@highflame/policy 2.1.4 → 2.1.6

package/_schemas/overwatch/schema.cedarschema

@@ -120,8 +120,12 @@ action process_prompt appliesTo {
 
     // --- ML Detector Confidence Scores (0-100) ---
     pii_confidence: Long,             // PII detection classifier confidence
-    injection_confidence: Long,       // Prompt injection classifier confidence
-    jailbreak_confidence: Long,       // Jailbreak detection classifier confidence
+    injection_confidence: Long,       // Combined injection confidence: MAX(pulse, deep_context)
+    jailbreak_confidence: Long,       // Combined jailbreak confidence: MAX(pulse, deep_context)
+    injection_pulse_score?: Long,     // 0-100 Pulse single-turn classifier
+    injection_deep_context_score?: Long, // 0-100 DeepContext multi-turn
+    jailbreak_pulse_score?: Long,     // 0-100 Pulse single-turn classifier
+    jailbreak_deep_context_score?: Long, // 0-100 DeepContext multi-turn
 
     // --- Agent Security (0-100) ---
     indirect_injection_score: Long,   // Indirect prompt injection risk (OWASP LLM01, ASI01)
@@ -134,6 +138,12 @@ action process_prompt appliesTo {
     session_injection_detected?: Bool,
     session_command_injection?: Bool,
     session_threat_turns?: Long,
+    session_max_injection_score?: Long,
+    session_max_jailbreak_score?: Long,
+    session_max_command_injection_score?: Long,
+    session_max_pii_score?: Long,
+    session_max_secret_score?: Long,
+    session_cumulative_risk_score?: Long,
 
     // --- Legacy ---
     prompt_text?: String,             // Same as content (backward compatibility)
@@ -196,8 +206,12 @@ action call_tool appliesTo {
 
     // --- ML Detector Confidence Scores (0-100) ---
     pii_confidence?: Long,
-    injection_confidence?: Long,
-    jailbreak_confidence?: Long,
+    injection_confidence?: Long,      // Combined injection confidence: MAX(pulse, deep_context)
+    jailbreak_confidence?: Long,      // Combined jailbreak confidence: MAX(pulse, deep_context)
+    injection_pulse_score?: Long,     // 0-100 Pulse single-turn classifier
+    injection_deep_context_score?: Long, // 0-100 DeepContext multi-turn
+    jailbreak_pulse_score?: Long,     // 0-100 Pulse single-turn classifier
+    jailbreak_deep_context_score?: Long, // 0-100 DeepContext multi-turn
 
     // --- Agent Security (0-100) --- (OWASP ASI01, ASI02, ASI04; MITRE AML.T0051)
     tool_poisoning_score?: Long,      // Hidden instructions in tool description/args
@@ -231,6 +245,12 @@ action call_tool appliesTo {
     session_injection_detected?: Bool,
     session_command_injection?: Bool,
     session_threat_turns?: Long,
+    session_max_injection_score?: Long,
+    session_max_jailbreak_score?: Long,
+    session_max_command_injection_score?: Long,
+    session_max_pii_score?: Long,
+    session_max_secret_score?: Long,
+    session_cumulative_risk_score?: Long,
 
     // --- Legacy ---
     response_content?: String,
@@ -275,6 +295,12 @@ action connect_server appliesTo {
     session_injection_detected?: Bool,
     session_command_injection?: Bool,
     session_threat_turns?: Long,
+    session_max_injection_score?: Long,
+    session_max_jailbreak_score?: Long,
+    session_max_command_injection_score?: Long,
+    session_max_pii_score?: Long,
+    session_max_secret_score?: Long,
+    session_cumulative_risk_score?: Long,
   },
 };
 
@@ -317,6 +343,12 @@ action read_file appliesTo {
     session_injection_detected?: Bool,
     session_command_injection?: Bool,
     session_threat_turns?: Long,
+    session_max_injection_score?: Long,
+    session_max_jailbreak_score?: Long,
+    session_max_command_injection_score?: Long,
+    session_max_pii_score?: Long,
+    session_max_secret_score?: Long,
+    session_cumulative_risk_score?: Long,
   },
 };
 
@@ -359,6 +391,12 @@ action write_file appliesTo {
     session_injection_detected?: Bool,
     session_command_injection?: Bool,
     session_threat_turns?: Long,
+    session_max_injection_score?: Long,
+    session_max_jailbreak_score?: Long,
+    session_max_command_injection_score?: Long,
+    session_max_pii_score?: Long,
+    session_max_secret_score?: Long,
+    session_cumulative_risk_score?: Long,
   },
 };
 

