@sunaiva/gate 1.0.0 → 1.1.2

package/dist/rules/rules.json

@@ -7,6 +7,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: Stripe charges, PayPal payments, checkout URLs, credit card forms, subscription signups, Buy Now buttons, in-app purchases, recurring billing setup",
     "example_blocked": "Agent attempts to subscribe to a $5,000/yr software license on behalf of the user",
     "example_allowed": "Agent presents purchase options with pricing and asks for human approval before proceeding",
     "tags": [
@@ -20,8 +21,7 @@
       "financial-protection",
       "full-suite",
       "minimal"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "fin-002",
@@ -31,6 +31,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: cumulative spend tracking, API cost estimates, cloud billing events, token usage costs, service invoices exceeding budget threshold",
     "example_blocked": "Agent triggers 35 parallel Gemini API workers totalling $800 in one week without billing cap",
     "example_allowed": "Agent estimates API cost before run, confirms it is within budget, then proceeds",
     "tags": [
@@ -43,8 +44,7 @@
       "essential",
       "financial-protection",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "fin-003",
@@ -54,6 +54,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: recurring billing setup, subscription plan changes, free trial conversions, annual plan upgrades, auto-renewal toggles",
     "example_blocked": "Agent upgrades a free Slack plan to Business+ without user confirmation",
     "example_allowed": "Agent presents upgrade options and cost impact, waits for explicit approval before clicking upgrade",
     "tags": [
@@ -64,8 +65,7 @@
     "preset_groups": [
       "financial-protection",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "fin-004",
@@ -75,6 +75,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: wallet addresses, ETH/BTC/USDC transfers, DeFi interactions, NFT purchases, gas fee submissions, seed phrase usage",
     "example_blocked": "Agent sends 0.5 ETH to a contract address during an automated DeFi strategy",
     "example_allowed": "Agent prepares transaction details for human review and requires signed confirmation before any transfer",
     "tags": [
@@ -86,8 +87,7 @@
     "preset_groups": [
       "financial-protection",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "fin-005",
@@ -108,6 +108,7 @@
       "financial-protection",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -129,6 +130,7 @@
       "financial-protection",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -151,6 +153,7 @@
       "full-suite",
       "developer-safety"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -161,6 +164,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: bank routing numbers, SWIFT codes, ACH batch files, wire transfer form submissions, IBAN entries, banking API payment calls",
     "example_blocked": "Agent submits ACH payroll file containing $250,000 in transfers after misreading a payroll spreadsheet",
     "example_allowed": "Agent prepares wire transfer details for human review — no submission occurs without signed approval",
     "tags": [
@@ -172,8 +176,7 @@
       "financial-protection",
       "full-suite",
       "minimal"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "fin-009",
@@ -183,6 +186,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: Google Ads campaign creation, Meta Ads budget changes, TikTok ad launches, LinkedIn ad spend, programmatic bid submissions",
     "example_blocked": "Agent launches a Google Ads campaign with $5,000 daily budget after misinterpreting targeting instructions",
     "example_allowed": "Agent sets up campaign draft, presents estimated spend, and activates only after explicit budget approval",
     "tags": [
@@ -193,8 +197,7 @@
     "preset_groups": [
       "financial-protection",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "fin-010",
@@ -216,6 +219,7 @@
       "full-suite",
       "developer-safety"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -237,6 +241,7 @@
       "financial-protection",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -259,6 +264,7 @@
       "financial-protection",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -269,6 +275,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: API key patterns (sk-ant, AKIA, ghp_, Bearer tokens), password fields in logs, secret environment variables in stdout, credential strings in commit diffs",
     "example_blocked": "Agent logs full Stripe secret key to a public Cloudflare Worker debug endpoint",
     "example_allowed": "Agent references credentials by variable name only, uses secret manager references, never logs actual values",
     "tags": [
@@ -281,8 +288,7 @@
       "developer-safety",
       "full-suite",
       "minimal"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "dat-002",
@@ -292,6 +298,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: names + email combinations, SSNs, passport numbers, date of birth fields, health identifiers, financial account numbers, geolocation data",
     "example_blocked": "Agent scrapes contact page and stores 500 visitor email addresses in a public Google Sheet",
