npm - @highflame/policy - Versions diffs - 2.1.35 → 2.1.37 - Mend

@highflame/policy 2.1.35 → 2.1.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (81) hide show

package/_schemas/overwatch/context.json CHANGED Viewed

@@ -74,7 +74,7 @@
           "description": "Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)"
         },
         {
-          "key": "contains_secrets",
+          "key": "secrets_detected",
           "type": "boolean",
           "required": true,
           "description": "Whether secrets or credentials were detected"
@@ -110,7 +110,7 @@
           "description": "Number of PII pattern matches"
         },
         {
-          "key": "contains_invisible_chars",
+          "key": "invisible_chars_detected",
           "type": "boolean",
           "required": false,
           "description": "Whether invisible Unicode characters (zero-width, bidi overrides, tag chars) were detected"
@@ -170,19 +170,19 @@
           "description": "Profanity detection score (0-100)"
         },
         {
-          "key": "pii_confidence",
+          "key": "pii_score",
           "type": "number",
           "required": true,
           "description": "PII detection ML classifier confidence (0-100)"
         },
         {
-          "key": "injection_confidence",
+          "key": "injection_score",
           "type": "number",
           "required": true,
           "description": "Combined prompt injection confidence (0-100). MAX of all detector scores (Pulse + DeepContext). Use injection_pulse_score / injection_deep_context_score for individual detector control"
         },
         {
-          "key": "jailbreak_confidence",
+          "key": "jailbreak_score",
           "type": "number",
           "required": true,
           "description": "Combined jailbreak detection confidence (0-100). MAX of all detector scores (Pulse + DeepContext). Use jailbreak_pulse_score / jailbreak_deep_context_score for individual detector control"
@@ -392,7 +392,7 @@
           "description": "Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)"
         },
         {
-          "key": "contains_secrets",
+          "key": "secrets_detected",
           "type": "boolean",
           "required": false,
           "description": "Whether secrets or credentials were detected"
@@ -428,7 +428,7 @@
           "description": "Number of PII pattern matches"
         },
         {
-          "key": "contains_invisible_chars",
+          "key": "invisible_chars_detected",
           "type": "boolean",
           "required": false,
           "description": "Whether invisible Unicode characters were detected"
@@ -482,19 +482,19 @@
           "description": "Profanity detection score (0-100)"
         },
         {
-          "key": "pii_confidence",
+          "key": "pii_score",
           "type": "number",
           "required": false,
           "description": "PII detection ML classifier confidence (0-100)"
         },
         {
-          "key": "injection_confidence",
+          "key": "injection_score",
           "type": "number",
           "required": false,
           "description": "Combined prompt injection confidence (0-100). MAX of all detector scores (Pulse + DeepContext). Use injection_pulse_score / injection_deep_context_score for individual detector control"
         },
         {
-          "key": "jailbreak_confidence",
+          "key": "jailbreak_score",
           "type": "number",
           "required": false,
           "description": "Combined jailbreak detection confidence (0-100). MAX of all detector scores (Pulse + DeepContext). Use jailbreak_pulse_score / jailbreak_deep_context_score for individual detector control"
@@ -758,7 +758,7 @@
           "description": "Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)"
         },
         {
-          "key": "contains_invisible_chars",
+          "key": "invisible_chars_detected",
           "type": "boolean",
           "required": false,
           "description": "Whether invisible Unicode characters were detected in server data"
@@ -968,7 +968,7 @@
           "description": "Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)"
         },
         {
-          "key": "contains_secrets",
+          "key": "secrets_detected",
           "type": "boolean",
           "required": false,
           "description": "Whether secrets or credentials were detected in file content"
@@ -1160,7 +1160,7 @@
           "description": "Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)"
         },
         {
-          "key": "contains_secrets",
+          "key": "secrets_detected",
           "type": "boolean",
           "required": false,
           "description": "Whether secrets or credentials were detected in content being written"
@@ -1196,7 +1196,7 @@
           "description": "Number of PII pattern matches"
         },
         {
-          "key": "contains_invisible_chars",
+          "key": "invisible_chars_detected",
           "type": "boolean",
           "required": false,
           "description": "Whether invisible Unicode characters were detected in content being written"

