npm - @highflame/policy - Versions diffs - 2.1.35 → 2.1.37 - Mend

@highflame/policy 2.1.35 → 2.1.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (81) hide show

package/_schemas/sentry/templates/defaults/secrets.cedar CHANGED Viewed

@@ -1,38 +1,44 @@
 // =============================================================================
-// Secrets Detection Policy (Default)
+// Secrets Detection (Default)
 // =============================================================================
-// Block credential and secret leakage across messages and file uploads.
-// Shield SecretsDetector identifies 18+ secret types via regex.
+// Blocks credentials and secrets across messages and file uploads. Covers
+// general detection, high-risk credential types, common API keys, SSH and
+// PEM key material, bulk exposure, and detector rule triggers.
 //
-// Paste-targeted secret rules live in clipboard.cedar.
+// Context keys consumed:
+//   - secrets_detected: Bool
+//   - secret_types:     Set<String>
+//   - secret_count:     Long
+//   - detected_threats: Set<String>
 //
-// Category: secrets
+// Compliance:
+//   - NIST 800-53 SC-28, IA-5; MITRE ATT&CK T1552
+//
+// Category:  data-protection
 // Namespace: Sentry
 // =============================================================================
-// Block messages and uploads containing secrets
-@id("sentry-org-block-secrets-messages")
-@name("Block messages and uploads with secrets")
-@description("Block messages and file uploads when detection engines identify API keys, tokens, or credential patterns. First line of defense against accidental credential exposure in AI chat interactions.")
+@id("data-protection.block-secrets")
+@name("Block secrets in messages and uploads")
+@description("Blocks process_prompt and upload_file when secrets_detected is true.")
 @severity("critical")
-@tags("secrets,credentials,messages,nist-sc-28,nist-ia-5")
-@reject_message("Content blocked: detected secrets such as API keys, tokens, or credentials. Remove all secrets before sending to AI services.")
+@tags("category:data-protection,threat:secrets,detection:rule,owasp:llm06")
+@reject_message("Content blocked: secrets such as API keys, tokens, or credentials detected — remove before sending to AI services.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
-    context has contains_secrets && context.contains_secrets
+    context has secrets_detected && context.secrets_detected == true
 };
-// Block high-risk secret types across messages and file uploads
-@id("sentry-org-block-high-risk-secrets")
+@id("data-protection.block-high-risk-secrets")
 @name("Block high-risk credential types")
-@description("Block messages and file uploads containing cloud provider keys (AWS, GCP, Azure), GitHub tokens, SSH private keys, or database connection strings. These credential types pose the highest exfiltration risk.")
+@description("Blocks process_prompt and upload_file when secret_types contains a cloud, GitHub, or private-key credential.")
 @severity("critical")
-@tags("secrets,aws,github,ssh,cloud,nist-ia-5,mitre-t1552")
-@reject_message("Content blocked: high-risk credentials detected (cloud keys, GitHub tokens, SSH keys). Use a secrets manager — never share credentials with AI services.")
+@tags("category:data-protection,threat:secrets,detection:rule,owasp:llm06")
+@reject_message("Content blocked: high-risk credentials detected (cloud keys, GitHub tokens, SSH keys) — never share credentials with AI services.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -40,22 +46,23 @@ forbid (
 )
 when {
     context has secret_types &&
-    (context.secret_types.contains("aws_access_key") ||
-     context.secret_types.contains("aws_secret_key") ||
-     context.secret_types.contains("gcp_service_account") ||
-     context.secret_types.contains("azure_connection_string") ||
-     context.secret_types.contains("github_token") ||
-     context.secret_types.contains("github_fine_grained") ||
-     context.secret_types.contains("private_key"))
+    (
+        context.secret_types.contains("aws_access_key") ||
+        context.secret_types.contains("aws_secret_key") ||
+        context.secret_types.contains("gcp_service_account") ||
+        context.secret_types.contains("azure_connection_string") ||
+        context.secret_types.contains("github_token") ||
+        context.secret_types.contains("github_fine_grained") ||
+        context.secret_types.contains("private_key")
+    )
 };
-// Block API keys and tokens across messages and file uploads
-@id("sentry-org-block-api-keys")
+@id("data-protection.block-api-keys")
 @name("Block API keys and tokens")
-@description("Block messages and file uploads containing generic API keys, JWT tokens, and OAuth credentials. These are the most commonly leaked credential types when users interact with AI services.")
