@highflame/policy 2.1.33 → 2.1.35

package/_schemas/sentry/templates/defaults/file_safety.cedar

@@ -1,87 +1,29 @@
 // =============================================================================
 // File & Attachment Safety Policy (Default)
 // =============================================================================
-// Enforces document sensitivity controls for files uploaded to AI chat services.
-// Integrates with Microsoft Information Protection (MIP) labels to prevent
-// confidential and restricted documents from being shared with AI.
+// Blocks file uploads to AI chat services when document content contains
+// secrets or PII.
 //
 // Detection layers:
-//   1. MIP label enforcement — sensitivity_level from document metadata
-//   2. PII/secrets in file content — from Shield PIIRegexDetector/SecretsDetector
-//   3. Injection payloads in files — from Shield InjectionDetector
+//   1. Secrets in file content — from Shield SecretsDetector
+//   2. PII in file content — from Shield PIIRegexDetector
 //
 // Compliance:
-//   Microsoft Information Protection (MIP) — label-based access control
 //   NIST 800-53 SC-28 (Protection of Information at Rest)
 //   GDPR Art. 32 (Security of Processing)
-//   ISO 27001 A.8.2 (Information Classification)
 //
 // Category: file_safety
 // Namespace: Sentry
 // =============================================================================
 
 // ---------------------------------------------------------------------------
-// Section 1: MIP Label Enforcement
-// Block uploads based on Microsoft Information Protection sensitivity labels.
-// Labels are read from document metadata via MIP SDK / Graph API.
+// Section 1: File Content Security
+// Block text files containing secrets or PII.
 // ---------------------------------------------------------------------------
 
-// Block restricted documents
-@id("sentry-file-block-restricted")
-@name("Block restricted documents")
-@description("Block uploads of documents with 'restricted' sensitivity level. Restricted documents contain the most sensitive data (board materials, M&A, legal privilege) and must never be shared with AI services.")
-@severity("critical")
-@tags("mip,restricted,classification,compliance,iso-27001")
-@reject_message("Upload blocked: this document is classified as RESTRICTED. Restricted documents must never be shared with AI services. Contact your security team if you need to process this content.")
-forbid (
-    principal,
-    action == Sentry::Action::"upload_file",
-    resource
-)
-when {
-    context has sensitivity_level && context.sensitivity_level == "restricted"
-};
-
-// Block confidential documents
-@id("sentry-file-block-confidential")
-@name("Block confidential documents")
-@description("Block uploads of documents with 'confidential' sensitivity level. Confidential documents (financial reports, customer data, internal strategy) should not be shared with external AI services.")
-@severity("critical")
-@tags("mip,confidential,classification,compliance,iso-27001")
-@reject_message("Upload blocked: this document is classified as CONFIDENTIAL. Confidential documents should not be shared with AI services without explicit authorization.")
-forbid (
-    principal,
-    action == Sentry::Action::"upload_file",
-    resource
-)
-when {
-    context has sensitivity_level && context.sensitivity_level == "confidential"
-};
-
-// Block rights-managed documents
-@id("sentry-file-block-rights-managed")
-@name("Block rights-managed documents")
-@description("Block uploads of documents with IRM/RMS rights management restrictions. Rights-managed documents have explicit access controls that would be bypassed by sharing with AI services.")
-@severity("critical")
-@tags("mip,irm,rms,rights-management,compliance")
-@reject_message("Upload blocked: this document has rights management restrictions that prohibit sharing with AI services.")
-forbid (
-    principal,
-    action == Sentry::Action::"upload_file",
-    resource
-)
-when {
-    context has is_rights_managed && context.is_rights_managed
-};
-
-// ---------------------------------------------------------------------------
-// Section 2: File Content Security
-// Block files containing secrets, PII, or injection payloads.
-// ---------------------------------------------------------------------------
-
-// Block files containing secrets
+// Block text files with secrets
 @id("sentry-file-block-secrets")
-@name("Block files with secrets")
+@name("Block text files with secrets")
 @description("Block file uploads when secrets or credentials are detected in document content. Prevents uploading configuration files, code, or documents containing API keys, tokens, or passwords to AI services.")
 @severity("critical")
 @tags("secrets,file-upload,credentials,nist-sc-28")
@@ -95,9 +37,9 @@ when {
     context has contains_secrets && context.contains_secrets
 };
 
