Recipes
Catalog of regex rules, suppressions, sensitive tools, and judge categories shipped with the strict policy — search, copy, and remix.
The recipe catalog is the same library the Policy creator draws from. Every entry
ships with the bundled strict policy so you can paste the YAML directly into your own pack —
or use the wizard to drop one into a draft and tune it interactively.
Where these come from
Each rule originates in policies/guardrail/strict/rules/<category>.yaml and gets compiled into
this catalog at build time by docs-site/scripts/build-policy-assets.ts. The bundled strict
pack is the source of truth — when it changes, this catalog regenerates.
- webhook.site (known exfil)rule:c2RECIPE-C2-WEBHOOK-SITEegress_external
Pattern shipped in the bundled strict rule pack (c2.yaml). Severity HIGH.
YAML
{ "id": "C2-WEBHOOK-SITE", "pattern": "(?i)webhook\\.site", "title": "webhook.site (known exfil)", "severity": "HIGH", "confidence": 0.9, "tags": [ "exfiltration", "c2" ] }policies/guardrail/strict/rules/c2.yaml - ngrok tunnel (exfil risk)rule:c2RECIPE-C2-NGROKegress_external
Pattern shipped in the bundled strict rule pack (c2.yaml). Severity HIGH.
YAML
{ "id": "C2-NGROK", "pattern": "(?i)(?:ngrok\\.io|ngrok-free\\.app)", "title": "ngrok tunnel (exfil risk)", "severity": "HIGH", "confidence": 0.85, "tags": [ "exfiltration", "c2" ] }policies/guardrail/strict/rules/c2.yaml - Pipedream (known exfil)rule:c2RECIPE-C2-PIPEDREAMegress_external
Pattern shipped in the bundled strict rule pack (c2.yaml). Severity HIGH.
YAML
{ "id": "C2-PIPEDREAM", "pattern": "(?i)pipedream\\.net", "title": "Pipedream (known exfil)", "severity": "HIGH", "confidence": 0.9, "tags": [ "exfiltration", "c2" ] }policies/guardrail/strict/rules/c2.yaml - RequestBin (known exfil)rule:c2RECIPE-C2-REQUESTBINegress_external
Pattern shipped in the bundled strict rule pack (c2.yaml). Severity HIGH.
YAML
{ "id": "C2-REQUESTBIN", "pattern": "(?i)requestbin\\.com", "title": "RequestBin (known exfil)", "severity": "HIGH", "confidence": 0.9, "tags": [ "exfiltration", "c2" ] }policies/guardrail/strict/rules/c2.yaml - HookBin (known exfil)rule:c2RECIPE-C2-HOOKBINegress_external
Pattern shipped in the bundled strict rule pack (c2.yaml). Severity HIGH.
YAML
{ "id": "C2-HOOKBIN", "pattern": "(?i)hookbin\\.com", "title": "HookBin (known exfil)", "severity": "HIGH", "confidence": 0.9, "tags": [ "exfiltration", "c2" ] }policies/guardrail/strict/rules/c2.yaml - Burp Collaborator (pentest C2)rule:c2RECIPE-C2-BURPegress_external
Pattern shipped in the bundled strict rule pack (c2.yaml). Severity HIGH.
YAML
{ "id": "C2-BURP", "pattern": "(?i)burpcollaborator\\.net", "title": "Burp Collaborator (pentest C2)", "severity": "HIGH", "confidence": 0.9, "tags": [ "exfiltration", "c2" ] }policies/guardrail/strict/rules/c2.yaml - interact.sh (OOB exfil)rule:c2RECIPE-C2-INTERACTSHegress_external
Pattern shipped in the bundled strict rule pack (c2.yaml). Severity HIGH.
YAML
{ "id": "C2-INTERACTSH", "pattern": "(?i)interact\\.sh", "title": "interact.sh (OOB exfil)", "severity": "HIGH", "confidence": 0.9, "tags": [ "exfiltration", "c2" ] }policies/guardrail/strict/rules/c2.yaml - oast.fun (OOB testing)rule:c2RECIPE-C2-OASTegress_external
Pattern shipped in the bundled strict rule pack (c2.yaml). Severity HIGH.
YAML
{ "id": "C2-OAST", "pattern": "(?i)oast\\.fun", "title": "oast.fun (OOB testing)", "severity": "HIGH", "confidence": 0.85, "tags": [ "exfiltration", "c2" ] }policies/guardrail/strict/rules/c2.yaml - Canary Tokensrule:c2RECIPE-C2-CANARYegress_external
Pattern shipped in the bundled strict rule pack (c2.yaml). Severity MEDIUM.
YAML
{ "id": "C2-CANARY", "pattern": "(?i)canarytokens\\.com", "title": "Canary Tokens", "severity": "MEDIUM", "confidence": 0.75, "tags": [ "exfiltration", "c2" ] }policies/guardrail/strict/rules/c2.yaml - Pastebin raw fetchrule:c2RECIPE-C2-PASTEBINegress_external
Pattern shipped in the bundled strict rule pack (c2.yaml). Severity MEDIUM.
