npm - @sunaiva/gate - Versions diffs - 1.1.2 → 1.1.4 - Mend

@sunaiva/gate 1.1.2 → 1.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (102) hide show

package/BUSINESS_LICENSE.md +2 -2
package/CHANGELOG.md +2 -2
package/LICENSE +0 -0
package/README.DRAFT.md +418 -0
package/README.md +471 -451
package/README.md.bak-v1.0.0-stale-MIT +0 -0
package/SUPPORT.md +0 -0
package/TIER_DEFINITIONS.md +0 -0
package/dist/config/defaults.d.ts +30 -10
package/dist/config/defaults.d.ts.map +1 -1
package/dist/config/defaults.js +49 -26
package/dist/config/defaults.js.map +1 -1
package/dist/config/loader.d.ts +0 -0
package/dist/config/loader.d.ts.map +0 -0
package/dist/config/loader.js +0 -0
package/dist/config/loader.js.map +0 -0
package/dist/engine/backend-client.d.ts +0 -0
package/dist/engine/backend-client.d.ts.map +0 -0
package/dist/engine/backend-client.js +0 -0
package/dist/engine/backend-client.js.map +0 -0
package/dist/engine/hmac-verifier.d.ts +0 -0
package/dist/engine/hmac-verifier.d.ts.map +0 -0
package/dist/engine/hmac-verifier.js +0 -0
package/dist/engine/hmac-verifier.js.map +0 -0
package/dist/engine/immutability.d.ts +0 -0
package/dist/engine/immutability.d.ts.map +0 -0
package/dist/engine/immutability.js +0 -0
package/dist/engine/immutability.js.map +0 -0
package/dist/engine/pattern-matcher.d.ts +0 -0
package/dist/engine/pattern-matcher.d.ts.map +0 -0
package/dist/engine/pattern-matcher.js +0 -0
package/dist/engine/pattern-matcher.js.map +0 -0
package/dist/engine/rule-engine.d.ts +8 -1
package/dist/engine/rule-engine.d.ts.map +1 -1
package/dist/engine/rule-engine.js +18 -3
package/dist/engine/rule-engine.js.map +1 -1
package/dist/engine/session-state.d.ts +0 -0
package/dist/engine/session-state.d.ts.map +0 -0
package/dist/engine/session-state.js +0 -0
package/dist/engine/session-state.js.map +0 -0
package/dist/engine/ship-confidence-gate.d.ts +0 -0
package/dist/engine/ship-confidence-gate.d.ts.map +0 -0
package/dist/engine/ship-confidence-gate.js +0 -0
package/dist/engine/ship-confidence-gate.js.map +0 -0
package/dist/identity/first-run.d.ts +24 -0
package/dist/identity/first-run.d.ts.map +1 -0
package/dist/identity/first-run.js +88 -0
package/dist/identity/first-run.js.map +1 -0
package/dist/identity/nudge.d.ts +29 -0
package/dist/identity/nudge.d.ts.map +1 -0
package/dist/identity/nudge.js +74 -0
package/dist/identity/nudge.js.map +1 -0
package/dist/identity/premium-unlock.d.ts +30 -0
package/dist/identity/premium-unlock.d.ts.map +1 -0
package/dist/identity/premium-unlock.js +65 -0
package/dist/identity/premium-unlock.js.map +1 -0
package/dist/identity/register-client.d.ts +25 -0
package/dist/identity/register-client.d.ts.map +1 -0
package/dist/identity/register-client.js +48 -0
package/dist/identity/register-client.js.map +1 -0
package/dist/identity/telemetry.d.ts +64 -0
package/dist/identity/telemetry.d.ts.map +1 -0
package/dist/identity/telemetry.js +173 -0
package/dist/identity/telemetry.js.map +1 -0
package/dist/index.d.ts +0 -0
package/dist/index.js +75 -1
package/dist/rules/categories.json +0 -0
package/dist/rules/presets.json +0 -0
package/dist/rules/rules.json +153 -42
package/dist/tools/audit.d.ts +0 -0
package/dist/tools/audit.d.ts.map +0 -0
package/dist/tools/audit.js +0 -0
package/dist/tools/audit.js.map +0 -0
package/dist/tools/bypass.d.ts +0 -0
package/dist/tools/bypass.d.ts.map +0 -0
package/dist/tools/bypass.js +0 -0
package/dist/tools/bypass.js.map +0 -0
package/dist/tools/export-attestation.d.ts +0 -0
package/dist/tools/export-attestation.d.ts.map +0 -0
package/dist/tools/export-attestation.js +0 -0
package/dist/tools/export-attestation.js.map +0 -0
package/dist/tools/rules.d.ts +0 -0
package/dist/tools/rules.d.ts.map +0 -0
package/dist/tools/rules.js +0 -0
package/dist/tools/rules.js.map +0 -0
package/dist/tools/ship-confidence.d.ts +0 -0
package/dist/tools/ship-confidence.d.ts.map +0 -0
package/dist/tools/ship-confidence.js +0 -0
package/dist/tools/ship-confidence.js.map +0 -0
package/dist/tools/update.d.ts +0 -0
package/dist/tools/update.d.ts.map +0 -0
package/dist/tools/update.js +0 -0
package/dist/tools/update.js.map +0 -0
package/dist/tools/validate.d.ts +0 -0
package/dist/tools/validate.d.ts.map +0 -0
package/dist/tools/validate.js +0 -0
package/dist/tools/validate.js.map +0 -0
package/dist/types/backend.d.ts +0 -0
package/dist/types/backend.d.ts.map +0 -0
package/dist/types/backend.js +0 -0
package/dist/types/backend.js.map +0 -0
package/package.json +2 -1

package/dist/rules/rules.json CHANGED Viewed

@@ -21,7 +21,8 @@
       "financial-protection",
       "full-suite",
       "minimal"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "fin-002",
@@ -44,7 +45,8 @@
       "essential",
       "financial-protection",
       "full-suite"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "fin-003",
@@ -65,14 +67,15 @@
     "preset_groups": [
       "financial-protection",