     "example_allowed": "Agent collects only name and email for lead form, stores encrypted in approved database, confirms storage policy before proceeding",
     "tags": [
@@ -303,8 +310,7 @@
     "preset_groups": [
       "essential",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "dat-003",
@@ -326,6 +332,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -336,6 +343,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: API key patterns in git diffs, hardcoded secrets in source files, keys pasted into chat logs, secrets in PR descriptions, env vars echoed to stdout",
     "example_blocked": "Agent commits hardcoded Stripe secret key directly into index.js before pushing to GitHub",
     "example_allowed": "Agent uses environment variable references and secret manager calls, never hardcodes values",
     "tags": [
@@ -348,8 +356,7 @@
       "essential",
       "developer-safety",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "dat-005",
@@ -372,6 +379,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -392,6 +400,7 @@
     "preset_groups": [
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -414,6 +423,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -434,6 +444,7 @@
     "preset_groups": [
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -454,6 +465,7 @@
     "preset_groups": [
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -464,6 +476,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: log file deletion, audit table truncation, log rotation bypasses, timestamp modification in records, access log purging commands",
     "example_blocked": "Agent deletes application error logs to clean up a server before an audit, removing evidence of prior failures",
     "example_allowed": "Agent archives old logs to cold storage, preserving integrity, with human approval before any archival",
     "tags": [
@@ -474,8 +487,7 @@
     "preset_groups": [
       "developer-safety",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "dat-011",
@@ -495,6 +507,7 @@
     "preset_groups": [
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -515,6 +528,7 @@
     "preset_groups": [
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -525,6 +539,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: git push to main/master, Netlify production deploys, Docker production image pushes, Kubernetes production namespace changes, AWS production stack updates",
     "example_blocked": "Agent auto-deploys a breaking change to production at 2am after a failed test suite",
     "example_allowed": "Agent builds, tests, and stages the release, then presents for human approval before any production promotion",
     "tags": [
@@ -537,8 +552,7 @@
       "developer-safety",
       "full-suite",
       "minimal"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "gov-002",
@@ -548,6 +562,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: rm -rf commands, DROP TABLE statements, git reset --hard, git clean -fd, file overwrite without backup, S3 bucket deletion, database truncation",
     "example_blocked": "Agent runs git clean -fd to tidy the repo and deletes 3 years of research reports stored in untracked files",
     "example_allowed": "Agent lists files to be deleted in a dry-run, presents list for approval, only executes after explicit confirmation",
     "tags": [
@@ -561,8 +576,7 @@
       "developer-safety",
       "full-suite",
       "minimal"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "gov-003",
@@ -583,6 +597,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -593,6 +608,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: Cloudflare DNS API writes, Route 53 record changes, GoDaddy DNS modifications, CNAME/A/MX record updates via any registrar API",
     "example_blocked": "Agent deletes an MX record while reconfiguring email routing, taking down all inbound email for the domain",
     "example_allowed": "Agent proposes DNS changes with impact analysis, waits for explicit approval, stages changes in preview first",
     "tags": [
@@ -603,8 +619,7 @@
     "preset_groups": [
       "developer-safety",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "gov-005",
@@ -614,6 +629,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: IAM role assignment, OAuth scope escalation, admin privilege grants, GHL team member permission changes, database user privilege modifications",
     "example_blocked": "Agent grants a new team member admin privileges on the production AWS account to simplify onboarding",
     "example_allowed": "Agent proposes minimum-required role for new member, presents for approval, applies principle of least privilege",
     "tags": [
@@ -624,8 +640,7 @@
     "preset_groups": [
       "developer-safety",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "gov-006",
@@ -635,6 +650,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: DELETE /users/{id} API calls, Stripe customer deletion, GHL contact purges, workspace deactivation, account closure form submissions",
     "example_blocked": "Agent deletes a churned customer's account and all associated data, making refund impossible and violating retention policy",