-// Block file uploads containing PII
+// Block text files with PII
 @id("sentry-pii-block-uploads")
-@name("Block file uploads with PII")
+@name("Block text files with PII")
 @description("Block file uploads when PII is detected in document content. Prevents sharing of documents containing personal data (customer lists, HR records, medical files) with AI services.")
 @severity("critical")
 @tags("pii,file-upload,data-protection,gdpr-art-32")

package/_schemas/sentry/templates/defaults/organization.cedar

@@ -6,7 +6,6 @@
 // in clipboard.cedar.
 //
 // This template covers:
-//   - Source code protection in messages (non-paste channels)
 //   - Session-aware threat escalation
 //
 // Category: organization
@@ -14,30 +13,7 @@
 // =============================================================================
 
 // ---------------------------------------------------------------------------
-// Section 1: Source Code Protection (Messages)
-// Prevent bulk source code from being shared via messages.
-// Paste-targeted code protection is in clipboard.cedar.
-// ---------------------------------------------------------------------------
-
-// Block messages with high code content
-@id("sentry-org-block-code-messages")
-@name("Block messages with source code")
-@description("Block messages when source code constitutes more than 80% of the content. Prevents bulk source code exfiltration to external AI services.")
-@severity("high")
-@tags("source-code,ip-protection,data-leakage")
-@reject_message("Message blocked: the content appears to be primarily source code (>80%). Bulk source code should not be shared with external AI services to protect intellectual property.")
-forbid (
-    principal,
-    action == Sentry::Action::"process_prompt",
-    resource
-)
-when {
-    context has contains_code && context.contains_code &&
-    context has code_ratio && context.code_ratio > 80
-};
-
-// ---------------------------------------------------------------------------
-// Section 2: Session-Aware Escalation
+// Section 1: Session-Aware Escalation
 // Escalate protections when threats are detected across the session.
 // ---------------------------------------------------------------------------
 

package/_schemas/sentry/templates/defaults/semantic.cedar

@@ -59,22 +59,6 @@ when {
     context has injection_score && context.injection_score >= 75
 };
 
-// Block injection payloads hidden in uploaded documents
-@id("sentry-semantic-block-file-injection")
-@name("Block injection in uploaded files")
-@description("Block file uploads when prompt injection patterns are detected in the document content. Attackers embed injection payloads in PDFs, documents, and spreadsheets to hijack AI behavior via RAG or file analysis.")
-@severity("critical")
-@tags("injection,file-upload,security,owasp-llm01")
-@reject_message("Upload blocked: prompt injection patterns were detected in the uploaded document. Files containing adversarial instructions cannot be shared with AI services.")
-forbid (
-    principal,
-    action == Sentry::Action::"upload_file",
-    resource
-)
-when {
-    context has detected_threats && context.detected_threats.contains("prompt_injection")
-};
-
 // ---------------------------------------------------------------------------
 // Section 2: Jailbreak Detection
 // Blocks jailbreak attempts in messages sent to AI services.
@@ -133,36 +117,3 @@ when {
     context has highest_severity && context.highest_severity == "critical"
 };
 
-// Block messages with high severity semantic threats
-@id("sentry-semantic-block-high-severity")
-@name("Block high severity threats")
-@description("Block messages when threat detection reports high severity (>= 3) in semantic categories. Catches threats that individually are below critical but collectively indicate adversarial intent.")
-@severity("high")
-@tags("semantic,severity,security,defense-in-depth")
-@reject_message("Content blocked: security scanners detected high severity issues. Review your content for manipulative or adversarial patterns.")
-forbid (
-    principal,
-    action == Sentry::Action::"process_prompt",
-    resource
-)
-when {
-    context has threat_categories && context has max_threat_severity &&
-    context.threat_categories.contains("injection") &&
-    context.max_threat_severity >= 3
-};
-
-// Block content with multiple concurrent threats
-@id("sentry-semantic-block-multi-threat")
-@name("Block multi-threat content")
-@description("Block content when multiple distinct threats are detected simultaneously (3+). Multiple concurrent threats strongly indicate an adversarial attack chain or compromised content.")
-@severity("high")
-@tags("multi-threat,security,defense-in-depth")
-@reject_message("Content blocked: multiple security threats were detected simultaneously. This pattern indicates potentially adversarial content.")
-forbid (
-    principal,
-    action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
-    resource
-)
-when {
-    context has threat_count && context.threat_count >= 3
-};

