@highflame/policy 2.1.41 → 2.1.42

package/dist/service-schemas.gen.js

@@ -90,6 +90,9 @@ action call_tool appliesTo {
   principal: [User, MCP_Client],
   resource: [Tool],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     // --- Content ---
     content: String,                  // Raw content being scanned
 
@@ -196,6 +199,9 @@ action connect_server appliesTo {
   principal: [User, MCP_Client],
   resource: [Server],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     content?: String,                 // Server config content (if available)
     mcp_server?: String,
 
@@ -265,6 +271,9 @@ action process_prompt appliesTo {
   principal: [User, MCP_Client],
   resource: [LlmPrompt],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     content: String,
     mcp_server?: String,
 
@@ -343,6 +352,9 @@ action read_file appliesTo {
   principal: [User, MCP_Client],
   resource: [FilePath],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     content: String,
     mcp_server?: String,
 
@@ -401,6 +413,9 @@ action write_file appliesTo {
   principal: [User, MCP_Client],
   resource: [FilePath],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     content: String,
     mcp_server?: String,
 
@@ -558,6 +573,9 @@ namespace Guardrails {
 
     /// Context for process_prompt action (user prompts & AI responses)
     type ProcessPromptContext = {
+        // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+        "role"?: String,
+        "privilege_scope"?: Set<String>,
         // Core metadata (required)
         "request_id": String,
         "timestamp": Long,
@@ -697,6 +715,9 @@ namespace Guardrails {
 
     /// Context for call_tool action (agentic tool execution)
     type CallToolContext = {
+        // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+        "role"?: String,
+        "privilege_scope"?: Set<String>,
         // Core metadata (required)
         "request_id": String,
         "timestamp": Long,
@@ -833,6 +854,9 @@ namespace Guardrails {
 
     /// Context for read_file action
     type FileReadContext = {
+        // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+        "role"?: String,
+        "privilege_scope"?: Set<String>,
         // Core metadata (required)
         "request_id": String,
         "timestamp": Long,
@@ -893,6 +917,9 @@ namespace Guardrails {
 
     /// Context for write_file action
     type FileWriteContext = {
+        // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+        "role"?: String,
+        "privilege_scope"?: Set<String>,
         // Core metadata (required)
         "request_id": String,
         "timestamp": Long,
@@ -957,6 +984,9 @@ namespace Guardrails {
 