     "example_allowed": "Agent flags account for review, proposes data export and anonymisation, requires two-step human confirmation before any deletion",
     "tags": [
@@ -644,8 +660,7 @@
     ],
     "preset_groups": [
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "gov-007",
@@ -666,6 +681,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -676,6 +692,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: Instantly campaign activation, Mailchimp bulk sends, Klaviyo broadcast triggers, Twilio SMS bulk sends, LinkedIn Sales Navigator connection requests at scale",
     "example_blocked": "Agent activates a cold email campaign to 15,000 contacts without Kinan's go-ahead after preparing the sequence",
     "example_allowed": "Agent prepares campaign, shows preview, estimated reach, and cost — waits for explicit 'ship it' before any send",
     "tags": [
@@ -687,8 +704,7 @@
     "preset_groups": [
       "essential",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "gov-009",
@@ -709,6 +725,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -731,6 +748,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -752,6 +770,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -762,6 +781,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: terraform destroy, AWS CloudFormation stack deletion, GCP project deletion, Kubernetes namespace purges, Elestio service termination",
     "example_blocked": "Agent runs terraform destroy on the production environment while attempting to recreate a staging environment",
     "example_allowed": "Agent confirms backup exists, lists resources to be destroyed, receives explicit confirmation before any teardown command",
     "tags": [
@@ -773,8 +793,7 @@
       "essential",
       "developer-safety",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "qlt-001",
@@ -795,6 +814,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -817,6 +837,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -838,6 +859,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -859,6 +881,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -880,6 +903,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -901,6 +925,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -922,6 +947,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -943,6 +969,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -964,6 +991,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -985,6 +1013,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1006,6 +1035,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1027,6 +1057,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1037,6 +1068,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: SMTP send commands, Gmail API message sends, Postmark/SendGrid single sends, nodemailer send calls with external recipients",
     "example_blocked": "Agent sends a follow-up email to 40 prospects with incorrect pricing information attached",
     "example_allowed": "Agent drafts email, presents for review with recipient list and subject, sends only after explicit approval",
     "tags": [
@@ -1047,8 +1079,7 @@
     "preset_groups": [
       "essential",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "com-002",
@@ -1058,6 +1089,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: Twitter/X API post calls, LinkedIn share submissions, Facebook page post API, Instagram media publishes, TikTok upload completions",
     "example_blocked": "Agent posts a draft meme to the company LinkedIn page without review, causing brand damage",
     "example_allowed": "Agent prepares post with caption, image, and scheduled time — presents for approval before any publication",
     "tags": [
@@ -1068,8 +1100,7 @@
     "preset_groups": [
       "essential",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "com-003",
@@ -1089,6 +1120,7 @@
     "preset_groups": [
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1109,6 +1141,7 @@
     "preset_groups": [
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1119,6 +1152,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: CRM-triggered customer emails, in-app messages sent to user segments, support ticket replies, automated refund communications, contract or invoice emails",
     "example_blocked": "Agent sends a billing dispute response email to a customer with incorrect account details",
     "example_allowed": "Agent drafts response, tags for human review in CRM, sends only after team member approves",
     "tags": [
@@ -1129,8 +1163,7 @@
     "preset_groups": [
       "essential",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "com-006",
@@ -1140,6 +1173,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: PR Newswire distribution API, Business Wire submissions, media contact outreach with embargo dates, investor relations email sends",
     "example_blocked": "Agent distributes a press release with incorrect acquisition details to 500 journalists",
     "example_allowed": "Agent drafts release, routes to legal and executive review, distributes only after sign-off",
     "tags": [
@@ -1149,8 +1183,7 @@
     ],
     "preset_groups": [
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "com-007",
