@highflame/policy 2.1.36 → 2.1.37
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/_schemas/ai_gateway/context.json +431 -11
- package/_schemas/ai_gateway/schema.cedarschema +91 -11
- package/_schemas/ai_gateway/templates/defaults/agent_security.cedar +66 -43
- package/_schemas/ai_gateway/templates/defaults/baseline.cedar +9 -11
- package/_schemas/ai_gateway/templates/defaults/semantic.cedar +63 -40
- package/_schemas/ai_gateway/templates/defaults/tools.cedar +48 -36
- package/_schemas/ai_gateway/templates/llm_default_allow.cedar +9 -10
- package/_schemas/ai_gateway/templates/mcp_server_allowlist.cedar +22 -14
- package/_schemas/ai_gateway/templates/mcp_tool_permissions.cedar +29 -27
- package/_schemas/ai_gateway/templates/pii_redaction.cedar +38 -33
- package/_schemas/ai_gateway/templates/templates.json +42 -47
- package/_schemas/guardrails/context.json +12 -12
- package/_schemas/guardrails/schema.cedarschema +12 -12
- package/_schemas/guardrails/templates/defaults/agent_identity.cedar +60 -56
- package/_schemas/guardrails/templates/defaults/agentic_safety.cedar +83 -58
- package/_schemas/guardrails/templates/defaults/baseline.cedar +9 -12
- package/_schemas/guardrails/templates/defaults/injection.cedar +48 -36
- package/_schemas/guardrails/templates/defaults/pii.cedar +27 -20
- package/_schemas/guardrails/templates/defaults/secrets.cedar +39 -22
- package/_schemas/guardrails/templates/defaults/security_patterns.cedar +38 -25
- package/_schemas/guardrails/templates/defaults/semantic.cedar +47 -31
- package/_schemas/guardrails/templates/defaults/tool_risk.cedar +34 -26
- package/_schemas/guardrails/templates/defaults/toxicity.cedar +57 -47
- package/_schemas/guardrails/templates/mcp_tool_permissions.cedar +60 -43
- package/_schemas/guardrails/templates/profiles/a2a_security/cross_origin.cedar +29 -42
- package/_schemas/guardrails/templates/profiles/a2a_security/escalation_detection.cedar +43 -57
- package/_schemas/guardrails/templates/profiles/a2a_security/identity_enforcement.cedar +40 -57
- package/_schemas/guardrails/templates/profiles/a2a_security/inter_agent_injection.cedar +48 -62
- package/_schemas/guardrails/templates/profiles/a2a_security/supply_chain.cedar +40 -56
- package/_schemas/guardrails/templates/profiles/advanced_detection/pii.cedar +24 -34
- package/_schemas/guardrails/templates/profiles/advanced_detection/secrets.cedar +45 -37
- package/_schemas/guardrails/templates/profiles/advanced_detection/threat_severity.cedar +11 -16
- package/_schemas/guardrails/templates/profiles/chat_assistant/privacy.cedar +22 -9
- package/_schemas/guardrails/templates/profiles/chat_assistant/security.cedar +27 -15
- package/_schemas/guardrails/templates/profiles/chat_assistant/trust_safety.cedar +37 -22
- package/_schemas/guardrails/templates/profiles/code_agent/agentic_security.cedar +68 -47
- package/_schemas/guardrails/templates/profiles/code_agent/encoding.cedar +17 -21
- package/_schemas/guardrails/templates/profiles/code_agent/path_security.cedar +74 -73
- package/_schemas/guardrails/templates/profiles/code_agent/security.cedar +13 -9
- package/_schemas/guardrails/templates/profiles/code_agent/supply_chain.cedar +36 -58
- package/_schemas/guardrails/templates/profiles/data_pipeline/agentic_security.cedar +22 -15
- package/_schemas/guardrails/templates/profiles/data_pipeline/data_protection.cedar +52 -0
- package/_schemas/guardrails/templates/profiles/data_pipeline/privacy.cedar +41 -18
- package/_schemas/guardrails/templates/profiles/data_pipeline/security.cedar +18 -36
- package/_schemas/guardrails/templates/profiles/multi_agent/agent_safety.cedar +86 -79
- package/_schemas/guardrails/templates/profiles/multi_agent/agent_trust.cedar +73 -70
- package/_schemas/guardrails/templates/templates.json +188 -210
- package/_schemas/overwatch/context.json +14 -14
- package/_schemas/overwatch/schema.cedarschema +12 -12
- package/_schemas/sentry/context.json +11 -11
- package/_schemas/sentry/schema.cedarschema +11 -11
- package/_schemas/sentry/templates/defaults/baseline.cedar +8 -12
- package/_schemas/sentry/templates/defaults/clipboard.cedar +43 -42
- package/_schemas/sentry/templates/defaults/content_safety.cedar +38 -68
- package/_schemas/sentry/templates/defaults/file_safety.cedar +18 -26
- package/_schemas/sentry/templates/defaults/organization.cedar +10 -17
- package/_schemas/sentry/templates/defaults/pii.cedar +52 -73
- package/_schemas/sentry/templates/defaults/secrets.cedar +65 -58
- package/_schemas/sentry/templates/defaults/semantic.cedar +40 -59
- package/_schemas/sentry/templates/templates.json +46 -46
- package/dist/ai_gateway-context.gen.d.ts +18 -4
- package/dist/ai_gateway-context.gen.js +18 -4
- package/dist/ai_gateway-defaults.gen.d.ts +1 -1
- package/dist/ai_gateway-defaults.gen.js +377 -313
- package/dist/guardrails-context.gen.d.ts +5 -5
- package/dist/guardrails-context.gen.js +5 -5
- package/dist/guardrails-defaults.gen.d.ts +1 -1
- package/dist/guardrails-defaults.gen.js +2070 -1849
- package/dist/overwatch-context.gen.d.ts +5 -5
- package/dist/overwatch-context.gen.js +5 -5
- package/dist/overwatch-defaults.gen.d.ts +1 -1
- package/dist/overwatch-defaults.gen.js +547 -573
- package/dist/sentry-context.gen.d.ts +3 -3
- package/dist/sentry-context.gen.js +3 -3
- package/dist/sentry-defaults.gen.d.ts +1 -1
- package/dist/sentry-defaults.gen.js +379 -460
- package/dist/service-schemas.gen.d.ts +4 -4
- package/dist/service-schemas.gen.js +249 -99
- package/package.json +1 -1
|
@@ -104,7 +104,7 @@ action call_tool appliesTo {
|
|
|
104
104
|
threat_categories?: Set<String>, // Threat category names
|
|
105
105
|
detected_threats?: Set<String>, // Detection rule names that matched
|
|
106
106
|
max_threat_severity?: Long, // Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)
|
|
107
|
-
|
|
107
|
+
secrets_detected?: Bool, // Whether secrets/credentials detected
|
|
108
108
|
|
|
109
109
|
// --- Secrets (granular) ---
|
|
110
110
|
secret_types?: Set<String>,
|
|
@@ -114,10 +114,11 @@ action call_tool appliesTo {
|
|
|
114
114
|
pii_detected?: Bool,
|
|
115
115
|
pii_types?: Set<String>,
|
|
116
116
|
pii_count?: Long,
|
|
117
|
+
pii_score?: Long,
|
|
117
118
|
|
|
118
119
|
// --- ML Detector Confidence Scores (0-100) ---
|
|
119
|
-
|
|
120
|
-
|
|
120
|
+
injection_score?: Long, // Prompt injection classifier confidence
|
|
121
|
+
jailbreak_score?: Long, // Jailbreak detection classifier confidence
|
|
121
122
|
|
|
122
123
|
// --- Agent Security (0-100) ---
|
|
123
124
|
tool_poisoning_score?: Long, // Hidden instructions in tool description/args
|
|
@@ -144,7 +145,7 @@ action call_tool appliesTo {
|
|
|
144
145
|
profanity_score?: Long,
|
|
145
146
|
|
|
146
147
|
// --- Encoding & Unicode Attacks ---
|
|
147
|
-
|
|
148
|
+
invisible_chars_detected?: Bool,
|
|
148
149
|
invisible_chars_score?: Long,
|
|
149
150
|
|
|
150
151
|
// --- Behavioral Analysis ---
|
|
@@ -155,6 +156,21 @@ action call_tool appliesTo {
|
|
|
155
156
|
pattern_type?: String,
|
|
156
157
|
sequence_risk?: Long,
|
|
157
158
|
|
|
159
|
+
// --- Session-Aware Threat Aggregation ---
|
|
160
|
+
session_threat_turns?: Long, // Count of turns with detected threats
|
|
161
|
+
session_cumulative_risk_score?: Long, // Accumulated risk across turns
|
|
162
|
+
session_injection_detected?: Bool, // Injection seen in any prior turn
|
|
163
|
+
session_command_injection?: Bool, // Command injection seen in any prior turn
|
|
164
|
+
session_pii_detected?: Bool, // PII seen in any prior turn
|
|
165
|
+
session_pii_types?: Set<String>, // PII types accumulated across session
|
|
166
|
+
session_secrets_detected?: Bool, // Secrets seen in any prior turn
|
|
167
|
+
session_secret_types?: Set<String>, // Secret types accumulated across session
|
|
168
|
+
session_max_injection_score?: Long, // Max injection score across session turns
|
|
169
|
+
session_max_jailbreak_score?: Long, // Max jailbreak score across session turns
|
|
170
|
+
session_max_command_injection_score?: Long, // Max command-injection score across session turns
|
|
171
|
+
session_max_pii_score?: Long, // Max pii score across session turns
|
|
172
|
+
session_max_secret_score?: Long, // Max secret score across session turns
|
|
173
|
+
|
|
158
174
|
// --- Usage Budget (multi-window, multi-dimension) ---
|
|
159
175
|
budget_remaining_pct?: Long,
|
|
160
176
|
budget_exceeded?: Bool,
|
|
@@ -194,7 +210,7 @@ action connect_server appliesTo {
|
|
|
194
210
|
indirect_injection_score?: Long,
|
|
195
211
|
|
|
196
212
|
// --- Secrets ---
|
|
197
|
-
|
|
213
|
+
secrets_detected?: Bool,
|
|
198
214
|
secret_types?: Set<String>,
|
|
199
215
|
secret_count?: Long,
|
|
200
216
|
|
|
@@ -202,12 +218,28 @@ action connect_server appliesTo {
|
|
|
202
218
|
pii_detected?: Bool,
|
|
203
219
|
pii_types?: Set<String>,
|
|
204
220
|
pii_count?: Long,
|
|
221
|
+
pii_score?: Long,
|
|
205
222
|
|
|
206
223
|
// --- MCP Trust & Config Risk ---
|
|
207
224
|
mcp_server_verified?: Bool,
