@highflame/policy 2.1.35 → 2.1.37

package/dist/sentry-defaults.gen.js

@@ -7,67 +7,59 @@
 // =============================================================================
 // EMBEDDED CEDAR POLICY TEXT
 // =============================================================================
-const SENTRY_SENTRY_BASELINE_DEFAULT_CEDAR = `// =============================================================================
-// Baseline Permit Policy (Default)
+const SENTRY_ORGANIZATION_PERMIT_BASELINE_CEDAR = `// =============================================================================
+// Baseline Permit (Default)
 // =============================================================================
-// Permits all actions by default. Threat-specific forbid policies override
-// this to block when detection engines identify issues.
+// Permits all Sentry actions by default. Threat-specific forbid policies
+// override this when detectors fire.
 //
-// Cedar is default-deny: without at least one permit rule, every request
-// is denied regardless of forbid rules. This baseline ensures the system
-// is "allow unless blocked" rather than "block everything".
-//
-// Category: organization
+// Category:  organization
 // Namespace: Sentry
 // =============================================================================
 
-@id("sentry-baseline-permit-all")
-@name("Permit all actions by default")
-@description("Baseline permit for all actions — threat-specific forbid policies override this when threats are detected")
+@id("organization.permit-baseline")
+@name("Permit baseline")
+@description("Permits all Sentry actions.")
 @severity("low")
-@tags("baseline,permit-default,organization")
+@tags("category:organization,posture:permit-default")
 permit (
     principal,
     action,
     resource
 );
 `;
-const SENTRY_SENTRY_SEMANTIC_DEFAULT_CEDAR = `// =============================================================================
-// Semantic Threat Detection Policy (Default)
+const SENTRY_SEMANTIC_DEFAULTS_CEDAR = `// =============================================================================
+// Semantic Threat Detection (Default)
 // =============================================================================
-// Detects and blocks prompt injection, jailbreak attempts, and high-severity
-// threats across browser AI interactions: messages and file uploads.
-// Paste-targeted semantic rules live in clipboard.cedar.
+// Blocks prompt injection, jailbreak attempts, and high-severity threats in
+// messages and file uploads. Paste-targeted semantic rules live in
+// clipboard.cedar.
+//
+// Detection layers:
+//   - Rule triggers (detected_threats) — always available
+//   - ML classifier scores (injection_score, jailbreak_score) — require API token
+//   - Threat severity aggregation (highest_severity) — catch-all
 //
-// Uses multi-layered detection from Shield:
-//   1. ML classifier scores (injection_score, jailbreak_score)
-//   2. Detection engine rule triggers (detected_threats)
-//   3. Threat severity aggregation (max_threat_severity, highest_severity)
+// Context keys consumed:
+//   - detected_threats:   Set<String>
+//   - injection_score:    Long (0-100)
+//   - jailbreak_score:    Long (0-100)
+//   - highest_severity:   String
 //
 // Compliance:
-//   OWASP LLM01 (Prompt Injection) — direct + indirect
-//   OWASP LLM02 (Insecure Output Handling)
-//   MITRE ATLAS AML.T0051 (LLM Prompt Injection)
-//   MITRE ATLAS AML.T0054 (LLM Jailbreak)
-//   NIST 800-53 SI-3, SI-4
+//   - OWASP LLM01, LLM02; MITRE ATLAS AML.T0051, AML.T0054
+//   - NIST 800-53 SI-3, SI-4
 //
-// Category: semantic
+// Category:  semantic
 // Namespace: Sentry
 // =============================================================================
 
-// ---------------------------------------------------------------------------
-// Section 1: Prompt Injection Detection
-// Blocks injection attempts in messages and uploaded files.
-// Paste-targeted injection rules live in clipboard.cedar.
-// ---------------------------------------------------------------------------
-
-// Block messages with prompt injection patterns
-@id("sentry-semantic-block-injection")
-@name("Block prompt injection")
-@description("Block messages when detection engine rules identify prompt injection patterns. Catches instruction override, role assumption, and manipulation techniques in user input (OWASP LLM01).")
+@id("semantic.block-injection-rule")
+@name("Block injection (rule)")
+@description("Blocks process_prompt when detected_threats contains \\"prompt_injection\\".")
 @severity("critical")
-@tags("injection,security,owasp-llm01,mitre-aml-t0051,baseline")
-@reject_message("Content blocked: prompt injection patterns were detected. This prevents manipulation of AI agent behavior. Remove adversarial instructions and try again.")
+@tags("category:semantic,threat:injection,detection:rule,surface:process-prompt,owasp:llm01,mitre:atlas-t0051")
+@reject_message("Prompt blocked: prompt injection patterns detected (OWASP LLM01).")
 forbid (
     principal,
     action == Sentry::Action::"process_prompt",
@@ -77,12 +69,11 @@ when {
     context has detected_threats && context.detected_threats.contains("prompt_injection")
 };
 
-// Block content with high ML injection confidence
-@id("sentry-semantic-block-injection-score")
-@name("Block high-confidence injection")
-@description("Block content when the ML injection classifier confidence exceeds threshold (75/100). Catches novel injection techniques including polymorphic payloads, encoding tricks, and obfuscated instructions.")
+@id("semantic.block-injection-ml")
+@name("Block injection (ML)")
+@description("Blocks process_prompt and upload_file when injection_score >= 75.")
 @severity("critical")
-@tags("injection,ml-classifier,security,owasp-llm01")
+@tags("category:semantic,threat:injection,detection:ml,owasp:llm01,mitre:atlas-t0051")
 @reject_message("Content blocked: the ML classifier detected prompt injection with high confidence.")
 forbid (
     principal,
@@ -93,18 +84,12 @@ when {
     context has injection_score && context.injection_score >= 75
 };
 
-// ---------------------------------------------------------------------------
-// Section 2: Jailbreak Detection
-// Blocks jailbreak attempts in messages sent to AI services.
-// ---------------------------------------------------------------------------
-
-// Block messages with jailbreak attempts
-@id("sentry-semantic-block-jailbreak")
-@name("Block jailbreak attempts")
-@description("Block messages when detection engine rules identify jailbreak patterns: DAN-style prompts, role-play exploits, safety bypass instructions, and constraint removal attempts (OWASP LLM02).")
+@id("semantic.block-jailbreak-rule")
+@name("Block jailbreak (rule)")
+@description("Blocks process_prompt when detected_threats contains \\"jailbreak\\".")
 @severity("critical")
-@tags("jailbreak,bypass,security,owasp-llm02,mitre-aml-t0054,baseline")
-@reject_message("Content blocked: jailbreak patterns were detected. This prevents circumvention of AI safety controls.")
+@tags("category:semantic,threat:jailbreak,detection:rule,surface:process-prompt,owasp:llm02,mitre:atlas-t0054")
+@reject_message("Prompt blocked: jailbreak patterns detected (OWASP LLM02).")
 forbid (
     principal,
     action == Sentry::Action::"process_prompt",
@@ -114,13 +99,12 @@ when {
     context has detected_threats && context.detected_threats.contains("jailbreak")
 };
 
-// Block content with high ML jailbreak confidence
-@id("sentry-semantic-block-jailbreak-score")
-@name("Block high-confidence jailbreak")
-@description("Block content when the ML jailbreak classifier exceeds threshold (75/100). Catches sophisticated jailbreak techniques including multi-turn manipulation and encoded payloads.")
+@id("semantic.block-jailbreak-ml")
+@name("Block jailbreak (ML)")
+@description("Blocks process_prompt when jailbreak_score >= 75.")
 @severity("critical")
-@tags("jailbreak,ml-classifier,security,owasp-llm02")
-@reject_message("Content blocked: the ML classifier detected a jailbreak attempt with high confidence.")
+@tags("category:semantic,threat:jailbreak,detection:ml,surface:process-prompt,owasp:llm02,mitre:atlas-t0054")
+@reject_message("Prompt blocked: the ML classifier detected a jailbreak attempt with high confidence.")
 forbid (
     principal,
     action == Sentry::Action::"process_prompt",
@@ -130,18 +114,12 @@ when {
     context has jailbreak_score && context.jailbreak_score >= 75
 };
 
