@highflame/policy 2.1.32 → 2.1.34

package/_schemas/sentry/templates/defaults/pii.cedar

@@ -1,8 +1,10 @@
 // =============================================================================
 // PII Detection Policy (Default)
 // =============================================================================
-// Detects and blocks personally identifiable information across messages,
-// pasted content, file uploads, and AI responses. Uses multi-layered detection:
+// Detects and blocks personally identifiable information across messages
+// and file uploads. Uses multi-layered detection:
+//
+// Paste-targeted PII rules live in clipboard.cedar.
 //
 //   1. PII boolean flag (pii_detected) — broadest catch from detection engine
 //   2. Granular PII type matching (pii_types) — type-specific blocking
@@ -30,16 +32,16 @@
 // Fires when the detection pipeline identifies PII in any content.
 // ---------------------------------------------------------------------------
 
-// Block messages containing detected PII
+// Block messages and uploads containing detected PII
 @id("sentry-pii-block-messages")
-@name("Block messages with PII")
-@description("Block messages when the detection engine identifies any PII patterns. Prevents employees from accidentally sharing personal data with AI chat services.")
+@name("Block messages and uploads with PII")
+@description("Block messages and file uploads when the detection engine identifies any PII patterns. Prevents employees from accidentally sharing personal data with AI chat services.")
 @severity("critical")
 @tags("pii,privacy,data-protection,gdpr-art-32,owasp-llm06")
-@reject_message("Your message was blocked because personally identifiable information was detected. Remove all PII (names, addresses, SSNs, credit cards, etc.) before sending to AI services.")
+@reject_message("Content blocked: personally identifiable information was detected. Remove all PII (names, addresses, SSNs, credit cards, etc.) before sending to AI services.")
 forbid (
     principal,
-    action == Sentry::Action::"send_message",
+    action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
@@ -54,13 +56,13 @@ when {
 // Block credit card numbers (PCI DSS compliance)
 @id("sentry-pii-block-credit-cards")
 @name("Block credit card numbers")
-@description("Block content containing credit card number patterns across all actions. PCI DSS 3.4 requires PANs are rendered unreadable — AI services must never receive raw card numbers.")
+@description("Block messages and file uploads containing credit card number patterns. PCI DSS 3.4 requires PANs are rendered unreadable — AI services must never receive raw card numbers.")
 @severity("critical")
 @tags("pci,credit-card,payment,compliance,pci-dss-3.4")
 @reject_message("Content blocked: credit card number patterns detected. Sharing payment card data with AI services violates PCI DSS. Use tokenized references instead.")
 forbid (
     principal,
-    action,
+    action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
@@ -71,13 +73,13 @@ when {
 // Block Social Security Numbers
 @id("sentry-pii-block-ssn")
 @name("Block Social Security Numbers")
-@description("Block content containing SSN patterns (XXX-XX-XXXX and variants). SSNs are high-value identity theft targets — exposure through AI services is a critical privacy violation.")
+@description("Block messages and file uploads containing SSN patterns (XXX-XX-XXXX and variants). SSNs are high-value identity theft targets — exposure through AI services is a critical privacy violation.")
 @severity("critical")
 @tags("ssn,identity,privacy,compliance,nist-si-4")
 @reject_message("Content blocked: Social Security Number patterns detected. SSNs must never be shared with AI services.")
 forbid (
     principal,
-    action,
+    action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
@@ -88,13 +90,13 @@ when {
 // Block passport numbers
 @id("sentry-pii-block-passport")
 @name("Block passport numbers")
-@description("Block content containing passport number patterns. Passport numbers are government-issued identifiers with high identity theft risk.")
+@description("Block messages and file uploads containing passport number patterns. Passport numbers are government-issued identifiers with high identity theft risk.")
 @severity("critical")
 @tags("passport,identity,privacy,gdpr")
 @reject_message("Content blocked: passport number patterns detected. Government-issued identifiers must not be shared with AI services.")
 forbid (
     principal,
-    action,
+    action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
@@ -104,13 +106,13 @@ when {
 // Block IBAN (International Bank Account Numbers)
 @id("sentry-pii-block-iban")
 @name("Block bank account numbers")
-@description("Block content containing IBAN patterns. Bank account numbers are sensitive financial identifiers that must not be exposed to AI services.")
+@description("Block messages and file uploads containing IBAN patterns. Bank account numbers are sensitive financial identifiers that must not be exposed to AI services.")
 @severity("critical")
 @tags("iban,financial,privacy,gdpr,pci-dss")
 @reject_message("Content blocked: bank account number (IBAN) patterns detected. Financial account numbers must not be shared with AI services.")
 forbid (
     principal,
-    action,
+    action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
@@ -120,13 +122,13 @@ when {
 // Block bulk PII exposure
 @id("sentry-pii-block-bulk-exposure")
 @name("Block bulk PII exposure")
-@description("Block content containing 3 or more PII matches. Multiple PII items indicate a data dump — customer lists, CSV exports, or database content being leaked to AI services.")
+@description("Block messages and file uploads containing 3 or more PII matches. Multiple PII items indicate a data dump — customer lists, CSV exports, or database content being leaked to AI services.")
 @severity("critical")
 @tags("pii,bulk,data-exfiltration,gdpr-art-32,ccpa")
 @reject_message("Content blocked: multiple PII items detected (3+). Bulk personal data must never be shared with AI services. Use data masking or tokenization.")
 forbid (
     principal,
-    action,
+    action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
@@ -141,13 +143,13 @@ when {
 // Block high-confidence PII
 @id("sentry-pii-block-high-confidence")
 @name("Block high-confidence PII")
-@description("Block content when the PII confidence score exceeds threshold (80/100). Catches novel PII patterns including names, addresses, and identifiers that regex rules may miss.")
+@description("Block messages and file uploads when the PII confidence score exceeds threshold (80/100). Catches novel PII patterns including names, addresses, and identifiers that regex rules may miss.")
 @severity("critical")
 @tags("pii,confidence,privacy,compliance,ml-classifier")
 @reject_message("Content blocked: the ML classifier detected personally identifiable information with high confidence. The content appears to contain personal data.")
 forbid (
     principal,
-    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content", Sentry::Action::"upload_file"],
+    action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
@@ -162,36 +164,16 @@ when {
 // Block PII threat category
 @id("sentry-pii-block-threat-category")
 @name("Block PII threat category")
-@description("Block content when threat categorization identifies PII. Defense-in-depth behind the pii_detected boolean — catches cases where PII is flagged at the aggregation layer.")
+@description("Block messages and file uploads when threat categorization identifies PII. Defense-in-depth behind the pii_detected boolean — catches cases where PII is flagged at the aggregation layer.")
 @severity("high")
 @tags("pii,privacy,data-protection,gdpr")
 @reject_message("Content blocked: threat scanners detected personally identifiable information. Remove all PII before submitting.")
 forbid (
     principal,
-    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content", Sentry::Action::"upload_file"],
+    action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
     context has threat_categories && context.threat_categories.contains("pii")
 };
 