     /// Context for connect_server action (MCP server connections)
     type ConnectServerContext = {
+        // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+        "role"?: String,
+        "privilege_scope"?: Set<String>,
         // Core metadata (required)
         "request_id": String,
         "timestamp": Long,
@@ -1106,6 +1136,9 @@ action process_prompt appliesTo {
   principal: [User, Agent],
   resource: [LlmPrompt],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     // --- Event & Source ---
     content: String,                  // Raw content being scanned
     source: String,                   // IDE source: "cursor", "claudecode", "github_copilot"
@@ -1184,6 +1217,9 @@ action call_tool appliesTo {
   principal: [User, Agent],
   resource: [Tool, FilePath],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     // --- Event & Source ---
     content: String,                  // Raw content being scanned (e.g., shell command, tool args)
     source: String,                   // IDE source
@@ -1293,6 +1329,9 @@ action connect_server appliesTo {
   principal: [User, Agent],
   resource: [Server],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     content?: String,                 // Server config content (if available)
     source: String,
     event: String,
@@ -1340,6 +1379,9 @@ action read_file appliesTo {
   principal: [User, Agent],
   resource: [FilePath],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     content: String,
     source: String,
     event: String,
@@ -1391,6 +1433,9 @@ action write_file appliesTo {
   principal: [User, Agent],
   resource: [FilePath],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     content: String,
     source: String,
     event: String,
@@ -1697,6 +1742,9 @@ action process_prompt appliesTo {
   principal: [User],
   resource: [ChatSession],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     // --- Core Metadata ---
     content: String,                  // Raw message content being sent
     source: String,                   // Browser extension identifier: "sentry"
@@ -1784,6 +1832,9 @@ action receive_response appliesTo {
   principal: [User],
   resource: [ChatSession],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     // --- Core Metadata ---
     content: String,                  // AI response content
     source: String,
@@ -1850,6 +1901,9 @@ action paste_content appliesTo {
   principal: [User],
   resource: [ChatSession, Document],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     // --- Core Metadata ---
     content: String,                  // Pasted content
     source: String,
@@ -1927,6 +1981,9 @@ action upload_file appliesTo {
   principal: [User],
   resource: [Document, ChatSession],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     // --- Core Metadata ---
     content: String,                  // Extracted file text content (for scanning)
     source: String,
@@ -2018,6 +2075,8 @@ export const AI_GATEWAY_CONTEXT = {
             "name": "call_tool",
             "description": "Call an MCP tool — threat focus: command injection, tool poisoning, rug pull, secrets, PII",
             "context_attributes": [
+                { "key": "role", "type": "string", "required": false, "description": "Caller\'s RBAC role projected from the principal\'s token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim." },
+                { "key": "privilege_scope", "type": "array", "required": false, "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim." },
                 { "key": "content", "type": "string", "required": true, "description": "Raw content being scanned" },
                 { "key": "tool_name", "type": "string", "required": false, "description": "Tool name" },
                 { "key": "mcp_server", "type": "string", "required": false, "description": "MCP server name" },
@@ -2079,6 +2138,8 @@ export const AI_GATEWAY_CONTEXT = {
             "name": "connect_server",
             "description": "Connect to an MCP server — threat focus: supply chain, tool poisoning, config risk",
             "context_attributes": [
+                { "key": "role", "type": "string", "required": false, "description": "Caller\'s RBAC role projected from the principal\'s token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim." },
+                { "key": "privilege_scope", "type": "array", "required": false, "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim." },
                 { "key": "content", "type": "string", "required": false, "description": "Server config content" },
                 { "key": "mcp_server", "type": "string", "required": false, "description": "MCP server name" },
                 { "key": "threat_count", "type": "number", "required": false, "description": "Total threats detected" },
@@ -2119,6 +2180,8 @@ export const AI_GATEWAY_CONTEXT = {
             "name": "process_prompt",
             "description": "Process a prompt (MCP or LLM chat completion) — threat focus: injection, jailbreak, secrets, PII, content safety",
             "context_attributes": [
+                { "key": "role", "type": "string", "required": false, "description": "Caller\'s RBAC role projected from the principal\'s token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim." },
+                { "key": "privilege_scope", "type": "array", "required": false, "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim." },
                 { "key": "content", "type": "string", "required": true, "description": "Raw content being scanned" },
                 { "key": "mcp_server", "type": "string", "required": false, "description": "MCP server name" },