-// ---------------------------------------------------------------------------
-// Section 3: Threat Severity Aggregation
-// Catch-all rules based on aggregated threat severity across all detectors.
-// ---------------------------------------------------------------------------
-
-// Block any content with critical severity threats
-@id("sentry-semantic-block-critical")
+@id("semantic.block-critical")
 @name("Block critical threats")
-@description("Block messages and file uploads when any detection engine reports critical severity. This is the ultimate catch-all for critical-severity threats regardless of type or source.")
+@description("Blocks process_prompt and upload_file when highest_severity equals \\"critical\\".")
 @severity("critical")
-@tags("critical,baseline,security,catch-all")
-@reject_message("Content blocked: security scanners detected a critical-severity threat. This content cannot be processed by AI services.")
+@tags("category:semantic,detection:aggregate,posture:catch-all")
+@reject_message("Content blocked: a critical-severity threat was reported by at least one detector.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -150,43 +128,36 @@ forbid (
 when {
     context has highest_severity && context.highest_severity == "critical"
 };
-
 `;
-const SENTRY_SENTRY_CONTENT_SAFETY_DEFAULT_CEDAR = `// =============================================================================
-// Content Safety Policy (Default)
+const SENTRY_TRUST_SAFETY_DEFAULTS_CEDAR = `// =============================================================================
+// Content Safety (Default)
 // =============================================================================
-// Detects and blocks violent, harmful, hateful, sexual, and profane content
-// in AI chat interactions across messages and file uploads.
+// Blocks violent, harmful, hateful, sexual, and profane content across
+// messages and file uploads. Paste-targeted content rules live in
+// clipboard.cedar.
 //
-// Paste-specific content safety rules live in clipboard.cedar — see
-// "Clipboard Policy".
+// Thresholds:
+//   - violence, weapons, sexual, crime: >= 80 (critical/high)
+//   - hate_speech: >= 75 (lower threshold, zero tolerance)
+//   - profanity:   >= 90 (higher threshold, allows normal expression)
 //
-// The detection engine runs ML classifiers (toxicity, content safety) and
-// produces normalized scores (0-100) for each category.
+// Context keys consumed:
+//   - violence_score, weapons_score, hate_speech_score:  Long (0-100)
+//   - crime_score, sexual_score, profanity_score:        Long (0-100)
 //
 // Compliance:
-//   NIST 800-53 SI-4 (Information System Monitoring)
-//   EU AI Act Art. 52 (Transparency for AI Systems)
-//   OWASP LLM02 (Insecure Output Handling)
-//   ISO 42001 (AI Management System)
+//   - NIST 800-53 SI-4; EU AI Act Art. 52; ISO 42001; OWASP LLM02
 //
-// Category: content_safety
+// Category:  trust-safety
 // Namespace: Sentry
 // =============================================================================
 
-// ---------------------------------------------------------------------------
-// Section 1: Violence & Weapons
-// Blocks content promoting, describing, or instructing violence and weapons.
-// Applies to messages and file uploads.
-// ---------------------------------------------------------------------------
-
-// Block violent content across all input channels
-@id("sentry-cs-block-violence")
+@id("trust-safety.block-violence")
 @name("Block violent content")
-@description("Block content when the ML violence detection score exceeds threshold (80/100). Catches graphic violence descriptions, instructions for causing harm, and violent threat language in messages and uploads.")
+@description("Blocks process_prompt and upload_file when violence_score >= 80.")
 @severity("critical")
-@tags("violence,content-safety,trust-safety,nist-si-4,iso-42001")
-@reject_message("Content blocked: violent content detected. AI services must not process violent content in enterprise environments. Please rephrase without violence-related language.")
+@tags("category:trust-safety,threat:violence,detection:ml,compliance:nist-si-4,compliance:iso-42001")
+@reject_message("Content blocked: violent content detected.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -196,13 +167,12 @@ when {
     context has violence_score && context.violence_score >= 80
 };
 
-// Block weapons content
-@id("sentry-cs-block-weapons")
+@id("trust-safety.block-weapons")
 @name("Block weapons content")
-@description("Block content when the ML weapons detection score exceeds threshold (80/100). Catches weapon manufacturing instructions, procurement guidance, and detailed specifications.")
+@description("Blocks process_prompt and upload_file when weapons_score >= 80.")
 @severity("critical")
-@tags("weapons,content-safety,trust-safety,nist-si-4")
-@reject_message("Content blocked: weapons-related content detected. AI services must not process weapons manufacturing, procurement, or specification content.")
+@tags("category:trust-safety,threat:weapons,detection:ml,compliance:nist-si-4")
+@reject_message("Content blocked: weapons-related content detected.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -212,18 +182,12 @@ when {
     context has weapons_score && context.weapons_score >= 80
 };
 
-// ---------------------------------------------------------------------------
-// Section 2: Hate Speech & Discrimination
-// Lower threshold (75) — enterprises have zero tolerance for hate speech.
-// ---------------------------------------------------------------------------
-
-// Block hate speech content
-@id("sentry-cs-block-hate-speech")
+@id("trust-safety.block-hate-speech")
 @name("Block hate speech")
-@description("Block content when the ML hate speech score exceeds threshold (75/100). Lower threshold than other categories because enterprises have zero tolerance for discriminatory content. Catches slurs, dehumanizing language, and targeted harassment.")
+@description("Blocks process_prompt and upload_file when hate_speech_score >= 75.")
 @severity("critical")
-@tags("hate-speech,content-safety,trust-safety,nist-si-4,eu-ai-act")
-@reject_message("Content blocked: hate speech or discriminatory content detected. AI services must not process hateful, discriminatory, or dehumanizing content.")
+@tags("category:trust-safety,threat:hate-speech,detection:ml,compliance:nist-si-4,compliance:eu-ai-act")
+@reject_message("Content blocked: hate speech or discriminatory content detected.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -233,17 +197,12 @@ when {
     context has hate_speech_score && context.hate_speech_score >= 75
 };
 
-// ---------------------------------------------------------------------------
-// Section 3: Criminal Content
-// ---------------------------------------------------------------------------
-
-// Block criminal content
-@id("sentry-cs-block-crime")
+@id("trust-safety.block-crime")
 @name("Block criminal content")
-@description("Block content when the ML criminal activity detection score exceeds threshold (80/100). Catches illegal activity instructions, fraud techniques, and criminal behavior content.")
+@description("Blocks process_prompt and upload_file when crime_score >= 80.")
 @severity("high")
-@tags("crime,content-safety,trust-safety,nist-si-4")
-@reject_message("Content blocked: criminal activity content detected. AI services must not process content related to illegal activities or fraud.")
+@tags("category:trust-safety,threat:crime,detection:ml,compliance:nist-si-4")
+@reject_message("Content blocked: criminal activity content detected.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -253,17 +212,12 @@ when {
     context has crime_score && context.crime_score >= 80
 };
 
-// ---------------------------------------------------------------------------
-// Section 4: Sexual Content
-// ---------------------------------------------------------------------------
-
-// Block sexual content
-@id("sentry-cs-block-sexual")
+@id("trust-safety.block-sexual")
 @name("Block sexual content")
-@description("Block content when the ML sexual content score exceeds threshold (80/100). Ensures AI services do not process sexually explicit material in enterprise environments.")
+@description("Blocks process_prompt and upload_file when sexual_score >= 80.")
 @severity("high")
-@tags("sexual,content-safety,trust-safety,eu-ai-act,iso-42001")
-@reject_message("Content blocked: sexual content detected. AI services must not process sexually explicit material in enterprise environments.")
+@tags("category:trust-safety,threat:sexual,detection:ml,compliance:eu-ai-act,compliance:iso-42001")
+@reject_message("Content blocked: sexually explicit content detected.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -273,18 +227,12 @@ when {
     context has sexual_score && context.sexual_score >= 80
 };
 