|
|
208
225
|
mcp_config_risk?: Bool,
|
|
209
226
|
mcp_risk_score?: Long,
|
|
210
227
|
|
|
228
|
+
// --- Session-Aware Threat Aggregation ---
|
|
229
|
+
session_threat_turns?: Long, // Count of turns with detected threats
|
|
230
|
+
session_cumulative_risk_score?: Long, // Accumulated risk across turns
|
|
231
|
+
session_injection_detected?: Bool, // Injection seen in any prior turn
|
|
232
|
+
session_command_injection?: Bool, // Command injection seen in any prior turn
|
|
233
|
+
session_pii_detected?: Bool, // PII seen in any prior turn
|
|
234
|
+
session_pii_types?: Set<String>, // PII types accumulated across session
|
|
235
|
+
session_secrets_detected?: Bool, // Secrets seen in any prior turn
|
|
236
|
+
session_secret_types?: Set<String>, // Secret types accumulated across session
|
|
237
|
+
session_max_injection_score?: Long, // Max injection score across session turns
|
|
238
|
+
session_max_jailbreak_score?: Long, // Max jailbreak score across session turns
|
|
239
|
+
session_max_command_injection_score?: Long, // Max command-injection score across session turns
|
|
240
|
+
session_max_pii_score?: Long, // Max pii score across session turns
|
|
241
|
+
session_max_secret_score?: Long, // Max secret score across session turns
|
|
242
|
+
|
|
211
243
|
// --- Usage Budget (multi-window, multi-dimension) ---
|
|
212
244
|
budget_remaining_pct?: Long,
|
|
213
245
|
budget_exceeded?: Bool,
|
|
@@ -239,7 +271,7 @@ action process_prompt appliesTo {
|
|
|
239
271
|
threat_categories?: Set<String>,
|
|
240
272
|
detected_threats?: Set<String>,
|
|
241
273
|
max_threat_severity?: Long,
|
|
242
|
-
|
|
274
|
+
secrets_detected?: Bool,
|
|
243
275
|
|
|
244
276
|
// --- Secrets ---
|
|
245
277
|
secret_types?: Set<String>,
|
|
@@ -249,10 +281,11 @@ action process_prompt appliesTo {
|
|
|
249
281
|
pii_detected?: Bool,
|
|
250
282
|
pii_types?: Set<String>,
|
|
251
283
|
pii_count?: Long,
|
|
284
|
+
pii_score?: Long,
|
|
252
285
|
|
|
253
286
|
// --- ML Detector Confidence Scores (0-100) ---
|
|
254
|
-
|
|
255
|
-
|
|
287
|
+
injection_score?: Long,
|
|
288
|
+
jailbreak_score?: Long,
|
|
256
289
|
|
|
257
290
|
// --- Content Safety Scores (0-100) ---
|
|
258
291
|
violence_score?: Long,
|
|
@@ -263,13 +296,28 @@ action process_prompt appliesTo {
|
|
|
263
296
|
profanity_score?: Long,
|
|
264
297
|
|
|
265
298
|
// --- Encoding ---
|
|
266
|
-
|
|
299
|
+
invisible_chars_detected?: Bool,
|
|
267
300
|
invisible_chars_score?: Long,
|
|
268
301
|
|
|
269
302
|
// --- LLM-specific ---
|
|
270
303
|
model_name?: String, // Target model name (e.g., "gpt-4", "claude-3-opus")
|
|
271
304
|
model_provider?: String, // Provider name (e.g., "openai", "anthropic", "bedrock")
|
|
272
305
|
|
|
306
|
+
// --- Session-Aware Threat Aggregation ---
|
|
307
|
+
session_threat_turns?: Long, // Count of turns with detected threats
|
|
308
|
+
session_cumulative_risk_score?: Long, // Accumulated risk across turns
|
|
309
|
+
session_injection_detected?: Bool, // Injection seen in any prior turn
|
|
310
|
+
session_command_injection?: Bool, // Command injection seen in any prior turn
|
|
311
|
+
session_pii_detected?: Bool, // PII seen in any prior turn
|
|
312
|
+
session_pii_types?: Set<String>, // PII types accumulated across session
|
|
313
|
+
session_secrets_detected?: Bool, // Secrets seen in any prior turn
|
|
314
|
+
session_secret_types?: Set<String>, // Secret types accumulated across session
|
|
315
|
+
session_max_injection_score?: Long, // Max injection score across session turns
|
|
316
|
+
session_max_jailbreak_score?: Long, // Max jailbreak score across session turns
|
|
317
|
+
session_max_command_injection_score?: Long, // Max command-injection score across session turns
|
|
318
|
+
session_max_pii_score?: Long, // Max pii score across session turns
|
|
319
|
+
session_max_secret_score?: Long, // Max secret score across session turns
|
|
320
|
+
|
|
273
321
|
// --- Usage Budget (multi-window, multi-dimension) ---
|
|
274
322
|
budget_remaining_pct?: Long,
|
|
275
323
|
budget_exceeded?: Bool,
|
|
@@ -301,7 +349,7 @@ action read_file appliesTo {
|
|
|
301
349
|
threat_categories?: Set<String>,
|
|
302
350
|
detected_threats?: Set<String>,
|
|
303
351
|
max_threat_severity?: Long,
|
|
304
|
-
|
|
352
|
+
secrets_detected?: Bool,
|
|
305
353
|
|
|
306
354
|
// --- Secrets ---
|
|
307
355
|
secret_types?: Set<String>,
|
|
@@ -311,6 +359,22 @@ action read_file appliesTo {
|
|
|
311
359
|
pii_detected?: Bool,
|
|
312
360
|
pii_types?: Set<String>,
|
|
313
361
|
pii_count?: Long,
|
|
362
|
+
pii_score?: Long,
|
|
363
|
+
|
|
364
|
+
// --- Session-Aware Threat Aggregation ---
|
|
365
|
+
session_threat_turns?: Long, // Count of turns with detected threats
|
|
366
|
+
session_cumulative_risk_score?: Long, // Accumulated risk across turns
|
|
367
|
+
session_injection_detected?: Bool, // Injection seen in any prior turn
|
|
368
|
+
session_command_injection?: Bool, // Command injection seen in any prior turn
|
|
369
|
+
session_pii_detected?: Bool, // PII seen in any prior turn
|
|
370
|
+
session_pii_types?: Set<String>, // PII types accumulated across session
|
|
371
|
+
session_secrets_detected?: Bool, // Secrets seen in any prior turn
|
|
372
|
+
session_secret_types?: Set<String>, // Secret types accumulated across session
|
|
373
|
+
session_max_injection_score?: Long, // Max injection score across session turns
|
|
374
|
+
session_max_jailbreak_score?: Long, // Max jailbreak score across session turns
|
|
375
|
+
session_max_command_injection_score?: Long, // Max command-injection score across session turns
|
|
376
|
+
session_max_pii_score?: Long, // Max pii score across session turns
|
|
377
|
+
session_max_secret_score?: Long, // Max secret score across session turns
|
|
314
378
|
|
|
315
379
|
// --- Usage Budget (multi-window, multi-dimension) ---
|
|
316
380
|
budget_remaining_pct?: Long,
|
|
@@ -343,7 +407,7 @@ action write_file appliesTo {
|
|
|
343
407
|
threat_categories?: Set<String>,
|
|
344
408
|
detected_threats?: Set<String>,
|
|
345
409
|
max_threat_severity?: Long,
|
|
346
|
-
|
|
410
|
+
secrets_detected?: Bool,
|
|
347
411
|
|
|
348
412
|
// --- Secrets ---
|
|
349
413
|
secret_types?: Set<String>,
|
|
@@ -353,6 +417,22 @@ action write_file appliesTo {
|
|
|
353
417
|
pii_detected?: Bool,
|
|
354
418
|
pii_types?: Set<String>,
|
|
355
419
|
pii_count?: Long,
|
|
420
|
+
pii_score?: Long,
|
|
421
|
+
|
|
422
|
+
// --- Session-Aware Threat Aggregation ---
|
|
423
|
+
session_threat_turns?: Long, // Count of turns with detected threats
|
|
424
|
+
session_cumulative_risk_score?: Long, // Accumulated risk across turns
|
|
425
|
+
session_injection_detected?: Bool, // Injection seen in any prior turn
|
|
426
|
+
session_command_injection?: Bool, // Command injection seen in any prior turn
|
|
427
|
+
session_pii_detected?: Bool, // PII seen in any prior turn
|
|
428
|
+
session_pii_types?: Set<String>, // PII types accumulated across session
|
|
429
|
+
session_secrets_detected?: Bool, // Secrets seen in any prior turn
|
|
430
|
+
session_secret_types?: Set<String>, // Secret types accumulated across session
|
|
431
|
+
session_max_injection_score?: Long, // Max injection score across session turns
|
|
432
|
+
session_max_jailbreak_score?: Long, // Max jailbreak score across session turns
|
|
433
|
+
session_max_command_injection_score?: Long, // Max command-injection score across session turns
|
|
434
|
+
session_max_pii_score?: Long, // Max pii score across session turns
|
|
435
|
+
session_max_secret_score?: Long, // Max secret score across session turns
|
|
356
436
|
|
|
357
437
|
// --- Usage Budget (multi-window, multi-dimension) ---
|
|
358
438
|
budget_remaining_pct?: Long,
|
|
@@ -483,8 +563,8 @@ namespace Guardrails {
|
|
|
483
563
|
"detector_count": Long,
|
|
484
564
|
|
|
485
565
|
// Security - Injection & Jailbreak (optional)
|
|
486
|
-
"
|
|
487
|
-
"
|
|
566
|
+
"injection_score"?: Long, // Combined injection confidence: MAX(pulse, deep_context)
|
|
567
|
+
"jailbreak_score"?: Long, // Combined jailbreak confidence: MAX(pulse, deep_context)
|
|
488
568
|
"injection_pulse_score"?: Long, // 0-100 Pulse single-turn classifier
|
|
489
569
|
"injection_deep_context_score"?: Long, // 0-100 DeepContext multi-turn
|
|
490
570
|
"jailbreak_pulse_score"?: Long, // 0-100 Pulse single-turn classifier
|
|
@@ -492,7 +572,7 @@ namespace Guardrails {
|
|
|
492
572
|
"injection_type"?: String, // "prompt" | "sql" | "command" | "none"
|
|
493
573
|
|
|
494
574
|
// Privacy - Secrets (optional)
|
|
495
|
-
"
|
|
575
|
+
"secrets_detected"?: Bool,
|
|
496
576
|
"secret_count"?: Long,
|
|
497
577
|
"secret_types"?: Set<String>, // ["aws_access_key", "github_token", ...]
|
|
498
578
|
|
|
@@ -500,7 +580,7 @@ namespace Guardrails {
|
|
|
500
580
|
"pii_detected"?: Bool,
|
|
501
581
|
"pii_count"?: Long,
|
|
502
582
|
"pii_types"?: Set<String>, // ["email", "phone", "ssn", "credit_card", ...]