-// ---------------------------------------------------------------------------
-// Section 5: AI Response PII Blocking
-// Prevent AI responses containing PII from reaching the user.
-// ---------------------------------------------------------------------------
-
-// Block AI responses containing PII
-@id("sentry-pii-block-responses")
-@name("Block AI responses with PII")
-@description("Block AI responses when PII is detected in the output. Prevents AI services from exposing personal data in generated responses (e.g., when the model echoes back or generates PII from training data).")
-@severity("high")
-@tags("pii,response-safety,data-protection,owasp-llm06")
-@reject_message("AI response blocked: personally identifiable information detected in the AI response. The AI service generated content containing personal data.")
-forbid (
-    principal,
-    action == Sentry::Action::"receive_response",
-    resource
-)
-when {
-    context has pii_detected && context.pii_detected
-};

package/_schemas/sentry/templates/defaults/secrets.cedar

@@ -1,42 +1,41 @@
 // =============================================================================
 // Secrets Detection Policy (Default)
 // =============================================================================
-// Block credential and secret leakage across messages and AI responses.
+// Block credential and secret leakage across messages and file uploads.
 // Shield SecretsDetector identifies 18+ secret types via regex.
 //
-// Paste-targeted secret rules live in clipboard.cedar; this file covers
-// non-paste channels (messages, responses, and cross-cutting rules).
+// Paste-targeted secret rules live in clipboard.cedar.
 //
 // Category: secrets
 // Namespace: Sentry
 // =============================================================================
 
