@highflame/policy 2.1.35 → 2.1.36

package/_schemas/ai_gateway/templates/templates.json

@@ -44,6 +44,18 @@
       "severity": "low",
       "tags": ["baseline", "permit-default", "organization"],
       "is_active": true
+    }
+  ],
+  "templates": [
+    {
+      "id": "baseline-default",
+      "name": "Baseline Permit",
+      "description": "Permits all actions by default -- threat-specific forbid policies override this when threats are detected",
+      "category": "organization",
+      "file": "defaults/baseline.cedar",
+      "severity": "low",
+      "tags": ["baseline", "permit-default", "organization"],
+      "auto_deploy": true
     },
     {
       "id": "semantic-default",
@@ -52,8 +64,7 @@
       "category": "semantic",
       "file": "defaults/semantic.cedar",
       "severity": "critical",
-      "tags": ["prompt-injection", "jailbreak", "owasp-llm01", "owasp-llm02", "security", "baseline"],
-      "is_active": true
+      "tags": ["prompt-injection", "jailbreak", "owasp-llm01", "owasp-llm02", "security"]
     },
     {
       "id": "tools-default",
@@ -62,8 +73,7 @@
       "category": "tools",
       "file": "defaults/tools.cedar",
       "severity": "critical",
-      "tags": ["tool-risk", "command-injection", "owasp-llm06", "owasp-asi02", "baseline"],
-      "is_active": true
+      "tags": ["tool-risk", "command-injection", "owasp-llm06", "owasp-asi02"]
     },
     {
       "id": "agent-security-default",
@@ -72,11 +82,8 @@
       "category": "agent_security",
       "file": "defaults/agent_security.cedar",
       "severity": "critical",
-      "tags": ["tool-poisoning", "rug-pull", "indirect-injection", "mcp-security", "owasp-asi01", "owasp-asi04", "baseline"],
-      "is_active": true
-    }
-  ],
-  "templates": [
+      "tags": ["tool-poisoning", "rug-pull", "indirect-injection", "mcp-security", "owasp-asi01", "owasp-asi04"]
+    },
     {
       "id": "tools-mcp-allowlist",
       "name": "MCP Server Allowlist",

package/_schemas/guardrails/templates/templates.json

@@ -44,6 +44,18 @@
       "severity": "low",
       "tags": ["baseline", "permit-default", "organization"],
       "is_active": true
+    }
+  ],
+  "templates": [
+    {
+      "id": "baseline-default",
+      "name": "Baseline Permit",
+      "description": "Permits all actions by default — threat-specific forbid policies override this when threats are detected",
+      "category": "organization",
+      "file": "defaults/baseline.cedar",
+      "severity": "low",
+      "tags": ["baseline", "permit-default", "organization"],
+      "auto_deploy": true
     },
     {
       "id": "secrets-default",
@@ -52,8 +64,7 @@
       "category": "security",
       "file": "defaults/secrets.cedar",
       "severity": "critical",
-      "tags": ["secrets", "api-keys", "credentials", "data-leak"],
-      "is_active": true
+      "tags": ["secrets", "api-keys", "credentials", "data-leak"]
     },
     {
       "id": "injection-default",
@@ -62,8 +73,7 @@
       "category": "security",
       "file": "defaults/injection.cedar",
       "severity": "high",
-      "tags": ["injection", "jailbreak", "security"],
-      "is_active": true
+      "tags": ["injection", "jailbreak", "security"]
     },
     {
       "id": "pii-default",
@@ -72,8 +82,7 @@
       "category": "privacy",
       "file": "defaults/pii.cedar",
       "severity": "high",
-      "tags": ["pii", "privacy", "data-protection"],
-      "is_active": true
+      "tags": ["pii", "privacy", "data-protection"]
     },
     {
       "id": "toxicity-default",
@@ -82,8 +91,7 @@
       "category": "trust_safety",
       "file": "defaults/toxicity.cedar",
       "severity": "critical",
-      "tags": ["toxicity", "trust-safety", "content-moderation"],
-      "is_active": true
+      "tags": ["toxicity", "trust-safety", "content-moderation"]
     },
     {
       "id": "tool-risk-default",
@@ -92,8 +100,7 @@
       "category": "agentic_security",
       "file": "defaults/tool_risk.cedar",
       "severity": "critical",
-      "tags": ["tools", "agentic", "security"],
-      "is_active": true
+      "tags": ["tools", "agentic", "security"]
     },
     {
       "id": "agentic-safety-default",
@@ -102,8 +109,7 @@
       "category": "agentic_security",
       "file": "defaults/agentic_safety.cedar",
       "severity": "high",
-      "tags": ["agentic", "safety", "loops", "exfiltration", "budget", "tool-poisoning", "rug-pull", "mcp-risk"],
-      "is_active": true
+      "tags": ["agentic", "safety", "loops", "exfiltration", "budget", "tool-poisoning", "rug-pull", "mcp-risk"]
     },
     {
       "id": "security-patterns-default",
@@ -112,11 +118,8 @@
       "category": "security",
       "file": "defaults/security_patterns.cedar",
       "severity": "critical",
-      "tags": ["command-injection", "path-traversal", "sql-injection", "security"],
-      "is_active": true
-    }
-  ],
-  "templates": [
+      "tags": ["command-injection", "path-traversal", "sql-injection", "security"]
+    },
     {
       "id": "agent-identity-trust",
       "name": "Agent Identity & Trust",