+@description("Blocks process_prompt and upload_file when secret_types contains a generic API key, JWT, OpenAI, Anthropic, or Stripe key.")
 @severity("high")
-@tags("secrets,api-key,jwt,oauth,nist-ia-5")
-@reject_message("Content blocked: API keys, JWT tokens, or OAuth credentials detected. These must never be shared with AI services.")
+@tags("category:data-protection,threat:secrets,detection:rule,owasp:llm06")
+@reject_message("Content blocked: API keys, JWT tokens, or OAuth credentials detected.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -63,20 +70,21 @@ forbid (
 )
 when {
     context has secret_types &&
-    (context.secret_types.contains("generic_api_key") ||
-     context.secret_types.contains("jwt_token") ||
-     context.secret_types.contains("openai_key") ||
-     context.secret_types.contains("anthropic_key") ||
-     context.secret_types.contains("stripe_key"))
+    (
+        context.secret_types.contains("generic_api_key") ||
+        context.secret_types.contains("jwt_token") ||
+        context.secret_types.contains("openai_key") ||
+        context.secret_types.contains("anthropic_key") ||
+        context.secret_types.contains("stripe_key")
+    )
 };
-// Block SSH key exposure across messages and file uploads
-@id("sentry-secrets-block-ssh-keys")
+@id("data-protection.block-ssh-keys")
 @name("Block SSH key exposure")
-@description("Block when SSH private key content or SSH key file paths are detected. Covers messages and file uploads. AI chat services must not receive SSH credentials.")
+@description("Blocks process_prompt and upload_file when secret_types contains \"ssh_key\".")
 @severity("critical")
-@tags("secrets,ssh,credentials,nist-ia-5,mitre-t1552")
-@reject_message("Blocked: SSH private key content or key file path detected. AI chat services must not receive SSH credentials.")
+@tags("category:data-protection,threat:secrets,detection:rule,compliance:nist-si-3")
+@reject_message("Content blocked: SSH private key content or key file path detected.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -86,13 +94,12 @@ when {
     context has secret_types && context.secret_types.contains("ssh_key")
 };
-// Block PEM/certificate key exposure across messages and file uploads
-@id("sentry-secrets-block-pem-keys")
-@name("Block PEM/certificate key exposure")
-@description("Block when PEM private key content or certificate key file paths (.pem, .key, .p12, .pfx) are detected. AI chat services must not receive certificate credentials.")
+@id("data-protection.block-pem-keys")
+@name("Block PEM and certificate keys")
+@description("Blocks process_prompt and upload_file when secret_types contains \"pem_certificate\".")
 @severity("critical")
-@tags("secrets,certificates,pem,nist-ia-5,mitre-t1552")
-@reject_message("Blocked: PEM private key or certificate key file detected. AI chat services must not receive certificate credentials.")
+@tags("category:data-protection,threat:secrets,detection:rule,compliance:nist-si-3")
+@reject_message("Content blocked: PEM private key or certificate key file detected.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -102,13 +109,12 @@ when {
     context has secret_types && context.secret_types.contains("pem_certificate")
 };
-// Block bulk secret exposure
-@id("sentry-org-block-bulk-secrets")
+@id("data-protection.block-secrets-bulk")
 @name("Block bulk secret exposure")
-@description("Block messages and file uploads when 3+ distinct secrets are found. Multiple secrets indicate a configuration dump, .env file paste, or credential harvesting being sent to AI services.")