       "full-suite"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "fin-004",
     "name": "Crypto Transaction Block",
     "description": "Block all cryptocurrency transfers, wallet interactions, and token purchases without explicit multi-step human approval",
     "category": "financial-safety",
-    "enforcement": "constitutional",
+    "enforcement": "standard",
     "gate_type": "pre-action",
     "severity": "block",
     "detection_pattern": "Detects: wallet addresses, ETH/BTC/USDC transfers, DeFi interactions, NFT purchases, gas fee submissions, seed phrase usage",
@@ -87,7 +90,8 @@
     "preset_groups": [
       "financial-protection",
       "full-suite"
-    ]
+    ],
+    "tier": "recommended_default"
   },
   {
     "id": "fin-005",
@@ -109,6 +113,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -131,6 +136,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -154,6 +160,7 @@
       "developer-safety"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -176,7 +183,8 @@
       "financial-protection",
       "full-suite",
       "minimal"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "fin-009",
@@ -197,7 +205,8 @@
     "preset_groups": [
       "financial-protection",
       "full-suite"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "fin-010",
@@ -220,6 +229,7 @@
       "developer-safety"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -242,6 +252,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -265,6 +276,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -288,7 +300,8 @@
       "developer-safety",
       "full-suite",
       "minimal"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "dat-002",
@@ -310,7 +323,8 @@
     "preset_groups": [
       "essential",
       "full-suite"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "dat-003",
@@ -333,6 +347,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -356,7 +371,8 @@
       "essential",
       "developer-safety",
       "full-suite"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "dat-005",
@@ -380,6 +396,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -401,6 +418,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -424,6 +442,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -445,6 +464,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -466,6 +486,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -487,7 +508,8 @@
     "preset_groups": [
       "developer-safety",
       "full-suite"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "dat-011",
@@ -508,6 +530,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -529,6 +552,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -552,7 +576,8 @@
       "developer-safety",
       "full-suite",
       "minimal"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "gov-002",
@@ -576,7 +601,8 @@
       "developer-safety",
       "full-suite",
       "minimal"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "gov-003",
@@ -598,6 +624,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -619,7 +646,8 @@
     "preset_groups": [
       "developer-safety",
       "full-suite"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "gov-005",
@@ -640,7 +668,8 @@
     "preset_groups": [
       "developer-safety",
       "full-suite"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "gov-006",
@@ -660,7 +689,8 @@
     ],
     "preset_groups": [
       "full-suite"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "gov-007",
@@ -682,6 +712,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -704,7 +735,8 @@
     "preset_groups": [
       "essential",
       "full-suite"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "gov-009",
@@ -726,6 +758,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -749,6 +782,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -771,6 +805,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -793,7 +828,8 @@
       "essential",
       "developer-safety",
       "full-suite"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "qlt-001",
@@ -815,6 +851,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -838,6 +875,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -860,6 +898,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -882,6 +921,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -904,6 +944,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -926,6 +967,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -948,6 +990,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -970,6 +1013,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -992,6 +1036,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1014,6 +1059,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1036,6 +1082,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1058,6 +1105,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1065,7 +1113,7 @@
     "name": "Email Review Gate",