package/_schemas/sentry/templates/templates.json

@@ -52,6 +52,16 @@
     }
   ],
   "templates": [
+    {
+      "id": "sentry-baseline-default",
+      "name": "Baseline Permit",
+      "description": "Permits all actions by default — threat-specific forbid policies override this when threats are detected",
+      "category": "organization",
+      "file": "defaults/baseline.cedar",
+      "severity": "low",
+      "tags": ["baseline", "permit-default", "organization"],
+      "auto_deploy": true
+    },
     {
       "id": "sentry-semantic-default",
       "name": "Semantic Threat Detection",

package/dist/ai_gateway-defaults.gen.d.ts

@@ -50,6 +50,9 @@ export interface AiGatewayTemplate {
     severity: string;
     /** Tags for filtering */
     tags: string[];
+    /** True when ensure-defaults should auto-seed this template at
+     *  project creation. See schemas/*\/templates.json. Defaults to false. */
+    autoDeploy?: boolean;
 }
 export declare const AI_GATEWAY_CATEGORIES: AiGatewayCategoryInfo[];
 export declare const AI_GATEWAY_DEFAULTS: AiGatewayDefaultPolicy[];

package/dist/ai_gateway-defaults.gen.js

@@ -602,6 +602,21 @@ export const AI_GATEWAY_DEFAULTS = [
         tags: ['baseline', 'permit-default', 'organization'],
         isActive: true,
     },
+];
+// =============================================================================
+// ALL TEMPLATES
+// =============================================================================
+export const AI_GATEWAY_TEMPLATES = [
+    {
+        id: 'baseline-default',
+        name: 'Baseline Permit',
+        description: 'Permits all actions by default -- threat-specific forbid policies override this when threats are detected',
+        category: 'organization',
+        cedarText: AI_GATEWAY_BASELINE_DEFAULT_CEDAR,
+        severity: 'low',
+        tags: ['baseline', 'permit-default', 'organization'],
+        autoDeploy: true,
+    },
     {
         id: 'semantic-default',
         name: 'Semantic Threat Detection',
@@ -609,8 +624,7 @@ export const AI_GATEWAY_DEFAULTS = [
         category: 'semantic',
         cedarText: AI_GATEWAY_SEMANTIC_DEFAULT_CEDAR,
         severity: 'critical',
-        tags: ['prompt-injection', 'jailbreak', 'owasp-llm01', 'owasp-llm02', 'security', 'baseline'],
-        isActive: true,
+        tags: ['prompt-injection', 'jailbreak', 'owasp-llm01', 'owasp-llm02', 'security'],
     },
     {
         id: 'tools-default',
@@ -619,8 +633,7 @@ export const AI_GATEWAY_DEFAULTS = [
         category: 'tools',
         cedarText: AI_GATEWAY_TOOLS_DEFAULT_CEDAR,
         severity: 'critical',
-        tags: ['tool-risk', 'command-injection', 'owasp-llm06', 'owasp-asi02', 'baseline'],
-        isActive: true,
+        tags: ['tool-risk', 'command-injection', 'owasp-llm06', 'owasp-asi02'],
     },
     {
         id: 'agent-security-default',
@@ -629,14 +642,8 @@ export const AI_GATEWAY_DEFAULTS = [
         category: 'agent_security',
         cedarText: AI_GATEWAY_AGENT_SECURITY_DEFAULT_CEDAR,
         severity: 'critical',
-        tags: ['tool-poisoning', 'rug-pull', 'indirect-injection', 'mcp-security', 'owasp-asi01', 'owasp-asi04', 'baseline'],
-        isActive: true,
+        tags: ['tool-poisoning', 'rug-pull', 'indirect-injection', 'mcp-security', 'owasp-asi01', 'owasp-asi04'],
     },
-];
-// =============================================================================
-// ALL TEMPLATES
-// =============================================================================
