in response content\n jailbreak_score: Long,\n\n // --- Hallucination Detection (from HallucinationDetector) ---\n hallucination_score?: Long, // Hallucination confidence (0-100)\n factuality_score?: Long, // Factuality score (0-100)\n\n // --- Code in Response ---\n contains_code?: Bool,\n code_languages?: Set<String>,\n code_ratio?: Long,\n\n // --- Phishing ---\n phishing_detected?: Bool,\n\n // --- Session History ---\n session_pii_detected?: Bool,\n session_pii_types?: Set<String>,\n session_secrets_detected?: Bool,\n session_secret_types?: Set<String>,\n session_injection_detected?: Bool,\n session_threat_turns?: Long,\n },\n};\n\n// User pastes content into an AI chat (clipboard, cross-tab, cross-app)\n// Threat focus: data leakage via cut/paste, injection payloads in pasted content\naction paste_content appliesTo {\n principal: [User],\n resource: [ChatSession, Document],\n context: {\n // --- Core Metadata ---\n content: String, // Pasted content\n source: String,\n event: String, // \"paste_content\"\n user_email: String,\n target_app: String,\n target_url?: String,\n\n // --- Paste Context ---\n paste_source_app?: String, // Source application (e.g., \"outlook\", \"excel\", \"vscode\", \"terminal\")\n paste_source_url?: String, // Source URL if from another browser tab\n paste_length?: Long, // Character length of pasted content\n\n // --- Aggregated Threat Summary ---\n threat_count: Long,\n highest_severity: String,\n threat_categories: Set<String>,\n detected_threats: Set<String>,\n max_threat_severity: Long,\n\n // --- Secrets Detection ---\n contains_secrets: Bool,\n secret_types?: Set<String>,\n secret_count?: Long,\n\n // --- PII Detection ---\n pii_detected?: Bool,\n pii_types?: Set<String>,\n pii_count?: Long,\n pii_confidence?: Long,\n\n // --- Content Safety Scores (0-100) ---\n violence_score: Long,\n weapons_score: Long,\n hate_speech_score: Long,\n crime_score: Long,\n sexual_score: Long,\n profanity_score: Long,\n\n // --- ML Detector Scores (0-100) ---\n injection_score: Long,\n jailbreak_score: Long,\n\n // --- Code Detection ---\n contains_code?: Bool,\n code_languages?: Set<String>,\n code_ratio?: Long,\n\n // --- Encoding Attacks ---\n contains_invisible_chars?: Bool,\n invisible_chars_score?: Long,\n encoded_content_detected?: Bool,\n encoded_types?: Set<String>,\n encoded_count?: Long,\n encoded_score?: Long,\n\n // --- Keyword Detection ---\n keyword_matched?: Bool,\n keyword_categories?: Set<String>,\n keyword_count?: Long,\n\n // --- Session History ---\n session_pii_detected?: Bool,\n session_pii_types?: Set<String>,\n session_secrets_detected?: Bool,\n session_secret_types?: Set<String>,\n session_injection_detected?: Bool,\n session_threat_turns?: Long,\n },\n};\n\n// User uploads a file or document into an AI chat\n// Threat focus: document sensitivity (MIP labels), PII/secrets in files, malware\naction upload_file appliesTo {\n principal: [User],\n resource: [Document, ChatSession],\n context: {\n // --- Core Metadata ---\n content: String, // Extracted file text content (for scanning)\n source: String,\n event: String, // \"upload_file\"\n user_email: String,\n target_app: String,\n target_url?: String,\n\n // --- File Metadata ---\n file_name?: String, // Original file name\n file_type?: String, // MIME type: \"application/pdf\", \"text/csv\", etc.