-// ---------------------------------------------------------------------------
-// Section 5: Profanity
-// Higher threshold (90) — allows normal expression while blocking abuse.
-// ---------------------------------------------------------------------------
-
-// Block excessive profanity
-@id("sentry-cs-block-profanity")
-@name("Block profanity")
-@description("Block content when the ML profanity detection score exceeds threshold (90/100). Higher threshold allows normal expression while blocking abusive or harassing language patterns.")
+@id("trust-safety.block-profanity")
+@name("Block excessive profanity")
+@description("Blocks process_prompt when profanity_score >= 90.")
 @severity("medium")
-@tags("profanity,content-safety,trust-safety")
-@reject_message("Content blocked: excessive profanity detected. Please rephrase in a professional manner.")
+@tags("category:trust-safety,threat:profanity,detection:ml,surface:process-prompt")
+@reject_message("Content blocked: excessive profanity detected — please rephrase in professional language.")
 forbid (
     principal,
     action == Sentry::Action::"process_prompt",
@@ -293,43 +241,48 @@ forbid (
 when {
     context has profanity_score && context.profanity_score >= 90
 };
-
 `;
-const SENTRY_SENTRY_SECRETS_DEFAULT_CEDAR = `// =============================================================================
-// Secrets Detection Policy (Default)
+const SENTRY_DATA_PROTECTION_DEFAULTS_CEDAR = `// =============================================================================
+// Secrets Detection (Default)
 // =============================================================================
-// Block credential and secret leakage across messages and file uploads.
-// Shield SecretsDetector identifies 18+ secret types via regex.
+// Blocks credentials and secrets across messages and file uploads. Covers
+// general detection, high-risk credential types, common API keys, SSH and
+// PEM key material, bulk exposure, and detector rule triggers.
 //
-// Paste-targeted secret rules live in clipboard.cedar.
+// Context keys consumed:
+//   - secrets_detected: Bool
+//   - secret_types:     Set<String>
+//   - secret_count:     Long
+//   - detected_threats: Set<String>
 //
-// Category: secrets
+// Compliance:
+//   - NIST 800-53 SC-28, IA-5; MITRE ATT&CK T1552
+//
+// Category:  data-protection
 // Namespace: Sentry
 // =============================================================================
 
-// Block messages and uploads containing secrets
-@id("sentry-org-block-secrets-messages")
-@name("Block messages and uploads with secrets")
-@description("Block messages and file uploads when detection engines identify API keys, tokens, or credential patterns. First line of defense against accidental credential exposure in AI chat interactions.")
+@id("data-protection.block-secrets")
+@name("Block secrets in messages and uploads")
+@description("Blocks process_prompt and upload_file when secrets_detected is true.")
 @severity("critical")
-@tags("secrets,credentials,messages,nist-sc-28,nist-ia-5")
-@reject_message("Content blocked: detected secrets such as API keys, tokens, or credentials. Remove all secrets before sending to AI services.")
+@tags("category:data-protection,threat:secrets,detection:rule,owasp:llm06")
+@reject_message("Content blocked: secrets such as API keys, tokens, or credentials detected — remove before sending to AI services.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
-    context has contains_secrets && context.contains_secrets
+    context has secrets_detected && context.secrets_detected == true
 };
 
-// Block high-risk secret types across messages and file uploads
-@id("sentry-org-block-high-risk-secrets")
+@id("data-protection.block-high-risk-secrets")
 @name("Block high-risk credential types")
-@description("Block messages and file uploads containing cloud provider keys (AWS, GCP, Azure), GitHub tokens, SSH private keys, or database connection strings. These credential types pose the highest exfiltration risk.")
+@description("Blocks process_prompt and upload_file when secret_types contains a cloud, GitHub, or private-key credential.")
 @severity("critical")
-@tags("secrets,aws,github,ssh,cloud,nist-ia-5,mitre-t1552")
-@reject_message("Content blocked: high-risk credentials detected (cloud keys, GitHub tokens, SSH keys). Use a secrets manager — never share credentials with AI services.")
+@tags("category:data-protection,threat:secrets,detection:rule,owasp:llm06")
+@reject_message("Content blocked: high-risk credentials detected (cloud keys, GitHub tokens, SSH keys) — never share credentials with AI services.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -337,22 +290,23 @@ forbid (
 )
 when {
     context has secret_types &&
-    (context.secret_types.contains("aws_access_key") ||
-     context.secret_types.contains("aws_secret_key") ||
-     context.secret_types.contains("gcp_service_account") ||
-     context.secret_types.contains("azure_connection_string") ||
-     context.secret_types.contains("github_token") ||
-     context.secret_types.contains("github_fine_grained") ||
-     context.secret_types.contains("private_key"))
-};
-
-// Block API keys and tokens across messages and file uploads
-@id("sentry-org-block-api-keys")
+    (
+        context.secret_types.contains("aws_access_key") ||
+        context.secret_types.contains("aws_secret_key") ||
+        context.secret_types.contains("gcp_service_account") ||
+        context.secret_types.contains("azure_connection_string") ||
+        context.secret_types.contains("github_token") ||
+        context.secret_types.contains("github_fine_grained") ||
+        context.secret_types.contains("private_key")
+    )
+};
+
+@id("data-protection.block-api-keys")
 @name("Block API keys and tokens")
-@description("Block messages and file uploads containing generic API keys, JWT tokens, and OAuth credentials. These are the most commonly leaked credential types when users interact with AI services.")
+@description("Blocks process_prompt and upload_file when secret_types contains a generic API key, JWT, OpenAI, Anthropic, or Stripe key.")
 @severity("high")
-@tags("secrets,api-key,jwt,oauth,nist-ia-5")
-@reject_message("Content blocked: API keys, JWT tokens, or OAuth credentials detected. These must never be shared with AI services.")
+@tags("category:data-protection,threat:secrets,detection:rule,owasp:llm06")
+@reject_message("Content blocked: API keys, JWT tokens, or OAuth credentials detected.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -360,20 +314,21 @@ forbid (
 )
 when {
     context has secret_types &&
-    (context.secret_types.contains("generic_api_key") ||
-     context.secret_types.contains("jwt_token") ||
-     context.secret_types.contains("openai_key") ||
-     context.secret_types.contains("anthropic_key") ||
-     context.secret_types.contains("stripe_key"))
+    (
+        context.secret_types.contains("generic_api_key") ||
+        context.secret_types.contains("jwt_token") ||
+        context.secret_types.contains("openai_key") ||
+        context.secret_types.contains("anthropic_key") ||
+        context.secret_types.contains("stripe_key")
+    )
 };
 
-// Block SSH key exposure across messages and file uploads
-@id("sentry-secrets-block-ssh-keys")
+@id("data-protection.block-ssh-keys")
 @name("Block SSH key exposure")
-@description("Block when SSH private key content or SSH key file paths are detected. Covers messages and file uploads. AI chat services must not receive SSH credentials.")
+@description("Blocks process_prompt and upload_file when secret_types contains \\"ssh_key\\".")
 @severity("critical")
-@tags("secrets,ssh,credentials,nist-ia-5,mitre-t1552")
-@reject_message("Blocked: SSH private key content or key file path detected. AI chat services must not receive SSH credentials.")
+@tags("category:data-protection,threat:secrets,detection:rule,compliance:nist-si-3")
+@reject_message("Content blocked: SSH private key content or key file path detected.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -383,13 +338,12 @@ when {
     context has secret_types && context.secret_types.contains("ssh_key")
 };
 
-// Block PEM/certificate key exposure across messages and file uploads
-@id("sentry-secrets-block-pem-keys")
-@name("Block PEM/certificate key exposure")
-@description("Block when PEM private key content or certificate key file paths (.pem, .key, .p12, .pfx) are detected. AI chat services must not receive certificate credentials.")
+@id("data-protection.block-pem-keys")
+@name("Block PEM and certificate keys")
+@description("Blocks process_prompt and upload_file when secret_types contains \\"pem_certificate\\".")
 @severity("critical")
-@tags("secrets,certificates,pem,nist-ia-5,mitre-t1552")
-@reject_message("Blocked: PEM private key or certificate key file detected. AI chat services must not receive certificate credentials.")
+@tags("category:data-protection,threat:secrets,detection:rule,compliance:nist-si-3")
+@reject_message("Content blocked: PEM private key or certificate key file detected.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -399,13 +353,12 @@ when {
     context has secret_types && context.secret_types.contains("pem_certificate")
 };
 
-// Block bulk secret exposure
-@id("sentry-org-block-bulk-secrets")
+@id("data-protection.block-secrets-bulk")
 @name("Block bulk secret exposure")
-@description("Block messages and file uploads when 3+ distinct secrets are found. Multiple secrets indicate a configuration dump, .env file paste, or credential harvesting being sent to AI services.")
+@description("Blocks process_prompt and upload_file when secret_count >= 3.")
 @severity("critical")
-@tags("secrets,bulk,data-exfiltration,nist-sc-28")
-@reject_message("Content blocked: multiple credentials detected (3+). Configuration dumps and credential lists must never be shared with AI services.")
+@tags("category:data-protection,threat:secrets,threat:exfiltration,detection:aggregate,owasp:llm06")
+@reject_message("Content blocked: multiple credentials detected (3+) — possible configuration dump or credential harvesting.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -415,13 +368,12 @@ when {
     context has secret_count && context.secret_count >= 3
 };
 