-// Block messages containing secrets
+// Block messages and uploads containing secrets
 @id("sentry-org-block-secrets-messages")
-@name("Block messages with secrets")
-@description("Block messages when detection engines identify API keys, tokens, or credential patterns. First line of defense against accidental credential exposure in AI chat interactions.")
+@name("Block messages and uploads with secrets")
+@description("Block messages and file uploads when detection engines identify API keys, tokens, or credential patterns. First line of defense against accidental credential exposure in AI chat interactions.")
 @severity("critical")
 @tags("secrets,credentials,messages,nist-sc-28,nist-ia-5")
-@reject_message("Your message was blocked because it contains detected secrets such as API keys, tokens, or credentials. Remove all secrets before sending to AI services.")
+@reject_message("Content blocked: detected secrets such as API keys, tokens, or credentials. Remove all secrets before sending to AI services.")
 forbid (
     principal,
-    action == Sentry::Action::"send_message",
+    action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
     context has contains_secrets && context.contains_secrets
 };
 
-// Block high-risk secret types across all actions
+// Block high-risk secret types across messages and file uploads
 @id("sentry-org-block-high-risk-secrets")
 @name("Block high-risk credential types")
-@description("Block content containing cloud provider keys (AWS, GCP, Azure), GitHub tokens, SSH private keys, or database connection strings across all actions. These credential types pose the highest exfiltration risk.")
+@description("Block messages and file uploads containing cloud provider keys (AWS, GCP, Azure), GitHub tokens, SSH private keys, or database connection strings. These credential types pose the highest exfiltration risk.")
 @severity("critical")
 @tags("secrets,aws,github,ssh,cloud,nist-ia-5,mitre-t1552")
 @reject_message("Content blocked: high-risk credentials detected (cloud keys, GitHub tokens, SSH keys). Use a secrets manager — never share credentials with AI services.")
 forbid (
     principal,
-    action,
+    action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
@@ -50,16 +49,16 @@ when {
      context.secret_types.contains("private_key"))
 };
 
-// Block API keys and tokens across all actions
+// Block API keys and tokens across messages and file uploads
 @id("sentry-org-block-api-keys")
 @name("Block API keys and tokens")
-@description("Block content containing generic API keys, JWT tokens, and OAuth credentials. These are the most commonly leaked credential types when users interact with AI services.")
+@description("Block messages and file uploads containing generic API keys, JWT tokens, and OAuth credentials. These are the most commonly leaked credential types when users interact with AI services.")
 @severity("high")
 @tags("secrets,api-key,jwt,oauth,nist-ia-5")
 @reject_message("Content blocked: API keys, JWT tokens, or OAuth credentials detected. These must never be shared with AI services.")
 forbid (
     principal,
-    action,
+    action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
@@ -71,23 +70,23 @@ when {
      context.secret_types.contains("stripe_key"))
 };
 
-// Block SSH key exposure across messages, paste, and file uploads
+// Block SSH key exposure across messages and file uploads
 @id("sentry-secrets-block-ssh-keys")
 @name("Block SSH key exposure")
-@description("Block when SSH private key content or SSH key file paths are detected. Covers messages, paste, and file uploads. AI chat services must not receive SSH credentials.")
+@description("Block when SSH private key content or SSH key file paths are detected. Covers messages and file uploads. AI chat services must not receive SSH credentials.")
 @severity("critical")
 @tags("secrets,ssh,credentials,nist-ia-5,mitre-t1552")
 @reject_message("Blocked: SSH private key content or key file path detected. AI chat services must not receive SSH credentials.")
 forbid (
     principal,
-    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content", Sentry::Action::"upload_file"],
+    action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
     context has secret_types && context.secret_types.contains("ssh_key")
 };
 