                 { "key": "threat_count", "type": "number", "required": false, "description": "Total threats detected" },
@@ -2164,6 +2227,8 @@ export const AI_GATEWAY_CONTEXT = {
             "name": "read_file",
             "description": "Read an MCP resource — threat focus: secrets exposure, PII exposure",
             "context_attributes": [
+                { "key": "role", "type": "string", "required": false, "description": "Caller\'s RBAC role projected from the principal\'s token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim." },
+                { "key": "privilege_scope", "type": "array", "required": false, "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim." },
                 { "key": "content", "type": "string", "required": true, "description": "Raw content being scanned" },
                 { "key": "mcp_server", "type": "string", "required": false, "description": "MCP server name" },
                 { "key": "threat_count", "type": "number", "required": false, "description": "Total threats detected" },
@@ -2197,6 +2262,8 @@ export const AI_GATEWAY_CONTEXT = {
             "name": "write_file",
             "description": "Write an MCP resource — threat focus: secrets in output, PII in output",
             "context_attributes": [
+                { "key": "role", "type": "string", "required": false, "description": "Caller\'s RBAC role projected from the principal\'s token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim." },
+                { "key": "privilege_scope", "type": "array", "required": false, "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim." },
                 { "key": "content", "type": "string", "required": true, "description": "Raw content being scanned" },
                 { "key": "mcp_server", "type": "string", "required": false, "description": "MCP server name" },
                 { "key": "threat_count", "type": "number", "required": false, "description": "Total threats detected" },
@@ -2240,6 +2307,8 @@ export const GUARDRAILS_CONTEXT = {
             "name": "process_prompt",
             "description": "Analyze user prompts and AI responses for security threats, PII, and content violations",
             "context_attributes": [
+                { "key": "role", "type": "string", "required": false, "description": "Caller\'s RBAC role projected from the principal\'s token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim." },
+                { "key": "privilege_scope", "type": "array", "required": false, "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim." },
                 { "key": "request_id", "type": "string", "required": true, "description": "Unique identifier for this request, useful for audit trails and debugging" },
                 { "key": "timestamp", "type": "number", "required": true, "description": "Unix timestamp in milliseconds when the request was processed" },
                 { "key": "direction", "type": "string", "required": true, "description": "Content flow direction: \'input\' for user prompts, \'output\' for AI responses. Use this to apply different policies to inputs vs outputs (e.g., block PII only in outputs)" },
@@ -2331,6 +2400,8 @@ export const GUARDRAILS_CONTEXT = {
             "name": "call_tool",
             "description": "Execute agentic tool calls, including shell commands, file operations, and MCP tools",
             "context_attributes": [
+                { "key": "role", "type": "string", "required": false, "description": "Caller\'s RBAC role projected from the principal\'s token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim." },
+                { "key": "privilege_scope", "type": "array", "required": false, "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim." },
                 { "key": "request_id", "type": "string", "required": true, "description": "Unique identifier for this request" },
                 { "key": "timestamp", "type": "number", "required": true, "description": "Unix timestamp in milliseconds" },
                 { "key": "tool_name", "type": "string", "required": false, "description": "Name of the tool being called (e.g., \'shell\', \'write_file\', \'http_post\'). Use this to block specific dangerous tools" },
@@ -2418,6 +2489,8 @@ export const GUARDRAILS_CONTEXT = {
             "name": "read_file",
             "description": "Read file operations for analyzing file content before allowing access",
             "context_attributes": [
+                { "key": "role", "type": "string", "required": false, "description": "Caller\'s RBAC role projected from the principal\'s token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim." },
+                { "key": "privilege_scope", "type": "array", "required": false, "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim." },
                 { "key": "request_id", "type": "string", "required": true, "description": "Unique identifier for this request" },
                 { "key": "timestamp", "type": "number", "required": true, "description": "Unix timestamp in milliseconds" },
                 { "key": "path", "type": "string", "required": false, "description": "File path being read. Use for path-based access control policies (e.g., block .env files, system directories, credential directories)" },
@@ -2453,6 +2526,8 @@ export const GUARDRAILS_CONTEXT = {
             "name": "write_file",
             "description": "Write file operations for preventing writes of sensitive content",
             "context_attributes": [
+                { "key": "role", "type": "string", "required": false, "description": "Caller\'s RBAC role projected from the principal\'s token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim." },