@@ -1160,6 +1193,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: DocuSign envelope sends, HelloSign request submissions, contract PDF emails, NDA generation and distribution, terms acceptance flows",
     "example_blocked": "Agent sends an NDA with incorrect jurisdiction and missing indemnity clauses to a potential partner",
     "example_allowed": "Agent generates contract draft from approved template, routes for legal review, sends via DocuSign only after approval",
     "tags": [
@@ -1169,8 +1203,7 @@
     ],
     "preset_groups": [
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "com-008",
@@ -1190,6 +1223,7 @@
     "preset_groups": [
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1200,6 +1234,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: Instantly.ai campaign activation, Lemlist sequence launch, Apollo.io sequence start, Outreach.io sequence enable, HubSpot sequence activation",
     "example_blocked": "Agent activates a 7-step cold email sequence to 2,000 contacts after completing sequence setup",
     "example_allowed": "Agent presents sequence, sample email, prospect count, and projected metrics, waits for explicit 'launch it' before activation",
     "tags": [
@@ -1210,8 +1245,7 @@
     "preset_groups": [
       "essential",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "com-010",
@@ -1231,6 +1265,7 @@
     "preset_groups": [
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1241,6 +1276,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: emails sent with From: header matching a named human's address by an automated system, chat messages attributed to human staff members, voice calls pretending to be human",
     "example_blocked": "Agent sends cold emails as 'John Smith, CEO' without John's knowledge or a disclosure that the message was AI-assisted",
     "example_allowed": "Agent sends as a named AI assistant, or human reviews and sends from their own account with AI-assisted drafting clearly noted",
     "tags": [
@@ -1250,8 +1286,7 @@
     ],
     "preset_groups": [
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "com-012",
@@ -1271,6 +1306,7 @@
     "preset_groups": [
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1292,6 +1328,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1312,6 +1349,7 @@
     "preset_groups": [
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1332,6 +1370,7 @@
     "preset_groups": [
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1353,6 +1392,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1374,6 +1414,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1395,6 +1436,7 @@
       "essential",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1416,6 +1458,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1437,6 +1480,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1447,6 +1491,7 @@
     "enforcement": "constitutional",
     "gate_type": "post-action",
     "severity": "block",
+    "detection_pattern": "Detects: market size claims without cited research, performance benchmarks not sourced to a test run, conversion rates stated as fact without underlying data",
     "example_blocked": "Agent writes '73% of users prefer AI receptionists' in a sales document without any survey or research backing",
     "example_allowed": "Agent presents actual research data with source citation, or clearly labels projections as 'estimated' or 'modelled'",
     "tags": [
@@ -1456,8 +1501,7 @@
     ],
     "preset_groups": [
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "know-010",
@@ -1477,6 +1521,7 @@
     "preset_groups": [
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1497,6 +1542,7 @@
     "preset_groups": [
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1518,6 +1564,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1540,6 +1587,7 @@
       "resource-protection",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1563,6 +1611,7 @@
       "resource-protection",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1585,6 +1634,7 @@
       "resource-protection",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1607,6 +1657,7 @@
       "resource-protection",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1628,6 +1679,7 @@
       "resource-protection",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1649,6 +1701,7 @@
       "resource-protection",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1671,6 +1724,7 @@
       "resource-protection",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1693,6 +1747,7 @@
       "resource-protection",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1715,6 +1770,7 @@
       "resource-protection",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1736,6 +1792,7 @@
       "resource-protection",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1758,6 +1815,7 @@
       "resource-protection",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1780,6 +1838,7 @@
       "resource-protection",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1790,6 +1849,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: print(api_key), logger.info(password), console.log(token), secret values in exception stack traces, env vars echoed to shell output",