-// Block detected credential patterns
-@id("sentry-org-block-detected-credentials")
+@id("data-protection.block-credential-patterns")
 @name("Block detected credential patterns")
-@description("Block messages and file uploads flagged by detection engine rules for credential exposure, API key leaks, and token exposure. Defense-in-depth behind contains_secrets.")
+@description("Blocks process_prompt and upload_file when detected_threats contains a credential-pattern rule trigger.")
 @severity("critical")
-@tags("secrets,credentials,detection-rules,nist-ia-5")
-@reject_message("Content blocked: detection engines identified credential patterns including secret exposure, API keys, or token leaks.")
+@tags("category:data-protection,threat:secrets,detection:rule,owasp:llm06")
+@reject_message("Content blocked: detection engines identified credential patterns (secret exposure, API key leaks, or token exposure).")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -429,73 +381,67 @@ forbid (
 )
 when {
     context has detected_threats &&
-    (context.detected_threats.contains("secret_exposure") ||
-     context.detected_threats.contains("credential_leak") ||
-     context.detected_threats.contains("api_key_exposure"))
+    (
+        context.detected_threats.contains("secret_exposure") ||
+        context.detected_threats.contains("credential_leak") ||
+        context.detected_threats.contains("api_key_exposure")
+    )
 };
 `;
-const SENTRY_SENTRY_PII_DEFAULT_CEDAR = `// =============================================================================
-// PII Detection Policy (Default)
+const SENTRY_PRIVACY_DEFAULTS_CEDAR = `// =============================================================================
+// PII Detection (Default)
 // =============================================================================
-// Detects and blocks personally identifiable information across messages
-// and file uploads. Uses multi-layered detection:
+// Blocks personally identifiable information across messages and file uploads
+// using multi-layered detection: detector boolean, granular PII type
+// matching, ML classifier confidence, threat category aggregation, and bulk
+// exposure thresholds.
 //
 // Paste-targeted PII rules live in clipboard.cedar.
 //
-//   1. PII boolean flag (pii_detected) — broadest catch from detection engine
-//   2. Granular PII type matching (pii_types) — type-specific blocking
-//   3. PII confidence score (pii_confidence) — ML classifier confidence
-//   4. Detection rule triggers (detected_threats) — named rule matches
-//   5. Bulk PII exposure (pii_count) — data dump prevention
-//
-// PII Types Detected by Shield PIIRegexDetector:
-//   ssn, credit_card, email, phone_us, ip_address, date_of_birth,
-//   passport, iban, aws_key, api_key_generic
+// Context keys consumed:
+//   - pii_detected:      Bool
+//   - pii_types:         Set<String>
+//   - pii_count:         Long
+//   - pii_score:    Long (0-100)
+//   - detected_threats:  Set<String>
+//   - threat_categories: Set<String>
 //
 // Compliance:
-//   PCI DSS 3.4, 4.1 (Payment Card Data)
-//   GDPR Art. 32 (Security of Processing)
-//   HIPAA §164.312 (Technical Safeguards)
-//   CCPA §1798.150 (Data Protection)
-//   OWASP LLM06 (Sensitive Information Disclosure)
+//   - PCI DSS 3.4/4.1, GDPR Art. 32, HIPAA §164.312, CCPA §1798.150
 //
-// Category: pii
+// Category:  privacy
 // Namespace: Sentry
 // =============================================================================
 
 // ---------------------------------------------------------------------------
-// Section 1: Primary PII Detection
-// Fires when the detection pipeline identifies PII in any content.
+// Section 1: Primary PII detection
 // ---------------------------------------------------------------------------
 
-// Block messages and uploads containing detected PII
-@id("sentry-pii-block-messages")
+@id("privacy.block-pii")
 @name("Block messages and uploads with PII")
-@description("Block messages and file uploads when the detection engine identifies any PII patterns. Prevents employees from accidentally sharing personal data with AI chat services.")
+@description("Blocks process_prompt and upload_file when pii_detected is true.")
 @severity("critical")
-@tags("pii,privacy,data-protection,gdpr-art-32,owasp-llm06")
-@reject_message("Content blocked: personally identifiable information was detected. Remove all PII (names, addresses, SSNs, credit cards, etc.) before sending to AI services.")
+@tags("category:privacy,threat:pii,detection:rule,compliance:gdpr,owasp:llm06")
+@reject_message("Content blocked: personally identifiable information detected — remove before sending to AI services.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
-    context has pii_detected && context.pii_detected
+    context has pii_detected && context.pii_detected == true
 };
 
 // ---------------------------------------------------------------------------
-// Section 2: Granular PII Type Blocking
-// Blocks specific PII types based on regulatory requirements.
+// Section 2: Granular PII type blocking
 // ---------------------------------------------------------------------------
 
-// Block credit card numbers (PCI DSS compliance)
-@id("sentry-pii-block-credit-cards")
+@id("privacy.block-credit-card")
 @name("Block credit card numbers")
-@description("Block messages and file uploads containing credit card number patterns. PCI DSS 3.4 requires PANs are rendered unreadable — AI services must never receive raw card numbers.")
+@description("Blocks process_prompt and upload_file when pii_types or detected_threats contains \\"credit_card\\".")
 @severity("critical")
-@tags("pci,credit-card,payment,compliance,pci-dss-3.4")
-@reject_message("Content blocked: credit card number patterns detected. Sharing payment card data with AI services violates PCI DSS. Use tokenized references instead.")
+@tags("category:privacy,threat:pii,detection:pattern,compliance:pci-dss")
+@reject_message("Content blocked: credit card number patterns detected — PCI DSS prohibits raw PAN handling.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -506,13 +452,12 @@ when {
     (context has detected_threats && context.detected_threats.contains("credit_card"))
 };
 
-// Block Social Security Numbers
-@id("sentry-pii-block-ssn")
+@id("privacy.block-ssn")
 @name("Block Social Security Numbers")
-@description("Block messages and file uploads containing SSN patterns (XXX-XX-XXXX and variants). SSNs are high-value identity theft targets — exposure through AI services is a critical privacy violation.")
+@description("Blocks process_prompt and upload_file when pii_types or detected_threats contains \\"ssn\\".")
 @severity("critical")
-@tags("ssn,identity,privacy,compliance,nist-si-4")
-@reject_message("Content blocked: Social Security Number patterns detected. SSNs must never be shared with AI services.")
+@tags("category:privacy,threat:pii,detection:pattern,compliance:gdpr")
+@reject_message("Content blocked: Social Security Number patterns detected.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -523,13 +468,12 @@ when {
     (context has detected_threats && context.detected_threats.contains("ssn"))
 };
 
-// Block passport numbers
-@id("sentry-pii-block-passport")
+@id("privacy.block-passport")
 @name("Block passport numbers")
-@description("Block messages and file uploads containing passport number patterns. Passport numbers are government-issued identifiers with high identity theft risk.")
+@description("Blocks process_prompt and upload_file when pii_types contains \\"passport\\".")
 @severity("critical")
-@tags("passport,identity,privacy,gdpr")
-@reject_message("Content blocked: passport number patterns detected. Government-issued identifiers must not be shared with AI services.")
+@tags("category:privacy,threat:pii,detection:pattern,compliance:gdpr")
+@reject_message("Content blocked: passport number patterns detected.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -539,13 +483,12 @@ when {
     context has pii_types && context.pii_types.contains("passport")
 };
 
-// Block IBAN (International Bank Account Numbers)
-@id("sentry-pii-block-iban")
+@id("privacy.block-iban")
 @name("Block bank account numbers")
-@description("Block messages and file uploads containing IBAN patterns. Bank account numbers are sensitive financial identifiers that must not be exposed to AI services.")
+@description("Blocks process_prompt and upload_file when pii_types contains \\"iban\\".")
 @severity("critical")
-@tags("iban,financial,privacy,gdpr,pci-dss")
-@reject_message("Content blocked: bank account number (IBAN) patterns detected. Financial account numbers must not be shared with AI services.")
+@tags("category:privacy,threat:pii,detection:pattern,compliance:gdpr,compliance:pci-dss")
+@reject_message("Content blocked: bank account number (IBAN) patterns detected.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -555,13 +498,12 @@ when {
     context has pii_types && context.pii_types.contains("iban")
 };
 