package/_schemas/sentry/templates/templates.json

@@ -26,7 +26,7 @@
     {
       "id": "file_safety",
       "name": "File & Attachment Safety",
-      "description": "Enforce document sensitivity controls (MIP labels), block sensitive file uploads, detect secrets and PII in uploaded documents"
+      "description": "Block file uploads containing secrets or PII in document content"
     },
     {
       "id": "clipboard",
@@ -36,7 +36,7 @@
     {
       "id": "organization",
       "name": "Organization Rules",
-      "description": "Cross-cutting organization-wide rules: source code protection in messages and session-aware threat escalation"
+      "description": "Cross-cutting organization-wide rules: session-aware threat escalation"
     }
   ],
   "defaults": [
@@ -91,11 +91,11 @@
     {
       "id": "sentry-file-safety-default",
       "name": "File & Attachment Safety",
-      "description": "Enforce MIP sensitivity labels (restricted, confidential, rights-managed) and block file uploads containing secrets or PII",
+      "description": "Block file uploads containing secrets or PII in document content",
       "category": "file_safety",
       "file": "defaults/file_safety.cedar",
       "severity": "critical",
-      "tags": ["mip", "document-sensitivity", "file-upload", "dlp", "compliance"]
+      "tags": ["file-upload", "secrets", "pii", "dlp"]
     },
     {
       "id": "sentry-clipboard-default",
@@ -109,11 +109,11 @@
     {
       "id": "sentry-organization-default",
       "name": "Organization Rules",
-      "description": "Cross-cutting organization-wide policies: source code protection in messages and session-aware threat escalation",
+      "description": "Cross-cutting organization-wide policies: session-aware threat escalation",
       "category": "organization",
       "file": "defaults/organization.cedar",
       "severity": "high",
-      "tags": ["source-code", "session", "escalation", "organization"]
+      "tags": ["session", "escalation", "organization"]
     }
   ]
 }

package/dist/sentry-defaults.gen.js

@@ -93,22 +93,6 @@ when {
     context has injection_score && context.injection_score >= 75
 };
 
-// Block injection payloads hidden in uploaded documents
-@id("sentry-semantic-block-file-injection")
-@name("Block injection in uploaded files")
-@description("Block file uploads when prompt injection patterns are detected in the document content. Attackers embed injection payloads in PDFs, documents, and spreadsheets to hijack AI behavior via RAG or file analysis.")
-@severity("critical")
-@tags("injection,file-upload,security,owasp-llm01")
-@reject_message("Upload blocked: prompt injection patterns were detected in the uploaded document. Files containing adversarial instructions cannot be shared with AI services.")
-forbid (
-    principal,
-    action == Sentry::Action::"upload_file",
-    resource
-)
-when {
-    context has detected_threats && context.detected_threats.contains("prompt_injection")
-};
-
 // ---------------------------------------------------------------------------
 // Section 2: Jailbreak Detection
 // Blocks jailbreak attempts in messages sent to AI services.
@@ -167,39 +151,6 @@ when {
     context has highest_severity && context.highest_severity == "critical"
 };
 