YAML
{ "id": "C2-PASTEBIN", "pattern": "(?i)pastebin\\.com/raw/", "title": "Pastebin raw fetch", "severity": "MEDIUM", "confidence": 0.7, "tags": [ "exfiltration", "c2" ] }policies/guardrail/strict/rules/c2.yaml - AWS metadata endpoint (SSRF)rule:c2RECIPE-C2-METADATA-AWSsensitive_accessegress_external
Pattern shipped in the bundled strict rule pack (c2.yaml). Severity CRITICAL.
YAML
{ "id": "C2-METADATA-AWS", "pattern": "169\\.254\\.169\\.254", "title": "AWS metadata endpoint (SSRF)", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "ssrf", "credential" ] }policies/guardrail/strict/rules/c2.yaml - GCP metadata endpoint (SSRF)rule:c2RECIPE-C2-METADATA-GCPsensitive_accessegress_external
Pattern shipped in the bundled strict rule pack (c2.yaml). Severity CRITICAL.
YAML
{ "id": "C2-METADATA-GCP", "pattern": "(?i)metadata\\.google\\.internal", "title": "GCP metadata endpoint (SSRF)", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "ssrf", "credential" ] }policies/guardrail/strict/rules/c2.yaml - Azure metadata endpoint (SSRF)rule:c2RECIPE-C2-METADATA-AZUREsensitive_accessegress_external
Pattern shipped in the bundled strict rule pack (c2.yaml). Severity CRITICAL.
YAML
{ "id": "C2-METADATA-AZURE", "pattern": "169\\.254\\.169\\.254/metadata", "title": "Azure metadata endpoint (SSRF)", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "ssrf", "credential" ] }policies/guardrail/strict/rules/c2.yaml - AWS metadata endpoint (hex-encoded SSRF)rule:c2RECIPE-C2-METADATA-HEXsensitive_accessegress_external
Pattern shipped in the bundled strict rule pack (c2.yaml). Severity CRITICAL.
YAML
{ "id": "C2-METADATA-HEX", "pattern": "(?i)0xa9fea9fe", "title": "AWS metadata endpoint (hex-encoded SSRF)", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "ssrf", "credential" ] }policies/guardrail/strict/rules/c2.yaml - AWS metadata endpoint (decimal-encoded SSRF)rule:c2RECIPE-C2-METADATA-DECIMALsensitive_accessegress_external
Pattern shipped in the bundled strict rule pack (c2.yaml). Severity CRITICAL.
YAML
{ "id": "C2-METADATA-DECIMAL", "pattern": "(?:^|[/])2852039166(?:$|[/])", "title": "AWS metadata endpoint (decimal-encoded SSRF)", "severity": "CRITICAL", "confidence": 0.93, "tags": [ "ssrf", "credential" ] }policies/guardrail/strict/rules/c2.yaml - AWS metadata endpoint (octal-encoded SSRF)rule:c2RECIPE-C2-METADATA-OCTALsensitive_accessegress_external
Pattern shipped in the bundled strict rule pack (c2.yaml). Severity CRITICAL.
YAML
{ "id": "C2-METADATA-OCTAL", "pattern": "0251\\.0376\\.0251\\.0376", "title": "AWS metadata endpoint (octal-encoded SSRF)", "severity": "CRITICAL", "confidence": 0.93, "tags": [ "ssrf", "credential" ] }policies/guardrail/strict/rules/c2.yaml - DNS TXT query with high-entropy label (tunneling indicator)rule:c2RECIPE-C2-DNS-TUNNELegress_external
Pattern shipped in the bundled strict rule pack (c2.yaml). Severity HIGH.
YAML
{ "id": "C2-DNS-TUNNEL", "pattern": "(?i)\\bdig\\b\\s+[^;\\n]*\\bTXT\\b\\s+(?:[a-f0-9]{16,}|[A-Za-z2-7]{24,})\\.[A-Za-z0-9-]{2,}\\.", "title": "DNS TXT query with high-entropy label (tunneling indicator)", "severity": "HIGH", "confidence": 0.78, "tags": [ "exfiltration", "dns-tunnel" ] }policies/guardrail/strict/rules/c2.yaml - nslookup with hex subdomain (DNS exfil)rule:c2RECIPE-C2-DNS-EXFILegress_external
Pattern shipped in the bundled strict rule pack (c2.yaml). Severity HIGH.
YAML
{ "id": "C2-DNS-EXFIL", "pattern": "(?i)\\bnslookup\\b\\s+[a-f0-9]{8,}\\.\\w+\\.", "title": "nslookup with hex subdomain (DNS exfil)", "severity": "HIGH", "confidence": 0.8, "tags": [ "exfiltration", "dns-tunnel" ] }policies/guardrail/strict/rules/c2.yaml - SOUL.md access (agent identity)rule:cognitive-fileRECIPE-COG-SOULsensitive_access
Pattern shipped in the bundled strict rule pack (cognitive.yaml). Severity CRITICAL.
