npm - @highflame/policy - Versions diffs - 2.1.35 → 2.1.37 - Mend

@highflame/policy 2.1.35 → 2.1.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (81) hide show

package/dist/builder.d.ts CHANGED Viewed

@@ -49,7 +49,8 @@ export declare function isValidIdentifier(s: string): boolean;
 export declare function sanitizeIdentifier(s: string, context: string): string;
 /**
  * Validate a raw condition string for potentially dangerous patterns.
- * Returns true if the condition is safe to use.
+ * String literals are stripped first so `like` patterns such as "/etc/*"
+ * don't false-positive on the block-comment detector.
  */
 export declare function isValidRawCondition(condition: string): boolean;
 /**

package/dist/builder.js CHANGED Viewed

@@ -71,12 +71,15 @@ export function sanitizeIdentifier(s, context) {
     }
     return sanitized;
 }
+const STRING_LITERAL_REGEX = /"(?:[^"\\]|\\.)*"/g;
 /**
  * Validate a raw condition string for potentially dangerous patterns.
- * Returns true if the condition is safe to use.
+ * String literals are stripped first so `like` patterns such as "/etc/*"
+ * don't false-positive on the block-comment detector.
  */
 export function isValidRawCondition(condition) {
-    return !DANGEROUS_PATTERN_REGEX.test(condition);
+    const stripped = condition.replace(STRING_LITERAL_REGEX, '""');
+    return !DANGEROUS_PATTERN_REGEX.test(stripped);
 }
 /**
  * Format an action string for Cedar policy text.

package/dist/guardrails-context.gen.d.ts CHANGED Viewed

@@ -18,9 +18,7 @@ export declare const GuardrailsContextKey: {
     readonly CommandInjectionScore: "command_injection_score";
     readonly CommandInjectionType: "command_injection_type";
     readonly ContainsCode: "contains_code";
-    readonly ContainsInvisibleChars: "contains_invisible_chars";
     readonly ContainsNonAscii: "contains_non_ascii";
-    readonly ContainsSecrets: "contains_secrets";
     readonly ContentSafetyBlocked: "content_safety_blocked";
     readonly ContentSafetyScore: "content_safety_score";
     readonly ContentTopics: "content_topics";
@@ -44,16 +42,17 @@ export declare const GuardrailsContextKey: {
     readonly HighestSeverity: "highest_severity";
     readonly IndirectInjectionScore: "indirect_injection_score";
     readonly IndirectInjectionType: "indirect_injection_type";
-    readonly InjectionConfidence: "injection_confidence";
     readonly InjectionDeepContextScore: "injection_deep_context_score";
     readonly InjectionPulseScore: "injection_pulse_score";
+    readonly InjectionScore: "injection_score";
     readonly InjectionType: "injection_type";
+    readonly InvisibleCharsDetected: "invisible_chars_detected";
     readonly InvisibleCharsScore: "invisible_chars_score";
     readonly IsEnglish: "is_english";
     readonly IsLatinScript: "is_latin_script";
-    readonly JailbreakConfidence: "jailbreak_confidence";
     readonly JailbreakDeepContextScore: "jailbreak_deep_context_score";
     readonly JailbreakPulseScore: "jailbreak_pulse_score";
+    readonly JailbreakScore: "jailbreak_score";
     readonly KeywordCategories: "keyword_categories";
     readonly KeywordCount: "keyword_count";
     readonly KeywordMatched: "keyword_matched";
@@ -74,9 +73,9 @@ export declare const GuardrailsContextKey: {
     readonly PathTraversalType: "path_traversal_type";
     readonly PatternType: "pattern_type";
     readonly PhishingDetected: "phishing_detected";
-    readonly PiiConfidence: "pii_confidence";
     readonly PiiCount: "pii_count";
     readonly PiiDetected: "pii_detected";
+    readonly PiiScore: "pii_score";
     readonly PiiTypes: "pii_types";
     readonly ProfanityScore: "profanity_score";
     readonly RequestId: "request_id";
@@ -86,6 +85,7 @@ export declare const GuardrailsContextKey: {
     readonly ScriptConfidence: "script_confidence";
     readonly SecretCount: "secret_count";
     readonly SecretTypes: "secret_types";
+    readonly SecretsDetected: "secrets_detected";
     readonly SentimentScore: "sentiment_score";
     readonly SequenceRisk: "sequence_risk";
     readonly SessionCommandInjection: "session_command_injection";