|
|
503
|
-
"
|
|
583
|
+
"pii_score"?: Long, // PII ML classifier confidence (0-100) — catches novel PII patterns that escape regex detection
|
|
504
584
|
|
|
505
585
|
// Threat Severity Aggregation (optional)
|
|
506
586
|
"highest_severity"?: String, // Highest severity across all detectors: "critical" | "high" | "medium" | "low" | "none"
|
|
@@ -518,7 +598,7 @@ namespace Guardrails {
|
|
|
518
598
|
"topic_confidence"?: Long, // 0-100
|
|
519
599
|
|
|
520
600
|
// Security - Invisible Character Detection (optional)
|
|
521
|
-
"
|
|
601
|
+
"invisible_chars_detected"?: Bool,
|
|
522
602
|
"invisible_chars_score"?: Long, // 0-100
|
|
523
603
|
|
|
524
604
|
// Security - Pattern Detection (optional)
|
|
@@ -660,14 +740,14 @@ namespace Guardrails {
|
|
|
660
740
|
"topic_confidence"?: Long, // 0-100
|
|
661
741
|
|
|
662
742
|
// Security checks on tool arguments (optional)
|
|
663
|
-
"
|
|
743
|
+
"secrets_detected"?: Bool,
|
|
664
744
|
"secret_count"?: Long,
|
|
665
745
|
"secret_types"?: Set<String>,
|
|
666
746
|
"pii_detected"?: Bool,
|
|
667
747
|
"pii_types"?: Set<String>,
|
|
668
748
|
"pii_count"?: Long, // Number of PII pattern matches in tool content
|
|
669
|
-
"
|
|
670
|
-
"
|
|
749
|
+
"pii_score"?: Long, // PII ML classifier confidence (0-100)
|
|
750
|
+
"injection_score"?: Long,
|
|
671
751
|
"injection_pulse_score"?: Long, // 0-100 Pulse single-turn classifier
|
|
672
752
|
"injection_deep_context_score"?: Long, // 0-100 DeepContext multi-turn
|
|
673
753
|
|
|
@@ -691,7 +771,7 @@ namespace Guardrails {
|
|
|
691
771
|
"path"?: String, // File path when tool operates on files
|
|
692
772
|
|
|
693
773
|
// Security - Invisible Character Detection in tool args (optional)
|
|
694
|
-
"
|
|
774
|
+
"invisible_chars_detected"?: Bool, // Whether invisible Unicode chars detected in tool args
|
|
695
775
|
"invisible_chars_score"?: Long, // Invisible character attack severity (0-100)
|
|
696
776
|
|
|
697
777
|
// Security - Encoded Injection (optional)
|
|
@@ -755,7 +835,7 @@ namespace Guardrails {
|
|
|
755
835
|
"path"?: String, // File path being read
|
|
756
836
|
|
|
757
837
|
// Security checks on file content (optional)
|
|
758
|
-
"
|
|
838
|
+
"secrets_detected"?: Bool,
|
|
759
839
|
"secret_count"?: Long,
|
|
760
840
|
"secret_types"?: Set<String>,
|
|
761
841
|
"pii_detected"?: Bool,
|
|
@@ -815,11 +895,11 @@ namespace Guardrails {
|
|
|
815
895
|
"path"?: String, // File path being written
|
|
816
896
|
|
|
817
897
|
// Security - Invisible Character Detection in write content (optional)
|
|
818
|
-
"
|
|
898
|
+
"invisible_chars_detected"?: Bool, // Whether invisible Unicode chars detected in write content
|
|
819
899
|
"invisible_chars_score"?: Long, // Invisible character attack severity (0-100)
|
|
820
900
|
|
|
821
901
|
// Security checks on content being written (optional)
|
|
822
|
-
"
|
|
902
|
+
"secrets_detected"?: Bool,
|
|
823
903
|
"secret_count"?: Long,
|
|
824
904
|
"secret_types"?: Set<String>,
|
|
825
905
|
"pii_detected"?: Bool,
|
|
@@ -1036,7 +1116,7 @@ action process_prompt appliesTo {
|
|
|
1036
1116
|
threat_categories: Set<String>, // Threat category names
|
|
1037
1117
|
detected_threats: Set<String>, // Detection rule names that matched
|
|
1038
1118
|
max_threat_severity: Long, // Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)
|
|
1039
|
-
|
|
1119
|
+
secrets_detected: Bool, // Whether secrets/credentials detected
|
|
1040
1120
|
|
|
1041
1121
|
// --- Secrets (granular) ---
|
|
1042
1122
|
secret_types?: Set<String>, // Types: "aws_access_key", "github_token", "ssh_private_key", etc.
|
|
@@ -1048,7 +1128,7 @@ action process_prompt appliesTo {
|
|
|
1048
1128
|
pii_count?: Long, // Number of PII matches
|
|
1049
1129
|
|
|
1050
1130
|
// --- Encoding & Unicode Attacks ---
|
|
1051
|
-
|
|
1131
|
+
invisible_chars_detected?: Bool, // Zero-width chars, bidi overrides, tag chars detected
|
|
1052
1132
|
invisible_chars_score?: Long, // Unicode attack severity (0-100)
|
|
1053
1133
|
|
|
1054
1134
|
// --- Content Safety Scores (0-100, from ML classifiers) ---
|
|
@@ -1060,9 +1140,9 @@ action process_prompt appliesTo {
|
|
|
1060
1140
|
profanity_score: Long,
|
|
1061
1141
|
|
|
1062
1142
|
// --- ML Detector Confidence Scores (0-100) ---
|
|
1063
|
-
|
|
1064
|
-
|
|
1065
|
-
|
|
1143
|
+
pii_score: Long, // PII detection classifier confidence
|
|
1144
|
+
injection_score: Long, // Combined injection confidence: MAX(pulse, deep_context)
|
|
1145
|
+
jailbreak_score: Long, // Combined jailbreak confidence: MAX(pulse, deep_context)
|
|
1066
1146
|
injection_pulse_score?: Long, // 0-100 Pulse single-turn classifier
|
|
1067
1147
|
injection_deep_context_score?: Long, // 0-100 DeepContext multi-turn
|
|
1068
1148
|
jailbreak_pulse_score?: Long, // 0-100 Pulse single-turn classifier
|
|
@@ -1122,7 +1202,7 @@ action call_tool appliesTo {
|
|
|
1122
1202
|
threat_categories?: Set<String>,
|
|
1123
1203
|
detected_threats?: Set<String>,
|
|
1124
1204
|
max_threat_severity?: Long,
|
|
1125
|
-
|
|
1205
|
+
secrets_detected?: Bool,
|
|
1126
1206
|
|
|
1127
1207
|
// --- Secrets (granular) ---
|
|
1128
1208
|
secret_types?: Set<String>,
|
|
@@ -1134,7 +1214,7 @@ action call_tool appliesTo {
|
|
|
1134
1214
|
pii_count?: Long,
|
|
1135
1215
|
|
|
1136
1216
|
// --- Encoding & Unicode Attacks ---
|
|
1137
|
-
|
|
1217
|
+
invisible_chars_detected?: Bool,
|
|
1138
1218
|
invisible_chars_score?: Long,
|
|
1139
1219
|
|
|
1140
1220
|
// --- Content Safety Scores (0-100) ---
|
|
@@ -1146,9 +1226,9 @@ action call_tool appliesTo {
|
|
|
1146
1226
|
profanity_score?: Long,
|
|
1147
1227
|
|
|
1148
1228
|
// --- ML Detector Confidence Scores (0-100) ---
|
|
1149
|
-
|
|
1150
|
-
|
|
1151
|
-
|
|
1229
|
+
pii_score?: Long,
|
|
1230
|
+
injection_score?: Long, // Combined injection confidence: MAX(pulse, deep_context)
|
|
1231
|
+
jailbreak_score?: Long, // Combined jailbreak confidence: MAX(pulse, deep_context)
|
|
1152
1232
|
injection_pulse_score?: Long, // 0-100 Pulse single-turn classifier
|
|
1153
1233
|
injection_deep_context_score?: Long, // 0-100 DeepContext multi-turn
|
|
1154
1234
|
jailbreak_pulse_score?: Long, // 0-100 Pulse single-turn classifier
|
|
@@ -1265,7 +1345,7 @@ action read_file appliesTo {
|
|
|
1265
1345
|
threat_categories?: Set<String>,
|
|
1266
1346
|
detected_threats?: Set<String>,
|
|
1267
1347
|
max_threat_severity?: Long,
|
|
1268
|
-
|
|
1348
|
+
secrets_detected?: Bool,
|
|
1269
1349
|
|
|
1270
1350
|
// --- Secrets (granular) ---
|
|
1271
1351
|
secret_types?: Set<String>,
|
|
@@ -1316,7 +1396,7 @@ action write_file appliesTo {
|
|
|
1316
1396
|
threat_categories?: Set<String>,
|
|
1317
1397
|
detected_threats?: Set<String>,
|
|
1318
1398
|
max_threat_severity?: Long,
|
|
1319
|
-
|
|
1399
|
+
secrets_detected?: Bool,
|
|
1320
1400
|
|
|
1321
1401
|
// --- Secrets (granular) ---
|
|
1322
1402
|
secret_types?: Set<String>,
|
|
@@ -1624,7 +1704,7 @@ action process_prompt appliesTo {
|
|
|
1624
1704
|
max_threat_severity: Long, // Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)
|
|
1625
1705
|
|
|
1626
1706
|
// --- Secrets Detection (from SecretsDetector) ---
|
|
1627
|
-
|
|
1707
|
+
secrets_detected: Bool, // Whether secrets/credentials detected
|
|
1628
1708
|
secret_types?: Set<String>, // Types: "aws_access_key", "github_token", "ssh_private_key", etc.
|
|
1629
1709
|
secret_count?: Long, // Number of distinct secrets found
|
|
1630
1710
|
|
|
@@ -1632,7 +1712,7 @@ action process_prompt appliesTo {
|
|
|
1632
1712
|
pii_detected?: Bool, // Whether any PII patterns matched
|
|
1633
1713
|
pii_types?: Set<String>, // Types: "ssn", "credit_card", "email", "phone", etc.