YAML
{ "id": "COG-SOUL", "pattern": "(?i)SOUL\\.md", "title": "SOUL.md access (agent identity)", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "cognitive-tampering" ] }policies/guardrail/strict/rules/cognitive.yaml - IDENTITY.md accessrule:cognitive-fileRECIPE-COG-IDENTITYsensitive_access
Pattern shipped in the bundled strict rule pack (cognitive.yaml). Severity CRITICAL.
YAML
{ "id": "COG-IDENTITY", "pattern": "(?i)IDENTITY\\.md", "title": "IDENTITY.md access", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "cognitive-tampering" ] }policies/guardrail/strict/rules/cognitive.yaml - MEMORY.md accessrule:cognitive-fileRECIPE-COG-MEMORYsensitive_access
Pattern shipped in the bundled strict rule pack (cognitive.yaml). Severity HIGH.
YAML
{ "id": "COG-MEMORY", "pattern": "(?i)MEMORY\\.md", "title": "MEMORY.md access", "severity": "HIGH", "confidence": 0.85, "tags": [ "cognitive-tampering" ] }policies/guardrail/strict/rules/cognitive.yaml - CLAUDE.md accessrule:cognitive-fileRECIPE-COG-CLAUDE-MDsensitive_access
Pattern shipped in the bundled strict rule pack (cognitive.yaml). Severity HIGH.
YAML
{ "id": "COG-CLAUDE-MD", "pattern": "(?i)CLAUDE\\.md", "title": "CLAUDE.md access", "severity": "HIGH", "confidence": 0.85, "tags": [ "cognitive-tampering" ] }policies/guardrail/strict/rules/cognitive.yaml - TOOLS.md accessrule:cognitive-fileRECIPE-COG-TOOLS-MDsensitive_access
Pattern shipped in the bundled strict rule pack (cognitive.yaml). Severity HIGH.
YAML
{ "id": "COG-TOOLS-MD", "pattern": "(?i)TOOLS\\.md", "title": "TOOLS.md access", "severity": "HIGH", "confidence": 0.8, "tags": [ "cognitive-tampering" ] }policies/guardrail/strict/rules/cognitive.yaml - AGENTS.md accessrule:cognitive-fileRECIPE-COG-AGENTS-MDsensitive_access
Pattern shipped in the bundled strict rule pack (cognitive.yaml). Severity HIGH.
YAML
{ "id": "COG-AGENTS-MD", "pattern": "(?i)AGENTS\\.md", "title": "AGENTS.md access", "severity": "HIGH", "confidence": 0.8, "tags": [ "cognitive-tampering" ] }policies/guardrail/strict/rules/cognitive.yaml - openclaw.json config accessrule:cognitive-fileRECIPE-COG-OPENCLAW-JSONsensitive_access
Pattern shipped in the bundled strict rule pack (cognitive.yaml). Severity HIGH.
YAML
{ "id": "COG-OPENCLAW-JSON", "pattern": "(?i)openclaw\\.json", "title": "openclaw.json config access", "severity": "HIGH", "confidence": 0.8, "tags": [ "cognitive-tampering" ] }policies/guardrail/strict/rules/cognitive.yaml - gateway.json config accessrule:cognitive-fileRECIPE-COG-GATEWAY-JSONsensitive_access
Pattern shipped in the bundled strict rule pack (cognitive.yaml). Severity HIGH.
YAML
{ "id": "COG-GATEWAY-JSON", "pattern": "(?i)gateway\\.json", "title": "gateway.json config access", "severity": "HIGH", "confidence": 0.8, "tags": [ "cognitive-tampering" ] }policies/guardrail/strict/rules/cognitive.yaml - Bash reverse shellrule:commandRECIPE-CMD-REVSHELL-BASH
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity CRITICAL.
YAML
{ "id": "CMD-REVSHELL-BASH", "pattern": "(?i)bash\\s+-i\\s+>&\\s*/dev/tcp/", "title": "Bash reverse shell", "severity": "CRITICAL", "confidence": 0.98, "tags": [ "execution", "reverse-shell" ] }policies/guardrail/strict/rules/commands.yaml - Reverse shell via /dev/tcprule:commandRECIPE-CMD-REVSHELL-DEVTCP
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity CRITICAL.
YAML
{ "id": "CMD-REVSHELL-DEVTCP", "pattern": "/dev/tcp/(?:\\d{1,3}\\.\\d{1,3}|[A-Za-z0-9-]+(?:\\.[A-Za-z0-9-]+)+)/\\d+\\b", "title": "Reverse shell via /dev/tcp", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "execution", "reverse-shell" ] }policies/guardrail/strict/rules/commands.yaml - Netcat reverse shell with -erule:commandRECIPE-CMD-REVSHELL-NC
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity CRITICAL.