     "description": "Block sending any external email drafted by an agent without human review of content, recipients, and subject line",
     "category": "communication-safety",
-    "enforcement": "constitutional",
+    "enforcement": "standard",
     "gate_type": "pre-action",
     "severity": "block",
     "detection_pattern": "Detects: SMTP send commands, Gmail API message sends, Postmark/SendGrid single sends, nodemailer send calls with external recipients",
@@ -1079,14 +1127,15 @@
     "preset_groups": [
       "essential",
       "full-suite"
-    ]
+    ],
+    "tier": "recommended_default"
   },
   {
     "id": "com-002",
     "name": "Social Media Approval Gate",
     "description": "Block posting, publishing, or scheduling any social media content without human review and approval",
     "category": "communication-safety",
-    "enforcement": "constitutional",
+    "enforcement": "standard",
     "gate_type": "pre-action",
     "severity": "block",
     "detection_pattern": "Detects: Twitter/X API post calls, LinkedIn share submissions, Facebook page post API, Instagram media publishes, TikTok upload completions",
@@ -1100,7 +1149,8 @@
     "preset_groups": [
       "essential",
       "full-suite"
-    ]
+    ],
+    "tier": "recommended_default"
   },
   {
     "id": "com-003",
@@ -1121,6 +1171,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1142,6 +1193,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1149,7 +1201,7 @@
     "name": "Customer Communication Gate",
     "description": "Block any direct communication to customers, clients, or partners initiated by an agent without human sign-off",
     "category": "communication-safety",
-    "enforcement": "constitutional",
+    "enforcement": "standard",
     "gate_type": "pre-action",
     "severity": "block",
     "detection_pattern": "Detects: CRM-triggered customer emails, in-app messages sent to user segments, support ticket replies, automated refund communications, contract or invoice emails",
@@ -1163,14 +1215,15 @@
     "preset_groups": [
       "essential",
       "full-suite"
-    ]
+    ],
+    "tier": "recommended_default"
   },
   {
     "id": "com-006",
     "name": "Press Release and PR Content Gate",
     "description": "Block publishing or distributing any press release, media statement, or investor communication without executive approval",
     "category": "communication-safety",
-    "enforcement": "constitutional",
+    "enforcement": "standard",
     "gate_type": "pre-action",
     "severity": "block",
     "detection_pattern": "Detects: PR Newswire distribution API, Business Wire submissions, media contact outreach with embargo dates, investor relations email sends",
@@ -1183,7 +1236,8 @@
     ],
     "preset_groups": [
       "full-suite"
-    ]
+    ],
+    "tier": "recommended_default"
   },
   {
     "id": "com-007",
@@ -1203,7 +1257,8 @@
     ],
     "preset_groups": [
       "full-suite"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "com-008",
@@ -1224,6 +1279,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1231,7 +1287,7 @@
     "name": "Outreach Approval Before Launch",
     "description": "Require explicit go/no-go approval before activating any cold outreach sequence or automated follow-up campaign",
     "category": "communication-safety",
-    "enforcement": "constitutional",
+    "enforcement": "standard",
     "gate_type": "pre-action",
     "severity": "block",
     "detection_pattern": "Detects: Instantly.ai campaign activation, Lemlist sequence launch, Apollo.io sequence start, Outreach.io sequence enable, HubSpot sequence activation",
@@ -1245,7 +1301,8 @@
     "preset_groups": [
       "essential",
       "full-suite"
-    ]
+    ],
+    "tier": "recommended_default"
   },
   {
     "id": "com-010",
@@ -1266,6 +1323,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1286,7 +1344,8 @@
     ],
     "preset_groups": [
       "full-suite"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "com-012",
@@ -1307,6 +1366,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1329,6 +1389,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1350,6 +1411,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1371,6 +1433,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1393,6 +1456,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1415,6 +1479,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1437,6 +1502,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1459,6 +1525,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1481,6 +1548,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1488,7 +1556,7 @@
     "name": "No Fabricated Statistics",
     "description": "Block agent from presenting invented numbers, market sizes, or performance statistics as factual claims",
     "category": "knowledge-protocol",
-    "enforcement": "constitutional",
+    "enforcement": "standard",
     "gate_type": "post-action",
     "severity": "block",