-// Block PEM/certificate key exposure across messages, paste, and file uploads
+// Block PEM/certificate key exposure across messages and file uploads
 @id("sentry-secrets-block-pem-keys")
 @name("Block PEM/certificate key exposure")
 @description("Block when PEM private key content or certificate key file paths (.pem, .key, .p12, .pfx) are detected. AI chat services must not receive certificate credentials.")
@@ -96,7 +95,7 @@ when {
 @reject_message("Blocked: PEM private key or certificate key file detected. AI chat services must not receive certificate credentials.")
 forbid (
     principal,
-    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content", Sentry::Action::"upload_file"],
+    action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
@@ -106,13 +105,13 @@ when {
 // Block bulk secret exposure
 @id("sentry-org-block-bulk-secrets")
 @name("Block bulk secret exposure")
-@description("Block content when 3+ distinct secrets are found. Multiple secrets indicate a configuration dump, .env file paste, or credential harvesting being sent to AI services.")
+@description("Block messages and file uploads when 3+ distinct secrets are found. Multiple secrets indicate a configuration dump, .env file paste, or credential harvesting being sent to AI services.")
 @severity("critical")
 @tags("secrets,bulk,data-exfiltration,nist-sc-28")
 @reject_message("Content blocked: multiple credentials detected (3+). Configuration dumps and credential lists must never be shared with AI services.")
 forbid (
     principal,
-    action,
+    action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
@@ -122,13 +121,13 @@ when {
 // Block detected credential patterns
 @id("sentry-org-block-detected-credentials")
 @name("Block detected credential patterns")
-@description("Block content flagged by detection engine rules for credential exposure, API key leaks, and token exposure. Defense-in-depth behind contains_secrets.")
+@description("Block messages and file uploads flagged by detection engine rules for credential exposure, API key leaks, and token exposure. Defense-in-depth behind contains_secrets.")
 @severity("critical")
 @tags("secrets,credentials,detection-rules,nist-ia-5")
 @reject_message("Content blocked: detection engines identified credential patterns including secret exposure, API keys, or token leaks.")
 forbid (
     principal,
-    action,
+    action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
@@ -137,19 +136,3 @@ when {
      context.detected_threats.contains("credential_leak") ||
      context.detected_threats.contains("api_key_exposure"))
 };
-
-// Block AI responses when session has leaked secrets
-@id("sentry-org-session-secrets-response")
-@name("Block responses after secret detection")
-@description("Block AI responses when secrets were detected earlier in the session. If credentials were leaked in a previous turn, the AI service may have processed them and could echo or reference them in responses.")
-@severity("high")
-@tags("session,secrets,response-safety,defense-in-depth")
-@reject_message("AI response blocked: secrets were detected in an earlier message in this session. Responses may contain or reference the exposed credentials.")
-forbid (
-    principal,
-    action == Sentry::Action::"receive_response",
-    resource
-)
-when {
-    context has session_secrets_detected && context.session_secrets_detected
-};

package/_schemas/sentry/templates/defaults/semantic.cedar

@@ -2,7 +2,8 @@
 // Semantic Threat Detection Policy (Default)
 // =============================================================================
 // Detects and blocks prompt injection, jailbreak attempts, and high-severity
-// threats across all browser AI interactions: messages, paste, file uploads.
+// threats across browser AI interactions: messages and file uploads.
+// Paste-targeted semantic rules live in clipboard.cedar.
 //
 // Uses multi-layered detection from Shield:
 //   1. ML classifier scores (injection_score, jailbreak_score)
@@ -22,20 +23,20 @@
 
 // ---------------------------------------------------------------------------
 // Section 1: Prompt Injection Detection
-// Blocks injection attempts in messages, pasted content, and uploaded files.
-// Users may inadvertently paste injection payloads from compromised sources.
+// Blocks injection attempts in messages and uploaded files.
+// Paste-targeted injection rules live in clipboard.cedar.
 // ---------------------------------------------------------------------------
 
-// Block messages and pastes with prompt injection patterns
+// Block messages with prompt injection patterns
 @id("sentry-semantic-block-injection")
 @name("Block prompt injection")
-@description("Block messages and pasted content when detection engine rules identify prompt injection patterns. Catches instruction override, role assumption, and manipulation techniques in user input and pasted content (OWASP LLM01).")
+@description("Block messages when detection engine rules identify prompt injection patterns. Catches instruction override, role assumption, and manipulation techniques in user input (OWASP LLM01).")
 @severity("critical")
 @tags("injection,security,owasp-llm01,mitre-aml-t0051,baseline")
-@reject_message("Content was blocked because prompt injection patterns were detected. This prevents manipulation of AI agent behavior. Remove adversarial instructions and try again.")
+@reject_message("Content blocked: prompt injection patterns were detected. This prevents manipulation of AI agent behavior. Remove adversarial instructions and try again.")
 forbid (
     principal,
-    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content"],
+    action == Sentry::Action::"process_prompt",
     resource
 )
 when {
@@ -48,32 +49,16 @@ when {
 @description("Block content when the ML injection classifier confidence exceeds threshold (75/100). Catches novel injection techniques including polymorphic payloads, encoding tricks, and obfuscated instructions.")
 @severity("critical")
 @tags("injection,ml-classifier,security,owasp-llm01")
-@reject_message("Your content was blocked because the ML classifier detected prompt injection with high confidence.")
+@reject_message("Content blocked: the ML classifier detected prompt injection with high confidence.")
 forbid (
     principal,
-    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content", Sentry::Action::"upload_file"],
+    action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
     context has injection_score && context.injection_score >= 75
 };
 