YAML
{ "id": "CMD-REVSHELL-NC", "pattern": "(?i)\\b(?:nc|ncat|netcat)\\b\\s+(?:(?:-[a-zA-Z]*\\s+)*\\S+\\s+\\d+\\s*(?:-e|--exec)\\b|(?:-[a-zA-Z]*\\s+)*(?:-e|--exec)\\s+\\S+\\s+\\S+\\s+\\d+\\b)", "title": "Netcat reverse shell with -e", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "execution", "reverse-shell" ] }policies/guardrail/strict/rules/commands.yaml - Python reverse shellrule:commandRECIPE-CMD-REVSHELL-PYTHON
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity CRITICAL.
YAML
{ "id": "CMD-REVSHELL-PYTHON", "pattern": "(?i)python[23]?\\s+-c\\s+.*socket.*connect", "title": "Python reverse shell", "severity": "CRITICAL", "confidence": 0.9, "tags": [ "execution", "reverse-shell" ] }policies/guardrail/strict/rules/commands.yaml - curl piped to shellrule:commandRECIPE-CMD-PIPE-CURLegress_external
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity CRITICAL.
YAML
{ "id": "CMD-PIPE-CURL", "pattern": "(?i)\\bcurl\\b\\s+[^|]*\\|\\s*(?:[/\\w]+/)?(?:bash|zsh|sh)\\b", "title": "curl piped to shell", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "execution", "download-exec" ] }policies/guardrail/strict/rules/commands.yaml - wget piped to shellrule:commandRECIPE-CMD-PIPE-WGETegress_external
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity CRITICAL.
YAML
{ "id": "CMD-PIPE-WGET", "pattern": "(?i)\\bwget\\b\\s+[^|]*\\|\\s*(?:[/\\w]+/)?(?:bash|zsh|sh)\\b", "title": "wget piped to shell", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "execution", "download-exec" ] }policies/guardrail/strict/rules/commands.yaml - base64 decode piped to shellrule:commandRECIPE-CMD-PIPE-BASE64
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity CRITICAL.
YAML
{ "id": "CMD-PIPE-BASE64", "pattern": "(?i)base64\\s+(?:-[dD]|--decode)\\s*\\|\\s*(?:[/\\w]+/)?(?:bash|zsh|sh)\\b", "title": "base64 decode piped to shell", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "execution", "obfuscation" ] }policies/guardrail/strict/rules/commands.yaml - Shell eval with dynamic inputrule:commandRECIPE-CMD-EVAL
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity HIGH.
YAML
{ "id": "CMD-EVAL", "pattern": "(?i)\\beval\\s+[\"'\\$\\(]", "title": "Shell eval with dynamic input", "severity": "HIGH", "confidence": 0.85, "tags": [ "execution" ] }policies/guardrail/strict/rules/commands.yaml - Shell -c executionrule:commandRECIPE-CMD-BASH-C
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity LOW.
YAML
{ "id": "CMD-BASH-C", "pattern": "(?i)\\b(?:ba)?sh\\s+-c\\s+", "title": "Shell -c execution", "severity": "LOW", "confidence": 0.55, "tags": [ "execution" ] }policies/guardrail/strict/rules/commands.yaml - Python inline executionrule:commandRECIPE-CMD-PYTHON-C
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity LOW.
YAML
{ "id": "CMD-PYTHON-C", "pattern": "(?i)\\bpython[23]?\\s+-c\\s+", "title": "Python inline execution", "severity": "LOW", "confidence": 0.55, "tags": [ "execution" ] }policies/guardrail/strict/rules/commands.yaml - Perl inline executionrule:commandRECIPE-CMD-PERL-E
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity LOW.
YAML
{ "id": "CMD-PERL-E", "pattern": "(?i)\\bperl\\s+-e\\s+", "title": "Perl inline execution", "severity": "LOW", "confidence": 0.55, "tags": [ "execution" ] }policies/guardrail/strict/rules/commands.yaml - Ruby inline executionrule:commandRECIPE-CMD-RUBY-E
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity LOW.
YAML
{ "id": "CMD-RUBY-E", "pattern": "(?i)\\bruby\\s+-e\\s+", "title": "Ruby inline execution", "severity": "LOW", "confidence": 0.55, "tags": [ "execution" ] }policies/guardrail/strict/rules/commands.yaml - Recursive force delete from critical root pathrule:commandRECIPE-CMD-RM-RF
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity CRITICAL.