-export const AI_GATEWAY_TEMPLATES = [
     {
         id: 'tools-mcp-allowlist',
         name: 'MCP Server Allowlist',
@@ -724,6 +731,18 @@ export const AI_GATEWAY_TEMPLATES_JSON = `{
       "severity": "low",
       "tags": ["baseline", "permit-default", "organization"],
       "is_active": true
+    }
+  ],
+  "templates": [
+    {
+      "id": "baseline-default",
+      "name": "Baseline Permit",
+      "description": "Permits all actions by default -- threat-specific forbid policies override this when threats are detected",
+      "category": "organization",
+      "file": "defaults/baseline.cedar",
+      "severity": "low",
+      "tags": ["baseline", "permit-default", "organization"],
+      "auto_deploy": true
     },
     {
       "id": "semantic-default",
@@ -732,8 +751,7 @@ export const AI_GATEWAY_TEMPLATES_JSON = `{
       "category": "semantic",
       "file": "defaults/semantic.cedar",
       "severity": "critical",
-      "tags": ["prompt-injection", "jailbreak", "owasp-llm01", "owasp-llm02", "security", "baseline"],
-      "is_active": true
+      "tags": ["prompt-injection", "jailbreak", "owasp-llm01", "owasp-llm02", "security"]
     },
     {
       "id": "tools-default",
@@ -742,8 +760,7 @@ export const AI_GATEWAY_TEMPLATES_JSON = `{
       "category": "tools",
       "file": "defaults/tools.cedar",
       "severity": "critical",
-      "tags": ["tool-risk", "command-injection", "owasp-llm06", "owasp-asi02", "baseline"],
-      "is_active": true
+      "tags": ["tool-risk", "command-injection", "owasp-llm06", "owasp-asi02"]
     },
     {
       "id": "agent-security-default",
@@ -752,11 +769,8 @@ export const AI_GATEWAY_TEMPLATES_JSON = `{
       "category": "agent_security",
       "file": "defaults/agent_security.cedar",
       "severity": "critical",
-      "tags": ["tool-poisoning", "rug-pull", "indirect-injection", "mcp-security", "owasp-asi01", "owasp-asi04", "baseline"],
-      "is_active": true
-    }
-  ],
-  "templates": [
+      "tags": ["tool-poisoning", "rug-pull", "indirect-injection", "mcp-security", "owasp-asi01", "owasp-asi04"]
+    },
     {
       "id": "tools-mcp-allowlist",
       "name": "MCP Server Allowlist",

package/dist/builder.d.ts

@@ -49,7 +49,8 @@ export declare function isValidIdentifier(s: string): boolean;
 export declare function sanitizeIdentifier(s: string, context: string): string;
 /**
  * Validate a raw condition string for potentially dangerous patterns.
- * Returns true if the condition is safe to use.
+ * String literals are stripped first so `like` patterns such as "/etc/*"
+ * don't false-positive on the block-comment detector.
  */
 export declare function isValidRawCondition(condition: string): boolean;
 /**

package/dist/builder.js

@@ -71,12 +71,15 @@ export function sanitizeIdentifier(s, context) {
     }
     return sanitized;
 }
+const STRING_LITERAL_REGEX = /"(?:[^"\\]|\\.)*"/g;
 /**
  * Validate a raw condition string for potentially dangerous patterns.
- * Returns true if the condition is safe to use.
+ * String literals are stripped first so `like` patterns such as "/etc/*"
+ * don't false-positive on the block-comment detector.
  */
 export function isValidRawCondition(condition) {
-    return !DANGEROUS_PATTERN_REGEX.test(condition);
+    const stripped = condition.replace(STRING_LITERAL_REGEX, '""');
+    return !DANGEROUS_PATTERN_REGEX.test(stripped);
 }
 /**
  * Format an action string for Cedar policy text.