+                { "key": "privilege_scope", "type": "array", "required": false, "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim." },
                 { "key": "request_id", "type": "string", "required": true, "description": "Unique identifier for this request" },
                 { "key": "timestamp", "type": "number", "required": true, "description": "Unix timestamp in milliseconds" },
                 { "key": "path", "type": "string", "required": false, "description": "File path being written. Use for path-based blocking policies (e.g., block writes to .env files, credential directories)" },
@@ -2490,6 +2565,8 @@ export const GUARDRAILS_CONTEXT = {
             "name": "connect_server",
             "description": "Connect to an MCP server, used to control which MCP servers are allowed",
             "context_attributes": [
+                { "key": "role", "type": "string", "required": false, "description": "Caller\'s RBAC role projected from the principal\'s token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim." },
+                { "key": "privilege_scope", "type": "array", "required": false, "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim." },
                 { "key": "request_id", "type": "string", "required": true, "description": "Unique identifier for this request" },
                 { "key": "timestamp", "type": "number", "required": true, "description": "Unix timestamp in milliseconds" },
                 { "key": "mcp_server", "type": "string", "required": false, "description": "Name of the MCP server being connected to (e.g., \'github\', \'filesystem\', \'slack\'). Use this to allow or block specific MCP servers" },
@@ -2537,6 +2614,8 @@ export const OVERWATCH_CONTEXT = {
             "name": "process_prompt",
             "description": "User submits a prompt or receives AI response",
             "context_attributes": [
+                { "key": "role", "type": "string", "required": false, "description": "Caller\'s RBAC role projected from the principal\'s token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim." },
+                { "key": "privilege_scope", "type": "array", "required": false, "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim." },
                 { "key": "content", "type": "string", "required": true, "description": "Raw content being scanned (prompt, command, etc.)" },
                 { "key": "source", "type": "string", "required": true, "description": "IDE source: cursor, claudecode, github_copilot" },
                 { "key": "event", "type": "string", "required": true, "description": "Hook event name (e.g., beforeSubmitPrompt, UserPromptSubmit)" },
@@ -2591,6 +2670,8 @@ export const OVERWATCH_CONTEXT = {
             "name": "call_tool",
             "description": "User calls a tool (native IDE tool or MCP tool)",
             "context_attributes": [
+                { "key": "role", "type": "string", "required": false, "description": "Caller\'s RBAC role projected from the principal\'s token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim." },
+                { "key": "privilege_scope", "type": "array", "required": false, "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim." },
                 { "key": "content", "type": "string", "required": true, "description": "Raw content being scanned (e.g., shell command, tool arguments)" },
                 { "key": "source", "type": "string", "required": true, "description": "IDE source: cursor, claudecode, github_copilot" },
                 { "key": "event", "type": "string", "required": true, "description": "Hook event name (e.g., beforeShellExecution, PreToolUse)" },
@@ -2664,6 +2745,8 @@ export const OVERWATCH_CONTEXT = {
             "name": "connect_server",
             "description": "Connect to an MCP server",
             "context_attributes": [
+                { "key": "role", "type": "string", "required": false, "description": "Caller\'s RBAC role projected from the principal\'s token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim." },
+                { "key": "privilege_scope", "type": "array", "required": false, "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim." },
                 { "key": "content", "type": "string", "required": false, "description": "Server configuration content (if available)" },
                 { "key": "source", "type": "string", "required": true, "description": "IDE source: cursor, claudecode, github_copilot" },
                 { "key": "event", "type": "string", "required": true, "description": "Hook event name" },
@@ -2701,6 +2784,8 @@ export const OVERWATCH_CONTEXT = {
             "name": "read_file",
             "description": "Read a file from disk",
             "context_attributes": [
+                { "key": "role", "type": "string", "required": false, "description": "Caller\'s RBAC role projected from the principal\'s token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim." },
+                { "key": "privilege_scope", "type": "array", "required": false, "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim." },
                 { "key": "content", "type": "string", "required": true, "description": "File content or operation details" },
                 { "key": "source", "type": "string", "required": true, "description": "IDE source: cursor, claudecode, github_copilot" },
                 { "key": "event", "type": "string", "required": true, "description": "Hook event name (e.g., beforeReadFile)" },
@@ -2738,6 +2823,8 @@ export const OVERWATCH_CONTEXT = {
             "name": "write_file",
             "description": "Write a file to disk",