YAML
{ "id": "CMD-RM-RF", "pattern": "(?i)\\brm\\s+(?:-[a-zA-Z]*\\s+)*(?:-[a-zA-Z]*)?(?:r[a-zA-Z]*f|f[a-zA-Z]*r)\\b(?:\\s+\\S+)*\\s+/(?:$|[\"'\\s,}\\]]|(?:etc|bin|sbin|usr|var|home|root|opt|boot|lib(?:64)?|srv|mnt|dev|proc|sys)(?:$|/|[\"'\\s,}\\]]))", "title": "Recursive force delete from critical root path", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "destructive" ] }policies/guardrail/strict/rules/commands.yaml - Filesystem format commandrule:commandRECIPE-CMD-MKFS
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity CRITICAL.
YAML
{ "id": "CMD-MKFS", "pattern": "(?i)\\bmkfs\\b", "title": "Filesystem format command", "severity": "CRITICAL", "confidence": 0.9, "tags": [ "destructive" ] }policies/guardrail/strict/rules/commands.yaml - dd disk writerule:commandRECIPE-CMD-DD-IF
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity HIGH.
YAML
{ "id": "CMD-DD-IF", "pattern": "(?i)\\bdd\\s+if=", "title": "dd disk write", "severity": "HIGH", "confidence": 0.8, "tags": [ "destructive" ] }policies/guardrail/strict/rules/commands.yaml - chmod world-writablerule:commandRECIPE-CMD-CHMOD-WORLD
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity HIGH.
YAML
{ "id": "CMD-CHMOD-WORLD", "pattern": "(?i)\\bchmod\\s+[0-7]*[0-7][0-7][2367]\\s", "title": "chmod world-writable", "severity": "HIGH", "confidence": 0.8, "tags": [ "privilege" ] }policies/guardrail/strict/rules/commands.yaml - chown to rootrule:commandRECIPE-CMD-CHOWN-ROOT
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity HIGH.
YAML
{ "id": "CMD-CHOWN-ROOT", "pattern": "(?i)\\bchown\\s+root\\b", "title": "chown to root", "severity": "HIGH", "confidence": 0.75, "tags": [ "privilege" ] }policies/guardrail/strict/rules/commands.yaml - sudo invocationrule:commandRECIPE-CMD-SUDO
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity LOW.
YAML
{ "id": "CMD-SUDO", "pattern": "(?i)\\bsudo\\s+", "title": "sudo invocation", "severity": "LOW", "confidence": 0.5, "tags": [ "privilege" ] }policies/guardrail/strict/rules/commands.yaml - Write redirect to /etc/rule:commandRECIPE-CMD-ETC-WRITE
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity CRITICAL.
YAML
{ "id": "CMD-ETC-WRITE", "pattern": "(?i)>\\s*/etc/", "title": "Write redirect to /etc/", "severity": "CRITICAL", "confidence": 0.9, "tags": [ "system-file" ] }policies/guardrail/strict/rules/commands.yaml - Crontab modificationrule:commandRECIPE-CMD-CRONTAB
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity HIGH.
YAML
{ "id": "CMD-CRONTAB", "pattern": "(?i)\\bcrontab\\s+(?:-[a-zA-Z]\\s+)*(?:-e|-r|-l|/|['\"<>|])", "title": "Crontab modification", "severity": "HIGH", "confidence": 0.75, "tags": [ "persistence" ] }policies/guardrail/strict/rules/commands.yaml - Suspicious systemd persistence enablementrule:commandRECIPE-CMD-SYSTEMCTL
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity CRITICAL.
YAML
{ "id": "CMD-SYSTEMCTL", "pattern": "(?i)\\bsystemctl\\s+enable\\b(?:\\s+--now\\b)?\\s+\\S*(?:backdoor|payload|persist|reverse|shell|evil)\\S*(?:\\.service)?\\b", "title": "Suspicious systemd persistence enablement", "severity": "CRITICAL", "confidence": 0.82, "tags": [ "persistence" ] }policies/guardrail/strict/rules/commands.yaml - Netcat listenerrule:commandRECIPE-CMD-NETCAT-LISTEN
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity HIGH.
YAML
{ "id": "CMD-NETCAT-LISTEN", "pattern": "(?i)\\b(?:nc|ncat|netcat)\\b\\s+(?:-[a-zA-Z]*)*-?l", "title": "Netcat listener", "severity": "HIGH", "confidence": 0.85, "tags": [ "network", "reverse-shell" ] }policies/guardrail/strict/rules/commands.yaml - curl file uploadrule:commandRECIPE-CMD-CURL-UPLOADegress_external
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity HIGH.
YAML
{ "id": "CMD-CURL-UPLOAD", "pattern": "(?i)\\bcurl\\b\\s+.*(?:--upload-file|-T\\s|--data\\s+@|-F\\s+.*=@)", "title": "curl file upload", "severity": "HIGH", "confidence": 0.85, "tags": [ "network", "exfiltration" ] }policies/guardrail/strict/rules/commands.yaml - wget POST data exfilrule:commandRECIPE-CMD-WGET-POSTegress_external
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity HIGH.