-// Block bulk PII exposure
-@id("sentry-pii-block-bulk-exposure")
+@id("privacy.block-pii-bulk")
 @name("Block bulk PII exposure")
-@description("Block messages and file uploads containing 3 or more PII matches. Multiple PII items indicate a data dump — customer lists, CSV exports, or database content being leaked to AI services.")
+@description("Blocks process_prompt and upload_file when pii_count >= 3.")
 @severity("critical")
-@tags("pii,bulk,data-exfiltration,gdpr-art-32,ccpa")
-@reject_message("Content blocked: multiple PII items detected (3+). Bulk personal data must never be shared with AI services. Use data masking or tokenization.")
+@tags("category:privacy,threat:pii,threat:exfiltration,detection:aggregate,compliance:gdpr")
+@reject_message("Content blocked: 3+ PII items detected — bulk personal data must not be shared with AI services.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -572,38 +514,30 @@ when {
 };
 
 // ---------------------------------------------------------------------------
-// Section 3: PII Confidence Detection
-// Catches PII patterns via ML classifier that escape regex detection.
+// Section 3: ML classifier and aggregation
 // ---------------------------------------------------------------------------
 
-// Block high-confidence PII
-@id("sentry-pii-block-high-confidence")
-@name("Block high-confidence PII")
-@description("Block messages and file uploads when the PII confidence score exceeds threshold (80/100). Catches novel PII patterns including names, addresses, and identifiers that regex rules may miss.")
+@id("privacy.block-pii-ml")
+@name("Block high-confidence PII (ML)")
+@description("Blocks process_prompt and upload_file when pii_score >= 80.")
 @severity("critical")
-@tags("pii,confidence,privacy,compliance,ml-classifier")
-@reject_message("Content blocked: the ML classifier detected personally identifiable information with high confidence. The content appears to contain personal data.")
+@tags("category:privacy,threat:pii,detection:ml,compliance:gdpr,compliance:hipaa")
+@reject_message("Content blocked: the ML classifier detected personally identifiable information with high confidence.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
     resource
 )
 when {
-    context has pii_confidence && context.pii_confidence >= 80
+    context has pii_score && context.pii_score >= 80
 };
 
-// ---------------------------------------------------------------------------
-// Section 4: PII Threat Category
-// Defense-in-depth via threat aggregation layer.
-// ---------------------------------------------------------------------------
-
-// Block PII threat category
-@id("sentry-pii-block-threat-category")
+@id("privacy.block-pii-category")
 @name("Block PII threat category")
-@description("Block messages and file uploads when threat categorization identifies PII. Defense-in-depth behind the pii_detected boolean — catches cases where PII is flagged at the aggregation layer.")
+@description("Blocks process_prompt and upload_file when threat_categories contains \\"pii\\".")
 @severity("high")
-@tags("pii,privacy,data-protection,gdpr")
-@reject_message("Content blocked: threat scanners detected personally identifiable information. Remove all PII before submitting.")
+@tags("category:privacy,threat:pii,detection:aggregate,compliance:gdpr")
+@reject_message("Content blocked: threat scanners aggregated a PII threat category.")
 forbid (
     principal,
     action in [Sentry::Action::"process_prompt", Sentry::Action::"upload_file"],
@@ -612,188 +546,173 @@ forbid (
 when {
     context has threat_categories && context.threat_categories.contains("pii")
 };
-
 `;
-const SENTRY_SENTRY_FILE_SAFETY_DEFAULT_CEDAR = `// =============================================================================
-// File & Attachment Safety Policy (Default)
+const SENTRY_FILE_SAFETY_DEFAULTS_CEDAR = `// =============================================================================
+// File & Attachment Safety (Default)
 // =============================================================================
 // Blocks file uploads to AI chat services when document content contains
 // secrets or PII.
 //
-// Detection layers:
-//   1. Secrets in file content — from Shield SecretsDetector
-//   2. PII in file content — from Shield PIIRegexDetector
+// Context keys consumed:
+//   - secrets_detected: Bool
+//   - pii_detected:     Bool
 //
 // Compliance:
-//   NIST 800-53 SC-28 (Protection of Information at Rest)
-//   GDPR Art. 32 (Security of Processing)
+//   - NIST 800-53 SC-28; GDPR Art. 32
 //
-// Category: file_safety
+// Category:  file-safety
 // Namespace: Sentry
 // =============================================================================
 
-// ---------------------------------------------------------------------------
-// Section 1: File Content Security
-// Block text files containing secrets or PII.
-// ---------------------------------------------------------------------------
-
-// Block text files with secrets
-@id("sentry-file-block-secrets")
-@name("Block text files with secrets")
-@description("Block file uploads when secrets or credentials are detected in document content. Prevents uploading configuration files, code, or documents containing API keys, tokens, or passwords to AI services.")
+@id("file-safety.block-upload-secrets")
+@name("Block file uploads with secrets")
+@description("Blocks upload_file when secrets_detected is true.")
 @severity("critical")
-@tags("secrets,file-upload,credentials,nist-sc-28")
-@reject_message("Upload blocked: secrets or credentials detected in the file. Files containing API keys, tokens, or passwords must not be shared with AI services.")
+@tags("category:file-safety,threat:secrets,detection:rule,surface:upload-file,owasp:llm06")
+@reject_message("File upload blocked: secrets or credentials detected in document content.")
 forbid (
     principal,
     action == Sentry::Action::"upload_file",
     resource
 )
 when {
-    context has contains_secrets && context.contains_secrets
+    context has secrets_detected && context.secrets_detected == true
 };
 
-// Block text files with PII
-@id("sentry-pii-block-uploads")
-@name("Block text files with PII")
-@description("Block file uploads when PII is detected in document content. Prevents sharing of documents containing personal data (customer lists, HR records, medical files) with AI services.")
+@id("file-safety.block-upload-pii")
+@name("Block file uploads with PII")
+@description("Blocks upload_file when pii_detected is true.")
 @severity("critical")
-@tags("pii,file-upload,data-protection,gdpr-art-32")
-@reject_message("File upload blocked: personally identifiable information detected in the document. Files containing PII must not be shared with AI services.")
+@tags("category:file-safety,threat:pii,detection:rule,surface:upload-file,compliance:gdpr")
+@reject_message("File upload blocked: personally identifiable information detected in document content.")
 forbid (
     principal,
     action == Sentry::Action::"upload_file",
     resource
 )
 when {
-    context has pii_detected && context.pii_detected
+    context has pii_detected && context.pii_detected == true
 };
 `;
-const SENTRY_SENTRY_CLIPBOARD_DEFAULT_CEDAR = `// =============================================================================
+const SENTRY_CLIPBOARD_DEFAULTS_CEDAR = `// =============================================================================
 // Clipboard Policy (Default)
 // =============================================================================
-// Controls over paste operations into AI chat services. Covers:
-//   - Blanket paste blocking (admin-configurable)
-//   - Paste-with-secrets blocking
-//   - Paste-with-PII blocking
-//   - Paste-with-source-code blocking
-//   - Large-paste threat blocking
-//   - Paste-with-encoded-payload blocking
-//   - Paste-with-invisible-character blocking
+// Controls paste operations into AI chat services. Covers blanket paste
+// blocking, paste-with-secrets, paste-with-PII, encoded payload pastes, and
+// pastes containing invisible Unicode characters.
+//
+// All rules scope to action == "paste_content". Other templates
+// (semantic, content_safety, pii, secrets) cover process_prompt and
+// upload_file for the same threat categories.
 //
-// All policies in this file are scoped to action == "paste_content". Other
-// templates (semantic.cedar, content_safety.cedar, pii.cedar, secrets.cedar)
-// cover process_prompt and upload_file for the same threat categories.
+// Context keys consumed:
+//   - secrets_detected:           Bool
+//   - pii_detected:               Bool
+//   - encoded_content_detected:   Bool
+//   - encoded_score:              Long (0-100)
+//   - invisible_chars_detected:   Bool
+//   - invisible_chars_score:      Long (0-100)
+//
+// Compliance:
+//   - NIST 800-53 SC-28; GDPR Art. 32
 //
-// Category: clipboard
+// Category:  clipboard
 // Namespace: Sentry
 // =============================================================================
 