+@description("Blocks process_prompt and upload_file when secret_count >= 3.")
 @severity("critical")
-@tags("secrets,bulk,data-exfiltration,nist-sc-28")
-@reject_message("Content blocked: multiple credentials detected (3+). Configuration dumps and credential lists must never be shared with AI services.")
+@tags("category:data-protection,threat:secrets,threat:exfiltration,detection:aggregate,owasp:llm06")
+@reject_message("Content blocked: multiple credentials detected (3+) — possible configuration dump or credential harvesting.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -118,13 +124,12 @@ when {
     context has secret_count && context.secret_count >= 3
 };
-// Block detected credential patterns
-@id("sentry-org-block-detected-credentials")
+@id("data-protection.block-credential-patterns")
 @name("Block detected credential patterns")
-@description("Block messages and file uploads flagged by detection engine rules for credential exposure, API key leaks, and token exposure. Defense-in-depth behind contains_secrets.")
+@description("Blocks process_prompt and upload_file when detected_threats contains a credential-pattern rule trigger.")
 @severity("critical")
-@tags("secrets,credentials,detection-rules,nist-ia-5")
-@reject_message("Content blocked: detection engines identified credential patterns including secret exposure, API keys, or token leaks.")
+@tags("category:data-protection,threat:secrets,detection:rule,owasp:llm06")
+@reject_message("Content blocked: detection engines identified credential patterns (secret exposure, API key leaks, or token exposure).")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -132,7 +137,9 @@ forbid (
 )
 when {
     context has detected_threats &&
-    (context.detected_threats.contains("secret_exposure") ||
-     context.detected_threats.contains("credential_leak") ||
-     context.detected_threats.contains("api_key_exposure"))
+    (
+        context.detected_threats.contains("secret_exposure") ||
+        context.detected_threats.contains("credential_leak") ||
+        context.detected_threats.contains("api_key_exposure")
+    )
 };

package/_schemas/sentry/templates/defaults/semantic.cedar CHANGED Viewed

@@ -1,39 +1,35 @@
 // =============================================================================
-// Semantic Threat Detection Policy (Default)
+// Semantic Threat Detection (Default)
 // =============================================================================
-// Detects and blocks prompt injection, jailbreak attempts, and high-severity
-// threats across browser AI interactions: messages and file uploads.
-// Paste-targeted semantic rules live in clipboard.cedar.
+// Blocks prompt injection, jailbreak attempts, and high-severity threats in
+// messages and file uploads. Paste-targeted semantic rules live in
+// clipboard.cedar.
 //
-// Uses multi-layered detection from Shield:
-//   1. ML classifier scores (injection_score, jailbreak_score)
-//   2. Detection engine rule triggers (detected_threats)
-//   3. Threat severity aggregation (max_threat_severity, highest_severity)
+// Detection layers:
+//   - Rule triggers (detected_threats) — always available
+//   - ML classifier scores (injection_score, jailbreak_score) — require API token
+//   - Threat severity aggregation (highest_severity) — catch-all
+//
+// Context keys consumed:
+//   - detected_threats:   Set<String>
+//   - injection_score:    Long (0-100)
+//   - jailbreak_score:    Long (0-100)
+//   - highest_severity:   String
 //
 // Compliance:
-//   OWASP LLM01 (Prompt Injection) — direct + indirect
-//   OWASP LLM02 (Insecure Output Handling)
-//   MITRE ATLAS AML.T0051 (LLM Prompt Injection)
-//   MITRE ATLAS AML.T0054 (LLM Jailbreak)
-//   NIST 800-53 SI-3, SI-4
+//   - OWASP LLM01, LLM02; MITRE ATLAS AML.T0051, AML.T0054
+//   - NIST 800-53 SI-3, SI-4
 //
-// Category: semantic
+// Category:  semantic
 // Namespace: Sentry
 // =============================================================================
-// ---------------------------------------------------------------------------
-// Section 1: Prompt Injection Detection
-// Blocks injection attempts in messages and uploaded files.
