@highflame/policy 2.1.6 → 2.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/_schemas/guardrails/templates/defaults/agent_identity.cedar +5 -5
  2. package/_schemas/guardrails/templates/defaults/semantic.cedar +10 -7
  3. package/_schemas/guardrails/templates/mcp_tool_permissions.cedar +7 -5
  4. package/_schemas/guardrails/templates/profiles/multi_agent/agent_safety.cedar +6 -6
  5. package/_schemas/guardrails/templates/profiles/multi_agent/agent_trust.cedar +7 -7
  6. package/_schemas/guardrails/templates/templates.json +7 -8
  7. package/dist/engine.d.ts +1 -1
  8. package/dist/engine.js +1 -1
  9. package/dist/guardrails-defaults.gen.js +40 -40
  10. package/package.json +1 -1
package/_schemas/guardrails/templates/defaults/agent_identity.cedar CHANGED
@@ -45,7 +45,7 @@ forbid (
45
45
  action == Guardrails::Action::"call_tool",
46
46
  resource
47
47
  ) when {
48
- context.agent_trust_level == "unverified" &&
48
+ context has agent_trust_level && context.agent_trust_level == "unverified" &&
49
49
  context has tool_category && context.tool_category == "dangerous"
50
50
  };
51
51
 
@@ -59,7 +59,7 @@ forbid (
59
59
  action == Guardrails::Action::"call_tool",
60
60
  resource
61
61
  ) when {
62
- context.agent_trust_level == "unverified" &&
62
+ context has agent_trust_level && context.agent_trust_level == "unverified" &&
63
63
  context has tool_name &&
64
64
  (context.tool_name == "shell" ||
65
65
  context.tool_name == "execute_command" ||
@@ -76,7 +76,7 @@ forbid (
76
76
  action == Guardrails::Action::"call_tool",
77
77
  resource
78
78
  ) when {
79
- context.agent_trust_level == "unverified" &&
79
+ context has agent_trust_level && context.agent_trust_level == "unverified" &&
80
80
  context has tool_is_sensitive && context.tool_is_sensitive == true &&
81
81
  context has tool_risk_score && context.tool_risk_score > 60
82
82
  };
@@ -95,7 +95,7 @@ forbid (
95
95
  action == Guardrails::Action::"process_prompt",
96
96
  resource
97
97
  ) when {
98
- context.agent_type == "autonomous" &&
98
+ context has agent_type && context.agent_type == "autonomous" &&
99
99
  context has injection_confidence && context.injection_confidence > 50
100
100
  };
101
101
 
@@ -113,6 +113,6 @@ forbid (
113
113
  action == Guardrails::Action::"call_tool",
114
114
  resource
115
115
  ) when {
116
- context.agent_trust_level == "unverified" &&
116
+ context has agent_trust_level && context.agent_trust_level == "unverified" &&
117
117
  context has session_threat_turns && context.session_threat_turns > 0
118
118
  };
package/_schemas/guardrails/templates/defaults/semantic.cedar CHANGED
@@ -22,9 +22,10 @@ forbid (
22
22
  action == Guardrails::Action::"process_prompt",
23
23
  resource
24
24
  ) when {
25
- context.content_topics.contains("weapons_manufacturing") ||
26
- context.content_topics.contains("explosive_materials") ||
27
- context.content_topics.contains("illegal_synthesis")
25
+ context has content_topics &&
26
+ (context.content_topics.contains("weapons_manufacturing") ||
27
+ context.content_topics.contains("explosive_materials") ||
28
+ context.content_topics.contains("illegal_synthesis"))
28
29
  };
29
30
 
30
31
  @id("semantic-block-controlled-substances")
@@ -37,9 +38,10 @@ forbid (
37
38
  action == Guardrails::Action::"process_prompt",
38
39
  resource
39
40
  ) when {
40
- context.content_topics.contains("controlled_substances") ||
41
- context.content_topics.contains("drug_manufacturing") ||
42
- context.content_topics.contains("precursor_chemicals")
41
+ context has content_topics &&
42
+ (context.content_topics.contains("controlled_substances") ||
43
+ context.content_topics.contains("drug_manufacturing") ||
44
+ context.content_topics.contains("precursor_chemicals"))
43
45
  };
44
46
 