|
|
1634
1714
|
pii_count?: Long, // Number of PII matches
|
|
1635
|
-
|
|
1715
|
+
pii_score?: Long, // PII detection confidence (0-100)
|
|
1636
1716
|
|
|
1637
1717
|
// --- Content Safety Scores (from ToxicityDetector, 0-100) ---
|
|
1638
1718
|
violence_score: Long,
|
|
@@ -1651,7 +1731,7 @@ action process_prompt appliesTo {
|
|
|
1651
1731
|
topic_confidence?: Long, // Topic classifier confidence (0-100)
|
|
1652
1732
|
|
|
1653
1733
|
// --- Encoding & Unicode Attacks (from SecurityFiltersDetector, EncodedInjectionDetector) ---
|
|
1654
|
-
|
|
1734
|
+
invisible_chars_detected?: Bool, // Zero-width chars, bidi overrides, tag chars
|
|
1655
1735
|
invisible_chars_score?: Long, // Unicode attack severity (0-100)
|
|
1656
1736
|
encoded_content_detected?: Bool, // Base64, hex, unicode, URL encoded content
|
|
1657
1737
|
encoded_types?: Set<String>, // Encoding types detected
|
|
@@ -1711,7 +1791,7 @@ action receive_response appliesTo {
|
|
|
1711
1791
|
max_threat_severity: Long,
|
|
1712
1792
|
|
|
1713
1793
|
// --- Secrets Detection ---
|
|
1714
|
-
|
|
1794
|
+
secrets_detected: Bool,
|
|
1715
1795
|
secret_types?: Set<String>,
|
|
1716
1796
|
secret_count?: Long,
|
|
1717
1797
|
|
|
@@ -1719,7 +1799,7 @@ action receive_response appliesTo {
|
|
|
1719
1799
|
pii_detected?: Bool,
|
|
1720
1800
|
pii_types?: Set<String>,
|
|
1721
1801
|
pii_count?: Long,
|
|
1722
|
-
|
|
1802
|
+
pii_score?: Long,
|
|
1723
1803
|
|
|
1724
1804
|
// --- Content Safety Scores (0-100) ---
|
|
1725
1805
|
violence_score: Long,
|
|
@@ -1782,7 +1862,7 @@ action paste_content appliesTo {
|
|
|
1782
1862
|
max_threat_severity: Long,
|
|
1783
1863
|
|
|
1784
1864
|
// --- Secrets Detection ---
|
|
1785
|
-
|
|
1865
|
+
secrets_detected: Bool,
|
|
1786
1866
|
secret_types?: Set<String>,
|
|
1787
1867
|
secret_count?: Long,
|
|
1788
1868
|
|
|
@@ -1790,7 +1870,7 @@ action paste_content appliesTo {
|
|
|
1790
1870
|
pii_detected?: Bool,
|
|
1791
1871
|
pii_types?: Set<String>,
|
|
1792
1872
|
pii_count?: Long,
|
|
1793
|
-
|
|
1873
|
+
pii_score?: Long,
|
|
1794
1874
|
|
|
1795
1875
|
// --- Content Safety Scores (0-100) ---
|
|
1796
1876
|
violence_score: Long,
|
|
@@ -1810,7 +1890,7 @@ action paste_content appliesTo {
|
|
|
1810
1890
|
code_ratio?: Long,
|
|
1811
1891
|
|
|
1812
1892
|
// --- Encoding Attacks ---
|
|
1813
|
-
|
|
1893
|
+
invisible_chars_detected?: Bool,
|
|
1814
1894
|
invisible_chars_score?: Long,
|
|
1815
1895
|
encoded_content_detected?: Bool,
|
|
1816
1896
|
encoded_types?: Set<String>,
|
|
@@ -1867,7 +1947,7 @@ action upload_file appliesTo {
|
|
|
1867
1947
|
max_threat_severity: Long,
|
|
1868
1948
|
|
|
1869
1949
|
// --- Secrets Detection ---
|
|
1870
|
-
|
|
1950
|
+
secrets_detected: Bool,
|
|
1871
1951
|
secret_types?: Set<String>,
|
|
1872
1952
|
secret_count?: Long,
|
|
1873
1953
|
|
|
@@ -1875,7 +1955,7 @@ action upload_file appliesTo {
|
|
|
1875
1955
|
pii_detected?: Bool,
|
|
1876
1956
|
pii_types?: Set<String>,
|
|
1877
1957
|
pii_count?: Long,
|
|
1878
|
-
|
|
1958
|
+
pii_score?: Long,
|
|
1879
1959
|
|
|
1880
1960
|
// --- Content Safety Scores (0-100) ---
|
|
1881
1961
|
violence_score: Long,
|
|
@@ -1898,7 +1978,7 @@ action upload_file appliesTo {
|
|
|
1898
1978
|
phishing_detected?: Bool,
|
|
1899
1979
|
|
|
1900
1980
|
// --- Encoding Attacks ---
|
|
1901
|
-
|
|
1981
|
+
invisible_chars_detected?: Bool,
|
|
1902
1982
|
invisible_chars_score?: Long,
|
|
1903
1983
|
encoded_content_detected?: Bool,
|
|
1904
1984
|
encoded_types?: Set<String>,
|
|
@@ -1938,14 +2018,15 @@ export const AI_GATEWAY_CONTEXT = {
|
|
|
1938
2018
|
{ "key": "threat_categories", "type": "array", "required": false, "description": "Threat category names" },
|
|
1939
2019
|
{ "key": "detected_threats", "type": "array", "required": false, "description": "Detection rule names that matched" },
|
|
1940
2020
|
{ "key": "max_threat_severity", "type": "number", "required": false, "description": "Numeric severity (0-4)" },
|
|
1941
|
-
{ "key": "
|
|
2021
|
+
{ "key": "secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets/credentials detected" },
|
|
1942
2022
|
{ "key": "secret_types", "type": "array", "required": false, "description": "Types of secrets found" },
|
|
1943
2023
|
{ "key": "secret_count", "type": "number", "required": false, "description": "Number of distinct secrets" },
|
|
1944
2024
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII detected" },
|
|
1945
2025
|
{ "key": "pii_types", "type": "array", "required": false, "description": "Types of PII detected" },
|
|
1946
2026
|
{ "key": "pii_count", "type": "number", "required": false, "description": "Number of PII matches" },
|
|
1947
|
-
{ "key": "
|
|
1948
|
-
{ "key": "
|
|
2027
|
+
{ "key": "pii_score", "type": "number", "required": false, "description": "PII classifier confidence (0-100)" },
|
|
2028
|
+
{ "key": "injection_score", "type": "number", "required": false, "description": "Injection classifier confidence (0-100)" },
|
|
2029
|
+
{ "key": "jailbreak_score", "type": "number", "required": false, "description": "Jailbreak classifier confidence (0-100)" },
|
|
1949
2030
|
{ "key": "tool_poisoning_score", "type": "number", "required": false, "description": "Tool poisoning risk score (0-100)" },
|
|
1950
2031
|
{ "key": "tool_poisoning_detected", "type": "boolean", "required": false, "description": "Tool poisoning detected flag" },
|
|
1951
2032
|
{ "key": "rug_pull_score", "type": "number", "required": false, "description": "Rug pull risk score (0-100)" },
|
|
@@ -1962,13 +2043,26 @@ export const AI_GATEWAY_CONTEXT = {
|
|
|
1962
2043
|
{ "key": "crime_score", "type": "number", "required": false, "description": "Crime content score (0-100)" },
|
|
1963
2044
|
{ "key": "sexual_score", "type": "number", "required": false, "description": "Sexual content score (0-100)" },
|
|
1964
2045
|
{ "key": "profanity_score", "type": "number", "required": false, "description": "Profanity score (0-100)" },
|
|
1965
|
-
{ "key": "
|
|
2046
|
+
{ "key": "invisible_chars_detected", "type": "boolean", "required": false, "description": "Invisible Unicode chars detected" },
|
|
1966
2047
|
{ "key": "invisible_chars_score", "type": "number", "required": false, "description": "Unicode attack severity (0-100)" },
|
|
1967
2048
|
{ "key": "loop_detected", "type": "boolean", "required": false, "description": "Tool call loop detected" },
|
|
1968
2049
|
{ "key": "loop_count", "type": "number", "required": false, "description": "Consecutive repeat calls" },
|
|
1969
2050
|
{ "key": "suspicious_pattern", "type": "boolean", "required": false, "description": "Data exfiltration or attack sequence detected" },
|
|
1970
2051
|
{ "key": "pattern_type", "type": "string", "required": false, "description": "Pattern type" },
|
|
1971
|
-
{ "key": "sequence_risk", "type": "number", "required": false, "description": "Sequence risk score (0-100)" }
|
|
2052
|
+
{ "key": "sequence_risk", "type": "number", "required": false, "description": "Sequence risk score (0-100)" },
|
|
2053
|
+
{ "key": "session_threat_turns", "type": "number", "required": false, "description": "Count of turns with detected threats in this session" },
|
|
2054
|
+
{ "key": "session_cumulative_risk_score", "type": "number", "required": false, "description": "Cumulative risk score across session turns" },
|
|
2055
|
+
{ "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Injection seen in any prior turn of this session" },
|
|
2056
|
+
{ "key": "session_command_injection", "type": "boolean", "required": false, "description": "Command injection seen in any prior turn of this session" },
|
|
2057
|
+
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "PII seen in any prior turn of this session" },
|
|
2058
|
+
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types accumulated across session" },
|
|
2059
|
+
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Secrets seen in any prior turn of this session" },
|
|
2060
|
+
{ "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types accumulated across session" },
|
|
2061
|
+
{ "key": "session_max_injection_score", "type": "number", "required": false, "description": "Max injection score across session turns" },
|
|
2062
|
+
{ "key": "session_max_jailbreak_score", "type": "number", "required": false, "description": "Max jailbreak score across session turns" },
|
|
2063
|
+
{ "key": "session_max_command_injection_score", "type": "number", "required": false, "description": "Max command-injection score across session turns" },
|
|
2064
|
+
{ "key": "session_max_pii_score", "type": "number", "required": false, "description": "Max pii score across session turns" },
|
|
2065
|
+
{ "key": "session_max_secret_score", "type": "number", "required": false, "description": "Max secret score across session turns" }
|
|
1972
2066
|
]
|
|
1973
2067
|
},
|
|
1974
2068
|
{
|
|
@@ -1986,15 +2080,29 @@ export const AI_GATEWAY_CONTEXT = {
|
|
|
1986
2080
|
{ "key": "rug_pull_score", "type": "number", "required": false, "description": "Rug pull risk (0-100)" },
|
|
1987
2081
|
{ "key": "rug_pull_detected", "type": "boolean", "required": false, "description": "Rug pull detected" },
|
|
1988
2082
|
{ "key": "indirect_injection_score", "type": "number", "required": false, "description": "Indirect injection score (0-100)" },
|
|
1989
|
-
{ "key": "
|
|
2083
|
+
{ "key": "secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets/credentials detected" },
|
|
1990
2084
|
{ "key": "secret_types", "type": "array", "required": false, "description": "Types of secrets found" },
|
|
1991
2085
|
{ "key": "secret_count", "type": "number", "required": false, "description": "Number of distinct secrets" },
|
|
1992
2086
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII detected" },
|
|
1993
2087
|
{ "key": "pii_types", "type": "array", "required": false, "description": "Types of PII detected" },
|
|
1994
2088
|
{ "key": "pii_count", "type": "number", "required": false, "description": "Number of PII matches" },
|
|
2089
|
+
{ "key": "pii_score", "type": "number", "required": false, "description": "PII classifier confidence (0-100)" },
|
|
1995
2090
|
{ "key": "mcp_server_verified", "type": "boolean", "required": false, "description": "Verified registry status" },
|
|
1996
2091
|
{ "key": "mcp_config_risk", "type": "boolean", "required": false, "description": "Risky server config detected" },
|
|
1997
|
-
{ "key": "mcp_risk_score", "type": "number", "required": false, "description": "Config risk severity (0-100)" }
|
|
2092
|
+
{ "key": "mcp_risk_score", "type": "number", "required": false, "description": "Config risk severity (0-100)" },
|
|
2093
|
+
{ "key": "session_threat_turns", "type": "number", "required": false, "description": "Count of turns with detected threats in this session" },
|
|
2094
|
+
{ "key": "session_cumulative_risk_score", "type": "number", "required": false, "description": "Cumulative risk score across session turns" },
|
|
2095
|
+
{ "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Injection seen in any prior turn of this session" },
|
|
2096
|
+
{ "key": "session_command_injection", "type": "boolean", "required": false, "description": "Command injection seen in any prior turn of this session" },
|
|
2097
|
+
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "PII seen in any prior turn of this session" },
|
|
2098
|
+
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types accumulated across session" },
|
|
2099
|
+
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Secrets seen in any prior turn of this session" },
|
|
2100
|
+
{ "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types accumulated across session" },
|
|
2101
|
+
{ "key": "session_max_injection_score", "type": "number", "required": false, "description": "Max injection score across session turns" },
|
|
2102
|
+
{ "key": "session_max_jailbreak_score", "type": "number", "required": false, "description": "Max jailbreak score across session turns" },
|
|
2103
|
+
{ "key": "session_max_command_injection_score", "type": "number", "required": false, "description": "Max command-injection score across session turns" },
|
|
2104
|
+