-// Block injection payloads hidden in uploaded documents
-@id("sentry-semantic-block-file-injection")
-@name("Block injection in uploaded files")
-@description("Block file uploads when prompt injection patterns are detected in the document content. Attackers embed injection payloads in PDFs, documents, and spreadsheets to hijack AI behavior via RAG or file analysis.")
-@severity("critical")
-@tags("injection,file-upload,security,owasp-llm01")
-@reject_message("File upload was blocked because prompt injection patterns were detected in the document. Files containing adversarial instructions cannot be shared with AI services.")
-forbid (
-    principal,
-    action == Sentry::Action::"upload_file",
-    resource
-)
-when {
-    context has detected_threats && context.detected_threats.contains("prompt_injection")
-};
-
 // ---------------------------------------------------------------------------
 // Section 2: Jailbreak Detection
 // Blocks jailbreak attempts in messages sent to AI services.
@@ -85,10 +70,10 @@ when {
 @description("Block messages when detection engine rules identify jailbreak patterns: DAN-style prompts, role-play exploits, safety bypass instructions, and constraint removal attempts (OWASP LLM02).")
 @severity("critical")
 @tags("jailbreak,bypass,security,owasp-llm02,mitre-aml-t0054,baseline")
-@reject_message("Your message was blocked because jailbreak patterns were detected. This prevents circumvention of AI safety controls.")
+@reject_message("Content blocked: jailbreak patterns were detected. This prevents circumvention of AI safety controls.")
 forbid (
     principal,
-    action == Sentry::Action::"send_message",
+    action == Sentry::Action::"process_prompt",
     resource
 )
 when {
@@ -101,10 +86,10 @@ when {
 @description("Block content when the ML jailbreak classifier exceeds threshold (75/100). Catches sophisticated jailbreak techniques including multi-turn manipulation and encoded payloads.")
 @severity("critical")
 @tags("jailbreak,ml-classifier,security,owasp-llm02")
-@reject_message("Your content was blocked because the ML classifier detected a jailbreak attempt with high confidence.")
+@reject_message("Content blocked: the ML classifier detected a jailbreak attempt with high confidence.")
 forbid (
     principal,
-    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content"],
+    action == Sentry::Action::"process_prompt",
     resource
 )
 when {
@@ -119,49 +104,16 @@ when {
 // Block any content with critical severity threats
 @id("sentry-semantic-block-critical")
 @name("Block critical threats")
-@description("Block all content when any detection engine reports critical severity. This is the ultimate catch-all for critical-severity threats regardless of type or source.")
+@description("Block messages and file uploads when any detection engine reports critical severity. This is the ultimate catch-all for critical-severity threats regardless of type or source.")
 @severity("critical")
 @tags("critical,baseline,security,catch-all")
-@reject_message("Your content was blocked because security scanners detected a critical-severity threat. This content cannot be processed by AI services.")
+@reject_message("Content blocked: security scanners detected a critical-severity threat. This content cannot be processed by AI services.")
 forbid (
     principal,
-    action,
+    action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
     context has highest_severity && context.highest_severity == "critical"
 };
 
-// Block messages with high severity semantic threats
-@id("sentry-semantic-block-high-severity")
-@name("Block high severity threats")
-@description("Block messages when threat detection reports high severity (>= 3) in semantic categories. Catches threats that individually are below critical but collectively indicate adversarial intent.")
-@severity("high")
-@tags("semantic,severity,security,defense-in-depth")
-@reject_message("Your message was blocked because security scanners detected high severity issues. Review your content for manipulative or adversarial patterns.")
-forbid (
-    principal,
-    action == Sentry::Action::"send_message",
-    resource
-)
-when {
-    context has threat_categories && context has max_threat_severity &&
-    context.threat_categories.contains("injection") &&
-    context.max_threat_severity >= 3
-};
-
-// Block content with multiple concurrent threats
-@id("sentry-semantic-block-multi-threat")
-@name("Block multi-threat content")
-@description("Block content when multiple distinct threats are detected simultaneously (3+). Multiple concurrent threats strongly indicate an adversarial attack chain or compromised content.")
-@severity("high")
-@tags("multi-threat,security,defense-in-depth")
-@reject_message("Content was blocked because multiple security threats were detected simultaneously. This pattern indicates potentially adversarial content.")
-forbid (
-    principal,
-    action in [Sentry::Action::"send_message", Sentry::Action::"paste_content", Sentry::Action::"upload_file"],
-    resource
-)
-when {
-    context has threat_count && context.threat_count >= 3
-};