45
47
  @id("semantic-block-high-confidence-restricted")
@@ -52,7 +54,8 @@ forbid (
52
54
  action == Guardrails::Action::"process_prompt",
53
55
  resource
54
56
  ) when {
55
- context.topic_confidence > 80 &&
57
+ context has topic_confidence && context.topic_confidence > 80 &&
58
+ context has content_topics &&
56
59
  (context.content_topics.contains("illegal_activity") ||
57
60
  context.content_topics.contains("financial_fraud") ||
58
61
  context.content_topics.contains("social_engineering"))
package/_schemas/guardrails/templates/mcp_tool_permissions.cedar CHANGED
@@ -28,7 +28,8 @@ permit (
28
28
  action == Guardrails::Action::"call_tool",
29
29
  resource
30
30
  ) when {
31
- context.mcp_server == "github" &&
31
+ context has mcp_server && context.mcp_server == "github" &&
32
+ context has tool_name &&
32
33
  (context.tool_name == "read_issues" ||
33
34
  context.tool_name == "get_issue" ||
34
35
  context.tool_name == "list_repos" ||
@@ -47,7 +48,7 @@ forbid (
47
48
  action == Guardrails::Action::"call_tool",
48
49
  resource
49
50
  ) when {
50
- context.mcp_server == "github"
51
+ context has mcp_server && context.mcp_server == "github"
51
52
  };
52
53
 
53
54
  // -- Organization-wide MCP server exclusions --------------------------------
@@ -64,8 +65,9 @@ forbid (
64
65
  ) when {
65
66
  // Add server names to block across the organization.
66
67
  // Modify this list to match your exclusion requirements.
67
- context.mcp_server == "untrusted-server" ||
68
- context.mcp_server == "deprecated-server"
68
+ context has mcp_server &&
69
+ (context.mcp_server == "untrusted-server" ||
70
+ context.mcp_server == "deprecated-server")
69
71
  };
70
72
 
71
73
  // -- Block unverified MCP servers -------------------------------------------
@@ -80,5 +82,5 @@ forbid (
80
82
  action == Guardrails::Action::"call_tool",
81
83
  resource
82
84
  ) when {
83
- context.mcp_server_verified == false
85
+ context has mcp_server_verified && context.mcp_server_verified == false
84
86
  };
package/_schemas/guardrails/templates/profiles/multi_agent/agent_safety.cedar CHANGED
@@ -43,7 +43,7 @@ forbid (
43
43
  action == Guardrails::Action::"call_tool",
44
44
  resource
45
45
  ) when {
46
- context.agent_trust_level != "first_party" &&
46
+ context has agent_trust_level && context.agent_trust_level != "first_party" &&
47
47
  context has session_pii_detected && context.session_pii_detected == true &&
48
48
  context has tool_name &&
49
49
  (context.tool_name == "http_post" ||
@@ -62,7 +62,7 @@ forbid (
62
62
  action == Guardrails::Action::"write_file",
63
63
  resource
64
64
  ) when {
65
- context.agent_trust_level == "unverified" &&
65
+ context has agent_trust_level && context.agent_trust_level == "unverified" &&
66
66
  context has session_pii_detected && context.session_pii_detected == true
67
67
  };
68
68
 
@@ -80,7 +80,7 @@ forbid (
80
80
  action == Guardrails::Action::"call_tool",
81
81
  resource
82
82
  ) when {
83
- context.agent_trust_level != "first_party" &&
83
+ context has agent_trust_level && context.agent_trust_level != "first_party" &&
84
84
  context has session_secrets_detected && context.session_secrets_detected == true &&
85
85
  context has tool_is_sensitive && context.tool_is_sensitive == true
86
86
  };
@@ -99,7 +99,7 @@ forbid (
99
99
  action == Guardrails::Action::"call_tool",
100
100
  resource
101
101
  ) when {
102
- context.agent_trust_level == "unverified" &&
102
+ context has agent_trust_level && context.agent_trust_level == "unverified" &&
103
103
  context has session_injection_detected && context.session_injection_detected == true
104
104
  };
105
105
 