             "context_attributes": [
+                { "key": "role", "type": "string", "required": false, "description": "Caller\'s RBAC role projected from the principal\'s token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim." },
+                { "key": "privilege_scope", "type": "array", "required": false, "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim." },
                 { "key": "content", "type": "string", "required": true, "description": "File content being written" },
                 { "key": "source", "type": "string", "required": true, "description": "IDE source: cursor, claudecode, github_copilot" },
                 { "key": "event", "type": "string", "required": true, "description": "Hook event name" },
@@ -2884,6 +2971,8 @@ export const SENTRY_CONTEXT = {
             "name": "process_prompt",
             "description": "User sends a message (prompt) to an AI chat service via the browser",
             "context_attributes": [
+                { "key": "role", "type": "string", "required": false, "description": "Caller\'s RBAC role projected from the principal\'s token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim." },
+                { "key": "privilege_scope", "type": "array", "required": false, "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim." },
                 { "key": "content", "type": "string", "required": true, "description": "Raw message content being sent to the AI service" },
                 { "key": "source", "type": "string", "required": true, "description": "Browser extension identifier (always \'sentry\')" },
                 { "key": "event", "type": "string", "required": true, "description": "Event type (always \'process_prompt\')" },
@@ -2943,6 +3032,8 @@ export const SENTRY_CONTEXT = {
             "name": "receive_response",
             "description": "AI service responds to the user — scan response content for harmful output",
             "context_attributes": [
+                { "key": "role", "type": "string", "required": false, "description": "Caller\'s RBAC role projected from the principal\'s token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim." },
+                { "key": "privilege_scope", "type": "array", "required": false, "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim." },
                 { "key": "content", "type": "string", "required": true, "description": "AI response content" },
                 { "key": "source", "type": "string", "required": true, "description": "Browser extension identifier" },
                 { "key": "event", "type": "string", "required": true, "description": "Event type (always \'receive_response\')" },
@@ -2987,6 +3078,8 @@ export const SENTRY_CONTEXT = {
             "name": "paste_content",
             "description": "User pastes content into an AI chat (clipboard, cross-tab, cross-app)",
             "context_attributes": [
+                { "key": "role", "type": "string", "required": false, "description": "Caller\'s RBAC role projected from the principal\'s token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim." },
+                { "key": "privilege_scope", "type": "array", "required": false, "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim." },
                 { "key": "content", "type": "string", "required": true, "description": "Pasted content" },
                 { "key": "source", "type": "string", "required": true, "description": "Browser extension identifier" },
                 { "key": "event", "type": "string", "required": true, "description": "Event type (always \'paste_content\')" },
@@ -3040,6 +3133,8 @@ export const SENTRY_CONTEXT = {
             "name": "upload_file",
             "description": "User uploads a file or document into an AI chat service",
             "context_attributes": [
+                { "key": "role", "type": "string", "required": false, "description": "Caller\'s RBAC role projected from the principal\'s token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim." },
+                { "key": "privilege_scope", "type": "array", "required": false, "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim." },
                 { "key": "content", "type": "string", "required": true, "description": "Extracted file text content (for scanning)" },
                 { "key": "source", "type": "string", "required": true, "description": "Browser extension identifier" },
                 { "key": "event", "type": "string", "required": true, "description": "Event type (always \'upload_file\')" },

package/dist/types.d.ts

@@ -4,6 +4,7 @@ export * from './context.gen.js';
 export * from './schema.gen.js';
 export * from './decision-effects.gen.js';
 export * from './aarm-annotations.gen.js';
+export * from './aarm-annotation.js';
 export * from './builder.js';
 export * from './errors.js';
 export * from './annotations.js';

package/dist/types.js

@@ -15,6 +15,9 @@ export * from './decision-effects.gen.js';
 // AARM-aware annotation registry (browser-safe — Studio uses this
 // for Monaco autocomplete + lint of @step_up_required / @defer_* keys).
 export * from './aarm-annotations.gen.js';
+// AARM annotation parser/validator (browser-safe — typed parse + fail-closed
+// validation; Studio lints with the exact rules Shield runs at sync time).
+export * from './aarm-annotation.js';
 // PolicyBuilder - works in browser (no WASM dependency)
 export * from './builder.js';
 // Error types - works in browser (no WASM dependency)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@highflame/policy",
-  "version": "2.1.41",
+  "version": "2.1.42",
   "engines": {
     "node": ">=18"
   },