{ "key": "session_max_pii_score", "type": "number", "required": false, "description": "Max pii score across session turns" },
|
|
2105
|
+
{ "key": "session_max_secret_score", "type": "number", "required": false, "description": "Max secret score across session turns" }
|
|
1998
2106
|
]
|
|
1999
2107
|
},
|
|
2000
2108
|
{
|
|
@@ -2008,24 +2116,38 @@ export const AI_GATEWAY_CONTEXT = {
|
|
|
2008
2116
|
{ "key": "threat_categories", "type": "array", "required": false, "description": "Threat category names" },
|
|
2009
2117
|
{ "key": "detected_threats", "type": "array", "required": false, "description": "Detection rule names that matched" },
|
|
2010
2118
|
{ "key": "max_threat_severity", "type": "number", "required": false, "description": "Numeric severity (0-4)" },
|
|
2011
|
-
{ "key": "
|
|
2119
|
+
{ "key": "secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets/credentials detected" },
|
|
2012
2120
|
{ "key": "secret_types", "type": "array", "required": false, "description": "Types of secrets found" },
|
|
2013
2121
|
{ "key": "secret_count", "type": "number", "required": false, "description": "Number of distinct secrets" },
|
|
2014
2122
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII detected" },
|
|
2015
2123
|
{ "key": "pii_types", "type": "array", "required": false, "description": "Types of PII detected" },
|
|
2016
2124
|
{ "key": "pii_count", "type": "number", "required": false, "description": "Number of PII matches" },
|
|
2017
|
-
{ "key": "
|
|
2018
|
-
{ "key": "
|
|
2125
|
+
{ "key": "pii_score", "type": "number", "required": false, "description": "PII classifier confidence (0-100)" },
|
|
2126
|
+
{ "key": "injection_score", "type": "number", "required": false, "description": "Injection classifier confidence (0-100)" },
|
|
2127
|
+
{ "key": "jailbreak_score", "type": "number", "required": false, "description": "Jailbreak classifier confidence (0-100)" },
|
|
2019
2128
|
{ "key": "violence_score", "type": "number", "required": false, "description": "Violence content score (0-100)" },
|
|
2020
2129
|
{ "key": "weapons_score", "type": "number", "required": false, "description": "Weapons content score (0-100)" },
|
|
2021
2130
|
{ "key": "hate_speech_score", "type": "number", "required": false, "description": "Hate speech score (0-100)" },
|
|
2022
2131
|
{ "key": "crime_score", "type": "number", "required": false, "description": "Crime content score (0-100)" },
|
|
2023
2132
|
{ "key": "sexual_score", "type": "number", "required": false, "description": "Sexual content score (0-100)" },
|
|
2024
2133
|
{ "key": "profanity_score", "type": "number", "required": false, "description": "Profanity score (0-100)" },
|
|
2025
|
-
{ "key": "
|
|
2134
|
+
{ "key": "invisible_chars_detected", "type": "boolean", "required": false, "description": "Invisible Unicode chars detected" },
|
|
2026
2135
|
{ "key": "invisible_chars_score", "type": "number", "required": false, "description": "Unicode attack severity (0-100)" },
|
|
2027
2136
|
{ "key": "model_name", "type": "string", "required": false, "description": "Target model name (e.g., gpt-4, claude-3-opus)" },
|
|
2028
|
-
{ "key": "model_provider", "type": "string", "required": false, "description": "Provider name (e.g., openai, anthropic, bedrock)" }
|
|
2137
|
+
{ "key": "model_provider", "type": "string", "required": false, "description": "Provider name (e.g., openai, anthropic, bedrock)" },
|
|
2138
|
+
{ "key": "session_threat_turns", "type": "number", "required": false, "description": "Count of turns with detected threats in this session" },
|
|
2139
|
+
{ "key": "session_cumulative_risk_score", "type": "number", "required": false, "description": "Cumulative risk score across session turns" },
|
|
2140
|
+
{ "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Injection seen in any prior turn of this session" },
|
|
2141
|
+
{ "key": "session_command_injection", "type": "boolean", "required": false, "description": "Command injection seen in any prior turn of this session" },
|
|
2142
|
+
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "PII seen in any prior turn of this session" },
|
|
2143
|
+
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types accumulated across session" },
|
|
2144
|
+
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Secrets seen in any prior turn of this session" },
|
|
2145
|
+
{ "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types accumulated across session" },
|
|
2146
|
+
{ "key": "session_max_injection_score", "type": "number", "required": false, "description": "Max injection score across session turns" },
|
|
2147
|
+
{ "key": "session_max_jailbreak_score", "type": "number", "required": false, "description": "Max jailbreak score across session turns" },
|
|
2148
|
+
{ "key": "session_max_command_injection_score", "type": "number", "required": false, "description": "Max command-injection score across session turns" },
|
|
2149
|
+
{ "key": "session_max_pii_score", "type": "number", "required": false, "description": "Max pii score across session turns" },
|
|
2150
|
+
{ "key": "session_max_secret_score", "type": "number", "required": false, "description": "Max secret score across session turns" }
|
|
2029
2151
|
]
|
|
2030
2152
|
},
|
|
2031
2153
|
{
|
|
@@ -2039,12 +2161,26 @@ export const AI_GATEWAY_CONTEXT = {
|
|
|
2039
2161
|
{ "key": "threat_categories", "type": "array", "required": false, "description": "Threat category names" },
|
|
2040
2162
|
{ "key": "detected_threats", "type": "array", "required": false, "description": "Detection rule names that matched" },
|
|
2041
2163
|
{ "key": "max_threat_severity", "type": "number", "required": false, "description": "Numeric severity (0-4)" },
|
|
2042
|
-
{ "key": "
|
|
2164
|
+
{ "key": "secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets/credentials detected" },
|
|
2043
2165
|
{ "key": "secret_types", "type": "array", "required": false, "description": "Types of secrets found" },
|
|
2044
2166
|
{ "key": "secret_count", "type": "number", "required": false, "description": "Number of distinct secrets" },
|
|
2045
2167
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII detected" },
|
|
2046
2168
|
{ "key": "pii_types", "type": "array", "required": false, "description": "Types of PII detected" },
|
|
2047
|
-
{ "key": "pii_count", "type": "number", "required": false, "description": "Number of PII matches" }
|
|
2169
|
+
{ "key": "pii_count", "type": "number", "required": false, "description": "Number of PII matches" },
|
|
2170
|
+
{ "key": "pii_score", "type": "number", "required": false, "description": "PII classifier confidence (0-100)" },
|
|
2171
|
+
{ "key": "session_threat_turns", "type": "number", "required": false, "description": "Count of turns with detected threats in this session" },
|
|
2172
|
+
{ "key": "session_cumulative_risk_score", "type": "number", "required": false, "description": "Cumulative risk score across session turns" },
|
|
2173
|
+
{ "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Injection seen in any prior turn of this session" },
|
|
2174
|
+
{ "key": "session_command_injection", "type": "boolean", "required": false, "description": "Command injection seen in any prior turn of this session" },
|
|
2175
|
+
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "PII seen in any prior turn of this session" },
|
|
2176
|
+
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types accumulated across session" },
|
|
2177
|
+
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Secrets seen in any prior turn of this session" },
|
|
2178
|
+
{ "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types accumulated across session" },
|
|
2179
|
+
{ "key": "session_max_injection_score", "type": "number", "required": false, "description": "Max injection score across session turns" },
|
|
2180
|
+
{ "key": "session_max_jailbreak_score", "type": "number", "required": false, "description": "Max jailbreak score across session turns" },
|
|
2181
|
+
{ "key": "session_max_command_injection_score", "type": "number", "required": false, "description": "Max command-injection score across session turns" },
|
|
2182
|
+
{ "key": "session_max_pii_score", "type": "number", "required": false, "description": "Max pii score across session turns" },
|
|
2183
|
+
{ "key": "session_max_secret_score", "type": "number", "required": false, "description": "Max secret score across session turns" }
|
|
2048
2184
|
]
|
|
2049
2185
|
},
|
|
2050
2186
|
{
|
|
@@ -2058,12 +2194,26 @@ export const AI_GATEWAY_CONTEXT = {
|
|
|
2058
2194
|
{ "key": "threat_categories", "type": "array", "required": false, "description": "Threat category names" },
|
|
2059
2195
|
{ "key": "detected_threats", "type": "array", "required": false, "description": "Detection rule names that matched" },
|
|
2060
2196
|
{ "key": "max_threat_severity", "type": "number", "required": false, "description": "Numeric severity (0-4)" },
|
|
2061
|
-
{ "key": "
|
|
2197
|
+
{ "key": "secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets/credentials detected" },
|
|
2062
2198
|
{ "key": "secret_types", "type": "array", "required": false, "description": "Types of secrets found" },
|
|
2063
2199
|
{ "key": "secret_count", "type": "number", "required": false, "description": "Number of distinct secrets" },
|
|
2064
2200
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII detected" },
|
|
2065
2201
|
{ "key": "pii_types", "type": "array", "required": false, "description": "Types of PII detected" },
|
|
2066
|
-
{ "key": "pii_count", "type": "number", "required": false, "description": "Number of PII matches" }
|
|
2202
|
+
{ "key": "pii_count", "type": "number", "required": false, "description": "Number of PII matches" },
|
|
2203
|
+
{ "key": "pii_score", "type": "number", "required": false, "description": "PII classifier confidence (0-100)" },
|
|
2204
|
+
{ "key": "session_threat_turns", "type": "number", "required": false, "description": "Count of turns with detected threats in this session" },
|
|
2205
|
+
{ "key": "session_cumulative_risk_score", "type": "number", "required": false, "description": "Cumulative risk score across session turns" },
|
|
2206
|
+
{ "key": "session_injection_detected", "type": "boolean", "required": false, "description": "Injection seen in any prior turn of this session" },
|
|
2207
|
+
{ "key": "session_command_injection", "type": "boolean", "required": false, "description": "Command injection seen in any prior turn of this session" },
|
|
2208
|
+
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "PII seen in any prior turn of this session" },
|
|
2209
|
+
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types accumulated across session" },
|
|
2210
|
+
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Secrets seen in any prior turn of this session" },
|
|
2211
|
+
{ "key": "session_secret_types", "type": "array", "required": false, "description": "Secret types accumulated across session" },
|
|
2212
|
+
{ "key": "session_max_injection_score", "type": "number", "required": false, "description": "Max injection score across session turns" },
|
|
2213
|
+
{ "key": "session_max_jailbreak_score", "type": "number", "required": false, "description": "Max jailbreak score across session turns" },
|
|
2214
|
+
{ "key": "session_max_command_injection_score", "type": "number", "required": false, "description": "Max command-injection score across session turns" },
|
|
2215
|
+
{ "key": "session_max_pii_score", "type": "number", "required": false, "description": "Max pii score across session turns" },
|
|
2216
|
+
{ "key": "session_max_secret_score", "type": "number", "required": false, "description": "Max secret score across session turns" }
|
|
2067
2217
|
]
|
|
2068
2218
|
}
|
|
2069
2219
|
]
|
|
@@ -2085,20 +2235,20 @@ export const GUARDRAILS_CONTEXT = {
|
|
|
2085
2235
|
{ "key": "direction", "type": "string", "required": true, "description": "Content flow direction: \'input\' for user prompts, \'output\' for AI responses. Use this to apply different policies to inputs vs outputs (e.g., block PII only in outputs)" },
|
|
2086
2236
|
{ "key": "content_type", "type": "string", "required": true, "description": "Type of content being analyzed: \'prompt\', \'response\', \'tool_call\', \'file\', or \'clipboard\'" },