@@ -134,7 +134,7 @@ forbid (
134
134
  action == Guardrails::Action::"call_tool",
135
135
  resource
136
136
  ) when {
137
- context.agent_trust_level != "first_party" &&
137
+ context has agent_trust_level && context.agent_trust_level != "first_party" &&
138
138
  context has session_cumulative_risk_score && context.session_cumulative_risk_score > 200 &&
139
139
  context has tool_is_sensitive && context.tool_is_sensitive == true
140
140
  };
@@ -149,7 +149,7 @@ forbid (
149
149
  action == Guardrails::Action::"call_tool",
150
150
  resource
151
151
  ) when {
152
- context.agent_trust_level == "unverified" &&
152
+ context has agent_trust_level && context.agent_trust_level == "unverified" &&
153
153
  (
154
154
  (context has session_cumulative_risk_score && context.session_cumulative_risk_score > 500) ||
155
155
  (context has session_threat_turns && context.session_threat_turns > 5)
package/_schemas/guardrails/templates/profiles/multi_agent/agent_trust.cedar CHANGED
@@ -44,7 +44,7 @@ forbid (
44
44
  action == Guardrails::Action::"call_tool",
45
45
  resource
46
46
  ) when {
47
- context.agent_trust_level != "first_party" &&
47
+ context has agent_trust_level && context.agent_trust_level != "first_party" &&
48
48
  context has tool_category && context.tool_category == "dangerous"
49
49
  };
50
50
 
@@ -58,7 +58,7 @@ forbid (
58
58
  action == Guardrails::Action::"call_tool",
59
59
  resource
60
60
  ) when {
61
- context.agent_trust_level == "unverified" &&
61
+ context has agent_trust_level && context.agent_trust_level == "unverified" &&
62
62
  context has tool_is_sensitive && context.tool_is_sensitive == true
63
63
  };
64
64
 
@@ -72,7 +72,7 @@ forbid (
72
72
  action == Guardrails::Action::"call_tool",
73
73
  resource
74
74
  ) when {
75
- context.agent_trust_level == "unverified" &&
75
+ context has agent_trust_level && context.agent_trust_level == "unverified" &&
76
76
  context has mcp_server_verified && context.mcp_server_verified == false
77
77
  };
78
78
 
@@ -90,7 +90,7 @@ forbid (
90
90
  action == Guardrails::Action::"call_tool",
91
91
  resource
92
92
  ) when {
93
- context.agent_type == "autonomous" &&
93
+ context has agent_type && context.agent_type == "autonomous" &&
94
94
  context has tool_risk_score && context.tool_risk_score > 70
95
95
  };
96
96
 
@@ -104,7 +104,7 @@ forbid (
104
104
  action == Guardrails::Action::"process_prompt",
105
105
  resource
106
106
  ) when {
107
- context.agent_type == "autonomous" &&
107
+ context has agent_type && context.agent_type == "autonomous" &&
108
108
  context has injection_confidence && context.injection_confidence > 50
109
109
  };
110
110
 
@@ -118,7 +118,7 @@ forbid (
118
118
  action == Guardrails::Action::"process_prompt",
119
119
  resource
120
120
  ) when {
121
- context.agent_type == "autonomous" &&
121
+ context has agent_type && context.agent_type == "autonomous" &&
122
122
  context has jailbreak_confidence && context.jailbreak_confidence > 50
123
123
  };
124
124
 
