veto-sdk 2.6.0 → 2.7.0

package/packs/eu-ai-act-starter.yaml

@@ -0,0 +1,155 @@
+# Starter guardrails inspired by EU AI Act operational themes.
+# Operators must map these to their risk classification, documentation, and human-oversight process.
+version: "1.0"
+name: eu-ai-act-starter-pack
+description: Starter guardrails for human oversight, audit preservation, consequential-action review, and transparency workflows. This pack is not a compliance certification.
+
+rules:
+  - id: eu-ai-require-human-oversight-high-risk
+    name: Require human oversight for high-risk decisions
+    description: Require approval before tools finalize high-risk or consequential decisions.
+    enabled: true
+    severity: critical
+    action: require_approval
+    tools:
+      - update_record
+      - write_file
+      - execute_command
+      - run_shell
+      - bash
+      - shell
+      - deploy
+      - publish
+      - release
+      - send_email
+      - http_request
+    condition_groups:
+      # Tune high-risk categories to your product's risk classification inventory.
+      - - field: arguments.risk_level
+          operator: matches
+          value: '(?i)\b(high|high-risk|consequential)\b'
+      - - field: arguments.decision_type
+          operator: matches
+          value: '(?i)\b(credit|employment|education|housing|healthcare|insurance|law enforcement|migration)\b'
+      - - field: arguments.high_risk
+          operator: equals
+          value: true
+      - - field: custom.high_risk_ai_system
+          operator: equals
+          value: true
+
+  - id: eu-ai-block-audit-log-deletion
+    name: Block audit log deletion
+    description: Preserve logs and audit trails needed for review, incident response, and post-market monitoring.
+    enabled: true
+    severity: critical
+    action: block
+    tools:
+      - delete_file
+      - write_file
+      - edit_file
+      - execute_command
+      - run_shell
+      - bash
+      - shell
+    condition_groups:
+      - - field: arguments.path
+          operator: matches
+          value: "(?i)(audit|decision|model|risk|incident)[-_ ]?(log|trail|record)s?"
+      - - field: arguments.command
+          operator: matches
+          value: '(?i)\b(rm|truncate|shred)\b.*\b(audit|decision|model|risk|incident)[-_ ]?(log|trail|record)s?\b'
+
+  - id: eu-ai-require-approval-autonomous-consequential-action
+    name: Require approval for autonomous consequential actions
+    description: Require human approval before autonomous actions that affect users, records, access, or production systems.
+    enabled: true
+    severity: critical
+    action: require_approval
+    tools:
+      - update_record
+      - execute_sql
+      - run_query
+      - query_database
+      - deploy
+      - publish
+      - release
+      - push_to_production
+      - send_email
+      - http_request
+      - export_data
+      - export_records
+    condition_groups:
+      - - field: arguments.autonomous
+          operator: equals
+          value: true
+        - field: arguments.consequential
+          operator: equals
+          value: true
+      - - field: custom.autonomous_action
+          operator: equals
+          value: true
+        - field: custom.human_approved
+          operator: not_equals
+          value: true
+      - - field: arguments.impact
+          operator: matches
+          value: '(?i)\b(eligibility|access|benefit|price|rank|score|account|employment)\b'
+
+  - id: eu-ai-require-transparency-review-before-notification
+    name: Require transparency review before user notification
+    description: Require review before sending user-facing notices or finalizing decisions without transparency approval.
+    enabled: true
+    severity: high
+    action: require_approval
+    tools:
+      - send_email
+      - send_message
+      - send_notification
+      - http_request
+      - update_record
+      - publish
+    condition_groups:
+      # Override custom.transparency_reviewed from your app once required notice text is checked.
+      - - field: arguments.user_notification
+          operator: equals
+          value: true
+        - field: custom.transparency_reviewed
+          operator: not_equals
+          value: true
+      - - field: arguments.finalize_decision
+          operator: equals
+          value: true
+        - field: custom.transparency_reviewed
+          operator: not_equals
+          value: true
+      - - field: arguments.message
+          operator: matches
+          value: '(?i)\b(final decision|automated decision|AI-generated decision)\b'
+        - field: custom.transparency_reviewed
+          operator: not_equals
+          value: true
+
+output_rules:
+  - id: eu-ai-log-high-risk-output
+    name: Log high-risk decision outputs
+    description: Log outputs that appear to contain final high-risk decisions for audit review.
+    enabled: true
+    severity: high
+    action: log
+    output_conditions:
+      - field: output
+        operator: matches
+        value: '(?i)\b(final decision|automated decision|eligibility denied|application rejected|risk score)\b'
+
+  - id: eu-ai-redact-unsupported-compliance-claims
+    name: Redact unsupported compliance claims
+    description: Redact generated claims that imply a system is legally compliant without review.
+    enabled: true
+    severity: medium
+    action: redact
+    output_conditions:
+      - field: output
+        operator: matches
+        value: '(?i)\b(EU AI Act compliant|guaranteed compliant|certified compliant)\b'
+    redact_with: "[REVIEW_REQUIRED]"