package/dist/guardrails-context.gen.d.ts

@@ -5,6 +5,11 @@
  * Guardrails Cedar schema and are used at policy evaluation time.
  */
 export declare const GuardrailsContextKey: {
+    readonly AgentFramework: "agent_framework";
+    readonly AgentId: "agent_id";
+    readonly AgentPublisher: "agent_publisher";
+    readonly AgentTrustLevel: "agent_trust_level";
+    readonly AgentType: "agent_type";
     readonly BudgetExceeded: "budget_exceeded";
     readonly BudgetRemainingPct: "budget_remaining_pct";
     readonly CodeLanguages: "code_languages";
@@ -36,12 +41,16 @@ export declare const GuardrailsContextKey: {
     readonly FactualityScore: "factuality_score";
     readonly HallucinationScore: "hallucination_score";
     readonly HateSpeechScore: "hate_speech_score";
-    readonly InjectionScore: "injection_score";
+    readonly InjectionConfidence: "injection_confidence";
+    readonly InjectionDeepContextScore: "injection_deep_context_score";
+    readonly InjectionPulseScore: "injection_pulse_score";
     readonly InjectionType: "injection_type";
     readonly InvisibleCharsScore: "invisible_chars_score";
     readonly IsEnglish: "is_english";
     readonly IsLatinScript: "is_latin_script";
-    readonly JailbreakScore: "jailbreak_score";
+    readonly JailbreakConfidence: "jailbreak_confidence";
+    readonly JailbreakDeepContextScore: "jailbreak_deep_context_score";
+    readonly JailbreakPulseScore: "jailbreak_pulse_score";
     readonly KeywordCategories: "keyword_categories";
     readonly KeywordCount: "keyword_count";
     readonly KeywordMatched: "keyword_matched";
@@ -74,6 +83,19 @@ export declare const GuardrailsContextKey: {
     readonly SecretTypes: "secret_types";
     readonly SentimentScore: "sentiment_score";
     readonly SequenceRisk: "sequence_risk";
+    readonly SessionCommandInjection: "session_command_injection";
+    readonly SessionCumulativeRiskScore: "session_cumulative_risk_score";
+    readonly SessionInjectionDetected: "session_injection_detected";
+    readonly SessionMaxCommandInjectionScore: "session_max_command_injection_score";
+    readonly SessionMaxInjectionScore: "session_max_injection_score";
+    readonly SessionMaxJailbreakScore: "session_max_jailbreak_score";
+    readonly SessionMaxPiiScore: "session_max_pii_score";
+    readonly SessionMaxSecretScore: "session_max_secret_score";
+    readonly SessionPiiDetected: "session_pii_detected";
+    readonly SessionPiiTypes: "session_pii_types";
+    readonly SessionSecretTypes: "session_secret_types";
+    readonly SessionSecretsDetected: "session_secrets_detected";
+    readonly SessionThreatTurns: "session_threat_turns";
     readonly SexualScore: "sexual_score";
     readonly SqlInjectionDetected: "sql_injection_detected";
     readonly SqlInjectionScore: "sql_injection_score";

package/dist/guardrails-context.gen.js

@@ -7,6 +7,11 @@
  * Guardrails Cedar schema and are used at policy evaluation time.
  */
 export const GuardrailsContextKey = {
+    AgentFramework: 'agent_framework',
+    AgentId: 'agent_id',
+    AgentPublisher: 'agent_publisher',
+    AgentTrustLevel: 'agent_trust_level',
+    AgentType: 'agent_type',
     BudgetExceeded: 'budget_exceeded',
     BudgetRemainingPct: 'budget_remaining_pct',
     CodeLanguages: 'code_languages',
@@ -38,12 +43,16 @@ export const GuardrailsContextKey = {
     FactualityScore: 'factuality_score',
     HallucinationScore: 'hallucination_score',
     HateSpeechScore: 'hate_speech_score',
-    InjectionScore: 'injection_score',
+    InjectionConfidence: 'injection_confidence',
+    InjectionDeepContextScore: 'injection_deep_context_score',
+    InjectionPulseScore: 'injection_pulse_score',
     InjectionType: 'injection_type',
     InvisibleCharsScore: 'invisible_chars_score',
     IsEnglish: 'is_english',
     IsLatinScript: 'is_latin_script',
-    JailbreakScore: 'jailbreak_score',
+    JailbreakConfidence: 'jailbreak_confidence',
+    JailbreakDeepContextScore: 'jailbreak_deep_context_score',
+    JailbreakPulseScore: 'jailbreak_pulse_score',
     KeywordCategories: 'keyword_categories',
     KeywordCount: 'keyword_count',
     KeywordMatched: 'keyword_matched',
@@ -76,6 +85,19 @@ export const GuardrailsContextKey = {
     SecretTypes: 'secret_types',
     SentimentScore: 'sentiment_score',
     SequenceRisk: 'sequence_risk',
+    SessionCommandInjection: 'session_command_injection',
+    SessionCumulativeRiskScore: 'session_cumulative_risk_score',
+    SessionInjectionDetected: 'session_injection_detected',
+    SessionMaxCommandInjectionScore: 'session_max_command_injection_score',
+    SessionMaxInjectionScore: 'session_max_injection_score',
+    SessionMaxJailbreakScore: 'session_max_jailbreak_score',
+    SessionMaxPiiScore: 'session_max_pii_score',
+    SessionMaxSecretScore: 'session_max_secret_score',
+    SessionPiiDetected: 'session_pii_detected',
+    SessionPiiTypes: 'session_pii_types',
+    SessionSecretTypes: 'session_secret_types',
+    SessionSecretsDetected: 'session_secrets_detected',
+    SessionThreatTurns: 'session_threat_turns',
     SexualScore: 'sexual_score',
     SqlInjectionDetected: 'sql_injection_detected',
     SqlInjectionScore: 'sql_injection_score',

package/dist/guardrails-defaults.gen.d.ts

@@ -2,7 +2,7 @@
  * Guardrails policy category identifiers.
  * Maps to UI tab names in Studio.
  */
-export type GuardrailsCategory = 'security' | 'privacy' | 'trust_safety' | 'agentic_security' | 'organization';
+export type GuardrailsCategory = 'security' | 'privacy' | 'trust_safety' | 'agentic_security' | 'agent_identity' | 'organization';
 /**
  * Category metadata for UI display.
  */