@@ -136,5 +136,5 @@ forbid (
136
136
  action == Guardrails::Action::"connect_server",
137
137
  resource
138
138
  ) when {
139
- context.agent_trust_level == "unverified"
139
+ context has agent_trust_level && context.agent_trust_level == "unverified"
140
140
  };
package/_schemas/guardrails/templates/templates.json CHANGED
@@ -114,19 +114,18 @@
114
114
  "severity": "critical",
115
115
  "tags": ["command-injection", "path-traversal", "sql-injection", "security"],
116
116
  "is_active": true
117
- },
117
+ }
118
+ ],
119
+ "templates": [
118
120
  {
119
- "id": "agent-identity-default",
121
+ "id": "agent-identity-trust",
120
122
  "name": "Agent Identity & Trust",
121
123
  "description": "Trust-based access control for AI agents: block unverified agents from dangerous/sensitive tools, apply stricter thresholds for autonomous agents, restrict unverified agents after session threats",
122
124
  "category": "agent_identity",
123
125
  "file": "defaults/agent_identity.cedar",
124
126
  "severity": "critical",
125
- "tags": ["agent-identity", "trust", "a2a", "autonomous", "cross-turn"],
126
- "is_active": true
127
- }
128
- ],
129
- "templates": [
127
+ "tags": ["agent-identity", "trust", "a2a", "autonomous", "cross-turn"]
128
+ },
130
129
  {
131
130
  "id": "mcp-tool-permissions",
132
131
  "name": "MCP Tool Permissions",
@@ -258,7 +257,7 @@
258
257
  "description": "Production-grade A2A guardrails for multi-agent systems — tiered trust access control, autonomous agent safeguards, cross-turn PII/secrets containment, injection escalation response, cumulative risk circuit breakers",
259
258
  "severity": "critical",
260
259
  "tags": ["multi-agent", "a2a", "trust", "cross-turn", "circuit-breaker"],
261
- "template_ids": ["multi-agent-trust", "multi-agent-safety"]
260
+ "template_ids": ["agent-identity-trust", "multi-agent-trust", "multi-agent-safety"]
262
261
  }
263
262
  ]
264
263
  }
package/dist/engine.d.ts CHANGED
@@ -10,7 +10,7 @@ import { ActionType } from "./actions.gen.js";
10
10
  */
11
11
  export declare const DEFAULT_LIMITS: {
12
12
  /** Maximum number of keys in a context map */
13
- readonly maxContextKeys: 100;
13
+ readonly maxContextKeys: 200;
14
14
  /** Maximum length of any string value (1MB) */
15
15
  readonly maxStringLength: 1000000;
16
16
  /** Maximum nesting depth for objects/arrays */
package/dist/engine.js CHANGED
@@ -13,7 +13,7 @@ import * as cedar from "@cedar-policy/cedar-wasm/nodejs";
13
13
  */
14
14
  export const DEFAULT_LIMITS = {
15
15
  /** Maximum number of keys in a context map */
16
- maxContextKeys: 100,
16
+ maxContextKeys: 200,
17
17
  /** Maximum length of any string value (1MB) */
18
18
  maxStringLength: 1_000_000,
19
19
  /** Maximum nesting depth for objects/arrays */
package/dist/guardrails-defaults.gen.js CHANGED
@@ -529,7 +529,7 @@ forbid (
529
529
  context has sql_injection_score && context.sql_injection_score >= 75
530
530
  };
531
531
  `;
532
- const GUARDRAILS_AGENT_IDENTITY_DEFAULT_CEDAR = `// =============================================================================
532
+ const GUARDRAILS_AGENT_IDENTITY_TRUST_CEDAR = `// =============================================================================
533
533
  // Agent Identity Policy — Agent-to-Agent Security Defaults
534
534
  // =============================================================================
535
535
  // Enforces trust-based access control for AI agents authenticated via API key
@@ -576,7 +576,7 @@ forbid (
576
576
  action == Guardrails::Action::"call_tool",
577
577
  resource
578
578
  ) when {
579
- context.agent_trust_level == "unverified" &&
579
+ context has agent_trust_level && context.agent_trust_level == "unverified" &&
580
580
  context has tool_category && context.tool_category == "dangerous"
581
581
  };
582
582
 
@@ -590,7 +590,7 @@ forbid (
590
590
  action == Guardrails::Action::"call_tool",
591
591
  resource
592
592
  ) when {
593
- context.agent_trust_level == "unverified" &&
593
+ context has agent_trust_level && context.agent_trust_level == "unverified" &&
594
594
  context has tool_name &&
595
595
  (context.tool_name == "shell" ||
596
596
  context.tool_name == "execute_command" ||
@@ -607,7 +607,7 @@ forbid (
607
607
  action == Guardrails::Action::"call_tool",
608
608
  resource
609
609
  ) when {
610
- context.agent_trust_level == "unverified" &&
610
+ context has agent_trust_level && context.agent_trust_level == "unverified" &&
611
611
  context has tool_is_sensitive && context.tool_is_sensitive == true &&
612
612
  context has tool_risk_score && context.tool_risk_score > 60
613
613
  };
@@ -626,7 +626,7 @@ forbid (
626
626
  action == Guardrails::Action::"process_prompt",
627
627
  resource
628
628
  ) when {
629
- context.agent_type == "autonomous" &&
629
+ context has agent_type && context.agent_type == "autonomous" &&
630
630
  context has injection_confidence && context.injection_confidence > 50
631
631
  };
632
632
 