-// Paste-targeted injection rules live in clipboard.cedar.
-// ---------------------------------------------------------------------------
-// Block messages with prompt injection patterns
-@id("sentry-semantic-block-injection")
-@name("Block prompt injection")
-@description("Block messages when detection engine rules identify prompt injection patterns. Catches instruction override, role assumption, and manipulation techniques in user input (OWASP LLM01).")
+@id("semantic.block-injection-rule")
+@name("Block injection (rule)")
+@description("Blocks process_prompt when detected_threats contains \"prompt_injection\".")
 @severity("critical")
-@tags("injection,security,owasp-llm01,mitre-aml-t0051,baseline")
-@reject_message("Content blocked: prompt injection patterns were detected. This prevents manipulation of AI agent behavior. Remove adversarial instructions and try again.")
+@tags("category:semantic,threat:injection,detection:rule,surface:process-prompt,owasp:llm01,mitre:atlas-t0051")
+@reject_message("Prompt blocked: prompt injection patterns detected (OWASP LLM01).")
 forbid (
     principal,
     action == Sentry::Action::"process_prompt",
@@ -43,12 +39,11 @@ when {
     context has detected_threats && context.detected_threats.contains("prompt_injection")
 };
-// Block content with high ML injection confidence
-@id("sentry-semantic-block-injection-score")
-@name("Block high-confidence injection")
-@description("Block content when the ML injection classifier confidence exceeds threshold (75/100). Catches novel injection techniques including polymorphic payloads, encoding tricks, and obfuscated instructions.")
+@id("semantic.block-injection-ml")
+@name("Block injection (ML)")
+@description("Blocks process_prompt and upload_file when injection_score >= 75.")
 @severity("critical")
-@tags("injection,ml-classifier,security,owasp-llm01")
+@tags("category:semantic,threat:injection,detection:ml,owasp:llm01,mitre:atlas-t0051")
 @reject_message("Content blocked: the ML classifier detected prompt injection with high confidence.")
 forbid (
     principal,
@@ -59,18 +54,12 @@ when {
     context has injection_score && context.injection_score >= 75
 };
-// ---------------------------------------------------------------------------
-// Section 2: Jailbreak Detection
-// Blocks jailbreak attempts in messages sent to AI services.
-// ---------------------------------------------------------------------------
-// Block messages with jailbreak attempts
-@id("sentry-semantic-block-jailbreak")
-@name("Block jailbreak attempts")
-@description("Block messages when detection engine rules identify jailbreak patterns: DAN-style prompts, role-play exploits, safety bypass instructions, and constraint removal attempts (OWASP LLM02).")
+@id("semantic.block-jailbreak-rule")
+@name("Block jailbreak (rule)")
+@description("Blocks process_prompt when detected_threats contains \"jailbreak\".")
 @severity("critical")
-@tags("jailbreak,bypass,security,owasp-llm02,mitre-aml-t0054,baseline")
-@reject_message("Content blocked: jailbreak patterns were detected. This prevents circumvention of AI safety controls.")
+@tags("category:semantic,threat:jailbreak,detection:rule,surface:process-prompt,owasp:llm02,mitre:atlas-t0054")
+@reject_message("Prompt blocked: jailbreak patterns detected (OWASP LLM02).")
 forbid (
     principal,
     action == Sentry::Action::"process_prompt",
@@ -80,13 +69,12 @@ when {
     context has detected_threats && context.detected_threats.contains("jailbreak")
 };
-// Block content with high ML jailbreak confidence
-@id("sentry-semantic-block-jailbreak-score")
-@name("Block high-confidence jailbreak")
-@description("Block content when the ML jailbreak classifier exceeds threshold (75/100). Catches sophisticated jailbreak techniques including multi-turn manipulation and encoded payloads.")