package/dist/guardrails-defaults.gen.d.ts

@@ -50,6 +50,9 @@ export interface GuardrailsTemplate {
     severity: string;
     /** Tags for filtering */
     tags: string[];
+    /** True when ensure-defaults should auto-seed this template at
+     *  project creation. See schemas/*\/templates.json. Defaults to false. */
+    autoDeploy?: boolean;
 }
 export declare const GUARDRAILS_CATEGORIES: GuardrailsCategoryInfo[];
 export declare const GUARDRAILS_DEFAULTS: GuardrailsDefaultPolicy[];

package/dist/guardrails-defaults.gen.js

@@ -2520,6 +2520,21 @@ export const GUARDRAILS_DEFAULTS = [
         tags: ['baseline', 'permit-default', 'organization'],
         isActive: true,
     },
+];
+// =============================================================================
+// ALL TEMPLATES
+// =============================================================================
+export const GUARDRAILS_TEMPLATES = [
+    {
+        id: 'baseline-default',
+        name: 'Baseline Permit',
+        description: 'Permits all actions by default — threat-specific forbid policies override this when threats are detected',
+        category: 'organization',
+        cedarText: GUARDRAILS_BASELINE_DEFAULT_CEDAR,
+        severity: 'low',
+        tags: ['baseline', 'permit-default', 'organization'],
+        autoDeploy: true,
+    },
     {
         id: 'secrets-default',
         name: 'Secrets Detection',
@@ -2528,7 +2543,6 @@ export const GUARDRAILS_DEFAULTS = [
         cedarText: GUARDRAILS_SECRETS_DEFAULT_CEDAR,
         severity: 'critical',
         tags: ['secrets', 'api-keys', 'credentials', 'data-leak'],
-        isActive: true,
     },
     {
         id: 'injection-default',
@@ -2538,7 +2552,6 @@ export const GUARDRAILS_DEFAULTS = [
         cedarText: GUARDRAILS_INJECTION_DEFAULT_CEDAR,
         severity: 'high',
         tags: ['injection', 'jailbreak', 'security'],
-        isActive: true,
     },
     {
         id: 'pii-default',
@@ -2548,7 +2561,6 @@ export const GUARDRAILS_DEFAULTS = [
         cedarText: GUARDRAILS_PII_DEFAULT_CEDAR,
         severity: 'high',
         tags: ['pii', 'privacy', 'data-protection'],
-        isActive: true,
     },
     {
         id: 'toxicity-default',
@@ -2558,7 +2570,6 @@ export const GUARDRAILS_DEFAULTS = [
         cedarText: GUARDRAILS_TOXICITY_DEFAULT_CEDAR,
         severity: 'critical',
         tags: ['toxicity', 'trust-safety', 'content-moderation'],
-        isActive: true,
     },
     {
         id: 'tool-risk-default',
@@ -2568,7 +2579,6 @@ export const GUARDRAILS_DEFAULTS = [
         cedarText: GUARDRAILS_TOOL_RISK_DEFAULT_CEDAR,
         severity: 'critical',
         tags: ['tools', 'agentic', 'security'],
-        isActive: true,
     },
     {
         id: 'agentic-safety-default',
@@ -2578,7 +2588,6 @@ export const GUARDRAILS_DEFAULTS = [
         cedarText: GUARDRAILS_AGENTIC_SAFETY_DEFAULT_CEDAR,
         severity: 'high',
         tags: ['agentic', 'safety', 'loops', 'exfiltration', 'budget', 'tool-poisoning', 'rug-pull', 'mcp-risk'],
-        isActive: true,
     },
     {
         id: 'security-patterns-default',
@@ -2588,13 +2597,7 @@ export const GUARDRAILS_DEFAULTS = [
         cedarText: GUARDRAILS_SECURITY_PATTERNS_DEFAULT_CEDAR,
         severity: 'critical',
         tags: ['command-injection', 'path-traversal', 'sql-injection', 'security'],
-        isActive: true,
     },
-];
-// =============================================================================
-// ALL TEMPLATES
-// =============================================================================