|
|
2087
2237
|
{ "key": "detector_count", "type": "number", "required": true, "description": "Number of detectors that were executed for this request" },
|
|
2088
|
-
{ "key": "
|
|
2089
|
-
{ "key": "
|
|
2238
|
+
{ "key": "injection_score", "type": "number", "required": false, "description": "Combined prompt injection confidence (0-100). MAX of all detector scores (Pulse + DeepContext). Use injection_pulse_score / injection_deep_context_score for individual detector control" },
|
|
2239
|
+
{ "key": "jailbreak_score", "type": "number", "required": false, "description": "Combined jailbreak detection confidence (0-100). MAX of all detector scores (Pulse + DeepContext). Use jailbreak_pulse_score / jailbreak_deep_context_score for individual detector control" },
|
|
2090
2240
|
{ "key": "injection_pulse_score", "type": "number", "required": false, "description": "Highflame single-turn classifier score for prompt injection (0-100). Raw score from Pulse detector before combination with deep-context. Use for per-detector policy control" },
|
|
2091
2241
|
{ "key": "injection_deep_context_score", "type": "number", "required": false, "description": "DeepContext multi-turn analyzer score for prompt injection (0-100). Tracks injection patterns across conversation history. Generally higher confidence than single-turn" },
|
|
2092
2242
|
{ "key": "jailbreak_pulse_score", "type": "number", "required": false, "description": "Highflame single-turn classifier score for jailbreak attempts (0-100). Raw score from Pulse detector before combination with deep-context" },
|
|
2093
2243
|
{ "key": "jailbreak_deep_context_score", "type": "number", "required": false, "description": "DeepContext multi-turn analyzer score for jailbreak attempts (0-100). Detects jailbreak escalation patterns across conversation turns" },
|
|
2094
2244
|
{ "key": "injection_type", "type": "string", "required": false, "description": "Type of injection detected: \'prompt\', \'sql\', \'command\', or \'none\'. Use this to apply different policies per injection type" },
|
|
2095
|
-
{ "key": "
|
|
2245
|
+
{ "key": "secrets_detected", "type": "boolean", "required": false, "description": "Whether any API keys, tokens, passwords, or credentials were detected in the content. True indicates presence of secrets" },
|
|
2096
2246
|
{ "key": "secret_count", "type": "number", "required": false, "description": "Total number of secret matches found. Multiple matches may indicate data dumps or accidental credential exposure" },
|
|
2097
2247
|
{ "key": "secret_types", "type": "array", "required": false, "description": "Array of secret types found (e.g., [\'aws_access_key\', \'github_token\']). Use set operations like .contains() to check for specific types" },
|
|
2098
2248
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether personally identifiable information (PII) was found in the content. Commonly used to block PII in outputs to prevent data leakage" },
|
|
2099
2249
|
{ "key": "pii_count", "type": "number", "required": false, "description": "Total number of PII matches found (emails, phone numbers, SSNs, etc.)" },
|
|
2100
2250
|
{ "key": "pii_types", "type": "array", "required": false, "description": "Array of PII types detected (e.g., [\'email\', \'phone\', \'ssn\', \'credit_card\']). Use .contains() to block specific sensitive types" },
|
|
2101
|
-
{ "key": "
|
|
2251
|
+
{ "key": "pii_score", "type": "number", "required": false, "description": "PII detection ML classifier confidence (0-100). Catches novel PII patterns including names, addresses, and identifiers that regex rules may miss. Typical threshold: >=80 for high-confidence blocking" },
|
|
2102
2252
|
{ "key": "highest_severity", "type": "string", "required": false, "description": "Highest severity level across all detection engines: \'critical\', \'high\', \'medium\', \'low\', or \'none\'. Use for severity-based catch-all policies (e.g., block any content flagged as critical)" },
|
|
2103
2253
|
{ "key": "violence_score", "type": "number", "required": false, "description": "ML-based score for violent content references (0-100). Typical threshold: >90 for critical blocks, >60 for warnings" },
|
|
2104
2254
|
{ "key": "hate_speech_score", "type": "number", "required": false, "description": "ML-based score for hate speech, discriminatory language, or targeted harassment (0-100). Typical threshold: >75 for blocks" },
|
|
@@ -2108,7 +2258,7 @@ export const GUARDRAILS_CONTEXT = {
|
|
|
2108
2258
|
{ "key": "profanity_score", "type": "number", "required": false, "description": "ML-based score for profanity and vulgar language (0-100)" },
|
|
2109
2259
|
{ "key": "content_topics", "type": "array", "required": false, "description": "Semantic topics detected in content (e.g., [\'controlled_substances\', \'weapons_manufacturing\']). Use .contains() to block specific topics per application" },
|
|
2110
2260
|
{ "key": "topic_confidence", "type": "number", "required": false, "description": "Confidence score from topic classifier (0-100). Use with content_topics to tune sensitivity — higher thresholds reduce false positives" },
|
|
2111
|
-
{ "key": "
|
|
2261
|
+
{ "key": "invisible_chars_detected", "type": "boolean", "required": false, "description": "Whether invisible Unicode characters (zero-width joiners, RTL marks, etc.) were detected in the content. Commonly used for prompt injection evasion" },
|
|
2112
2262
|
{ "key": "invisible_chars_score", "type": "number", "required": false, "description": "Density score for invisible characters in the content (0-100). Higher scores indicate more invisible characters, suggesting evasion attempts" },
|
|
2113
2263
|
{ "key": "command_injection_detected", "type": "boolean", "required": false, "description": "Whether command injection patterns were detected in the content (reverse shells, privilege escalation, destructive commands)" },
|
|
2114
2264
|
{ "key": "command_injection_type", "type": "string", "required": false, "description": "Type of command injection: \'reverse_shell\', \'privilege_escalation\', \'code_execution\', \'destructive_command\', or \'data_exfiltration\'" },
|
|
@@ -2191,14 +2341,14 @@ export const GUARDRAILS_CONTEXT = {
|
|
|
2191
2341
|
{ "key": "budget_exceeded", "type": "boolean", "required": false, "description": "Whether the token budget has been exceeded. Use this to enforce cost controls on agentic sessions" },
|
|
2192
2342
|
{ "key": "content_topics", "type": "array", "required": false, "description": "Semantic topics detected in tool arguments or content (e.g., [\'controlled_substances\']). Use .contains() to restrict tool calls involving specific topics" },
|
|
2193
2343
|
{ "key": "topic_confidence", "type": "number", "required": false, "description": "Confidence score from topic classifier for tool content (0-100)" },
|
|
2194
|
-
{ "key": "
|
|
2344
|
+
{ "key": "secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in tool arguments or content" },
|
|
2195
2345
|
{ "key": "secret_count", "type": "number", "required": false, "description": "Total number of secret matches found in tool arguments or content. Multiple matches may indicate data dumps or accidental credential exposure" },
|
|
2196
2346
|
{ "key": "secret_types", "type": "array", "required": false, "description": "Array of secret types found in tool arguments" },
|
|
2197
2347
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in tool arguments or content" },
|
|
2198
2348
|
{ "key": "pii_types", "type": "array", "required": false, "description": "Array of PII types found in tool arguments" },
|
|
2199
2349
|
{ "key": "pii_count", "type": "number", "required": false, "description": "Number of PII pattern matches in tool arguments or content. Use >=3 to detect bulk PII exposure indicating data dumps or CSV pastes" },
|
|
2200
|
-
{ "key": "
|
|
2201
|
-
{ "key": "
|
|
2350
|
+
{ "key": "pii_score", "type": "number", "required": false, "description": "PII detection ML classifier confidence for tool content (0-100). Catches novel PII patterns that escape regex detection" },
|
|
2351
|
+
{ "key": "injection_score", "type": "number", "required": false, "description": "Combined prompt injection confidence in tool arguments (0-100). MAX of all detector scores (Pulse + DeepContext). Use injection_pulse_score / injection_deep_context_score for individual detector control" },
|
|
2202
2352
|
{ "key": "injection_pulse_score", "type": "number", "required": false, "description": "Highflame single-turn classifier score for prompt injection in tool arguments (0-100). Raw score from Pulse detector before combination with deep-context" },
|
|
2203
2353
|
{ "key": "injection_deep_context_score", "type": "number", "required": false, "description": "DeepContext multi-turn analyzer score for prompt injection in tool arguments (0-100). Tracks injection patterns across tool call history" },
|
|
2204
2354
|
{ "key": "command_injection_detected", "type": "boolean", "required": false, "description": "Whether command injection patterns were detected in tool arguments" },
|
|
@@ -2226,7 +2376,7 @@ export const GUARDRAILS_CONTEXT = {
|
|
|
2226
2376
|
{ "key": "encoded_count", "type": "number", "required": false, "description": "Number of encoded segments found in tool arguments" },
|
|
2227
2377
|
{ "key": "encoded_score", "type": "number", "required": false, "description": "Risk score for encoded injection in tool arguments (0-100)" },
|
|
2228
2378
|
{ "key": "path", "type": "string", "required": false, "description": "File path targeted by the tool call (if file operation). Use for path-based blocking of .env files, credential files, system directories, and credential directories" },
|
|
2229
|
-
{ "key": "
|
|
2379
|
+
{ "key": "invisible_chars_detected", "type": "boolean", "required": false, "description": "Whether invisible Unicode characters (zero-width, bidi overrides, tag characters) were detected in tool arguments. Tool args should be plain text — invisible chars indicate payload injection" },
|
|
2230
2380
|
{ "key": "invisible_chars_score", "type": "number", "required": false, "description": "Invisible character attack severity score in tool arguments (0-100)" },
|
|
2231
2381
|
{ "key": "indirect_injection_score", "type": "number", "required": false, "description": "Indirect prompt injection risk score (0-100) — injection via tool outputs, retrieved documents, or external content. Use >=70 for general blocking, >=50 for sensitive tools" },
|
|
2232
2382
|
{ "key": "indirect_injection_type", "type": "string", "required": false, "description": "Type of indirect injection detected in tool content (e.g., instruction override, authority hijack)" },
|
|
@@ -2260,7 +2410,7 @@ export const GUARDRAILS_CONTEXT = {
|
|
|
2260
2410
|
{ "key": "request_id", "type": "string", "required": true, "description": "Unique identifier for this request" },
|
|
2261
2411
|
{ "key": "timestamp", "type": "number", "required": true, "description": "Unix timestamp in milliseconds" },
|
|
2262
2412
|
{ "key": "path", "type": "string", "required": false, "description": "File path being read. Use for path-based access control policies (e.g., block .env files, system directories, credential directories)" },
|
|
2263
|
-
{ "key": "
|
|
2413
|
+
{ "key": "secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in the file content being read" },
|
|
2264
2414
|
{ "key": "secret_count", "type": "number", "required": false, "description": "Total number of secret matches found in file content. Multiple matches may indicate data dumps or accidental credential exposure" },
|
|
2265
2415
|
{ "key": "secret_types", "type": "array", "required": false, "description": "Array of secret types found in file content" },
|
|
2266
2416
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in the file content" },
|
|
@@ -2295,9 +2445,9 @@ export const GUARDRAILS_CONTEXT = {
|
|
|
2295
2445
|
{ "key": "request_id", "type": "string", "required": true, "description": "Unique identifier for this request" },
|
|
2296
2446
|
{ "key": "timestamp", "type": "number", "required": true, "description": "Unix timestamp in milliseconds" },
|
|
2297
2447
|