package/packs/hipaa-lite.yaml

@@ -0,0 +1,154 @@
+# Starter guardrails inspired by HIPAA privacy/security themes.
+# Operators must review, tune detectors, and validate workflows with qualified counsel/compliance owners.
+version: "1.0"
+name: hipaa-lite-pack
+description: Starter guardrails for PHI handling, patient-data export review, and medical-record access context. This pack is not a compliance certification.
+
+rules:
+  - id: hipaa-require-approval-external-phi-transfer
+    name: Require approval for external PHI transfer
+    description: Require review before patient or PHI-related data is emailed, uploaded, exported, or sent over HTTP.
+    enabled: true
+    severity: critical
+    action: require_approval
+    tools:
+      - send_email
+      - http_request
+      - upload_file
+      - export_data
+      - export_records
+    condition_groups:
+      # Expand these field names to match your application payloads.
+      - - field: arguments.data_type
+          operator: matches
+          value: '(?i)\b(phi|patient|medical|clinical|health)\b'
+      - - field: arguments.dataset
+          operator: matches
+          value: '(?i)\b(phi|patient|medical|clinical|health)\b'
+      - - field: arguments.body
+          operator: matches
+          value: '(?i)\b(patient|diagnosis|medication|medical record|mrn)\b'
+      - - field: arguments.file
+          operator: matches
+          value: '(?i)\b(patient|medical|clinical|phi)\b'
+
+  - id: hipaa-block-unapproved-phi-network-send
+    name: Block unapproved PHI network sends
+    description: Block network transfer of PHI when explicit PHI transfer approval is absent from context.
+    enabled: true
+    severity: critical
+    action: block
+    tools:
+      - http_request
+      - upload_file
+      - send_email
+    condition_groups:
+      - - field: custom.phi_transfer_approved
+          operator: not_equals
+          value: true
+        - field: arguments.contains_phi
+          operator: equals
+          value: true
+      - - field: custom.phi_transfer_approved
+          operator: not_equals
+          value: true
+        - field: arguments.data_classification
+          operator: matches
+          value: '(?i)\b(phi|patient|medical)\b'
+
+  - id: hipaa-require-context-for-medical-record-access
+    name: Require context for medical record access
+    description: Restrict patient record reads and writes unless the caller provides approved PHI access context.
+    enabled: true
+    severity: high
+    action: require_approval
+    tools:
+      - read_record
+      - update_record
+      - query_database
+      - execute_sql
+      - run_query
+    condition_groups:
+      # Add role, purpose-of-use, and break-glass checks in project overrides.
+      - - field: custom.phi_access_approved
+          operator: not_equals
+          value: true
+        - field: arguments.record_type
+          operator: matches
+          value: '(?i)\b(patient|medical|clinical|encounter|claim)\b'
+      - - field: custom.phi_access_approved
+          operator: not_equals
+          value: true
+        - field: arguments.table
+          operator: matches
+          value: '(?i)\b(patient|medical|clinical|encounter|claim)s?\b'
+      - - field: custom.phi_access_approved
+          operator: not_equals
+          value: true
+        - field: arguments.query
+          operator: matches
+          value: '(?i)\b(patient|medical_record|diagnosis|medication|mrn)\b'
+
+  - id: hipaa-require-approval-bulk-record-export
+    name: Require approval for bulk patient record export
+    description: Require human review before exporting large patient or clinical record sets.
+    enabled: true
+    severity: high
+    action: require_approval
+    tools:
+      - export_data
+      - export_records
+      - query_database
+      - execute_sql
+      - run_query
+    condition_groups:
+      # Tune this threshold to your minimum necessary access policy.
+      - - field: arguments.limit
+          operator: greater_than
+          value: 100
+        - field: arguments.dataset
+          operator: matches
+          value: '(?i)\b(patient|medical|clinical|phi)\b'
+      - - field: arguments.limit
+          operator: greater_than
+          value: 100
+        - field: arguments.query
+          operator: matches
+          value: '(?i)\b(patient|medical_record|diagnosis|medication|mrn)\b'
+
+output_rules:
+  - id: hipaa-redact-patient-identifiers
+    name: Redact patient identifiers
+    description: Redact common patient identifiers when they appear in tool output.
+    enabled: true
+    severity: critical
+    action: redact
+    output_conditions:
+      - field: output
+        operator: matches
+        value: '(?i)\b(MRN|medical record number|patient id)\b\s*[:#]?\s*[A-Za-z0-9-]{4,}'
+    redact_with: "[REDACTED_PATIENT_ID]"
+
+  - id: hipaa-redact-ssn
+    name: Redact SSNs
+    description: Redact US Social Security numbers from patient data output.
+    enabled: true
+    severity: critical
+    action: redact
+    output_conditions:
+      - field: output
+        operator: matches
+        value: '\b\d{3}-\d{2}-\d{4}\b'
+    redact_with: "[REDACTED_SSN]"
+
+  - id: hipaa-redact-dob
+    name: Redact dates of birth
+    description: Redact common DOB labels and date values from outputs.
+    enabled: true
+    severity: high
+    action: redact
+    output_conditions:
+      - field: output
+        operator: matches
+        value: '(?i)\b(DOB|date of birth)\b\s*[:#]?\s*\d{1,2}[/-]\d{1,2}[/-]\d{2,4}'
+    redact_with: "[REDACTED_DOB]"