+@id("semantic.block-jailbreak-ml")
+@name("Block jailbreak (ML)")
+@description("Blocks process_prompt when jailbreak_score >= 75.")
 @severity("critical")
-@tags("jailbreak,ml-classifier,security,owasp-llm02")
-@reject_message("Content blocked: the ML classifier detected a jailbreak attempt with high confidence.")
+@tags("category:semantic,threat:jailbreak,detection:ml,surface:process-prompt,owasp:llm02,mitre:atlas-t0054")
+@reject_message("Prompt blocked: the ML classifier detected a jailbreak attempt with high confidence.")
 forbid (
     principal,
     action == Sentry::Action::"process_prompt",
@@ -96,18 +84,12 @@ when {
     context has jailbreak_score && context.jailbreak_score >= 75
 };
-// ---------------------------------------------------------------------------
-// Section 3: Threat Severity Aggregation
-// Catch-all rules based on aggregated threat severity across all detectors.
-// ---------------------------------------------------------------------------
-// Block any content with critical severity threats
-@id("sentry-semantic-block-critical")
+@id("semantic.block-critical")
 @name("Block critical threats")
-@description("Block messages and file uploads when any detection engine reports critical severity. This is the ultimate catch-all for critical-severity threats regardless of type or source.")
+@description("Blocks process_prompt and upload_file when highest_severity equals \"critical\".")
 @severity("critical")
-@tags("critical,baseline,security,catch-all")
-@reject_message("Content blocked: security scanners detected a critical-severity threat. This content cannot be processed by AI services.")
+@tags("category:semantic,detection:aggregate,posture:catch-all")
+@reject_message("Content blocked: a critical-severity threat was reported by at least one detector.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -116,4 +98,3 @@ forbid (
 when {
     context has highest_severity && context.highest_severity == "critical"
 };

package/_schemas/sentry/templates/templates.json CHANGED Viewed

@@ -1,119 +1,129 @@
 {
   "service": "sentry",
-  "version": "1.1.0",
+  "version": "2.0.0",
   "description": "Sentry policy templates for browser AI security",
   "categories": [
     {
-      "id": "secrets",
-      "name": "Secrets Detection",
-      "description": "Detect and block secrets, API keys, tokens, and other credentials in messages and AI responses"
+      "id": "data-protection",
+      "name": "Secrets & Data Protection",
+      "description": "Block secrets, API keys, tokens, and credentials in messages and uploads."
     },
     {
-      "id": "pii",
+      "id": "privacy",
       "name": "PII Detection",
-      "description": "Detect and block personally identifiable information (PII) such as credit card numbers, SSNs, health data, and other sensitive personal data from being shared with AI chat services"
+      "description": "Block personally identifiable information across messages and uploads."
     },
     {
       "id": "semantic",
       "name": "Semantic Threat Detection",
-      "description": "Detect and block prompt injection, jailbreak attempts, and high-severity threats in messages, pasted content, and uploaded files"
+      "description": "Block prompt injection, jailbreak attempts, and high-severity threats."
     },
     {
-      "id": "content_safety",
+      "id": "trust-safety",
       "name": "Content Safety",
-      "description": "Detect and block violent, harmful, hateful, sexual, and profane content in AI interactions across messages, paste, and file uploads"
+      "description": "Block violent, harmful, hateful, sexual, or profane content."
     },
     {
-      "id": "file_safety",
+      "id": "file-safety",
       "name": "File & Attachment Safety",
-      "description": "Block file uploads containing secrets or PII in document content"
+      "description": "Block file uploads containing secrets or PII."
     },
     {
       "id": "clipboard",
       "name": "Clipboard Policy",
-      "description": "Control paste operations into AI chat services — block paste outright, block when secrets, PII, source code, large threat-laden pastes, encoded payloads, or invisible characters are detected"
+      "description": "Control paste operations into AI chat services."