package/_schemas/overwatch/schema.cedarschema CHANGED Viewed

@@ -95,7 +95,7 @@ action process_prompt appliesTo {
     threat_categories: Set<String>,   // Threat category names
     detected_threats: Set<String>,    // Detection rule names that matched
     max_threat_severity: Long,        // Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)
-    contains_secrets: Bool,           // Whether secrets/credentials detected
+    secrets_detected: Bool,           // Whether secrets/credentials detected
     // --- Secrets (granular) ---
     secret_types?: Set<String>,       // Types: "aws_access_key", "github_token", "ssh_private_key", etc.
@@ -107,7 +107,7 @@ action process_prompt appliesTo {
     pii_count?: Long,                 // Number of PII matches
     // --- Encoding & Unicode Attacks ---
-    contains_invisible_chars?: Bool,  // Zero-width chars, bidi overrides, tag chars detected
+    invisible_chars_detected?: Bool,  // Zero-width chars, bidi overrides, tag chars detected
     invisible_chars_score?: Long,     // Unicode attack severity (0-100)
     // --- Content Safety Scores (0-100, from ML classifiers) ---
@@ -119,9 +119,9 @@ action process_prompt appliesTo {
     profanity_score: Long,
     // --- ML Detector Confidence Scores (0-100) ---
-    pii_confidence: Long,             // PII detection classifier confidence
-    injection_confidence: Long,       // Combined injection confidence: MAX(pulse, deep_context)
-    jailbreak_confidence: Long,       // Combined jailbreak confidence: MAX(pulse, deep_context)
+    pii_score: Long,             // PII detection classifier confidence
+    injection_score: Long,       // Combined injection confidence: MAX(pulse, deep_context)
+    jailbreak_score: Long,       // Combined jailbreak confidence: MAX(pulse, deep_context)
     injection_pulse_score?: Long,     // 0-100 Pulse single-turn classifier
     injection_deep_context_score?: Long, // 0-100 DeepContext multi-turn
     jailbreak_pulse_score?: Long,     // 0-100 Pulse single-turn classifier
@@ -181,7 +181,7 @@ action call_tool appliesTo {
     threat_categories?: Set<String>,
     detected_threats?: Set<String>,
     max_threat_severity?: Long,
-    contains_secrets?: Bool,
+    secrets_detected?: Bool,
     // --- Secrets (granular) ---
     secret_types?: Set<String>,
@@ -193,7 +193,7 @@ action call_tool appliesTo {
     pii_count?: Long,
     // --- Encoding & Unicode Attacks ---
-    contains_invisible_chars?: Bool,
+    invisible_chars_detected?: Bool,
     invisible_chars_score?: Long,
     // --- Content Safety Scores (0-100) ---
@@ -205,9 +205,9 @@ action call_tool appliesTo {
     profanity_score?: Long,
     // --- ML Detector Confidence Scores (0-100) ---
-    pii_confidence?: Long,
-    injection_confidence?: Long,      // Combined injection confidence: MAX(pulse, deep_context)
-    jailbreak_confidence?: Long,      // Combined jailbreak confidence: MAX(pulse, deep_context)
+    pii_score?: Long,
+    injection_score?: Long,      // Combined injection confidence: MAX(pulse, deep_context)
+    jailbreak_score?: Long,      // Combined jailbreak confidence: MAX(pulse, deep_context)
     injection_pulse_score?: Long,     // 0-100 Pulse single-turn classifier
     injection_deep_context_score?: Long, // 0-100 DeepContext multi-turn
     jailbreak_pulse_score?: Long,     // 0-100 Pulse single-turn classifier
@@ -324,7 +324,7 @@ action read_file appliesTo {
     threat_categories?: Set<String>,
     detected_threats?: Set<String>,
     max_threat_severity?: Long,
-    contains_secrets?: Bool,
+    secrets_detected?: Bool,
     // --- Secrets (granular) ---
     secret_types?: Set<String>,
@@ -375,7 +375,7 @@ action write_file appliesTo {
     threat_categories?: Set<String>,
     detected_threats?: Set<String>,
     max_threat_severity?: Long,
-    contains_secrets?: Bool,
+    secrets_detected?: Bool,
     // --- Secrets (granular) ---
     secret_types?: Set<String>,