@@ -644,7 +644,7 @@ forbid (
644
644
  action == Guardrails::Action::"call_tool",
645
645
  resource
646
646
  ) when {
647
- context.agent_trust_level == "unverified" &&
647
+ context has agent_trust_level && context.agent_trust_level == "unverified" &&
648
648
  context has session_threat_turns && context.session_threat_turns > 0
649
649
  };
650
650
  `;
@@ -678,7 +678,8 @@ permit (
678
678
  action == Guardrails::Action::"call_tool",
679
679
  resource
680
680
  ) when {
681
- context.mcp_server == "github" &&
681
+ context has mcp_server && context.mcp_server == "github" &&
682
+ context has tool_name &&
682
683
  (context.tool_name == "read_issues" ||
683
684
  context.tool_name == "get_issue" ||
684
685
  context.tool_name == "list_repos" ||
@@ -697,7 +698,7 @@ forbid (
697
698
  action == Guardrails::Action::"call_tool",
698
699
  resource
699
700
  ) when {
700
- context.mcp_server == "github"
701
+ context has mcp_server && context.mcp_server == "github"
701
702
  };
702
703
 
703
704
  // -- Organization-wide MCP server exclusions --------------------------------
@@ -714,8 +715,9 @@ forbid (
714
715
  ) when {
715
716
  // Add server names to block across the organization.
716
717
  // Modify this list to match your exclusion requirements.
717
- context.mcp_server == "untrusted-server" ||
718
- context.mcp_server == "deprecated-server"
718
+ context has mcp_server &&
719
+ (context.mcp_server == "untrusted-server" ||
720
+ context.mcp_server == "deprecated-server")
719
721
  };
720
722
 
721
723
  // -- Block unverified MCP servers -------------------------------------------
@@ -730,7 +732,7 @@ forbid (
730
732
  action == Guardrails::Action::"call_tool",
731
733
  resource
732
734
  ) when {
733
- context.mcp_server_verified == false
735
+ context has mcp_server_verified && context.mcp_server_verified == false
734
736
  };
735
737
  `;
736
738
  const GUARDRAILS_CHAT_ASSISTANT_SECURITY_CEDAR = `// =============================================================================
@@ -1145,7 +1147,7 @@ forbid (
1145
1147
  action == Guardrails::Action::"call_tool",
1146
1148
  resource
1147
1149
  ) when {
1148
- context.agent_trust_level != "first_party" &&
1150
+ context has agent_trust_level && context.agent_trust_level != "first_party" &&
1149
1151
  context has tool_category && context.tool_category == "dangerous"
1150
1152
  };
1151
1153
 
@@ -1159,7 +1161,7 @@ forbid (
1159
1161
  action == Guardrails::Action::"call_tool",
1160
1162
  resource
1161
1163
  ) when {
1162
- context.agent_trust_level == "unverified" &&
1164
+ context has agent_trust_level && context.agent_trust_level == "unverified" &&
1163
1165
  context has tool_is_sensitive && context.tool_is_sensitive == true
1164
1166
  };
1165
1167
 
@@ -1173,7 +1175,7 @@ forbid (
1173
1175
  action == Guardrails::Action::"call_tool",
1174
1176
  resource
1175
1177
  ) when {
1176
- context.agent_trust_level == "unverified" &&
1178
+ context has agent_trust_level && context.agent_trust_level == "unverified" &&
1177
1179
  context has mcp_server_verified && context.mcp_server_verified == false
1178
1180
  };
1179
1181
 