\n file_size_bytes?: Long, // File size in bytes\n file_extension?: String, // Extension: \"pdf\", \"docx\", \"xlsx\", \"csv\", \"txt\"\n\n // --- Document Sensitivity (MIP Labels) ---\n mip_label_id?: String, // Microsoft Information Protection label ID\n mip_label_name?: String, // Label display name: \"Public\", \"Internal\", \"Confidential\", \"Highly Confidential\"\n sensitivity_level?: String, // Normalized: \"public\", \"internal\", \"confidential\", \"restricted\"\n is_encrypted?: Bool, // Whether file is encrypted (MIP protection)\n is_rights_managed?: Bool, // Whether file has rights management restrictions\n\n // --- Aggregated Threat Summary ---\n threat_count: Long,\n highest_severity: String,\n threat_categories: Set<String>,\n detected_threats: Set<String>,\n max_threat_severity: Long,\n\n // --- Secrets Detection ---\n contains_secrets: Bool,\n secret_types?: Set<String>,\n secret_count?: Long,\n\n // --- PII Detection ---\n pii_detected?: Bool,\n pii_types?: Set<String>,\n pii_count?: Long,\n pii_confidence?: Long,\n\n // --- Content Safety Scores (0-100) ---\n violence_score: Long,\n weapons_score: Long,\n hate_speech_score: Long,\n crime_score: Long,\n sexual_score: Long,\n profanity_score: Long,\n\n // --- ML Detector Scores (0-100) ---\n injection_score: Long, // Prompt injection payloads hidden in documents\n jailbreak_score: Long,\n\n // --- Code Detection ---\n contains_code?: Bool,\n code_languages?: Set<String>,\n code_ratio?: Long,\n\n // --- Phishing ---\n phishing_detected?: Bool,\n\n // --- Encoding Attacks ---\n contains_invisible_chars?: Bool,\n invisible_chars_score?: Long,\n encoded_content_detected?: Bool,\n encoded_types?: Set<String>,\n encoded_count?: Long,\n encoded_score?: Long,\n\n // --- Session History ---\n session_pii_detected?: Bool,\n session_pii_types?: Set<String>,\n session_secrets_detected?: Bool,\n session_secret_types?: Set<String>,\n session_injection_detected?: Bool,\n session_threat_turns?: Long,\n },\n};\n\n}\n";
30
+ export declare const SENTRY_SCHEMA = "// =============================================================================\n// Sentry Cedar Schema\n// =============================================================================\n// Browser Security \u2014 monitors AI chat interactions in the browser and enforces\n// data-protection, content-safety, and compliance policies at point of use.\n//\n// Sentry is a lightweight browser extension (JSA) that intercepts:\n// - Messages sent to AI chat services (ChatGPT, Gemini, Claude, Copilot, etc.)\n// - AI responses returned to the user\n// - Cut/paste operations transferring content into AI chats\n// - File/document uploads into AI chat services\n//\n// Architecture:\n// User \u2192 Browser Extension \u2192 Shield Detection Engine \u2192 Cedar Policy \u2192 Allow/Block\n//\n// Threat Coverage:\n// - Data Leakage: PII, PHI, credentials, source code, confidential documents\n// - Content Safety: Violence, hate speech, sexual content, restricted topics\n// - Prompt Injection: Direct and indirect injection via pasted/uploaded content\n// - Document Sensitivity: MIP label enforcement, classification-aware blocking\n// - Compliance: GDPR, HIPAA, PCI DSS, CCPA, EU AI Act\n//\n// Supported AI Services:\n// - ChatGPT (chat.openai.com)\n// - Google Gemini (gemini.google.com)\n// - Claude (claude.ai)\n// - GitHub Copilot Chat\n// - Microsoft Copilot\n// - Custom/enterprise AI chat endpoints\n\nnamespace Sentry {\n\n// =============================================================================\n// ENTITIES - Tenant Hierarchy (ReBAC)\n// =============================================================================\n// Aligned with Guardrails/Overwatch entity hierarchy (Account -> Project).\n//\n// Entity hierarchy enables Cedar's `in` operator for policy scoping:\n// Account (org root)\n// \u2514\u2500\u2500 Project in [Account]\n// \u2514\u2500\u2500 ChatSession in [Project]\n//\n// Policy scoping examples:\n// resource in Sentry::Account::\"<uuid>\" \u2192 org-wide\n// resource in Sentry::Project::\"<uuid>\" \u2192 project-wide\n// resource == Sentry::ChatSession::\"<id>\" \u2192 specific session\n\n/// Account represents an organization (top-level tenant)\nentity Account;\n\n/// Project represents a project within an account\nentity Project in [Account];\n\n// =============================================================================\n// ENTITIES - Principals\n// =============================================================================\n\n/// Human user interacting with AI chat in the browser\nentity User;\n\n// =============================================================================\n// ENTITIES - Resources (scoped under Project)\n// =============================================================================\n\n/// AI chat session \u2014 resource for process_prompt and receive_response actions\nentity ChatSession in [Project];\n\n/// Document or file being uploaded \u2014 resource for upload_file action\nentity Document in [Project];\n\n// =============================================================================\n// ACTIONS\n// =============================================================================\n\n// User sends a message (prompt) to an AI chat service\n// Threat focus: data leakage (PII, secrets, confidential data), injection, content safety\naction process_prompt appliesTo {\n principal: [User],\n resource: [ChatSession],\n context: {\n // --- Core Metadata ---\n content: String, // Raw message content being sent\n source: String, // Browser extension identifier: \"sentry\"\n event: String, // Event type: \"process_prompt\"\n user_email: String, // User identifier (SSO/OAuth verified)\n target_app: String, // AI service: \"chatgpt\", \"gemini\", \"claude\", \"copilot\", \"custom\"\n target_url?: String, // Full URL of the AI chat service\n\n // --- Aggregated Threat Summary (from Shield NormalizeAggregation) ---\n threat_count: Long, // Total threats detected\n highest_severity: String, // \"critical\", \"high\", \"medium\", \"low\", \"none\"\n threat_categories: Set<String>, // Threat category names\n detected_threats: Set<String>, // Detection rule names that matched\n max_threat_severity: Long, // Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)\n\n // --- Secrets Detection (from SecretsDetector) ---\n contains_secrets: Bool, // Whether secrets/credentials detected\n secret_types?: Set<String>, // Types: \"aws_access_key\", \"github_token\", \"ssh_private_key\", etc.\n secret_count?: Long, // Number of distinct secrets found\n\n // --- PII Detection (from PIIRegexDetector, normalized) ---\n pii_detected?: Bool, // Whether any PII patterns matched\n pii_types?: Set<String>, // Types: \"ssn\", \"credit_card\", \"email\", \"phone\", etc.\n pii_count?: Long, // Number of PII matches\n pii_confidence?: Long, // PII detection confidence (0-100)\n\n // --- Content Safety Scores (from ToxicityDetector, 0-100) ---\n violence_score: Long,\n weapons_score: Long,\n hate_speech_score: Long,\n crime_score: Long,\n sexual_score: Long,\n profanity_score: Long,\n\n // --- ML Detector Confidence Scores (0-100) ---\n injection_score: Long, // Prompt injection score (max of InjectionDetector + DeepContextDetector)\n jailbreak_score: Long, // Jailbreak detection score (max of JailbreakDetector + DeepContextDetector)\n\n // --- Topic Classification (from TopicDetector) ---\n content_topics?: Set<String>, // Detected topics: \"controlled_substances\", \"weapons_manufacturing\", etc.\n topic_confidence?: Long, // Topic classifier confidence (0-100)\n\n // --- Encoding & Unicode Attacks (from SecurityFiltersDetector, EncodedInjectionDetector) ---\n contains_invisible_chars?: Bool, // Zero-width chars, bidi overrides, tag chars\n invisible_chars_score?: Long, // Unicode attack severity (0-100)\n encoded_content_detected?: Bool, // Base64, hex, unicode, URL encoded content\n encoded_types?: Set<String>, // Encoding types detected\n encoded_count?: Long, // Number of encoded segments\n encoded_score?: Long, // Encoded injection severity (0-100)\n\n // --- Code Detection (from CodeDetector) ---\n contains_code?: Bool, // Whether content contains source code\n code_languages?: Set<String>, // Detected languages: \"python\", \"javascript\", etc.