     },
     {
       "id": "organization",
       "name": "Organization Rules",
-      "description": "Cross-cutting organization-wide rules: session-aware threat escalation"
+      "description": "Organization-wide baselines and session-aware threat escalation."
     }
   ],
   "defaults": [
     {
-      "id": "sentry-baseline-default",
+      "id": "organization.permit-baseline",
       "name": "Baseline Permit",
-      "description": "Permits all actions by default — threat-specific forbid policies override this when threats are detected",
+      "description": "Permits all actions by default; threat-specific forbid policies override this when detectors fire.",
       "category": "organization",
       "file": "defaults/baseline.cedar",
       "severity": "low",
-      "tags": ["baseline", "permit-default", "organization"],
+      "tags": ["category:organization", "posture:permit-default"],
       "is_active": true
     }
   ],
   "templates": [
     {
-      "id": "sentry-semantic-default",
+      "id": "organization.permit-baseline",
+      "name": "Baseline Permit",
+      "description": "Permits all actions by default; threat-specific forbid policies override this when detectors fire.",
+      "category": "organization",
+      "file": "defaults/baseline.cedar",
+      "severity": "low",
+      "tags": ["category:organization", "posture:permit-default"],
+      "auto_deploy": true
+    },
+    {
+      "id": "semantic.defaults",
       "name": "Semantic Threat Detection",
-      "description": "Detect and block prompt injection, jailbreak attempts, and high-severity threats across messages, paste, and file uploads",
+      "description": "Block prompt injection, jailbreak attempts, and critical-severity threats in messages and uploads.",
       "category": "semantic",
       "file": "defaults/semantic.cedar",
       "severity": "critical",
-      "tags": ["injection", "jailbreak", "owasp-llm01", "owasp-llm02", "baseline"]
+      "tags": ["category:semantic", "threat:injection", "threat:jailbreak", "owasp:llm01", "owasp:llm02"]
     },
     {
-      "id": "sentry-content-safety-default",
+      "id": "trust-safety.defaults",
       "name": "Content Safety",
-      "description": "Detect and block violent, harmful, hateful, sexual, and profane content across messages, paste, and file uploads",
-      "category": "content_safety",
+      "description": "Block violent, weapons, hateful, criminal, sexual, or excessively profane content.",
+      "category": "trust-safety",
       "file": "defaults/content_safety.cedar",
       "severity": "critical",
-      "tags": ["violence", "hate-speech", "sexual", "profanity", "content-safety", "baseline"]
+      "tags": ["category:trust-safety", "threat:harmful", "threat:hate-speech", "compliance:eu-ai-act", "compliance:iso-42001"]
     },
     {
-      "id": "sentry-secrets-default",
+      "id": "data-protection.defaults",
       "name": "Secrets Detection",
-      "description": "Block secrets, API keys, tokens, and credential leakage in messages and AI responses across all interactions",
-      "category": "secrets",
+      "description": "Block secrets, API keys, tokens, and credential leakage in messages and AI responses.",
+      "category": "data-protection",
       "file": "defaults/secrets.cedar",
       "severity": "critical",
-      "tags": ["secrets", "credentials", "api-keys", "data-protection"]
+      "tags": ["category:data-protection", "threat:secrets", "owasp:llm06"]
     },
     {
-      "id": "sentry-pii-default",
+      "id": "privacy.defaults",
       "name": "PII Detection",
-      "description": "Detect and block credit card numbers, SSNs, health data, and other PII in messages, pasted content, file uploads, and AI responses",