@@ -1191,7 +1193,7 @@ forbid (
1191
1193
  action == Guardrails::Action::"call_tool",
1192
1194
  resource
1193
1195
  ) when {
1194
- context.agent_type == "autonomous" &&
1196
+ context has agent_type && context.agent_type == "autonomous" &&
1195
1197
  context has tool_risk_score && context.tool_risk_score > 70
1196
1198
  };
1197
1199
 
@@ -1205,7 +1207,7 @@ forbid (
1205
1207
  action == Guardrails::Action::"process_prompt",
1206
1208
  resource
1207
1209
  ) when {
1208
- context.agent_type == "autonomous" &&
1210
+ context has agent_type && context.agent_type == "autonomous" &&
1209
1211
  context has injection_confidence && context.injection_confidence > 50
1210
1212
  };
1211
1213
 
@@ -1219,7 +1221,7 @@ forbid (
1219
1221
  action == Guardrails::Action::"process_prompt",
1220
1222
  resource
1221
1223
  ) when {
1222
- context.agent_type == "autonomous" &&
1224
+ context has agent_type && context.agent_type == "autonomous" &&
1223
1225
  context has jailbreak_confidence && context.jailbreak_confidence > 50
1224
1226
  };
1225
1227
 
@@ -1237,7 +1239,7 @@ forbid (
1237
1239
  action == Guardrails::Action::"connect_server",
1238
1240
  resource
1239
1241
  ) when {
1240
- context.agent_trust_level == "unverified"
1242
+ context has agent_trust_level && context.agent_trust_level == "unverified"
1241
1243
  };
1242
1244
  `;
1243
1245
  const GUARDRAILS_MULTI_AGENT_SAFETY_CEDAR = `// =============================================================================
@@ -1285,7 +1287,7 @@ forbid (
1285
1287
  action == Guardrails::Action::"call_tool",
1286
1288
  resource
1287
1289
  ) when {
1288
- context.agent_trust_level != "first_party" &&
1290
+ context has agent_trust_level && context.agent_trust_level != "first_party" &&
1289
1291
  context has session_pii_detected && context.session_pii_detected == true &&
1290
1292
  context has tool_name &&
1291
1293
  (context.tool_name == "http_post" ||
@@ -1304,7 +1306,7 @@ forbid (
1304
1306
  action == Guardrails::Action::"write_file",
1305
1307
  resource
1306
1308
  ) when {
1307
- context.agent_trust_level == "unverified" &&
1309
+ context has agent_trust_level && context.agent_trust_level == "unverified" &&
1308
1310
  context has session_pii_detected && context.session_pii_detected == true
1309
1311
  };
1310
1312
 
@@ -1322,7 +1324,7 @@ forbid (
1322
1324
  action == Guardrails::Action::"call_tool",
1323
1325
  resource
1324
1326
  ) when {
1325
- context.agent_trust_level != "first_party" &&
1327
+ context has agent_trust_level && context.agent_trust_level != "first_party" &&
1326
1328
  context has session_secrets_detected && context.session_secrets_detected == true &&
1327
1329
  context has tool_is_sensitive && context.tool_is_sensitive == true
1328
1330
  };
@@ -1341,7 +1343,7 @@ forbid (
1341
1343
  action == Guardrails::Action::"call_tool",
1342
1344
  resource
1343
1345
  ) when {
1344
- context.agent_trust_level == "unverified" &&
1346
+ context has agent_trust_level && context.agent_trust_level == "unverified" &&
1345
1347
  context has session_injection_detected && context.session_injection_detected == true
1346
1348
  };
1347
1349
 