-// Block messages with high severity semantic threats
-@id("sentry-semantic-block-high-severity")
-@name("Block high severity threats")
-@description("Block messages when threat detection reports high severity (>= 3) in semantic categories. Catches threats that individually are below critical but collectively indicate adversarial intent.")
-@severity("high")
-@tags("semantic,severity,security,defense-in-depth")
-@reject_message("Content blocked: security scanners detected high severity issues. Review your content for manipulative or adversarial patterns.")
-forbid (
-    principal,
-    action == Sentry::Action::"process_prompt",
-    resource
-)
-when {
-    context has threat_categories && context has max_threat_severity &&
-    context.threat_categories.contains("injection") &&
-    context.max_threat_severity >= 3
-};
-
-// Block content with multiple concurrent threats
-@id("sentry-semantic-block-multi-threat")
-@name("Block multi-threat content")
-@description("Block content when multiple distinct threats are detected simultaneously (3+). Multiple concurrent threats strongly indicate an adversarial attack chain or compromised content.")
-@severity("high")
-@tags("multi-threat,security,defense-in-depth")
-@reject_message("Content blocked: multiple security threats were detected simultaneously. This pattern indicates potentially adversarial content.")
-forbid (
-    principal,
-    action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
-    resource
-)
-when {
-    context has threat_count && context.threat_count >= 3
-};
 `;
 const SENTRY_SENTRY_CONTENT_SAFETY_DEFAULT_CEDAR = `// =============================================================================
 // Content Safety Policy (Default)
@@ -666,87 +617,29 @@ when {
 const SENTRY_SENTRY_FILE_SAFETY_DEFAULT_CEDAR = `// =============================================================================
 // File & Attachment Safety Policy (Default)
 // =============================================================================
-// Enforces document sensitivity controls for files uploaded to AI chat services.
-// Integrates with Microsoft Information Protection (MIP) labels to prevent
-// confidential and restricted documents from being shared with AI.
+// Blocks file uploads to AI chat services when document content contains
+// secrets or PII.
 //
 // Detection layers:
-//   1. MIP label enforcement — sensitivity_level from document metadata
-//   2. PII/secrets in file content — from Shield PIIRegexDetector/SecretsDetector
-//   3. Injection payloads in files — from Shield InjectionDetector
+//   1. Secrets in file content — from Shield SecretsDetector
+//   2. PII in file content — from Shield PIIRegexDetector
 //
 // Compliance:
-//   Microsoft Information Protection (MIP) — label-based access control
 //   NIST 800-53 SC-28 (Protection of Information at Rest)
 //   GDPR Art. 32 (Security of Processing)
-//   ISO 27001 A.8.2 (Information Classification)
 //
 // Category: file_safety
 // Namespace: Sentry
 // =============================================================================
 
 // ---------------------------------------------------------------------------
-// Section 1: MIP Label Enforcement
-// Block uploads based on Microsoft Information Protection sensitivity labels.
-// Labels are read from document metadata via MIP SDK / Graph API.
+// Section 1: File Content Security
+// Block text files containing secrets or PII.
 // ---------------------------------------------------------------------------
 
-// Block restricted documents
-@id("sentry-file-block-restricted")
-@name("Block restricted documents")
-@description("Block uploads of documents with 'restricted' sensitivity level. Restricted documents contain the most sensitive data (board materials, M&A, legal privilege) and must never be shared with AI services.")
-@severity("critical")
-@tags("mip,restricted,classification,compliance,iso-27001")
-@reject_message("Upload blocked: this document is classified as RESTRICTED. Restricted documents must never be shared with AI services. Contact your security team if you need to process this content.")
-forbid (
-    principal,
-    action == Sentry::Action::"upload_file",
-    resource
-)
-when {
-    context has sensitivity_level && context.sensitivity_level == "restricted"
-};
-
-// Block confidential documents
-@id("sentry-file-block-confidential")
-@name("Block confidential documents")
-@description("Block uploads of documents with 'confidential' sensitivity level. Confidential documents (financial reports, customer data, internal strategy) should not be shared with external AI services.")
-@severity("critical")
-@tags("mip,confidential,classification,compliance,iso-27001")
-@reject_message("Upload blocked: this document is classified as CONFIDENTIAL. Confidential documents should not be shared with AI services without explicit authorization.")
-forbid (
-    principal,
-    action == Sentry::Action::"upload_file",
-    resource
-)
-when {
-    context has sensitivity_level && context.sensitivity_level == "confidential"
-};
-
-// Block rights-managed documents
-@id("sentry-file-block-rights-managed")
-@name("Block rights-managed documents")
-@description("Block uploads of documents with IRM/RMS rights management restrictions. Rights-managed documents have explicit access controls that would be bypassed by sharing with AI services.")
-@severity("critical")
-@tags("mip,irm,rms,rights-management,compliance")
-@reject_message("Upload blocked: this document has rights management restrictions that prohibit sharing with AI services.")
-forbid (
-    principal,
-    action == Sentry::Action::"upload_file",
-    resource
-)
-when {
-    context has is_rights_managed && context.is_rights_managed
-};
-
-// ---------------------------------------------------------------------------
-// Section 2: File Content Security
-// Block files containing secrets, PII, or injection payloads.
-// ---------------------------------------------------------------------------
-
-// Block files containing secrets
+// Block text files with secrets
 @id("sentry-file-block-secrets")
-@name("Block files with secrets")
+@name("Block text files with secrets")
 @description("Block file uploads when secrets or credentials are detected in document content. Prevents uploading configuration files, code, or documents containing API keys, tokens, or passwords to AI services.")
 @severity("critical")
 @tags("secrets,file-upload,credentials,nist-sc-28")
@@ -760,9 +653,9 @@ when {
     context has contains_secrets && context.contains_secrets
 };
 