-// Block all paste operations
-@id("sentry-org-block-all-paste")
+@id("clipboard.block-all-paste")
 @name("Block all paste operations")
-@description("Unconditionally block all paste operations into AI chat services. Enable this rule to prevent any content from being pasted into AI chats regardless of content. Disable to allow paste (subject to other policy rules).")
+@description("Blocks paste_content unconditionally.")
 @severity("high")
-@tags("paste,clipboard,data-protection,organization")
-@reject_message("Paste blocked: your organization does not allow pasting content into AI services. Type your message directly or contact your administrator.")
+@tags("category:clipboard,detection:rule,posture:deny-default,scope:org-wide")
+@reject_message("Paste blocked: your organization does not allow pasting content into AI services.")
 forbid (
     principal,
     action == Sentry::Action::"paste_content",
     resource
 );
 
-// Block pasted content containing secrets
-@id("sentry-org-block-secrets-paste")
+@id("clipboard.block-paste-secrets")
 @name("Block paste with secrets")
-@description("Block paste operations when secrets are detected. Prevents credential leakage when users paste from terminals, config files, or code editors into AI chats.")
+@description("Blocks paste_content when secrets_detected is true.")
 @severity("critical")
-@tags("secrets,paste-safety,credentials,nist-sc-28")
-@reject_message("Paste blocked: secrets or credentials detected in pasted content. Remove API keys, tokens, and passwords before pasting into AI services.")
+@tags("category:clipboard,threat:secrets,detection:rule,owasp:llm06")
+@reject_message("Paste blocked: secrets or credentials detected in pasted content — remove before pasting.")
 forbid (
     principal,
     action == Sentry::Action::"paste_content",
     resource
 )
 when {
-    context has contains_secrets && context.contains_secrets
+    context has secrets_detected && context.secrets_detected == true
 };
 
-// Block pasted content containing PII
-@id("sentry-pii-block-paste")
+@id("clipboard.block-paste-pii")
 @name("Block paste with PII")
-@description("Block paste operations when PII is detected in pasted content. Prevents data leakage when employees paste content from emails, spreadsheets, or documents containing personal data into AI chats.")
+@description("Blocks paste_content when pii_detected is true.")
 @severity("critical")
-@tags("pii,paste-safety,data-leakage,gdpr-art-32")
-@reject_message("Paste blocked: personally identifiable information detected in pasted content. Remove PII before pasting into AI services.")
+@tags("category:clipboard,threat:pii,detection:rule,compliance:gdpr")
+@reject_message("Paste blocked: personally identifiable information detected in pasted content.")
 forbid (
     principal,
     action == Sentry::Action::"paste_content",
     resource
 )
 when {
-    context has pii_detected && context.pii_detected
+    context has pii_detected && context.pii_detected == true
 };
 
-// Block pastes containing encoded injection payloads
-@id("sentry-clipboard-block-paste-encoded")
-@name("Block encoded paste content")
-@description("Block paste operations when encoded injection payloads (base64, hex, unicode) are detected. Attackers use encoding to smuggle injection payloads via clipboard transfer.")
+@id("clipboard.block-paste-encoded")
+@name("Block paste with encoded payloads")
+@description("Blocks paste_content when encoded_content_detected is true and encoded_score >= 60.")
 @severity("high")
-@tags("paste-safety,encoding,injection,clipboard")
-@reject_message("Paste blocked: encoded injection payloads detected in pasted content. Content with hidden encoded instructions cannot be shared with AI services.")
+@tags("category:clipboard,threat:encoded-payload,threat:injection,detection:pattern,owasp:llm01")
+@reject_message("Paste blocked: encoded payloads (base64, hex, unicode) detected — possible injection evasion.")
 forbid (
     principal,
     action == Sentry::Action::"paste_content",
     resource
 )
 when {
-    context has encoded_content_detected && context.encoded_content_detected &&
+    context has encoded_content_detected && context.encoded_content_detected == true &&
     context has encoded_score && context.encoded_score >= 60
 };
 
-// Block pastes with invisible characters
-@id("sentry-clipboard-block-paste-invisible")
+@id("clipboard.block-paste-invisible")
 @name("Block paste with invisible characters")
-@description("Block paste operations containing invisible Unicode characters (zero-width, bidi overrides). These can hide malicious instructions that appear invisible to users but are processed by AI models.")
+@description("Blocks paste_content when invisible_chars_detected is true and invisible_chars_score >= 50.")
 @severity("high")
-@tags("paste-safety,unicode,invisible-chars,clipboard")
-@reject_message("Paste blocked: invisible Unicode characters detected. Hidden characters can disguise malicious instructions that AI models process but users cannot see.")
+@tags("category:clipboard,threat:invisible-chars,threat:injection,detection:pattern,owasp:llm01")
+@reject_message("Paste blocked: invisible Unicode characters detected — hidden characters can disguise malicious instructions.")
 forbid (
     principal,
     action == Sentry::Action::"paste_content",
     resource
 )
 when {
-    context has contains_invisible_chars && context.contains_invisible_chars &&
+    context has invisible_chars_detected && context.invisible_chars_detected == true &&
     context has invisible_chars_score && context.invisible_chars_score >= 50
 };
 `;
-const SENTRY_SENTRY_ORGANIZATION_DEFAULT_CEDAR = `// =============================================================================
-// Organization Rules Policy (Default)
+const SENTRY_ORGANIZATION_BLOCK_SESSION_THREAT_ESCALATION_CEDAR = `// =============================================================================
+// Organization Rules (Default)
 // =============================================================================
 // Cross-cutting organization-wide rules that don't fit other categories.
-// Secret/credential rules live in secrets.cedar; paste/clipboard rules live
-// in clipboard.cedar.
+// Currently: session-aware threat escalation circuit breaker.
 //
-// This template covers:
-//   - Session-aware threat escalation
+// Context keys consumed:
+//   - session_threat_turns: Long
 //
-// Category: organization
+// Category:  organization
 // Namespace: Sentry
 // =============================================================================
 