-export const GUARDRAILS_TEMPLATES = [
     {
         id: 'agent-identity-trust',
         name: 'Agent Identity & Trust',
@@ -2853,6 +2856,18 @@ export const GUARDRAILS_TEMPLATES_JSON = `{
       "severity": "low",
       "tags": ["baseline", "permit-default", "organization"],
       "is_active": true
+    }
+  ],
+  "templates": [
+    {
+      "id": "baseline-default",
+      "name": "Baseline Permit",
+      "description": "Permits all actions by default — threat-specific forbid policies override this when threats are detected",
+      "category": "organization",
+      "file": "defaults/baseline.cedar",
+      "severity": "low",
+      "tags": ["baseline", "permit-default", "organization"],
+      "auto_deploy": true
     },
     {
       "id": "secrets-default",
@@ -2861,8 +2876,7 @@ export const GUARDRAILS_TEMPLATES_JSON = `{
       "category": "security",
       "file": "defaults/secrets.cedar",
       "severity": "critical",
-      "tags": ["secrets", "api-keys", "credentials", "data-leak"],
-      "is_active": true
+      "tags": ["secrets", "api-keys", "credentials", "data-leak"]
     },
     {
       "id": "injection-default",
@@ -2871,8 +2885,7 @@ export const GUARDRAILS_TEMPLATES_JSON = `{
       "category": "security",
       "file": "defaults/injection.cedar",
       "severity": "high",
-      "tags": ["injection", "jailbreak", "security"],
-      "is_active": true
+      "tags": ["injection", "jailbreak", "security"]
     },
     {
       "id": "pii-default",
@@ -2881,8 +2894,7 @@ export const GUARDRAILS_TEMPLATES_JSON = `{
       "category": "privacy",
       "file": "defaults/pii.cedar",
       "severity": "high",
-      "tags": ["pii", "privacy", "data-protection"],
-      "is_active": true
+      "tags": ["pii", "privacy", "data-protection"]
     },
     {
       "id": "toxicity-default",
@@ -2891,8 +2903,7 @@ export const GUARDRAILS_TEMPLATES_JSON = `{
       "category": "trust_safety",
       "file": "defaults/toxicity.cedar",
       "severity": "critical",
-      "tags": ["toxicity", "trust-safety", "content-moderation"],
-      "is_active": true
+      "tags": ["toxicity", "trust-safety", "content-moderation"]
     },
     {
       "id": "tool-risk-default",
@@ -2901,8 +2912,7 @@ export const GUARDRAILS_TEMPLATES_JSON = `{
       "category": "agentic_security",
       "file": "defaults/tool_risk.cedar",
       "severity": "critical",
-      "tags": ["tools", "agentic", "security"],
-      "is_active": true
+      "tags": ["tools", "agentic", "security"]
     },
     {
       "id": "agentic-safety-default",
@@ -2911,8 +2921,7 @@ export const GUARDRAILS_TEMPLATES_JSON = `{
       "category": "agentic_security",
       "file": "defaults/agentic_safety.cedar",
       "severity": "high",
-      "tags": ["agentic", "safety", "loops", "exfiltration", "budget", "tool-poisoning", "rug-pull", "mcp-risk"],
-      "is_active": true
+      "tags": ["agentic", "safety", "loops", "exfiltration", "budget", "tool-poisoning", "rug-pull", "mcp-risk"]
     },
     {
       "id": "security-patterns-default",
@@ -2921,11 +2930,8 @@ export const GUARDRAILS_TEMPLATES_JSON = `{
       "category": "security",
       "file": "defaults/security_patterns.cedar",
       "severity": "critical",
-      "tags": ["command-injection", "path-traversal", "sql-injection", "security"],
-      "is_active": true
-    }
-  ],
-  "templates": [
+      "tags": ["command-injection", "path-traversal", "sql-injection", "security"]
+    },
     {
       "id": "agent-identity-trust",
       "name": "Agent Identity & Trust",