-// Block file uploads containing PII
+// Block text files with PII
 @id("sentry-pii-block-uploads")
-@name("Block file uploads with PII")
+@name("Block text files with PII")
 @description("Block file uploads when PII is detected in document content. Prevents sharing of documents containing personal data (customer lists, HR records, medical files) with AI services.")
 @severity("critical")
 @tags("pii,file-upload,data-protection,gdpr-art-32")
@@ -883,7 +776,6 @@ const SENTRY_SENTRY_ORGANIZATION_DEFAULT_CEDAR = `// ===========================
 // in clipboard.cedar.
 //
 // This template covers:
-//   - Source code protection in messages (non-paste channels)
 //   - Session-aware threat escalation
 //
 // Category: organization
@@ -891,30 +783,7 @@ const SENTRY_SENTRY_ORGANIZATION_DEFAULT_CEDAR = `// ===========================
 // =============================================================================
 
 // ---------------------------------------------------------------------------
-// Section 1: Source Code Protection (Messages)
-// Prevent bulk source code from being shared via messages.
-// Paste-targeted code protection is in clipboard.cedar.
-// ---------------------------------------------------------------------------
-
-// Block messages with high code content
-@id("sentry-org-block-code-messages")
-@name("Block messages with source code")
-@description("Block messages when source code constitutes more than 80% of the content. Prevents bulk source code exfiltration to external AI services.")
-@severity("high")
-@tags("source-code,ip-protection,data-leakage")
-@reject_message("Message blocked: the content appears to be primarily source code (>80%). Bulk source code should not be shared with external AI services to protect intellectual property.")
-forbid (
-    principal,
-    action == Sentry::Action::"process_prompt",
-    resource
-)
-when {
-    context has contains_code && context.contains_code &&
-    context has code_ratio && context.code_ratio > 80
-};
-
-// ---------------------------------------------------------------------------
-// Section 2: Session-Aware Escalation
+// Section 1: Session-Aware Escalation
 // Escalate protections when threats are detected across the session.
 // ---------------------------------------------------------------------------
 