\n code_ratio?: Long, // Percentage of content that is code (0-100)\n\n // --- Language Detection (from LanguageDetector, ScriptDetector) ---\n detected_language?: String, // ISO language code\n is_english?: Bool,\n language_confidence?: Long, // 0-100\n detected_script?: String, // \"latin\", \"cyrillic\", \"arabic\", \"unknown\"\n is_latin_script?: Bool,\n script_confidence?: Long, // 0-100\n\n // --- Keyword Detection (from KeywordDetector) ---\n keyword_matched?: Bool, // Whether any keywords matched\n keyword_categories?: Set<String>, // Matched keyword categories\n keyword_count?: Long, // Number of keyword matches\n\n // --- Phishing Detection (from CheckPhishDetector) ---\n phishing_detected?: Bool, // Whether phishing URLs detected in content\n\n // --- Session Detection History (cross-turn sticky flags) ---\n session_pii_detected?: Bool,\n session_pii_types?: Set<String>,\n session_secrets_detected?: Bool,\n session_secret_types?: Set<String>,\n session_injection_detected?: Bool,\n session_threat_turns?: Long,\n },\n};\n\n// AI service responds to the user\n// Threat focus: harmful content in responses, hallucination, data leakage in output\naction receive_response appliesTo {\n principal: [User],\n resource: [ChatSession],\n context: {\n // --- Core Metadata ---\n content: String, // AI response content\n source: String,\n event: String, // \"receive_response\"\n user_email: String,\n target_app: String,\n target_url?: String,\n\n // --- Aggregated Threat Summary ---\n threat_count: Long,\n highest_severity: String,\n threat_categories: Set<String>,\n detected_threats: Set<String>,\n max_threat_severity: Long,\n\n // --- Secrets Detection ---\n contains_secrets: Bool,\n secret_types?: Set<String>,\n secret_count?: Long,\n\n // --- PII Detection ---\n pii_detected?: Bool,\n pii_types?: Set<String>,\n pii_count?: Long,\n pii_confidence?: Long,\n\n // --- Content Safety Scores (0-100) ---\n violence_score: Long,\n weapons_score: Long,\n hate_speech_score: Long,\n crime_score: Long,\n sexual_score: Long,\n profanity_score: Long,\n\n // --- ML Detector Scores (0-100) ---\n injection_score: Long, // Indirect injection in response content\n jailbreak_score: Long,\n\n // --- Hallucination Detection (from HallucinationDetector) ---\n hallucination_score?: Long, // Hallucination confidence (0-100)\n factuality_score?: Long, // Factuality score (0-100)\n\n // --- Code in Response ---\n contains_code?: Bool,\n code_languages?: Set<String>,\n code_ratio?: Long,\n\n // --- Phishing ---\n phishing_detected?: Bool,\n\n // --- Session History ---\n session_pii_detected?: Bool,\n session_pii_types?: Set<String>,\n session_secrets_detected?: Bool,\n session_secret_types?: Set<String>,\n session_injection_detected?: Bool,\n session_threat_turns?: Long,\n },\n};\n\n// User pastes content into an AI chat (clipboard, cross-tab, cross-app)\n// Threat focus: data leakage via cut/paste, injection payloads in pasted content\naction paste_content appliesTo {\n principal: [User],\n resource: [ChatSession, Document],\n context: {\n // --- Core Metadata ---\n content: String, // Pasted content\n source: String,\n event: String, // \"paste_content\"\n user_email: String,\n target_app: String,\n target_url?: String,\n\n // --- Paste Context ---\n paste_source_app?: String, // Source application (e.g., \"outlook\", \"excel\", \"vscode\", \"terminal\")\n paste_source_url?: String, // Source URL if from another browser tab\n paste_length?: Long, // Character length of pasted content\n\n // --- Aggregated Threat Summary ---\n threat_count: Long,\n highest_severity: String,\n threat_categories: Set<String>,\n detected_threats: Set<String>,\n max_threat_severity: Long,\n\n // --- Secrets Detection ---\n contains_secrets: Bool,\n secret_types?: Set<String>,\n secret_count?: Long,\n\n // --- PII Detection ---\n pii_detected?: Bool,\n pii_types?: Set<String>,\n pii_count?: Long,\n pii_confidence?: Long,\n\n // --- Content Safety Scores (0-100) ---\n violence_score: Long,\n weapons_score: Long,\n hate_speech_score: Long,\n crime_score: Long,\n sexual_score: Long,\n profanity_score: Long,\n\n // --- ML Detector Scores (0-100) ---\n injection_score: Long,\n jailbreak_score: Long,\n\n // --- Code Detection ---\n contains_code?: Bool,\n code_languages?: Set<String>,\n code_ratio?: Long,\n\n // --- Encoding Attacks ---\n contains_invisible_chars?: Bool,\n invisible_chars_score?: Long,\n encoded_content_detected?: Bool,\n encoded_types?: Set<String>,\n encoded_count?: Long,\n encoded_score?: Long,\n\n // --- Keyword Detection ---\n keyword_matched?: Bool,\n keyword_categories?: Set<String>,\n keyword_count?: Long,\n\n // --- Session History ---\n session_pii_detected?: Bool,\n session_pii_types?: Set<String>,\n session_secrets_detected?: Bool,\n session_secret_types?: Set<String>,\n session_injection_detected?: Bool,\n session_threat_turns?: Long,\n },\n};\n\n// User uploads a file or document into an AI chat\n// Threat focus: document sensitivity (MIP labels), PII/secrets in files, malware\naction upload_file appliesTo {\n principal: [User],\n resource: [Document, ChatSession],\n context: {\n // --- Core Metadata ---\n content: String, // Extracted file text content (for scanning)\n source: String,\n event: String, // \"upload_file\"\n user_email: String,\n target_app: String,\n target_url?: String,\n\n // --- File Metadata ---\n file_name?: String, // Original file name\n file_type?: String, // MIME type: \"application/pdf\", \"text/csv\", etc.\n file_size_bytes?: Long, // File size in bytes\n file_extension?: String, // Extension: \"pdf\", \"docx\", \"xlsx\", \"csv\", \"txt\"\n\n // --- Document Sensitivity (MIP Labels) ---\n mip_label_id?: String, // Microsoft Information Protection label ID\n mip_label_name?: String, // Label display name: \"Public\", \"Internal\", \"Confidential\", \"Highly Confidential\"\n sensitivity_level?: String, // Normalized: \"public\", \"internal\", \"confidential\", \"restricted\"\n is_encrypted?: Bool, // Whether file is encrypted (MIP protection)\n is_rights_managed?: Bool, // Whether file has rights management restrictions\n\n // --- Aggregated Threat Summary ---\n threat_count: Long,\n highest_severity: String,\n threat_categories: Set<String>,\n detected_threats: Set<String>,\n max_threat_severity: Long,\n\n // --- Secrets Detection ---\n contains_secrets: Bool,\n secret_types?: Set<String>,\n secret_count?: Long,\n\n // --- PII Detection ---\n pii_detected?: Bool,\n pii_types?: Set<String>,\n pii_count?: Long,\n pii_confidence?: Long,\n\n // --- Content Safety Scores (0-100) ---\n violence_score: Long,\n weapons_score: Long,\n hate_speech_score: Long,\n crime_score: Long,\n sexual_score: Long,\n profanity_score: Long,\n\n // --- ML Detector Scores (0-100) ---\n injection_score: Long, // Prompt injection payloads hidden in documents\n jailbreak_score: Long,\n\n // --- Code Detection ---\n contains_code?: Bool,\n code_languages?: Set<String>,\n code_ratio?: Long,\n\n // --- Phishing ---\n phishing_detected?: Bool,\n\n // --- Encoding Attacks ---\n contains_invisible_chars?: Bool,\n invisible_chars_score?: Long,\n encoded_content_detected?: Bool,\n encoded_types?: Set<String>,\n encoded_count?: Long,\n encoded_score?: Long,\n\n // --- Session History ---\n session_pii_detected?: Bool,\n session_pii_types?: Set<String>,\n session_secrets_detected?: Bool,\n session_secret_types?: Set<String>,\n session_injection_detected?: Bool,\n session_threat_turns?: Long,\n },\n};\n\n}\n";
31
31
  /**
32
32
  * Context attribute metadata for service actions.