{ "key": "path", "type": "string", "required": false, "description": "File path being written. Use for path-based blocking policies (e.g., block writes to .env files, credential directories)" },
|
|
2298
|
-
{ "key": "
|
|
2448
|
+
{ "key": "invisible_chars_detected", "type": "boolean", "required": false, "description": "Whether invisible Unicode characters (zero-width, bidi overrides, tag characters) were detected in the content being written. Prevents persistence of invisible payloads in source code" },
|
|
2299
2449
|
{ "key": "invisible_chars_score", "type": "number", "required": false, "description": "Invisible character attack severity score (0-100) in write content" },
|
|
2300
|
-
{ "key": "
|
|
2450
|
+
{ "key": "secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in the content being written. Block writes containing credentials" },
|
|
2301
2451
|
{ "key": "secret_count", "type": "number", "required": false, "description": "Total number of secret matches found in write content. Multiple matches may indicate data dumps or accidental credential exposure" },
|
|
2302
2452
|
{ "key": "secret_types", "type": "array", "required": false, "description": "Array of secret types found in write content" },
|
|
2303
2453
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in the content being written" },
|
|
@@ -2387,13 +2537,13 @@ export const OVERWATCH_CONTEXT = {
|
|
|
2387
2537
|
{ "key": "threat_categories", "type": "array", "required": true, "description": "Threat category names from the detection aggregator" },
|
|
2388
2538
|
{ "key": "detected_threats", "type": "array", "required": true, "description": "Detection rule names that matched (e.g., prompt_injection, jailbreak, credit_card, secret_exposure)" },
|
|
2389
2539
|
{ "key": "max_threat_severity", "type": "number", "required": true, "description": "Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)" },
|
|
2390
|
-
{ "key": "
|
|
2540
|
+
{ "key": "secrets_detected", "type": "boolean", "required": true, "description": "Whether secrets or credentials were detected" },
|
|
2391
2541
|
{ "key": "secret_types", "type": "array", "required": false, "description": "Specific secret types found: aws_access_key, github_token, ssh_private_key, api_key, etc." },
|
|
2392
2542
|
{ "key": "secret_count", "type": "number", "required": false, "description": "Number of distinct secrets detected" },
|
|
2393
2543
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether any PII patterns were matched" },
|
|
2394
2544
|
{ "key": "pii_types", "type": "array", "required": false, "description": "Specific PII types found: ssn, credit_card, email, phone, medical_record, etc." },
|
|
2395
2545
|
{ "key": "pii_count", "type": "number", "required": false, "description": "Number of PII pattern matches" },
|
|
2396
|
-
{ "key": "
|
|
2546
|
+
{ "key": "invisible_chars_detected", "type": "boolean", "required": false, "description": "Whether invisible Unicode characters (zero-width, bidi overrides, tag chars) were detected" },
|
|
2397
2547
|
{ "key": "invisible_chars_score", "type": "number", "required": false, "description": "Invisible character attack severity score (0-100)" },
|
|
2398
2548
|
{ "key": "prompt_text", "type": "string", "required": false, "description": "Same as content (backward compatibility)" },
|
|
2399
2549
|
{ "key": "response_content", "type": "string", "required": false, "description": "Response content from AI (if available)" },
|
|
@@ -2403,9 +2553,9 @@ export const OVERWATCH_CONTEXT = {
|
|
|
2403
2553
|
{ "key": "crime_score", "type": "number", "required": true, "description": "Criminal content detection score (0-100)" },
|
|
2404
2554
|
{ "key": "sexual_score", "type": "number", "required": true, "description": "Sexual content detection score (0-100)" },
|
|
2405
2555
|
{ "key": "profanity_score", "type": "number", "required": true, "description": "Profanity detection score (0-100)" },
|
|
2406
|
-
{ "key": "
|
|
2407
|
-
{ "key": "
|
|
2408
|
-
{ "key": "
|
|
2556
|
+
{ "key": "pii_score", "type": "number", "required": true, "description": "PII detection ML classifier confidence (0-100)" },
|
|
2557
|
+
{ "key": "injection_score", "type": "number", "required": true, "description": "Combined prompt injection confidence (0-100). MAX of all detector scores (Pulse + DeepContext). Use injection_pulse_score / injection_deep_context_score for individual detector control" },
|
|
2558
|
+
{ "key": "jailbreak_score", "type": "number", "required": true, "description": "Combined jailbreak detection confidence (0-100). MAX of all detector scores (Pulse + DeepContext). Use jailbreak_pulse_score / jailbreak_deep_context_score for individual detector control" },
|
|
2409
2559
|
{ "key": "injection_pulse_score", "type": "number", "required": false, "description": "Highflame single-turn classifier score for prompt injection (0-100). Raw score from Pulse detector before combination with deep-context. Use for per-detector policy control" },
|
|
2410
2560
|
{ "key": "injection_deep_context_score", "type": "number", "required": false, "description": "DeepContext multi-turn analyzer score for prompt injection (0-100). Tracks injection patterns across conversation history. Generally higher confidence than single-turn" },
|
|
2411
2561
|
{ "key": "jailbreak_pulse_score", "type": "number", "required": false, "description": "Highflame single-turn classifier score for jailbreak attempts (0-100). Raw score from Pulse detector before combination with deep-context" },
|
|
@@ -2445,13 +2595,13 @@ export const OVERWATCH_CONTEXT = {
|
|
|
2445
2595
|
{ "key": "threat_categories", "type": "array", "required": false, "description": "Threat category names from the detection aggregator" },
|
|
2446
2596
|
{ "key": "detected_threats", "type": "array", "required": false, "description": "Detection rule names that matched" },
|
|
2447
2597
|
{ "key": "max_threat_severity", "type": "number", "required": false, "description": "Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)" },
|
|
2448
|
-
{ "key": "
|
|
2598
|
+
{ "key": "secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets or credentials were detected" },
|
|
2449
2599
|
{ "key": "secret_types", "type": "array", "required": false, "description": "Specific secret types found" },
|
|
2450
2600
|
{ "key": "secret_count", "type": "number", "required": false, "description": "Number of distinct secrets detected" },
|
|
2451
2601
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether any PII patterns were matched" },
|
|
2452
2602
|
{ "key": "pii_types", "type": "array", "required": false, "description": "Specific PII types found" },
|
|
2453
2603
|
{ "key": "pii_count", "type": "number", "required": false, "description": "Number of PII pattern matches" },
|
|
2454
|
-
{ "key": "
|
|
2604
|
+
{ "key": "invisible_chars_detected", "type": "boolean", "required": false, "description": "Whether invisible Unicode characters were detected" },
|
|
2455
2605
|
{ "key": "invisible_chars_score", "type": "number", "required": false, "description": "Invisible character attack severity score (0-100)" },
|
|
2456
2606
|
{ "key": "response_content", "type": "string", "required": false, "description": "Response content from AI (if available)" },
|
|
2457
2607
|
{ "key": "violence_score", "type": "number", "required": false, "description": "Violence content detection score (0-100)" },
|
|
@@ -2460,9 +2610,9 @@ export const OVERWATCH_CONTEXT = {
|
|
|
2460
2610
|
{ "key": "crime_score", "type": "number", "required": false, "description": "Criminal content detection score (0-100)" },
|
|
2461
2611
|
{ "key": "sexual_score", "type": "number", "required": false, "description": "Sexual content detection score (0-100)" },
|
|
2462
2612
|
{ "key": "profanity_score", "type": "number", "required": false, "description": "Profanity detection score (0-100)" },
|
|
2463
|
-
{ "key": "
|
|
2464
|
-
{ "key": "
|
|
2465
|
-
{ "key": "
|
|
2613
|
+
{ "key": "pii_score", "type": "number", "required": false, "description": "PII detection ML classifier confidence (0-100)" },
|
|
2614
|
+
{ "key": "injection_score", "type": "number", "required": false, "description": "Combined prompt injection confidence (0-100). MAX of all detector scores (Pulse + DeepContext). Use injection_pulse_score / injection_deep_context_score for individual detector control" },
|
|
2615
|
+
{ "key": "jailbreak_score", "type": "number", "required": false, "description": "Combined jailbreak detection confidence (0-100). MAX of all detector scores (Pulse + DeepContext). Use jailbreak_pulse_score / jailbreak_deep_context_score for individual detector control" },
|
|
2466
2616
|
{ "key": "injection_pulse_score", "type": "number", "required": false, "description": "Highflame single-turn classifier score for prompt injection in tool arguments (0-100). Raw score from Pulse detector before combination with deep-context" },
|
|
2467
2617
|
{ "key": "injection_deep_context_score", "type": "number", "required": false, "description": "DeepContext multi-turn analyzer score for prompt injection in tool arguments (0-100). Tracks injection patterns across tool call history" },
|
|
2468
2618
|
{ "key": "jailbreak_pulse_score", "type": "number", "required": false, "description": "Highflame single-turn classifier score for jailbreak in tool arguments (0-100). Raw score from Pulse detector before combination with deep-context" },
|
|
@@ -2511,7 +2661,7 @@ export const OVERWATCH_CONTEXT = {
|
|
|
2511
2661
|
{ "key": "highest_severity", "type": "string", "required": false, "description": "Highest severity level: critical, high, medium, low, none" },
|
|
2512
2662
|
{ "key": "threat_categories", "type": "array", "required": false, "description": "Threat category names from the detection aggregator" },
|
|
2513
2663
|
{ "key": "max_threat_severity", "type": "number", "required": false, "description": "Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)" },
|
|
2514
|
-
{ "key": "
|
|
2664
|
+
{ "key": "invisible_chars_detected", "type": "boolean", "required": false, "description": "Whether invisible Unicode characters were detected in server data" },
|
|
2515
2665
|
{ "key": "tool_poisoning_score", "type": "number", "required": false, "description": "Tool description manipulation risk score (0-100) — poisoned tool descriptions in server" },
|
|
2516
2666
|
{ "key": "tool_poisoning_detected", "type": "boolean", "required": false, "description": "Whether tool poisoning patterns were explicitly detected" },
|
|
2517
2667
|
{ "key": "rug_pull_score", "type": "number", "required": false, "description": "Server behavioral drift score (0-100) — behavior change after approval" },
|
|
@@ -2551,7 +2701,7 @@ export const OVERWATCH_CONTEXT = {
|
|
|
2551
2701
|
{ "key": "threat_categories", "type": "array", "required": false, "description": "Threat category names from the detection aggregator" },
|
|
2552
2702
|
{ "key": "detected_threats", "type": "array", "required": false, "description": "Detection rule names that matched" },
|
|
2553
2703
|
{ "key": "max_threat_severity", "type": "number", "required": false, "description": "Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)" },
|
|
2554
|
-
{ "key": "
|
|
2704
|
+
{ "key": "secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets or credentials were detected in file content" },
|
|
2555
2705
|
{ "key": "secret_types", "type": "array", "required": false, "description": "Specific secret types found in file" },
|
|
2556
2706
|
{ "key": "secret_count", "type": "number", "required": false, "description": "Number of distinct secrets detected in file" },
|
|
2557
2707
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether any PII patterns were matched in file content" },
|
|
@@ -2588,13 +2738,13 @@ export const OVERWATCH_CONTEXT = {
|
|
|
2588
2738
|
{ "key": "threat_categories", "type": "array", "required": false, "description": "Threat category names from the detection aggregator" },
|
|
2589
2739
|
{ "key": "detected_threats", "type": "array", "required": false, "description": "Detection rule names that matched" },
|
|
2590
2740
|
{ "key": "max_threat_severity", "type": "number", "required": false, "description": "Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)" },
|
|
2591
|
-
{ "key": "