package/dist/overwatch-defaults.gen.d.ts

@@ -50,6 +50,9 @@ export interface OverwatchTemplate {
     severity: string;
     /** Tags for filtering */
     tags: string[];
+    /** True when ensure-defaults should auto-seed this template at
+     *  project creation. See schemas/*\/templates.json. Defaults to false. */
+    autoDeploy?: boolean;
 }
 export declare const OVERWATCH_CATEGORIES: OverwatchCategoryInfo[];
 export declare const OVERWATCH_DEFAULTS: OverwatchDefaultPolicy[];

package/dist/overwatch-defaults.gen.js

@@ -1050,6 +1050,16 @@ export const OVERWATCH_DEFAULTS = [
 // ALL TEMPLATES
 // =============================================================================
 export const OVERWATCH_TEMPLATES = [
+    {
+        id: 'baseline-default',
+        name: 'Baseline Permit',
+        description: 'Permits all actions by default — threat-specific forbid policies override this when threats are detected',
+        category: 'organization',
+        cedarText: OVERWATCH_BASELINE_DEFAULT_CEDAR,
+        severity: 'low',
+        tags: ['baseline', 'permit-default', 'organization'],
+        autoDeploy: true,
+    },
     {
         id: 'secrets-default',
         name: 'Secrets Detection',
@@ -1189,6 +1199,16 @@ export const OVERWATCH_TEMPLATES_JSON = `{
     }
   ],
   "templates": [
+    {
+      "id": "baseline-default",
+      "name": "Baseline Permit",
+      "description": "Permits all actions by default — threat-specific forbid policies override this when threats are detected",
+      "category": "organization",
+      "file": "defaults/baseline.cedar",
+      "severity": "low",
+      "tags": ["baseline", "permit-default", "organization"],
+      "auto_deploy": true
+    },
     {
       "id": "secrets-default",
       "name": "Secrets Detection",

package/dist/sentry-defaults.gen.d.ts

@@ -50,6 +50,9 @@ export interface SentryTemplate {
     severity: string;
     /** Tags for filtering */
     tags: string[];
+    /** True when ensure-defaults should auto-seed this template at
+     *  project creation. See schemas/*\/templates.json. Defaults to false. */
+    autoDeploy?: boolean;
 }
 export declare const SENTRY_CATEGORIES: SentryCategoryInfo[];
 export declare const SENTRY_DEFAULTS: SentryDefaultPolicy[];

package/dist/sentry-defaults.gen.js

@@ -834,6 +834,16 @@ export const SENTRY_DEFAULTS = [
 // ALL TEMPLATES
 // =============================================================================
 export const SENTRY_TEMPLATES = [
+    {
+        id: 'sentry-baseline-default',
+        name: 'Baseline Permit',
+        description: 'Permits all actions by default — threat-specific forbid policies override this when threats are detected',
+        category: 'organization',
+        cedarText: SENTRY_SENTRY_BASELINE_DEFAULT_CEDAR,
+        severity: 'low',
+        tags: ['baseline', 'permit-default', 'organization'],
+        autoDeploy: true,
+    },
     {
         id: 'sentry-semantic-default',
         name: 'Semantic Threat Detection',
@@ -956,6 +966,16 @@ export const SENTRY_TEMPLATES_JSON = `{
     }
   ],
   "templates": [
+    {
+      "id": "sentry-baseline-default",
+      "name": "Baseline Permit",
+      "description": "Permits all actions by default — threat-specific forbid policies override this when threats are detected",
+      "category": "organization",
+      "file": "defaults/baseline.cedar",
+      "severity": "low",
+      "tags": ["baseline", "permit-default", "organization"],
+      "auto_deploy": true
+    },
     {
       "id": "sentry-semantic-default",
       "name": "Semantic Threat Detection",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@highflame/policy",
-  "version": "2.1.35",
+  "version": "2.1.36",
   "engines": {
     "node": ">=18"
   },