package/dist/guardrails-context.gen.js CHANGED Viewed

@@ -20,9 +20,7 @@ export const GuardrailsContextKey = {
     CommandInjectionScore: 'command_injection_score',
     CommandInjectionType: 'command_injection_type',
     ContainsCode: 'contains_code',
-    ContainsInvisibleChars: 'contains_invisible_chars',
     ContainsNonAscii: 'contains_non_ascii',
-    ContainsSecrets: 'contains_secrets',
     ContentSafetyBlocked: 'content_safety_blocked',
     ContentSafetyScore: 'content_safety_score',
     ContentTopics: 'content_topics',
@@ -46,16 +44,17 @@ export const GuardrailsContextKey = {
     HighestSeverity: 'highest_severity',
     IndirectInjectionScore: 'indirect_injection_score',
     IndirectInjectionType: 'indirect_injection_type',
-    InjectionConfidence: 'injection_confidence',
     InjectionDeepContextScore: 'injection_deep_context_score',
     InjectionPulseScore: 'injection_pulse_score',
+    InjectionScore: 'injection_score',
     InjectionType: 'injection_type',
+    InvisibleCharsDetected: 'invisible_chars_detected',
     InvisibleCharsScore: 'invisible_chars_score',
     IsEnglish: 'is_english',
     IsLatinScript: 'is_latin_script',
-    JailbreakConfidence: 'jailbreak_confidence',
     JailbreakDeepContextScore: 'jailbreak_deep_context_score',
     JailbreakPulseScore: 'jailbreak_pulse_score',
+    JailbreakScore: 'jailbreak_score',
     KeywordCategories: 'keyword_categories',
     KeywordCount: 'keyword_count',
     KeywordMatched: 'keyword_matched',
@@ -76,9 +75,9 @@ export const GuardrailsContextKey = {
     PathTraversalType: 'path_traversal_type',
     PatternType: 'pattern_type',
     PhishingDetected: 'phishing_detected',
-    PiiConfidence: 'pii_confidence',
     PiiCount: 'pii_count',
     PiiDetected: 'pii_detected',
+    PiiScore: 'pii_score',
     PiiTypes: 'pii_types',
     ProfanityScore: 'profanity_score',
     RequestId: 'request_id',
@@ -88,6 +87,7 @@ export const GuardrailsContextKey = {
     ScriptConfidence: 'script_confidence',
     SecretCount: 'secret_count',
     SecretTypes: 'secret_types',
+    SecretsDetected: 'secrets_detected',
     SentimentScore: 'sentiment_score',
     SequenceRisk: 'sequence_risk',
     SessionCommandInjection: 'session_command_injection',

package/dist/guardrails-defaults.gen.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@
  * Guardrails policy category identifiers.
  * Maps to UI tab names in Studio.
  */
-export type GuardrailsCategory = 'security' | 'privacy' | 'trust_safety' | 'agentic_security' | 'agent_identity' | 'organization';
+export type GuardrailsCategory = 'security' | 'privacy' | 'data-protection' | 'trust-safety' | 'tools' | 'agent-security' | 'agent-identity' | 'organization';
 /**
  * Category metadata for UI display.
  */
@@ -50,6 +50,9 @@ export interface GuardrailsTemplate {
     severity: string;
     /** Tags for filtering */
     tags: string[];
+    /** True when ensure-defaults should auto-seed this template at
+     *  project creation. See schemas/*\/templates.json. Defaults to false. */
+    autoDeploy?: boolean;
 }
 export declare const GUARDRAILS_CATEGORIES: GuardrailsCategoryInfo[];
 export declare const GUARDRAILS_DEFAULTS: GuardrailsDefaultPolicy[];