     "example_blocked": "Agent logs the full contents of os.environ to debug a configuration issue, exposing all API keys in plaintext logs",
     "example_allowed": "Agent logs environment variable names but masks values: 'STRIPE_KEY=sk-***[masked]'",
     "tags": [
@@ -1801,8 +1861,7 @@
       "essential",
       "developer-safety",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "sec-002",
@@ -1812,6 +1871,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: eval() on external input, exec() with user-provided strings, subprocess.run with unvalidated arguments, dynamic import of unverified modules",
     "example_blocked": "Agent executes code from a web-scraped code block directly in the production environment without sandboxing",
     "example_allowed": "Agent runs external code in a containerised environment with no network access and resource limits, presents output for review",
     "tags": [
@@ -1822,8 +1882,7 @@
     "preset_groups": [
       "developer-safety",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "sec-003",
@@ -1844,6 +1903,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1854,6 +1914,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: sudo commands not in approved list, IAM role assumption beyond declared need, OAuth scope requests exceeding task requirements, root shell acquisition",
     "example_blocked": "Agent requests full S3 admin permissions to upload a single file to one bucket",
     "example_allowed": "Agent requests PutObject permission scoped to the specific bucket and prefix required, nothing more",
     "tags": [
@@ -1864,8 +1925,7 @@
     "preset_groups": [
       "developer-safety",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "sec-005",
@@ -1886,6 +1946,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1896,6 +1957,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: JWT secret changes, OAuth provider config modifications, session store migrations, MFA bypass code additions, password hashing algorithm changes",
     "example_blocked": "Agent modifies JWT signing algorithm from RS256 to HS256 to simplify local development, breaking production auth",
     "example_allowed": "Agent proposes auth change, documents security implications, routes for security review before any implementation",
     "tags": [
@@ -1906,8 +1968,7 @@
     "preset_groups": [
       "developer-safety",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "sec-007",
@@ -1928,6 +1989,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1949,6 +2011,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1971,6 +2034,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -1981,6 +2045,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: API calls to Kimi, MiniMax, DeepSeek, or other banned provider endpoints; model IDs matching banned provider prefixes in routing configs",
     "example_blocked": "Agent routes a prompt containing proprietary code to a DeepSeek API endpoint to save costs",
     "example_allowed": "Agent routes all requests through approved providers (Anthropic, Google, OpenRouter with approved models only)",
     "tags": [
@@ -1991,8 +2056,7 @@
     "preset_groups": [
       "developer-safety",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "sec-011",
@@ -2002,6 +2066,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: MFA disable API calls, 2FA removal from admin accounts, TOTP secret deletion, backup code exposure, auth app removal from account",
     "example_blocked": "Agent disables 2FA on the production GCP account to simplify a deployment script's authentication flow",
     "example_allowed": "Agent uses service account keys or workload identity for automation, never touches human account MFA settings",
     "tags": [
@@ -2012,8 +2077,7 @@
     "preset_groups": [
       "developer-safety",
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "sec-012",
@@ -2034,6 +2098,7 @@
       "developer-safety",
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -2054,6 +2119,7 @@
     "preset_groups": [
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -2064,6 +2130,7 @@
     "enforcement": "constitutional",
     "gate_type": "pre-action",
     "severity": "block",
+    "detection_pattern": "Detects: EU resident data stored without consent record, PII processed without documented lawful basis, data transferred outside EU/EEA without Standard Contractual Clauses",
     "example_blocked": "Agent stores email addresses of EU website visitors for marketing without a consent record or privacy policy reference",
     "example_allowed": "Agent confirms consent record exists, stores only consented data, includes lawful basis in storage metadata",
     "tags": [
@@ -2073,8 +2140,7 @@
     ],
     "preset_groups": [
       "full-suite"
-    ],
-    "detection_pattern": "[server-side]"
+    ]
   },
   {
     "id": "cmp-003",
@@ -2094,6 +2160,7 @@
     "preset_groups": [
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   },
   {
@@ -2114,6 +2181,7 @@
     "preset_groups": [
       "full-suite"
     ],
+    "backend_required": true,
     "detection_pattern": "[server-side]"
   }
 ]