     "detection_pattern": "Detects: market size claims without cited research, performance benchmarks not sourced to a test run, conversion rates stated as fact without underlying data",
@@ -1501,7 +1569,8 @@
     ],
     "preset_groups": [
       "full-suite"
-    ]
+    ],
+    "tier": "recommended_default"
   },
   {
     "id": "know-010",
@@ -1522,6 +1591,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1543,6 +1613,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1565,6 +1636,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1588,6 +1660,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1612,6 +1685,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1635,6 +1709,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1658,6 +1733,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1680,6 +1756,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1702,6 +1779,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1725,6 +1803,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1748,6 +1827,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1771,6 +1851,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1793,6 +1874,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1816,6 +1898,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1839,6 +1922,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1861,7 +1945,8 @@
       "essential",
       "developer-safety",
       "full-suite"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "sec-002",
@@ -1882,7 +1967,8 @@
     "preset_groups": [
       "developer-safety",
       "full-suite"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "sec-003",
@@ -1904,6 +1990,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1925,7 +2012,8 @@
     "preset_groups": [
       "developer-safety",
       "full-suite"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "sec-005",
@@ -1947,6 +2035,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -1968,7 +2057,8 @@
     "preset_groups": [
       "developer-safety",
       "full-suite"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "sec-007",
@@ -1990,6 +2080,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -2012,6 +2103,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -2035,6 +2127,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -2042,10 +2135,9 @@
     "name": "No Banned Model Providers",
     "description": "Block agent from routing requests to providers on the organisation's banned list (e.g. providers with IP leakage concerns)",
     "category": "security",
-    "enforcement": "constitutional",
+    "enforcement": "standard",
     "gate_type": "pre-action",
     "severity": "block",
-    "detection_pattern": "Detects: API calls to Kimi, MiniMax, DeepSeek, or other banned provider endpoints; model IDs matching banned provider prefixes in routing configs",
     "example_blocked": "Agent routes a prompt containing proprietary code to a DeepSeek API endpoint to save costs",
     "example_allowed": "Agent routes all requests through approved providers (Anthropic, Google, OpenRouter with approved models only)",
     "tags": [
@@ -2056,7 +2148,20 @@
     "preset_groups": [
       "developer-safety",
       "full-suite"
-    ]
+    ],
+    "tier": "premium",
+    "backend_required": true,
+    "user_configurable": true,
+    "config_schema": {
+      "banned_providers": {
+        "type": "array",
+        "items": {
+          "type": "string"
+        },
+        "description": "List of model provider substrings to block (e.g. [\"deepseek\", \"qwen\"]). Customer-supplied."
+      }
+    },
+    "detection_pattern": "[server-side]"
   },
   {
     "id": "sec-011",
@@ -2077,7 +2182,8 @@
     "preset_groups": [
       "developer-safety",
       "full-suite"
-    ]
+    ],
+    "tier": "constitutional"
   },
   {
     "id": "sec-012",
@@ -2099,6 +2205,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -2120,6 +2227,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -2127,7 +2235,7 @@
     "name": "GDPR Data Handling Protocol",
     "description": "Require explicit lawful basis documentation before any collection, processing, or storage of EU resident personal data",
     "category": "compliance",
-    "enforcement": "constitutional",
+    "enforcement": "standard",
     "gate_type": "pre-action",
     "severity": "block",
     "detection_pattern": "Detects: EU resident data stored without consent record, PII processed without documented lawful basis, data transferred outside EU/EEA without Standard Contractual Clauses",
@@ -2140,7 +2248,8 @@
     ],
     "preset_groups": [
       "full-suite"
-    ]
+    ],
+    "tier": "recommended_default"
   },
   {
     "id": "cmp-003",
@@ -2161,6 +2270,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   },
   {
@@ -2182,6 +2292,7 @@
       "full-suite"
     ],
     "backend_required": true,
+    "tier": "premium",
     "detection_pattern": "[server-side]"
   }
 ]