package/_schemas/sentry/context.json CHANGED Viewed

@@ -74,7 +74,7 @@
           "description": "Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)"
         },
         {
-          "key": "contains_secrets",
+          "key": "secrets_detected",
           "type": "boolean",
           "required": true,
           "description": "Whether secrets or credentials were detected in the message"
@@ -110,7 +110,7 @@
           "description": "Number of PII pattern matches"
         },
         {
-          "key": "pii_confidence",
+          "key": "pii_score",
           "type": "number",
           "required": false,
           "description": "PII detection confidence (0-100). Fixed 80 when regex PII detected, else 0"
@@ -176,7 +176,7 @@
           "description": "Topic classifier confidence (0-100)"
         },
         {
-          "key": "contains_invisible_chars",
+          "key": "invisible_chars_detected",
           "type": "boolean",
           "required": false,
           "description": "Whether invisible Unicode characters (zero-width, bidi overrides, tag chars) were detected"
@@ -398,7 +398,7 @@
           "description": "Numeric severity (0-4)"
         },
         {
-          "key": "contains_secrets",
+          "key": "secrets_detected",
           "type": "boolean",
           "required": true,
           "description": "Whether secrets detected in AI response"
@@ -434,7 +434,7 @@
           "description": "Number of PII matches in response"
         },
         {
-          "key": "pii_confidence",
+          "key": "pii_score",
           "type": "number",
           "required": false,
           "description": "PII detection confidence (0-100)"
@@ -650,7 +650,7 @@
           "description": "Numeric severity (0-4)"
         },
         {
-          "key": "contains_secrets",
+          "key": "secrets_detected",
           "type": "boolean",
           "required": true,
           "description": "Whether secrets detected in pasted content"
@@ -686,7 +686,7 @@
           "description": "PII match count"
         },
         {
-          "key": "pii_confidence",
+          "key": "pii_score",
           "type": "number",
           "required": false,
           "description": "PII detection confidence (0-100)"
@@ -758,7 +758,7 @@
           "description": "Code ratio (0-100)"
         },
         {
-          "key": "contains_invisible_chars",
+          "key": "invisible_chars_detected",
           "type": "boolean",
           "required": false,
           "description": "Whether invisible Unicode characters detected"
@@ -974,7 +974,7 @@
           "description": "Numeric severity (0-4)"
         },
         {
-          "key": "contains_secrets",
+          "key": "secrets_detected",
           "type": "boolean",
           "required": true,
           "description": "Whether secrets detected in file content"
@@ -1010,7 +1010,7 @@
           "description": "PII match count"
         },
         {
-          "key": "pii_confidence",
+          "key": "pii_score",
           "type": "number",
           "required": false,
           "description": "PII confidence (0-100)"
@@ -1088,7 +1088,7 @@
           "description": "Whether phishing URLs detected in file"
         },
         {
-          "key": "contains_invisible_chars",
+          "key": "invisible_chars_detected",
           "type": "boolean",
           "required": false,
           "description": "Whether invisible chars detected in file"