|
|
2741
|
+
{ "key": "secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets or credentials were detected in content being written" },
|
|
2592
2742
|
{ "key": "secret_types", "type": "array", "required": false, "description": "Specific secret types found" },
|
|
2593
2743
|
{ "key": "secret_count", "type": "number", "required": false, "description": "Number of distinct secrets detected" },
|
|
2594
2744
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether any PII patterns were matched in content being written" },
|
|
2595
2745
|
{ "key": "pii_types", "type": "array", "required": false, "description": "Specific PII types found" },
|
|
2596
2746
|
{ "key": "pii_count", "type": "number", "required": false, "description": "Number of PII pattern matches" },
|
|
2597
|
-
{ "key": "
|
|
2747
|
+
{ "key": "invisible_chars_detected", "type": "boolean", "required": false, "description": "Whether invisible Unicode characters were detected in content being written" },
|
|
2598
2748
|
{ "key": "session_pii_detected", "type": "boolean", "required": false, "description": "Whether PII was detected in any previous turn of the session" },
|
|
2599
2749
|
{ "key": "session_pii_types", "type": "array", "required": false, "description": "PII types detected across the session (accumulated)" },
|
|
2600
2750
|
{ "key": "session_secrets_detected", "type": "boolean", "required": false, "description": "Whether secrets were detected in any previous turn of the session" },
|
|
@@ -2733,13 +2883,13 @@ export const SENTRY_CONTEXT = {
|
|
|
2733
2883
|
{ "key": "threat_categories", "type": "array", "required": true, "description": "Threat category names from the detection aggregator" },
|
|
2734
2884
|
{ "key": "detected_threats", "type": "array", "required": true, "description": "Detection rule names that matched (e.g., prompt_injection, credit_card, secret_exposure)" },
|
|
2735
2885
|
{ "key": "max_threat_severity", "type": "number", "required": true, "description": "Numeric severity (0=none, 1=low, 2=medium, 3=high, 4=critical)" },
|
|
2736
|
-
{ "key": "
|
|
2886
|
+
{ "key": "secrets_detected", "type": "boolean", "required": true, "description": "Whether secrets or credentials were detected in the message" },
|
|
2737
2887
|
{ "key": "secret_types", "type": "array", "required": false, "description": "Specific secret types: aws_access_key, aws_secret_key, github_token, github_fine_grained, slack_token, gcp_service_account, gcp_api_key, azure_connection_string, private_key, jwt_token, generic_api_key, stripe_key, openai_key, anthropic_key" },
|
|
2738
2888
|
{ "key": "secret_count", "type": "number", "required": false, "description": "Number of distinct secrets detected" },
|
|
2739
2889
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether any PII patterns were matched" },
|
|
2740
2890
|
{ "key": "pii_types", "type": "array", "required": false, "description": "Specific PII types: ssn, credit_card, email, phone_us, ip_address, date_of_birth, passport, iban, aws_key, api_key_generic" },
|
|
2741
2891
|
{ "key": "pii_count", "type": "number", "required": false, "description": "Number of PII pattern matches" },
|
|
2742
|
-
{ "key": "
|
|
2892
|
+
{ "key": "pii_score", "type": "number", "required": false, "description": "PII detection confidence (0-100). Fixed 80 when regex PII detected, else 0" },
|
|
2743
2893
|
{ "key": "violence_score", "type": "number", "required": true, "description": "Violence content detection score (0-100, from ToxicityDetector)" },
|
|
2744
2894
|
{ "key": "weapons_score", "type": "number", "required": true, "description": "Weapons content detection score (0-100)" },
|
|
2745
2895
|
{ "key": "hate_speech_score", "type": "number", "required": true, "description": "Hate speech detection score (0-100)" },
|
|
@@ -2750,7 +2900,7 @@ export const SENTRY_CONTEXT = {
|
|
|
2750
2900
|
{ "key": "jailbreak_score", "type": "number", "required": true, "description": "Jailbreak detection score (0-100, max of JailbreakDetector + DeepContextDetector)" },
|
|
2751
2901
|
{ "key": "content_topics", "type": "array", "required": false, "description": "Detected topics from TopicDetector: controlled_substances, weapons_manufacturing, etc." },
|
|
2752
2902
|
{ "key": "topic_confidence", "type": "number", "required": false, "description": "Topic classifier confidence (0-100)" },
|
|
2753
|
-
{ "key": "
|
|
2903
|
+
{ "key": "invisible_chars_detected", "type": "boolean", "required": false, "description": "Whether invisible Unicode characters (zero-width, bidi overrides, tag chars) were detected" },
|
|
2754
2904
|
{ "key": "invisible_chars_score", "type": "number", "required": false, "description": "Invisible character attack severity score (0-100)" },
|
|
2755
2905
|
{ "key": "encoded_content_detected", "type": "boolean", "required": false, "description": "Whether encoded content (base64, hex, unicode, URL) was detected" },
|
|
2756
2906
|
{ "key": "encoded_types", "type": "array", "required": false, "description": "Encoding types detected: base64, hex, unicode, url" },
|
|
@@ -2792,13 +2942,13 @@ export const SENTRY_CONTEXT = {
|
|
|
2792
2942
|
{ "key": "threat_categories", "type": "array", "required": true, "description": "Threat category names" },
|
|
2793
2943
|
{ "key": "detected_threats", "type": "array", "required": true, "description": "Detection rule names that matched" },
|
|
2794
2944
|
{ "key": "max_threat_severity", "type": "number", "required": true, "description": "Numeric severity (0-4)" },
|
|
2795
|
-
{ "key": "
|
|
2945
|
+
{ "key": "secrets_detected", "type": "boolean", "required": true, "description": "Whether secrets detected in AI response" },
|
|
2796
2946
|
{ "key": "secret_types", "type": "array", "required": false, "description": "Secret types in response" },
|
|
2797
2947
|
{ "key": "secret_count", "type": "number", "required": false, "description": "Number of secrets in response" },
|
|
2798
2948
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII detected in response" },
|
|
2799
2949
|
{ "key": "pii_types", "type": "array", "required": false, "description": "PII types in response" },
|
|
2800
2950
|
{ "key": "pii_count", "type": "number", "required": false, "description": "Number of PII matches in response" },
|
|
2801
|
-
{ "key": "
|
|
2951
|
+
{ "key": "pii_score", "type": "number", "required": false, "description": "PII detection confidence (0-100)" },
|
|
2802
2952
|
{ "key": "violence_score", "type": "number", "required": true, "description": "Violence score (0-100)" },
|
|
2803
2953
|
{ "key": "weapons_score", "type": "number", "required": true, "description": "Weapons score (0-100)" },
|
|
2804
2954
|
{ "key": "hate_speech_score", "type": "number", "required": true, "description": "Hate speech score (0-100)" },
|
|
@@ -2839,13 +2989,13 @@ export const SENTRY_CONTEXT = {
|
|
|
2839
2989
|
{ "key": "threat_categories", "type": "array", "required": true, "description": "Threat category names" },
|
|
2840
2990
|
{ "key": "detected_threats", "type": "array", "required": true, "description": "Detection rule names that matched" },
|
|
2841
2991
|
{ "key": "max_threat_severity", "type": "number", "required": true, "description": "Numeric severity (0-4)" },
|
|
2842
|
-
{ "key": "
|
|
2992
|
+
{ "key": "secrets_detected", "type": "boolean", "required": true, "description": "Whether secrets detected in pasted content" },
|
|
2843
2993
|
{ "key": "secret_types", "type": "array", "required": false, "description": "Secret types in pasted content" },
|
|
2844
2994
|
{ "key": "secret_count", "type": "number", "required": false, "description": "Number of secrets" },
|
|
2845
2995
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII detected in pasted content" },
|
|
2846
2996
|
{ "key": "pii_types", "type": "array", "required": false, "description": "PII types in pasted content" },
|
|
2847
2997
|
{ "key": "pii_count", "type": "number", "required": false, "description": "PII match count" },
|
|
2848
|
-
{ "key": "
|
|
2998
|
+
{ "key": "pii_score", "type": "number", "required": false, "description": "PII detection confidence (0-100)" },
|
|
2849
2999
|
{ "key": "violence_score", "type": "number", "required": true, "description": "Violence score (0-100)" },
|
|
2850
3000
|
{ "key": "weapons_score", "type": "number", "required": true, "description": "Weapons score (0-100)" },
|
|
2851
3001
|
{ "key": "hate_speech_score", "type": "number", "required": true, "description": "Hate speech score (0-100)" },
|
|
@@ -2857,7 +3007,7 @@ export const SENTRY_CONTEXT = {
|
|
|
2857
3007
|
{ "key": "contains_code", "type": "boolean", "required": false, "description": "Whether pasted content contains code" },
|
|
2858
3008
|
{ "key": "code_languages", "type": "array", "required": false, "description": "Code languages in pasted content" },
|
|
2859
3009
|
{ "key": "code_ratio", "type": "number", "required": false, "description": "Code ratio (0-100)" },
|
|
2860
|
-
{ "key": "
|
|
3010
|
+
{ "key": "invisible_chars_detected", "type": "boolean", "required": false, "description": "Whether invisible Unicode characters detected" },
|
|
2861
3011
|
{ "key": "invisible_chars_score", "type": "number", "required": false, "description": "Invisible chars severity (0-100)" },
|
|
2862
3012
|
{ "key": "encoded_content_detected", "type": "boolean", "required": false, "description": "Whether encoded content detected" },
|
|
2863
3013
|
{ "key": "encoded_types", "type": "array", "required": false, "description": "Encoding types" },
|
|
@@ -2898,13 +3048,13 @@ export const SENTRY_CONTEXT = {
|
|
|
2898
3048
|
{ "key": "threat_categories", "type": "array", "required": true, "description": "Threat category names" },
|
|
2899
3049
|
{ "key": "detected_threats", "type": "array", "required": true, "description": "Detection rule names that matched" },
|
|
2900
3050
|
{ "key": "max_threat_severity", "type": "number", "required": true, "description": "Numeric severity (0-4)" },
|
|
2901
|
-
{ "key": "
|
|
3051
|
+
{ "key": "secrets_detected", "type": "boolean", "required": true, "description": "Whether secrets detected in file content" },
|
|
2902
3052
|
{ "key": "secret_types", "type": "array", "required": false, "description": "Secret types in file" },
|
|
2903
3053
|
{ "key": "secret_count", "type": "number", "required": false, "description": "Number of secrets" },
|
|
2904
3054
|
{ "key": "pii_detected", "type": "boolean", "required": false, "description": "Whether PII detected in file" },
|
|
2905
3055
|
{ "key": "pii_types", "type": "array", "required": false, "description": "PII types in file" },
|
|
2906
3056
|
{ "key": "pii_count", "type": "number", "required": false, "description": "PII match count" },
|
|
2907
|
-
{ "key": "
|
|
3057
|
+
{ "key": "pii_score", "type": "number", "required": false, "description": "PII confidence (0-100)" },
|
|
2908
3058
|
{ "key": "violence_score", "type": "number", "required": true, "description": "Violence score (0-100)" },
|
|
2909
3059
|
{ "key": "weapons_score", "type": "number", "required": true, "description": "Weapons score (0-100)" },
|
|
2910
3060
|
{ "key": "hate_speech_score", "type": "number", "required": true, "description": "Hate speech score (0-100)" },
|
|
@@ -2917,7 +3067,7 @@ export const SENTRY_CONTEXT = {
|
|
|
2917
3067
|
{ "key": "code_languages", "type": "array", "required": false, "description": "Code languages in file" },
|
|
2918
3068
|
{ "key": "code_ratio", "type": "number", "required": false, "description": "Code ratio (0-100)" },
|
|
2919
3069
|
{ "key": "phishing_detected", "type": "boolean", "required": false, "description": "Whether phishing URLs detected in file" },
|
|
2920
|
-
{ "key": "
|
|
3070
|
+
{ "key": "invisible_chars_detected", "type": "boolean", "required": false, "description": "Whether invisible chars detected in file" },
|
|
2921
3071
|
{ "key": "invisible_chars_score", "type": "number", "required": false, "description": "Invisible chars severity (0-100)" },
|
|
2922
3072
|
{ "key": "encoded_content_detected", "type": "boolean", "required": false, "description": "Whether encoded content detected in file" },
|
|
2923
3073
|
{ "key": "encoded_types", "type": "array", "required": false, "description": "Encoding types in file" },
|