-// ---------------------------------------------------------------------------
-// Section 1: Session-Aware Escalation
-// Escalate protections when threats are detected across the session.
-// ---------------------------------------------------------------------------
-
-// Block all actions after repeated threat detection
-@id("sentry-org-session-threat-escalation")
-@name("Escalate after repeated threats")
-@description("Block all actions when threats have been detected in 3+ turns of the session. Repeated threat detections indicate either a persistent attacker or a compromised data source requiring investigation.")
+@id("organization.block-session-threat-escalation")
+@name("Block session after repeated threats")
+@description("Blocks all actions when session_threat_turns >= 3.")
 @severity("high")
-@tags("session,escalation,behavioral,defense-in-depth")
-@reject_message("Session blocked: security threats have been detected in multiple turns of this conversation. This session has been flagged for review. Please start a new session or contact your security team.")
+@tags("category:organization,detection:aggregate,posture:catch-all,scope:org-wide")
+@reject_message("Request blocked: 3+ threat turns in this session — the session has been flagged; please start a new session or contact your security team.")
 forbid (
     principal,
     action,
@@ -807,26 +726,26 @@ when {
 // CATEGORIES
 // =============================================================================
 export const SENTRY_CATEGORIES = [
-    { id: 'secrets', name: 'Secrets Detection', description: 'Detect and block secrets, API keys, tokens, and other credentials in messages and AI responses' },
-    { id: 'pii', name: 'PII Detection', description: 'Detect and block personally identifiable information (PII) such as credit card numbers, SSNs, health data, and other sensitive personal data from being shared with AI chat services' },
-    { id: 'semantic', name: 'Semantic Threat Detection', description: 'Detect and block prompt injection, jailbreak attempts, and high-severity threats in messages, pasted content, and uploaded files' },
-    { id: 'content_safety', name: 'Content Safety', description: 'Detect and block violent, harmful, hateful, sexual, and profane content in AI interactions across messages, paste, and file uploads' },
-    { id: 'file_safety', name: 'File & Attachment Safety', description: 'Block file uploads containing secrets or PII in document content' },
-    { id: 'clipboard', name: 'Clipboard Policy', description: 'Control paste operations into AI chat services — block paste outright, block when secrets, PII, source code, large threat-laden pastes, encoded payloads, or invisible characters are detected' },
-    { id: 'organization', name: 'Organization Rules', description: 'Cross-cutting organization-wide rules: session-aware threat escalation' },
+    { id: 'data-protection', name: 'Secrets & Data Protection', description: 'Block secrets, API keys, tokens, and credentials in messages and uploads.' },
+    { id: 'privacy', name: 'PII Detection', description: 'Block personally identifiable information across messages and uploads.' },
+    { id: 'semantic', name: 'Semantic Threat Detection', description: 'Block prompt injection, jailbreak attempts, and high-severity threats.' },
+    { id: 'trust-safety', name: 'Content Safety', description: 'Block violent, harmful, hateful, sexual, or profane content.' },
+    { id: 'file-safety', name: 'File & Attachment Safety', description: 'Block file uploads containing secrets or PII.' },
+    { id: 'clipboard', name: 'Clipboard Policy', description: 'Control paste operations into AI chat services.' },
+    { id: 'organization', name: 'Organization Rules', description: 'Organization-wide baselines and session-aware threat escalation.' },
 ];
 // =============================================================================
 // DEFAULT POLICIES
 // =============================================================================
 export const SENTRY_DEFAULTS = [
     {
-        id: 'sentry-baseline-default',
+        id: 'organization.permit-baseline',
         name: 'Baseline Permit',
-        description: 'Permits all actions by default — threat-specific forbid policies override this when threats are detected',
+        description: 'Permits all actions by default; threat-specific forbid policies override this when detectors fire.',
         category: 'organization',
-        cedarText: SENTRY_SENTRY_BASELINE_DEFAULT_CEDAR,
+        cedarText: SENTRY_ORGANIZATION_PERMIT_BASELINE_CEDAR,
         severity: 'low',
-        tags: ['baseline', 'permit-default', 'organization'],
+        tags: ['category:organization', 'posture:permit-default'],
         isActive: true,
     },
 ];
@@ -835,67 +754,77 @@ export const SENTRY_DEFAULTS = [
 // =============================================================================
 export const SENTRY_TEMPLATES = [
     {
-        id: 'sentry-semantic-default',
+        id: 'organization.permit-baseline',
+        name: 'Baseline Permit',
+        description: 'Permits all actions by default; threat-specific forbid policies override this when detectors fire.',
+        category: 'organization',
+        cedarText: SENTRY_ORGANIZATION_PERMIT_BASELINE_CEDAR,
+        severity: 'low',
+        tags: ['category:organization', 'posture:permit-default'],
+        autoDeploy: true,
+    },
+    {
+        id: 'semantic.defaults',
         name: 'Semantic Threat Detection',
-        description: 'Detect and block prompt injection, jailbreak attempts, and high-severity threats across messages, paste, and file uploads',
+        description: 'Block prompt injection, jailbreak attempts, and critical-severity threats in messages and uploads.',
         category: 'semantic',
-        cedarText: SENTRY_SENTRY_SEMANTIC_DEFAULT_CEDAR,
+        cedarText: SENTRY_SEMANTIC_DEFAULTS_CEDAR,
         severity: 'critical',
-        tags: ['injection', 'jailbreak', 'owasp-llm01', 'owasp-llm02', 'baseline'],
+        tags: ['category:semantic', 'threat:injection', 'threat:jailbreak', 'owasp:llm01', 'owasp:llm02'],
     },
     {
-        id: 'sentry-content-safety-default',
+        id: 'trust-safety.defaults',
         name: 'Content Safety',
-        description: 'Detect and block violent, harmful, hateful, sexual, and profane content across messages, paste, and file uploads',
-        category: 'content_safety',
-        cedarText: SENTRY_SENTRY_CONTENT_SAFETY_DEFAULT_CEDAR,
+        description: 'Block violent, weapons, hateful, criminal, sexual, or excessively profane content.',
+        category: 'trust-safety',
+        cedarText: SENTRY_TRUST_SAFETY_DEFAULTS_CEDAR,
         severity: 'critical',
-        tags: ['violence', 'hate-speech', 'sexual', 'profanity', 'content-safety', 'baseline'],
+        tags: ['category:trust-safety', 'threat:harmful', 'threat:hate-speech', 'compliance:eu-ai-act', 'compliance:iso-42001'],
     },
     {
-        id: 'sentry-secrets-default',
+        id: 'data-protection.defaults',
         name: 'Secrets Detection',
-        description: 'Block secrets, API keys, tokens, and credential leakage in messages and AI responses across all interactions',
-        category: 'secrets',
-        cedarText: SENTRY_SENTRY_SECRETS_DEFAULT_CEDAR,
+        description: 'Block secrets, API keys, tokens, and credential leakage in messages and AI responses.',
+        category: 'data-protection',
+        cedarText: SENTRY_DATA_PROTECTION_DEFAULTS_CEDAR,
         severity: 'critical',
-        tags: ['secrets', 'credentials', 'api-keys', 'data-protection'],
+        tags: ['category:data-protection', 'threat:secrets', 'owasp:llm06'],
     },
     {
-        id: 'sentry-pii-default',
+        id: 'privacy.defaults',
         name: 'PII Detection',
-        description: 'Detect and block credit card numbers, SSNs, health data, and other PII in messages, pasted content, file uploads, and AI responses',
-        category: 'pii',
-        cedarText: SENTRY_SENTRY_PII_DEFAULT_CEDAR,
+        description: 'Block credit card numbers, SSNs, passport/IBAN, and other PII across messages and file uploads.',
+        category: 'privacy',
+        cedarText: SENTRY_PRIVACY_DEFAULTS_CEDAR,
         severity: 'critical',
-        tags: ['pii', 'privacy', 'compliance', 'pci-dss', 'gdpr', 'hipaa', 'baseline'],
+        tags: ['category:privacy', 'threat:pii', 'compliance:pci-dss', 'compliance:gdpr', 'compliance:hipaa'],
     },
     {
-        id: 'sentry-file-safety-default',
+        id: 'file-safety.defaults',
         name: 'File & Attachment Safety',
-        description: 'Block file uploads containing secrets or PII in document content',
-        category: 'file_safety',
-        cedarText: SENTRY_SENTRY_FILE_SAFETY_DEFAULT_CEDAR,
+        description: 'Block file uploads containing secrets or PII in document content.',
+        category: 'file-safety',
+        cedarText: SENTRY_FILE_SAFETY_DEFAULTS_CEDAR,
         severity: 'critical',
-        tags: ['file-upload', 'secrets', 'pii', 'dlp'],
+        tags: ['category:file-safety', 'threat:secrets', 'threat:pii'],
     },
     {
-        id: 'sentry-clipboard-default',
+        id: 'clipboard.defaults',
         name: 'Clipboard Policy',
-        description: 'Control paste into AI chat services: blanket paste blocking, paste-with-secrets, paste-with-PII, paste-with-source-code, large pastes carrying threats, encoded injection payloads, and invisible-character payloads',
+        description: 'Block all-paste, paste-with-secrets, paste-with-PII, encoded payload pastes, and pastes with invisible characters.',
         category: 'clipboard',
-        cedarText: SENTRY_SENTRY_CLIPBOARD_DEFAULT_CEDAR,
-        severity: 'high',