YAML
{ "id": "CMD-WGET-POST", "pattern": "(?i)\\bwget\\b\\s+.*--post-(?:data|file)", "title": "wget POST data exfil", "severity": "HIGH", "confidence": 0.85, "tags": [ "network", "exfiltration" ] }policies/guardrail/strict/rules/commands.yaml - socat with EXEC (reverse shell)rule:commandRECIPE-CMD-SOCAT-EXEC
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity CRITICAL.
YAML
{ "id": "CMD-SOCAT-EXEC", "pattern": "(?i)\\bsocat\\b\\s+.*\\bEXEC\\b", "title": "socat with EXEC (reverse shell)", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "execution", "reverse-shell" ] }policies/guardrail/strict/rules/commands.yaml - Environment variable dumprule:commandRECIPE-CMD-ENV-DUMPsensitive_access
Pattern shipped in the bundled strict rule pack (commands.yaml). Severity HIGH.
YAML
{ "id": "CMD-ENV-DUMP", "pattern": "(?:^|[^A-Za-z0-9_./-])(?:env|printenv|export\\s+-p)\\b", "title": "Environment variable dump", "severity": "HIGH", "confidence": 0.8, "tags": [ "credential" ] }policies/guardrail/strict/rules/commands.yaml - US Social Security Numberrule:enterprise-dataRECIPE-ENT-BULK-SSNsensitive_access
Pattern shipped in the bundled strict rule pack (enterprise-data.yaml). Severity CRITICAL.
YAML
{ "id": "ENT-BULK-SSN", "pattern": "\\b\\d{3}-\\d{2}-\\d{4}\\b", "title": "US Social Security Number", "severity": "CRITICAL", "confidence": 0.85, "tags": [ "pii", "regulated" ] }policies/guardrail/strict/rules/enterprise-data.yaml - US SSN (no hyphens)rule:enterprise-dataRECIPE-ENT-BULK-SSN-NOHYPHENsensitive_access
Pattern shipped in the bundled strict rule pack (enterprise-data.yaml). Severity HIGH.
YAML
{ "id": "ENT-BULK-SSN-NOHYPHEN", "pattern": "\\b(?:00[1-9]|0[1-9][0-9]|[1-5][0-9]{2}|6[0-5][0-9]|66[0-5]|66[7-9]|6[7-9][0-9]|[78][0-9]{2})(?:0[1-9]|[1-9][0-9])(?:000[1-9]|00[1-9][0-9]|0[1-9][0-9]{2}|[1-9][0-9]{3})\\b", "title": "US SSN (no hyphens)", "severity": "HIGH", "confidence": 0.55, "tags": [ "pii", "regulated" ] }policies/guardrail/strict/rules/enterprise-data.yaml - Visa credit card numberrule:enterprise-dataRECIPE-ENT-CC-VISAsensitive_access
Pattern shipped in the bundled strict rule pack (enterprise-data.yaml). Severity CRITICAL.
YAML
{ "id": "ENT-CC-VISA", "pattern": "\\b4\\d{3}[\\s-]?\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}\\b", "title": "Visa credit card number", "severity": "CRITICAL", "confidence": 0.8, "tags": [ "pii", "pci" ] }policies/guardrail/strict/rules/enterprise-data.yaml - Mastercard credit card numberrule:enterprise-dataRECIPE-ENT-CC-MCsensitive_access
Pattern shipped in the bundled strict rule pack (enterprise-data.yaml). Severity CRITICAL.
YAML
{ "id": "ENT-CC-MC", "pattern": "\\b5[1-5]\\d{2}[\\s-]?\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}\\b", "title": "Mastercard credit card number", "severity": "CRITICAL", "confidence": 0.8, "tags": [ "pii", "pci" ] }policies/guardrail/strict/rules/enterprise-data.yaml - American Express card numberrule:enterprise-dataRECIPE-ENT-CC-AMEXsensitive_access
Pattern shipped in the bundled strict rule pack (enterprise-data.yaml). Severity CRITICAL.
YAML
{ "id": "ENT-CC-AMEX", "pattern": "\\b3[47]\\d{2}[\\s-]?\\d{6}[\\s-]?\\d{5}\\b", "title": "American Express card number", "severity": "CRITICAL", "confidence": 0.8, "tags": [ "pii", "pci" ] }policies/guardrail/strict/rules/enterprise-data.yaml - Discover card numberrule:enterprise-dataRECIPE-ENT-CC-DISCOVERsensitive_access
Pattern shipped in the bundled strict rule pack (enterprise-data.yaml). Severity CRITICAL.
YAML
{ "id": "ENT-CC-DISCOVER", "pattern": "\\b6(?:011|5\\d{2})[\\s-]?\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}\\b", "title": "Discover card number", "severity": "CRITICAL", "confidence": 0.8, "tags": [ "pii", "pci" ] }policies/guardrail/strict/rules/enterprise-data.yaml - International Bank Account Number (IBAN)rule:enterprise-dataRECIPE-ENT-IBANsensitive_access
Pattern shipped in the bundled strict rule pack (enterprise-data.yaml). Severity HIGH.