-      "category": "pii",
+      "description": "Block credit card numbers, SSNs, passport/IBAN, and other PII across messages and file uploads.",
+      "category": "privacy",
       "file": "defaults/pii.cedar",
       "severity": "critical",
-      "tags": ["pii", "privacy", "compliance", "pci-dss", "gdpr", "hipaa", "baseline"]
+      "tags": ["category:privacy", "threat:pii", "compliance:pci-dss", "compliance:gdpr", "compliance:hipaa"]
     },
     {
-      "id": "sentry-file-safety-default",
+      "id": "file-safety.defaults",
       "name": "File & Attachment Safety",
-      "description": "Block file uploads containing secrets or PII in document content",
-      "category": "file_safety",
+      "description": "Block file uploads containing secrets or PII in document content.",
+      "category": "file-safety",
       "file": "defaults/file_safety.cedar",
       "severity": "critical",
-      "tags": ["file-upload", "secrets", "pii", "dlp"]
+      "tags": ["category:file-safety", "threat:secrets", "threat:pii"]
     },
     {
-      "id": "sentry-clipboard-default",
+      "id": "clipboard.defaults",
       "name": "Clipboard Policy",
-      "description": "Control paste into AI chat services: blanket paste blocking, paste-with-secrets, paste-with-PII, paste-with-source-code, large pastes carrying threats, encoded injection payloads, and invisible-character payloads",
+      "description": "Block all-paste, paste-with-secrets, paste-with-PII, encoded payload pastes, and pastes with invisible characters.",
       "category": "clipboard",
       "file": "defaults/clipboard.cedar",
-      "severity": "high",
-      "tags": ["paste", "clipboard", "data-protection", "source-code", "secrets", "pii", "encoding", "invisible-chars"]
+      "severity": "critical",
+      "tags": ["category:clipboard", "threat:secrets", "threat:pii", "threat:encoded-payload", "threat:invisible-chars"]
     },
     {
-      "id": "sentry-organization-default",
-      "name": "Organization Rules",
-      "description": "Cross-cutting organization-wide policies: session-aware threat escalation",
+      "id": "organization.block-session-threat-escalation",
+      "name": "Session Threat Escalation",
+      "description": "Block all actions when threats have been detected in 3+ turns of the session.",
       "category": "organization",
       "file": "defaults/organization.cedar",
       "severity": "high",
-      "tags": ["session", "escalation", "organization"]
+      "tags": ["category:organization", "detection:aggregate", "posture:catch-all"]
     }
   ]
 }

package/dist/ai_gateway-context.gen.d.ts CHANGED Viewed

@@ -5,17 +5,16 @@
  * AiGateway Cedar schema and are used at policy evaluation time.
  */
 export declare const AiGatewayContextKey: {
-    readonly ContainsInvisibleChars: "contains_invisible_chars";
-    readonly ContainsSecrets: "contains_secrets";
     readonly Content: "content";
     readonly CrimeScore: "crime_score";
     readonly DetectedThreats: "detected_threats";
     readonly HateSpeechScore: "hate_speech_score";
     readonly HighestSeverity: "highest_severity";
     readonly IndirectInjectionScore: "indirect_injection_score";
-    readonly InjectionConfidence: "injection_confidence";
+    readonly InjectionScore: "injection_score";
+    readonly InvisibleCharsDetected: "invisible_chars_detected";
     readonly InvisibleCharsScore: "invisible_chars_score";
-    readonly JailbreakConfidence: "jailbreak_confidence";
+    readonly JailbreakScore: "jailbreak_score";
     readonly LoopCount: "loop_count";
     readonly LoopDetected: "loop_detected";
     readonly MaxThreatSeverity: "max_threat_severity";
@@ -29,13 +28,28 @@ export declare const AiGatewayContextKey: {
     readonly PatternType: "pattern_type";