-        tags: ['paste', 'clipboard', 'data-protection', 'source-code', 'secrets', 'pii', 'encoding', 'invisible-chars'],
+        cedarText: SENTRY_CLIPBOARD_DEFAULTS_CEDAR,
+        severity: 'critical',
+        tags: ['category:clipboard', 'threat:secrets', 'threat:pii', 'threat:encoded-payload', 'threat:invisible-chars'],
     },
     {
-        id: 'sentry-organization-default',
-        name: 'Organization Rules',
-        description: 'Cross-cutting organization-wide policies: session-aware threat escalation',
+        id: 'organization.block-session-threat-escalation',
+        name: 'Session Threat Escalation',
+        description: 'Block all actions when threats have been detected in 3+ turns of the session.',
         category: 'organization',
-        cedarText: SENTRY_SENTRY_ORGANIZATION_DEFAULT_CEDAR,
+        cedarText: SENTRY_ORGANIZATION_BLOCK_SESSION_THREAT_ESCALATION_CEDAR,
         severity: 'high',
-        tags: ['session', 'escalation', 'organization'],
+        tags: ['category:organization', 'detection:aggregate', 'posture:catch-all'],
     },
 ];
 // =============================================================================
@@ -904,120 +833,130 @@ export const SENTRY_TEMPLATES = [
 /** Raw templates.json metadata for the Sentry service. */
 export const SENTRY_TEMPLATES_JSON = `{
   "service": "sentry",
-  "version": "1.1.0",
+  "version": "2.0.0",
   "description": "Sentry policy templates for browser AI security",
   "categories": [
     {
-      "id": "secrets",
-      "name": "Secrets Detection",
-      "description": "Detect and block secrets, API keys, tokens, and other credentials in messages and AI responses"
+      "id": "data-protection",
+      "name": "Secrets & Data Protection",
+      "description": "Block secrets, API keys, tokens, and credentials in messages and uploads."
     },
     {
-      "id": "pii",
+      "id": "privacy",
       "name": "PII Detection",
-      "description": "Detect and block personally identifiable information (PII) such as credit card numbers, SSNs, health data, and other sensitive personal data from being shared with AI chat services"
+      "description": "Block personally identifiable information across messages and uploads."
     },
     {
       "id": "semantic",
       "name": "Semantic Threat Detection",
-      "description": "Detect and block prompt injection, jailbreak attempts, and high-severity threats in messages, pasted content, and uploaded files"
+      "description": "Block prompt injection, jailbreak attempts, and high-severity threats."
     },
     {
-      "id": "content_safety",
+      "id": "trust-safety",
       "name": "Content Safety",
-      "description": "Detect and block violent, harmful, hateful, sexual, and profane content in AI interactions across messages, paste, and file uploads"
+      "description": "Block violent, harmful, hateful, sexual, or profane content."
     },
     {
-      "id": "file_safety",
+      "id": "file-safety",
       "name": "File & Attachment Safety",
-      "description": "Block file uploads containing secrets or PII in document content"
+      "description": "Block file uploads containing secrets or PII."
     },
     {
       "id": "clipboard",
       "name": "Clipboard Policy",
-      "description": "Control paste operations into AI chat services — block paste outright, block when secrets, PII, source code, large threat-laden pastes, encoded payloads, or invisible characters are detected"
+      "description": "Control paste operations into AI chat services."
     },
     {
       "id": "organization",
       "name": "Organization Rules",
-      "description": "Cross-cutting organization-wide rules: session-aware threat escalation"
+      "description": "Organization-wide baselines and session-aware threat escalation."
     }
   ],
   "defaults": [
     {
-      "id": "sentry-baseline-default",
+      "id": "organization.permit-baseline",
       "name": "Baseline Permit",
-      "description": "Permits all actions by default — threat-specific forbid policies override this when threats are detected",
+      "description": "Permits all actions by default; threat-specific forbid policies override this when detectors fire.",
       "category": "organization",
       "file": "defaults/baseline.cedar",
       "severity": "low",
-      "tags": ["baseline", "permit-default", "organization"],
+      "tags": ["category:organization", "posture:permit-default"],
       "is_active": true
     }
   ],
   "templates": [
     {
-      "id": "sentry-semantic-default",
+      "id": "organization.permit-baseline",
+      "name": "Baseline Permit",
+      "description": "Permits all actions by default; threat-specific forbid policies override this when detectors fire.",
+      "category": "organization",
+      "file": "defaults/baseline.cedar",
+      "severity": "low",
+      "tags": ["category:organization", "posture:permit-default"],
+      "auto_deploy": true
+    },
+    {
+      "id": "semantic.defaults",
       "name": "Semantic Threat Detection",
-      "description": "Detect and block prompt injection, jailbreak attempts, and high-severity threats across messages, paste, and file uploads",
+      "description": "Block prompt injection, jailbreak attempts, and critical-severity threats in messages and uploads.",
       "category": "semantic",
       "file": "defaults/semantic.cedar",
       "severity": "critical",
-      "tags": ["injection", "jailbreak", "owasp-llm01", "owasp-llm02", "baseline"]
+      "tags": ["category:semantic", "threat:injection", "threat:jailbreak", "owasp:llm01", "owasp:llm02"]
     },
     {
-      "id": "sentry-content-safety-default",
+      "id": "trust-safety.defaults",
       "name": "Content Safety",
-      "description": "Detect and block violent, harmful, hateful, sexual, and profane content across messages, paste, and file uploads",
-      "category": "content_safety",
+      "description": "Block violent, weapons, hateful, criminal, sexual, or excessively profane content.",
+      "category": "trust-safety",
       "file": "defaults/content_safety.cedar",
       "severity": "critical",
-      "tags": ["violence", "hate-speech", "sexual", "profanity", "content-safety", "baseline"]
+      "tags": ["category:trust-safety", "threat:harmful", "threat:hate-speech", "compliance:eu-ai-act", "compliance:iso-42001"]
     },
     {
-      "id": "sentry-secrets-default",
+      "id": "data-protection.defaults",
       "name": "Secrets Detection",
-      "description": "Block secrets, API keys, tokens, and credential leakage in messages and AI responses across all interactions",
-      "category": "secrets",
+      "description": "Block secrets, API keys, tokens, and credential leakage in messages and AI responses.",
+      "category": "data-protection",
       "file": "defaults/secrets.cedar",
       "severity": "critical",
-      "tags": ["secrets", "credentials", "api-keys", "data-protection"]
+      "tags": ["category:data-protection", "threat:secrets", "owasp:llm06"]
     },
     {
-      "id": "sentry-pii-default",
+      "id": "privacy.defaults",
       "name": "PII Detection",
-      "description": "Detect and block credit card numbers, SSNs, health data, and other PII in messages, pasted content, file uploads, and AI responses",
-      "category": "pii",
+      "description": "Block credit card numbers, SSNs, passport/IBAN, and other PII across messages and file uploads.",
+      "category": "privacy",
       "file": "defaults/pii.cedar",
       "severity": "critical",
-      "tags": ["pii", "privacy", "compliance", "pci-dss", "gdpr", "hipaa", "baseline"]
+      "tags": ["category:privacy", "threat:pii", "compliance:pci-dss", "compliance:gdpr", "compliance:hipaa"]
     },
     {
-      "id": "sentry-file-safety-default",
+      "id": "file-safety.defaults",
       "name": "File & Attachment Safety",
-      "description": "Block file uploads containing secrets or PII in document content",
-      "category": "file_safety",
+      "description": "Block file uploads containing secrets or PII in document content.",
+      "category": "file-safety",
       "file": "defaults/file_safety.cedar",
       "severity": "critical",
-      "tags": ["file-upload", "secrets", "pii", "dlp"]
+      "tags": ["category:file-safety", "threat:secrets", "threat:pii"]
     },
     {
-      "id": "sentry-clipboard-default",
+      "id": "clipboard.defaults",
       "name": "Clipboard Policy",
-      "description": "Control paste into AI chat services: blanket paste blocking, paste-with-secrets, paste-with-PII, paste-with-source-code, large pastes carrying threats, encoded injection payloads, and invisible-character payloads",
+      "description": "Block all-paste, paste-with-secrets, paste-with-PII, encoded payload pastes, and pastes with invisible characters.",
       "category": "clipboard",
       "file": "defaults/clipboard.cedar",
-      "severity": "high",
-      "tags": ["paste", "clipboard", "data-protection", "source-code", "secrets", "pii", "encoding", "invisible-chars"]
+      "severity": "critical",
+      "tags": ["category:clipboard", "threat:secrets", "threat:pii", "threat:encoded-payload", "threat:invisible-chars"]
     },
     {
-      "id": "sentry-organization-default",
-      "name": "Organization Rules",
-      "description": "Cross-cutting organization-wide policies: session-aware threat escalation",
+      "id": "organization.block-session-threat-escalation",
+      "name": "Session Threat Escalation",
+      "description": "Block all actions when threats have been detected in 3+ turns of the session.",
       "category": "organization",
       "file": "defaults/organization.cedar",
       "severity": "high",
-      "tags": ["session", "escalation", "organization"]
+      "tags": ["category:organization", "detection:aggregate", "posture:catch-all"]
     }
   ]
 }