YAML
{ "id": "ENT-IBAN", "pattern": "\\b[A-Z]{2}\\d{2}[\\s]?[\\dA-Z]{4}[\\s]?(?:[\\dA-Z]{4}[\\s]?){1,7}[\\dA-Z]{1,4}\\b", "title": "International Bank Account Number (IBAN)", "severity": "HIGH", "confidence": 0.75, "tags": [ "pii", "financial" ] }policies/guardrail/strict/rules/enterprise-data.yaml - US phone numberrule:enterprise-dataRECIPE-ENT-US-PHONEsensitive_access
Pattern shipped in the bundled strict rule pack (enterprise-data.yaml). Severity MEDIUM.
YAML
{ "id": "ENT-US-PHONE", "pattern": "\\b(?:\\+1[\\s.-]?)?(?:\\(?\\d{3}\\)?[\\s.-]?)\\d{3}[\\s.-]?\\d{4}\\b", "title": "US phone number", "severity": "MEDIUM", "confidence": 0.5, "tags": [ "pii" ] }policies/guardrail/strict/rules/enterprise-data.yaml - Email addressrule:enterprise-dataRECIPE-ENT-EMAIL-BULKsensitive_access
Pattern shipped in the bundled strict rule pack (enterprise-data.yaml). Severity MEDIUM.
YAML
{ "id": "ENT-EMAIL-BULK", "pattern": "(?i)\\b[a-z0-9._%+\\-]+@[a-z0-9.\\-]+\\.[a-z]{2,}\\b", "title": "Email address", "severity": "MEDIUM", "confidence": 0.4, "tags": [ "pii" ] }policies/guardrail/strict/rules/enterprise-data.yaml - US passport number patternrule:enterprise-dataRECIPE-ENT-PASSPORT-USsensitive_access
Pattern shipped in the bundled strict rule pack (enterprise-data.yaml). Severity HIGH.
YAML
{ "id": "ENT-PASSPORT-US", "pattern": "\\b[A-Z]\\d{8}\\b", "title": "US passport number pattern", "severity": "HIGH", "confidence": 0.5, "tags": [ "pii", "regulated" ] }policies/guardrail/strict/rules/enterprise-data.yaml - California drivers license patternrule:enterprise-dataRECIPE-ENT-DL-CAsensitive_access
Pattern shipped in the bundled strict rule pack (enterprise-data.yaml). Severity HIGH.
YAML
{ "id": "ENT-DL-CA", "pattern": "\\b[A-Z]\\d{7}\\b", "title": "California drivers license pattern", "severity": "HIGH", "confidence": 0.4, "tags": [ "pii", "regulated" ] }policies/guardrail/strict/rules/enterprise-data.yaml - Medical record numberrule:enterprise-dataRECIPE-ENT-MEDICAL-RECORDsensitive_access
Pattern shipped in the bundled strict rule pack (enterprise-data.yaml). Severity CRITICAL.
YAML
{ "id": "ENT-MEDICAL-RECORD", "pattern": "(?i)\\b(?:mrn|medical record|patient id)\\s*[:#]?\\s*\\d{6,12}\\b", "title": "Medical record number", "severity": "CRITICAL", "confidence": 0.7, "tags": [ "pii", "hipaa" ] }policies/guardrail/strict/rules/enterprise-data.yaml - Date of birth with labelrule:enterprise-dataRECIPE-ENT-DOB-PATTERNsensitive_access
Pattern shipped in the bundled strict rule pack (enterprise-data.yaml). Severity HIGH.
YAML
{ "id": "ENT-DOB-PATTERN", "pattern": "(?i)\\b(?:dob|date of birth|birth[\\s-]?date)\\s*[:#]?\\s*\\d{1,2}[/\\-]\\d{1,2}[/\\-]\\d{2,4}\\b", "title": "Date of birth with label", "severity": "HIGH", "confidence": 0.75, "tags": [ "pii", "hipaa" ] }policies/guardrail/strict/rules/enterprise-data.yaml - UK NHS number patternrule:enterprise-dataRECIPE-ENT-NHS-NUMBERsensitive_access
Pattern shipped in the bundled strict rule pack (enterprise-data.yaml). Severity HIGH.
YAML
{ "id": "ENT-NHS-NUMBER", "pattern": "\\b\\d{3}[\\s]?\\d{3}[\\s]?\\d{4}\\b", "title": "UK NHS number pattern", "severity": "HIGH", "confidence": 0.4, "tags": [ "pii", "regulated" ] }policies/guardrail/strict/rules/enterprise-data.yaml - CSV/TSV header with multiple PII columnsrule:enterprise-dataRECIPE-ENT-BULK-CSV-PIIsensitive_access
Pattern shipped in the bundled strict rule pack (enterprise-data.yaml). Severity HIGH.