package/_schemas/sentry/schema.cedarschema CHANGED Viewed

@@ -94,7 +94,7 @@ action process_prompt appliesTo {
     max_threat_severity: Long,        // Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)
     // --- Secrets Detection (from SecretsDetector) ---
-    contains_secrets: Bool,           // Whether secrets/credentials detected
+    secrets_detected: Bool,           // Whether secrets/credentials detected
     secret_types?: Set<String>,       // Types: "aws_access_key", "github_token", "ssh_private_key", etc.
     secret_count?: Long,              // Number of distinct secrets found
@@ -102,7 +102,7 @@ action process_prompt appliesTo {
     pii_detected?: Bool,              // Whether any PII patterns matched
     pii_types?: Set<String>,          // Types: "ssn", "credit_card", "email", "phone", etc.
     pii_count?: Long,                 // Number of PII matches
-    pii_confidence?: Long,            // PII detection confidence (0-100)
+    pii_score?: Long,            // PII detection confidence (0-100)
     // --- Content Safety Scores (from ToxicityDetector, 0-100) ---
     violence_score: Long,
@@ -121,7 +121,7 @@ action process_prompt appliesTo {
     topic_confidence?: Long,          // Topic classifier confidence (0-100)
     // --- Encoding & Unicode Attacks (from SecurityFiltersDetector, EncodedInjectionDetector) ---
-    contains_invisible_chars?: Bool,  // Zero-width chars, bidi overrides, tag chars
+    invisible_chars_detected?: Bool,  // Zero-width chars, bidi overrides, tag chars
     invisible_chars_score?: Long,     // Unicode attack severity (0-100)
     encoded_content_detected?: Bool,  // Base64, hex, unicode, URL encoded content
     encoded_types?: Set<String>,      // Encoding types detected
@@ -181,7 +181,7 @@ action receive_response appliesTo {
     max_threat_severity: Long,
     // --- Secrets Detection ---
-    contains_secrets: Bool,
+    secrets_detected: Bool,
     secret_types?: Set<String>,
     secret_count?: Long,
@@ -189,7 +189,7 @@ action receive_response appliesTo {
     pii_detected?: Bool,
     pii_types?: Set<String>,
     pii_count?: Long,
-    pii_confidence?: Long,
+    pii_score?: Long,
     // --- Content Safety Scores (0-100) ---
     violence_score: Long,
@@ -252,7 +252,7 @@ action paste_content appliesTo {
     max_threat_severity: Long,
     // --- Secrets Detection ---
-    contains_secrets: Bool,
+    secrets_detected: Bool,
     secret_types?: Set<String>,
     secret_count?: Long,
@@ -260,7 +260,7 @@ action paste_content appliesTo {
     pii_detected?: Bool,
     pii_types?: Set<String>,
     pii_count?: Long,
-    pii_confidence?: Long,
+    pii_score?: Long,
     // --- Content Safety Scores (0-100) ---
     violence_score: Long,
@@ -280,7 +280,7 @@ action paste_content appliesTo {
     code_ratio?: Long,
     // --- Encoding Attacks ---
-    contains_invisible_chars?: Bool,
+    invisible_chars_detected?: Bool,
     invisible_chars_score?: Long,
     encoded_content_detected?: Bool,
     encoded_types?: Set<String>,
@@ -337,7 +337,7 @@ action upload_file appliesTo {
     max_threat_severity: Long,
     // --- Secrets Detection ---
-    contains_secrets: Bool,
+    secrets_detected: Bool,
     secret_types?: Set<String>,
     secret_count?: Long,
@@ -345,7 +345,7 @@ action upload_file appliesTo {
     pii_detected?: Bool,
     pii_types?: Set<String>,
     pii_count?: Long,
-    pii_confidence?: Long,
+    pii_score?: Long,
     // --- Content Safety Scores (0-100) ---
     violence_score: Long,
@@ -368,7 +368,7 @@ action upload_file appliesTo {
     phishing_detected?: Bool,
     // --- Encoding Attacks ---
-    contains_invisible_chars?: Bool,
+    invisible_chars_detected?: Bool,
     invisible_chars_score?: Long,
     encoded_content_detected?: Bool,
     encoded_types?: Set<String>,