@@ -942,9 +811,9 @@ export const SENTRY_CATEGORIES = [
     { id: 'pii', name: 'PII Detection', description: 'Detect and block personally identifiable information (PII) such as credit card numbers, SSNs, health data, and other sensitive personal data from being shared with AI chat services' },
     { id: 'semantic', name: 'Semantic Threat Detection', description: 'Detect and block prompt injection, jailbreak attempts, and high-severity threats in messages, pasted content, and uploaded files' },
     { id: 'content_safety', name: 'Content Safety', description: 'Detect and block violent, harmful, hateful, sexual, and profane content in AI interactions across messages, paste, and file uploads' },
-    { id: 'file_safety', name: 'File & Attachment Safety', description: 'Enforce document sensitivity controls (MIP labels), block sensitive file uploads, detect secrets and PII in uploaded documents' },
+    { id: 'file_safety', name: 'File & Attachment Safety', description: 'Block file uploads containing secrets or PII in document content' },
     { id: 'clipboard', name: 'Clipboard Policy', description: 'Control paste operations into AI chat services — block paste outright, block when secrets, PII, source code, large threat-laden pastes, encoded payloads, or invisible characters are detected' },
-    { id: 'organization', name: 'Organization Rules', description: 'Cross-cutting organization-wide rules: source code protection in messages and session-aware threat escalation' },
+    { id: 'organization', name: 'Organization Rules', description: 'Cross-cutting organization-wide rules: session-aware threat escalation' },
 ];
 // =============================================================================
 // DEFAULT POLICIES
@@ -1004,11 +873,11 @@ export const SENTRY_TEMPLATES = [
     {
         id: 'sentry-file-safety-default',
         name: 'File & Attachment Safety',
-        description: 'Enforce MIP sensitivity labels (restricted, confidential, rights-managed) and block file uploads containing secrets or PII',
+        description: 'Block file uploads containing secrets or PII in document content',
         category: 'file_safety',
         cedarText: SENTRY_SENTRY_FILE_SAFETY_DEFAULT_CEDAR,
         severity: 'critical',
-        tags: ['mip', 'document-sensitivity', 'file-upload', 'dlp', 'compliance'],
+        tags: ['file-upload', 'secrets', 'pii', 'dlp'],
     },
     {
         id: 'sentry-clipboard-default',
@@ -1022,11 +891,11 @@ export const SENTRY_TEMPLATES = [
     {
         id: 'sentry-organization-default',
         name: 'Organization Rules',
-        description: 'Cross-cutting organization-wide policies: source code protection in messages and session-aware threat escalation',
+        description: 'Cross-cutting organization-wide policies: session-aware threat escalation',
         category: 'organization',
         cedarText: SENTRY_SENTRY_ORGANIZATION_DEFAULT_CEDAR,
         severity: 'high',
-        tags: ['source-code', 'session', 'escalation', 'organization'],
+        tags: ['session', 'escalation', 'organization'],
     },
 ];
 // =============================================================================
@@ -1061,7 +930,7 @@ export const SENTRY_TEMPLATES_JSON = `{
     {
       "id": "file_safety",
       "name": "File & Attachment Safety",
-      "description": "Enforce document sensitivity controls (MIP labels), block sensitive file uploads, detect secrets and PII in uploaded documents"
+      "description": "Block file uploads containing secrets or PII in document content"
     },
     {
       "id": "clipboard",
@@ -1071,7 +940,7 @@ export const SENTRY_TEMPLATES_JSON = `{
     {
       "id": "organization",
       "name": "Organization Rules",
-      "description": "Cross-cutting organization-wide rules: source code protection in messages and session-aware threat escalation"
+      "description": "Cross-cutting organization-wide rules: session-aware threat escalation"
     }
   ],
   "defaults": [
@@ -1126,11 +995,11 @@ export const SENTRY_TEMPLATES_JSON = `{
     {
       "id": "sentry-file-safety-default",
       "name": "File & Attachment Safety",
-      "description": "Enforce MIP sensitivity labels (restricted, confidential, rights-managed) and block file uploads containing secrets or PII",
+      "description": "Block file uploads containing secrets or PII in document content",
       "category": "file_safety",
       "file": "defaults/file_safety.cedar",
       "severity": "critical",
-      "tags": ["mip", "document-sensitivity", "file-upload", "dlp", "compliance"]
+      "tags": ["file-upload", "secrets", "pii", "dlp"]
     },
     {
       "id": "sentry-clipboard-default",
@@ -1144,11 +1013,11 @@ export const SENTRY_TEMPLATES_JSON = `{
     {
       "id": "sentry-organization-default",
       "name": "Organization Rules",
-      "description": "Cross-cutting organization-wide policies: source code protection in messages and session-aware threat escalation",
+      "description": "Cross-cutting organization-wide policies: session-aware threat escalation",
       "category": "organization",
       "file": "defaults/organization.cedar",
       "severity": "high",
-      "tags": ["source-code", "session", "escalation", "organization"]
+      "tags": ["session", "escalation", "organization"]
     }
   ]
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@highflame/policy",
-  "version": "2.1.33",
+  "version": "2.1.35",
   "engines": {
     "node": ">=18"
   },