package/_schemas/sentry/templates/templates.json

@@ -1,6 +1,6 @@
 {
   "service": "sentry",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "Sentry policy templates for browser AI security",
   "categories": [
     {
@@ -21,22 +21,22 @@
     {
       "id": "content_safety",
       "name": "Content Safety",
-      "description": "Detect and block violent, harmful, hateful, sexual, and profane content in AI interactions, including cut-and-paste safety rules"
+      "description": "Detect and block violent, harmful, hateful, sexual, and profane content in AI interactions across messages, paste, and file uploads"
     },
     {
       "id": "file_safety",
       "name": "File & Attachment Safety",
-      "description": "Enforce document sensitivity controls (MIP labels), block sensitive file uploads, detect secrets and PII in uploaded documents"
+      "description": "Block file uploads containing secrets or PII in document content"
     },
     {
       "id": "clipboard",
       "name": "Clipboard Policy",
-      "description": "Control paste operations into AI chat services — block paste outright, block when secrets or source code are detected"
+      "description": "Control paste operations into AI chat services — block paste outright, block when secrets, PII, source code, large threat-laden pastes, encoded payloads, or invisible characters are detected"
     },
     {
       "id": "organization",
       "name": "Organization Rules",
-      "description": "Cross-cutting organization-wide rules: source code protection in messages and session-aware threat escalation"
+      "description": "Cross-cutting organization-wide rules: session-aware threat escalation"
     }
   ],
   "defaults": [
@@ -64,11 +64,11 @@
     {
       "id": "sentry-content-safety-default",
       "name": "Content Safety",
-      "description": "Detect and block violent, harmful, hateful, sexual, and profane content including cut-and-paste safety enforcement",
+      "description": "Detect and block violent, harmful, hateful, sexual, and profane content across messages, paste, and file uploads",
       "category": "content_safety",
       "file": "defaults/content_safety.cedar",
       "severity": "critical",
-      "tags": ["violence", "hate-speech", "sexual", "profanity", "content-safety", "paste-safety", "baseline"]
+      "tags": ["violence", "hate-speech", "sexual", "profanity", "content-safety", "baseline"]
     },
     {
       "id": "sentry-secrets-default",
@@ -91,29 +91,29 @@
     {
       "id": "sentry-file-safety-default",
       "name": "File & Attachment Safety",
-      "description": "Enforce MIP sensitivity labels, block confidential document uploads, detect secrets and PII in files, and restrict file types",
+      "description": "Block file uploads containing secrets or PII in document content",
       "category": "file_safety",
       "file": "defaults/file_safety.cedar",
       "severity": "critical",
-      "tags": ["mip", "document-sensitivity", "file-upload", "dlp", "compliance"]
+      "tags": ["file-upload", "secrets", "pii", "dlp"]
     },
     {
       "id": "sentry-clipboard-default",
       "name": "Clipboard Policy",
-      "description": "Control paste into AI chat services: blanket paste blocking, secrets-in-paste blocking, and source-code-in-paste blocking",
+      "description": "Control paste into AI chat services: blanket paste blocking, paste-with-secrets, paste-with-PII, paste-with-source-code, large pastes carrying threats, encoded injection payloads, and invisible-character payloads",
       "category": "clipboard",
       "file": "defaults/clipboard.cedar",
       "severity": "high",
-      "tags": ["paste", "clipboard", "data-protection", "source-code", "secrets"]
+      "tags": ["paste", "clipboard", "data-protection", "source-code", "secrets", "pii", "encoding", "invisible-chars"]
     },
     {
       "id": "sentry-organization-default",
       "name": "Organization Rules",
-      "description": "Cross-cutting organization-wide policies: source code protection in messages and session-aware threat escalation",
+      "description": "Cross-cutting organization-wide policies: session-aware threat escalation",
       "category": "organization",
       "file": "defaults/organization.cedar",
       "severity": "high",
-      "tags": ["source-code", "session", "escalation", "organization"]
+      "tags": ["session", "escalation", "organization"]
     }
   ]
 }