package/_schemas/sentry/templates/defaults/baseline.cedar CHANGED Viewed

@@ -1,22 +1,18 @@
 // =============================================================================
-// Baseline Permit Policy (Default)
+// Baseline Permit (Default)
 // =============================================================================
-// Permits all actions by default. Threat-specific forbid policies override
-// this to block when detection engines identify issues.
+// Permits all Sentry actions by default. Threat-specific forbid policies
+// override this when detectors fire.
 //
-// Cedar is default-deny: without at least one permit rule, every request
-// is denied regardless of forbid rules. This baseline ensures the system
-// is "allow unless blocked" rather than "block everything".
-//
-// Category: organization
+// Category:  organization
 // Namespace: Sentry
 // =============================================================================
-@id("sentry-baseline-permit-all")
-@name("Permit all actions by default")
-@description("Baseline permit for all actions — threat-specific forbid policies override this when threats are detected")
+@id("organization.permit-baseline")
+@name("Permit baseline")
+@description("Permits all Sentry actions.")
 @severity("low")
-@tags("baseline,permit-default,organization")
+@tags("category:organization,posture:permit-default")
 permit (
     principal,
     action,

package/_schemas/sentry/templates/defaults/clipboard.cedar CHANGED Viewed

@@ -1,98 +1,99 @@
 // =============================================================================
 // Clipboard Policy (Default)
 // =============================================================================
-// Controls over paste operations into AI chat services. Covers:
-//   - Blanket paste blocking (admin-configurable)
-//   - Paste-with-secrets blocking
-//   - Paste-with-PII blocking
-//   - Paste-with-source-code blocking
-//   - Large-paste threat blocking
-//   - Paste-with-encoded-payload blocking
-//   - Paste-with-invisible-character blocking
+// Controls paste operations into AI chat services. Covers blanket paste
+// blocking, paste-with-secrets, paste-with-PII, encoded payload pastes, and
+// pastes containing invisible Unicode characters.
 //
-// All policies in this file are scoped to action == "paste_content". Other
-// templates (semantic.cedar, content_safety.cedar, pii.cedar, secrets.cedar)
-// cover process_prompt and upload_file for the same threat categories.
+// All rules scope to action == "paste_content". Other templates
+// (semantic, content_safety, pii, secrets) cover process_prompt and
+// upload_file for the same threat categories.
 //
-// Category: clipboard
+// Context keys consumed:
+//   - secrets_detected:           Bool
+//   - pii_detected:               Bool
+//   - encoded_content_detected:   Bool
+//   - encoded_score:              Long (0-100)
+//   - invisible_chars_detected:   Bool
+//   - invisible_chars_score:      Long (0-100)
+//
+// Compliance:
+//   - NIST 800-53 SC-28; GDPR Art. 32
+//
+// Category:  clipboard
 // Namespace: Sentry
 // =============================================================================
-// Block all paste operations
-@id("sentry-org-block-all-paste")
+@id("clipboard.block-all-paste")
 @name("Block all paste operations")
-@description("Unconditionally block all paste operations into AI chat services. Enable this rule to prevent any content from being pasted into AI chats regardless of content. Disable to allow paste (subject to other policy rules).")
+@description("Blocks paste_content unconditionally.")
 @severity("high")
-@tags("paste,clipboard,data-protection,organization")
-@reject_message("Paste blocked: your organization does not allow pasting content into AI services. Type your message directly or contact your administrator.")
+@tags("category:clipboard,detection:rule,posture:deny-default,scope:org-wide")
+@reject_message("Paste blocked: your organization does not allow pasting content into AI services.")
 forbid (
     principal,
     action == Sentry::Action::"paste_content",
     resource
 );
-// Block pasted content containing secrets
-@id("sentry-org-block-secrets-paste")
+@id("clipboard.block-paste-secrets")
 @name("Block paste with secrets")
-@description("Block paste operations when secrets are detected. Prevents credential leakage when users paste from terminals, config files, or code editors into AI chats.")