@@ -1376,7 +1378,7 @@ forbid (
1376
1378
  action == Guardrails::Action::"call_tool",
1377
1379
  resource
1378
1380
  ) when {
1379
- context.agent_trust_level != "first_party" &&
1381
+ context has agent_trust_level && context.agent_trust_level != "first_party" &&
1380
1382
  context has session_cumulative_risk_score && context.session_cumulative_risk_score > 200 &&
1381
1383
  context has tool_is_sensitive && context.tool_is_sensitive == true
1382
1384
  };
@@ -1391,7 +1393,7 @@ forbid (
1391
1393
  action == Guardrails::Action::"call_tool",
1392
1394
  resource
1393
1395
  ) when {
1394
- context.agent_trust_level == "unverified" &&
1396
+ context has agent_trust_level && context.agent_trust_level == "unverified" &&
1395
1397
  (
1396
1398
  (context has session_cumulative_risk_score && context.session_cumulative_risk_score > 500) ||
1397
1399
  (context has session_threat_turns && context.session_threat_turns > 5)
@@ -1493,21 +1495,20 @@ export const GUARDRAILS_DEFAULTS = [
1493
1495
  tags: ['command-injection', 'path-traversal', 'sql-injection', 'security'],
1494
1496
  isActive: true,
1495
1497
  },
1498
+ ];
1499
+ // =============================================================================
1500
+ // ALL TEMPLATES
1501
+ // =============================================================================
1502
+ export const GUARDRAILS_TEMPLATES = [
1496
1503
  {
1497
- id: 'agent-identity-default',
1504
+ id: 'agent-identity-trust',
1498
1505
  name: 'Agent Identity & Trust',
1499
1506
  description: 'Trust-based access control for AI agents: block unverified agents from dangerous/sensitive tools, apply stricter thresholds for autonomous agents, restrict unverified agents after session threats',
1500
1507
  category: 'agent_identity',
1501
- cedarText: GUARDRAILS_AGENT_IDENTITY_DEFAULT_CEDAR,
1508
+ cedarText: GUARDRAILS_AGENT_IDENTITY_TRUST_CEDAR,
1502
1509
  severity: 'critical',
1503
1510
  tags: ['agent-identity', 'trust', 'a2a', 'autonomous', 'cross-turn'],
1504
- isActive: true,
1505
1511
  },
1506
- ];
1507
- // =============================================================================
1508
- // ALL TEMPLATES
1509
- // =============================================================================
1510
- export const GUARDRAILS_TEMPLATES = [
1511
1512
  {
1512
1513
  id: 'mcp-tool-permissions',
1513
1514
  name: 'MCP Tool Permissions',
@@ -1728,19 +1729,18 @@ export const GUARDRAILS_TEMPLATES_JSON = `{
1728
1729
  "severity": "critical",
1729
1730
  "tags": ["command-injection", "path-traversal", "sql-injection", "security"],
1730
1731
  "is_active": true
1731
- },
1732
+ }
1733
+ ],
1734
+ "templates": [
1732
1735
  {
1733
- "id": "agent-identity-default",
1736
+ "id": "agent-identity-trust",
1734
1737
  "name": "Agent Identity & Trust",
1735
1738
  "description": "Trust-based access control for AI agents: block unverified agents from dangerous/sensitive tools, apply stricter thresholds for autonomous agents, restrict unverified agents after session threats",
1736
1739
  "category": "agent_identity",
1737
1740
  "file": "defaults/agent_identity.cedar",
1738
1741
  "severity": "critical",
1739
- "tags": ["agent-identity", "trust", "a2a", "autonomous", "cross-turn"],
1740
- "is_active": true
1741
- }
1742
- ],
1743
- "templates": [
1742
+ "tags": ["agent-identity", "trust", "a2a", "autonomous", "cross-turn"]
1743
+ },
1744
1744
  {
1745
1745
  "id": "mcp-tool-permissions",
1746
1746
  "name": "MCP Tool Permissions",
@@ -1872,7 +1872,7 @@ export const GUARDRAILS_TEMPLATES_JSON = `{
1872
1872
  "description": "Production-grade A2A guardrails for multi-agent systems — tiered trust access control, autonomous agent safeguards, cross-turn PII/secrets containment, injection escalation response, cumulative risk circuit breakers",
1873
1873
  "severity": "critical",
1874
1874
  "tags": ["multi-agent", "a2a", "trust", "cross-turn", "circuit-breaker"],
1875
- "template_ids": ["multi-agent-trust", "multi-agent-safety"]
1875
+ "template_ids": ["agent-identity-trust", "multi-agent-trust", "multi-agent-safety"]
1876
1876
  }
1877
1877
  ]
1878
1878
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@highflame/policy",
3
- "version": "2.1.6",
3
+ "version": "2.1.7",
4
4
  "description": "Highflame Cedar policy types and engine wrapper",
5
5
  "readme": "README.md",
6
6
  "main": "dist/index.js",