     readonly PiiCount: "pii_count";
     readonly PiiDetected: "pii_detected";
+    readonly PiiScore: "pii_score";
     readonly PiiTypes: "pii_types";
     readonly ProfanityScore: "profanity_score";
     readonly RugPullDetected: "rug_pull_detected";
     readonly RugPullScore: "rug_pull_score";
     readonly SecretCount: "secret_count";
     readonly SecretTypes: "secret_types";
+    readonly SecretsDetected: "secrets_detected";
     readonly SequenceRisk: "sequence_risk";
+    readonly SessionCommandInjection: "session_command_injection";
+    readonly SessionCumulativeRiskScore: "session_cumulative_risk_score";
+    readonly SessionInjectionDetected: "session_injection_detected";
+    readonly SessionMaxCommandInjectionScore: "session_max_command_injection_score";
+    readonly SessionMaxInjectionScore: "session_max_injection_score";
+    readonly SessionMaxJailbreakScore: "session_max_jailbreak_score";
+    readonly SessionMaxPiiScore: "session_max_pii_score";
+    readonly SessionMaxSecretScore: "session_max_secret_score";
+    readonly SessionPiiDetected: "session_pii_detected";
+    readonly SessionPiiTypes: "session_pii_types";
+    readonly SessionSecretTypes: "session_secret_types";
+    readonly SessionSecretsDetected: "session_secrets_detected";
+    readonly SessionThreatTurns: "session_threat_turns";
     readonly SexualScore: "sexual_score";
     readonly SuspiciousPattern: "suspicious_pattern";
     readonly ThreatCategories: "threat_categories";

package/dist/ai_gateway-context.gen.js CHANGED Viewed

@@ -7,17 +7,16 @@
  * AiGateway Cedar schema and are used at policy evaluation time.
  */
 export const AiGatewayContextKey = {
-    ContainsInvisibleChars: 'contains_invisible_chars',
-    ContainsSecrets: 'contains_secrets',
     Content: 'content',
     CrimeScore: 'crime_score',
     DetectedThreats: 'detected_threats',
     HateSpeechScore: 'hate_speech_score',
     HighestSeverity: 'highest_severity',
     IndirectInjectionScore: 'indirect_injection_score',
-    InjectionConfidence: 'injection_confidence',
+    InjectionScore: 'injection_score',
+    InvisibleCharsDetected: 'invisible_chars_detected',
     InvisibleCharsScore: 'invisible_chars_score',
-    JailbreakConfidence: 'jailbreak_confidence',
+    JailbreakScore: 'jailbreak_score',
     LoopCount: 'loop_count',
     LoopDetected: 'loop_detected',
     MaxThreatSeverity: 'max_threat_severity',
@@ -31,13 +30,28 @@ export const AiGatewayContextKey = {
     PatternType: 'pattern_type',
     PiiCount: 'pii_count',
     PiiDetected: 'pii_detected',
+    PiiScore: 'pii_score',
     PiiTypes: 'pii_types',
     ProfanityScore: 'profanity_score',
     RugPullDetected: 'rug_pull_detected',
     RugPullScore: 'rug_pull_score',
     SecretCount: 'secret_count',
     SecretTypes: 'secret_types',
+    SecretsDetected: 'secrets_detected',
     SequenceRisk: 'sequence_risk',
+    SessionCommandInjection: 'session_command_injection',
+    SessionCumulativeRiskScore: 'session_cumulative_risk_score',
+    SessionInjectionDetected: 'session_injection_detected',
+    SessionMaxCommandInjectionScore: 'session_max_command_injection_score',
+    SessionMaxInjectionScore: 'session_max_injection_score',
+    SessionMaxJailbreakScore: 'session_max_jailbreak_score',
+    SessionMaxPiiScore: 'session_max_pii_score',
+    SessionMaxSecretScore: 'session_max_secret_score',
+    SessionPiiDetected: 'session_pii_detected',
+    SessionPiiTypes: 'session_pii_types',
+    SessionSecretTypes: 'session_secret_types',
+    SessionSecretsDetected: 'session_secrets_detected',
+    SessionThreatTurns: 'session_threat_turns',
     SexualScore: 'sexual_score',
     SuspiciousPattern: 'suspicious_pattern',
     ThreatCategories: 'threat_categories',