+@description("Blocks paste_content when secrets_detected is true.")
 @severity("critical")
-@tags("secrets,paste-safety,credentials,nist-sc-28")
-@reject_message("Paste blocked: secrets or credentials detected in pasted content. Remove API keys, tokens, and passwords before pasting into AI services.")
+@tags("category:clipboard,threat:secrets,detection:rule,owasp:llm06")
+@reject_message("Paste blocked: secrets or credentials detected in pasted content — remove before pasting.")
 forbid (
     principal,
     action == Sentry::Action::"paste_content",
     resource
 )
 when {
-    context has contains_secrets && context.contains_secrets
+    context has secrets_detected && context.secrets_detected == true
 };
-// Block pasted content containing PII
-@id("sentry-pii-block-paste")
+@id("clipboard.block-paste-pii")
 @name("Block paste with PII")
-@description("Block paste operations when PII is detected in pasted content. Prevents data leakage when employees paste content from emails, spreadsheets, or documents containing personal data into AI chats.")
+@description("Blocks paste_content when pii_detected is true.")
 @severity("critical")
-@tags("pii,paste-safety,data-leakage,gdpr-art-32")
-@reject_message("Paste blocked: personally identifiable information detected in pasted content. Remove PII before pasting into AI services.")
+@tags("category:clipboard,threat:pii,detection:rule,compliance:gdpr")
+@reject_message("Paste blocked: personally identifiable information detected in pasted content.")
 forbid (
     principal,
     action == Sentry::Action::"paste_content",
     resource
 )
 when {
-    context has pii_detected && context.pii_detected
+    context has pii_detected && context.pii_detected == true
 };
-// Block pastes containing encoded injection payloads
-@id("sentry-clipboard-block-paste-encoded")
-@name("Block encoded paste content")
-@description("Block paste operations when encoded injection payloads (base64, hex, unicode) are detected. Attackers use encoding to smuggle injection payloads via clipboard transfer.")
+@id("clipboard.block-paste-encoded")
+@name("Block paste with encoded payloads")
+@description("Blocks paste_content when encoded_content_detected is true and encoded_score >= 60.")
 @severity("high")
-@tags("paste-safety,encoding,injection,clipboard")
-@reject_message("Paste blocked: encoded injection payloads detected in pasted content. Content with hidden encoded instructions cannot be shared with AI services.")
+@tags("category:clipboard,threat:encoded-payload,threat:injection,detection:pattern,owasp:llm01")
+@reject_message("Paste blocked: encoded payloads (base64, hex, unicode) detected — possible injection evasion.")
 forbid (
     principal,
     action == Sentry::Action::"paste_content",
     resource
 )
 when {
-    context has encoded_content_detected && context.encoded_content_detected &&
+    context has encoded_content_detected && context.encoded_content_detected == true &&
     context has encoded_score && context.encoded_score >= 60
 };
-// Block pastes with invisible characters
-@id("sentry-clipboard-block-paste-invisible")
+@id("clipboard.block-paste-invisible")
 @name("Block paste with invisible characters")
-@description("Block paste operations containing invisible Unicode characters (zero-width, bidi overrides). These can hide malicious instructions that appear invisible to users but are processed by AI models.")
+@description("Blocks paste_content when invisible_chars_detected is true and invisible_chars_score >= 50.")
 @severity("high")
-@tags("paste-safety,unicode,invisible-chars,clipboard")
-@reject_message("Paste blocked: invisible Unicode characters detected. Hidden characters can disguise malicious instructions that AI models process but users cannot see.")
+@tags("category:clipboard,threat:invisible-chars,threat:injection,detection:pattern,owasp:llm01")
+@reject_message("Paste blocked: invisible Unicode characters detected — hidden characters can disguise malicious instructions.")
 forbid (
     principal,
     action == Sentry::Action::"paste_content",
     resource
 )
 when {
-    context has contains_invisible_chars && context.contains_invisible_chars &&
+    context has invisible_chars_detected && context.invisible_chars_detected == true &&
     context has invisible_chars_score && context.invisible_chars_score >= 50
 };