33
33
  * Used by PolicyBuilder UI to generate form fields.
package/dist/service-schemas.gen.js CHANGED
@@ -1592,7 +1592,7 @@ entity User;
1592
1592
  // ENTITIES - Resources (scoped under Project)
1593
1593
  // =============================================================================
1594
1594
 
1595
- /// AI chat session — resource for send_message and receive_response actions
1595
+ /// AI chat session — resource for process_prompt and receive_response actions
1596
1596
  entity ChatSession in [Project];
1597
1597
 
1598
1598
  /// Document or file being uploaded — resource for upload_file action
@@ -1604,14 +1604,14 @@ entity Document in [Project];
1604
1604
 
1605
1605
  // User sends a message (prompt) to an AI chat service
1606
1606
  // Threat focus: data leakage (PII, secrets, confidential data), injection, content safety
1607
- action send_message appliesTo {
1607
+ action process_prompt appliesTo {
1608
1608
  principal: [User],
1609
1609
  resource: [ChatSession],
1610
1610
  context: {
1611
1611
  // --- Core Metadata ---
1612
1612
  content: String, // Raw message content being sent
1613
1613
  source: String, // Browser extension identifier: "sentry"
1614
- event: String, // Event type: "send_message"
1614
+ event: String, // Event type: "process_prompt"
1615
1615
  user_email: String, // User identifier (SSO/OAuth verified)
1616
1616
  target_app: String, // AI service: "chatgpt", "gemini", "claude", "copilot", "custom"
1617
1617
  target_url?: String, // Full URL of the AI chat service
@@ -2719,12 +2719,12 @@ export const SENTRY_CONTEXT = {
2719
2719
  "description": "Sentry browser security — monitors AI chat interactions and enforces data-protection, content-safety, and compliance policies",
2720
2720
  "actions": [
2721
2721
  {
2722
- "name": "send_message",
2722
+ "name": "process_prompt",
2723
2723
  "description": "User sends a message (prompt) to an AI chat service via the browser",
2724
2724
  "context_attributes": [
2725
2725
  { "key": "content", "type": "string", "required": true, "description": "Raw message content being sent to the AI service" },
2726
2726
  { "key": "source", "type": "string", "required": true, "description": "Browser extension identifier (always \'sentry\')" },
2727
- { "key": "event", "type": "string", "required": true, "description": "Event type (always \'send_message\')" },
2727
+ { "key": "event", "type": "string", "required": true, "description": "Event type (always \'process_prompt\')" },
2728
2728
  { "key": "user_email", "type": "string", "required": true, "description": "User identifier (SSO/OAuth verified)" },
2729
2729
  { "key": "target_app", "type": "string", "required": true, "description": "AI service being used: chatgpt, gemini, claude, copilot, custom" },
2730
2730
  { "key": "target_url", "type": "string", "required": false, "description": "Full URL of the AI chat service" },
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@highflame/policy",
3
- "version": "2.1.31",
3
+ "version": "2.1.33",
4
4
  "engines": {
5
5
  "node": ">=18"
6
6
  },