package/packs/soc2-lite.yaml

@@ -0,0 +1,136 @@
+# Starter guardrails inspired by SOC 2 control themes.
+# Operators must review, tune thresholds, and map rules to their own controls.
+version: "1.0"
+name: soc2-lite-pack
+description: Starter guardrails for change management, least-privilege operations, audit integrity, and secret handling. This pack is not a compliance certification.
+
+rules:
+  - id: soc2-require-approval-destructive-operations
+    name: Require approval for destructive operations
+    description: Route destructive shell, file, and database operations to human approval before execution.
+    enabled: true
+    severity: critical
+    action: require_approval
+    tools:
+      - execute_command
+      - run_shell
+      - bash
+      - shell
+      - delete_file
+      - write_file
+      - edit_file
+      - query_database
+      - execute_sql
+      - run_query
+    condition_groups:
+      # Tune these command/data patterns for your runtime and database dialect.
+      - - field: arguments.command
+          operator: matches
+          value: '(?i)\b(rm\s+-rf|mkfs|shutdown|reboot|terraform\s+destroy|kubectl\s+delete)\b'
+      - - field: arguments.path
+          operator: matches
+          value: "(^|/)(prod|production|backups|audit|logs)(/|$)"
+      - - field: arguments.query
+          operator: matches
+          value: '(?i)\b(drop|truncate|delete\s+from|alter\s+table)\b'
+
+  - id: soc2-require-approval-production-release
+    name: Require approval for production release actions
+    description: Require human approval before production deploy, publish, release, or delete operations.
+    enabled: true
+    severity: critical
+    action: require_approval
+    tools:
+      - deploy
+      - publish
+      - release
+      - push_to_production
+      - delete_file
+      - execute_command
+      - run_shell
+      - bash
+      - shell
+    condition_groups:
+      - - field: arguments.environment
+          operator: matches
+          value: "(?i)^(prod|production)$"
+      - - field: arguments.env
+          operator: matches
+          value: "(?i)^(prod|production)$"
+      - - field: arguments.target
+          operator: matches
+          value: '(?i)\b(prod|production)\b'
+      - - field: arguments.command
+          operator: matches
+          value: '(?i)\b(prod|production)\b.*\b(deploy|release|delete|destroy)\b'
+
+  - id: soc2-block-audit-log-tampering
+    name: Block audit log tampering
+    description: Prevent agents from deleting or mutating audit logs and evidence exports.
+    enabled: true
+    severity: critical
+    action: block
+    tools:
+      - delete_file
+      - write_file
+      - edit_file
+      - execute_command
+      - run_shell
+      - bash
+      - shell
+    condition_groups:
+      - - field: arguments.path
+          operator: matches
+          value: "(?i)(audit|evidence|security)[-_]?(log|trail|export)"
+      - - field: arguments.command
+          operator: matches
+          value: '(?i)\b(rm|truncate|shred)\b.*\b(audit|evidence|security)[-_]?(log|trail|export)\b'
+
+  - id: soc2-require-approval-audit-export
+    name: Require approval for audit exports
+    description: Require review before exporting audit logs or control evidence outside the system.
+    enabled: true
+    severity: high
+    action: require_approval
+    tools:
+      - export_data
+      - export_records
+      - upload_file
+      - http_request
+      - send_email
+    condition_groups:
+      # Add your internal-only domains or approved sinks in project-specific overrides.
+      - - field: arguments.dataset
+          operator: matches
+          value: '(?i)\b(audit|evidence|security|access)[-_ ]?(log|trail|export|review)\b'
+      - - field: arguments.path
+          operator: matches
+          value: '(?i)\b(audit|evidence|security)[-_ ]?(log|trail|export)\b'
+      - - field: arguments.body
+          operator: matches
+          value: '(?i)\b(audit|evidence|control|soc\s*2)\b'
+
+output_rules:
+  - id: soc2-redact-api-keys
+    name: Redact API keys and tokens
+    description: Redact common credential patterns from tool outputs.
+    enabled: true
+    severity: critical
+    action: redact
+    output_conditions:
+      - field: output
+        operator: matches
+        value: '(?i)\b(api[_-]?key|secret|token|password)\b\s*[:=]\s*[A-Za-z0-9_./+=-]{8,}'
+    redact_with: "[REDACTED_SECRET]"
+
+  - id: soc2-redact-private-keys
+    name: Redact private key material
+    description: Redact PEM private keys from tool outputs.
+    enabled: true
+    severity: critical
+    action: redact
+    output_conditions:
+      - field: output
+        operator: matches
+        value: "-----BEGIN [A-Z ]*PRIVATE KEY-----"
+    redact_with: "[REDACTED_PRIVATE_KEY]"