YAML
{ "id": "ENT-BULK-CSV-PII", "pattern": "(?i)(?:first[\\s_]?name|last[\\s_]?name|ssn|social[\\s_]?security|credit[\\s_]?card|card[\\s_]?number|account[\\s_]?number),.*(?:first[\\s_]?name|last[\\s_]?name|ssn|social[\\s_]?security|credit[\\s_]?card|card[\\s_]?number|account[\\s_]?number)", "title": "CSV/TSV header with multiple PII columns", "severity": "HIGH", "confidence": 0.8, "tags": [ "pii", "bulk-data" ] }policies/guardrail/strict/rules/enterprise-data.yaml - JSON field with PII keyrule:enterprise-dataRECIPE-ENT-BULK-JSON-PIIsensitive_access
Pattern shipped in the bundled strict rule pack (enterprise-data.yaml). Severity HIGH.
YAML
{ "id": "ENT-BULK-JSON-PII", "pattern": "(?i)\"(?:ssn|social_security|credit_card|card_number|account_number|routing_number)\"\\s*:\\s*\"", "title": "JSON field with PII key", "severity": "HIGH", "confidence": 0.75, "tags": [ "pii", "bulk-data" ] }policies/guardrail/strict/rules/enterprise-data.yaml - AWS access keyrule:secretRECIPE-SEC-AWS-KEYsensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity CRITICAL.
examples (2)
- ✓ AKIAIOSFODNN7EXAMPLE
- ✓ ASIA1234567890ABCDEFGHIJ
- ✗ BANANAFRUITNOTAKEY
- ✗ AKI
- ✗ AKIAtoolow
YAML
{ "id": "SEC-AWS-KEY", "pattern": "(?:AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[0-9A-Z]{16,}", "title": "AWS access key", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - AWS secret access keyrule:secretRECIPE-SEC-AWS-SECRETsensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity CRITICAL.
YAML
{ "id": "SEC-AWS-SECRET", "pattern": "(?i)aws_secret_access_key\\s*[=:]\\s*[A-Za-z0-9/+=]{30,}", "title": "AWS secret access key", "severity": "CRITICAL", "confidence": 0.9, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - Anthropic API keyrule:secretRECIPE-SEC-ANTHROPICsensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity CRITICAL.
YAML
{ "id": "SEC-ANTHROPIC", "pattern": "sk-ant-[a-zA-Z0-9\\-_]{20,}", "title": "Anthropic API key", "severity": "CRITICAL", "confidence": 0.98, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - OpenAI project keyrule:secretRECIPE-SEC-OPENAIsensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity CRITICAL.
YAML
{ "id": "SEC-OPENAI", "pattern": "sk-proj-[a-zA-Z0-9]{20,}", "title": "OpenAI project key", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - OpenAI API key (long form)rule:secretRECIPE-SEC-OPENAI-V2sensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity CRITICAL.
examples (1)
- ✓ sk-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
- ✗ sk-tooshort
- ✗ pk-livenotopenai
YAML
{ "id": "SEC-OPENAI-V2", "pattern": "sk-[a-zA-Z0-9]{40,}", "title": "OpenAI API key (long form)", "severity": "CRITICAL", "confidence": 0.85, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - Stripe keyrule:secretRECIPE-SEC-STRIPEsensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity CRITICAL.
YAML
{ "id": "SEC-STRIPE", "pattern": "(?:sk_live_|pk_live_|sk_test_|pk_test_|rk_live_|rk_test_)[a-zA-Z0-9]{20,}", "title": "Stripe key", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - GitHub tokenrule:secretRECIPE-SEC-GITHUB-TOKENsensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity CRITICAL.
examples (2)
- ✓ ghp_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
- ✓ ghs_bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
- ✗ ghp_short
- ✗ gh_notatoken
YAML
{ "id": "SEC-GITHUB-TOKEN", "pattern": "(?:ghp_|gho_|ghu_|ghs_|ghr_)[a-zA-Z0-9]{36,}", "title": "GitHub token", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - GitHub fine-grained PATrule:secretRECIPE-SEC-GITHUB-PATsensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity CRITICAL.
YAML
{ "id": "SEC-GITHUB-PAT", "pattern": "github_pat_[a-zA-Z0-9_]{22,}", "title": "GitHub fine-grained PAT", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - GitLab personal access tokenrule:secretRECIPE-SEC-GITLABsensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity CRITICAL.
YAML
{ "id": "SEC-GITLAB", "pattern": "glpat-[a-zA-Z0-9\\-_]{20,}", "title": "GitLab personal access token", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - Google API keyrule:secretRECIPE-SEC-GOOGLEsensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity CRITICAL.
YAML
{ "id": "SEC-GOOGLE", "pattern": "AIza[0-9A-Za-z\\-_]{35}", "title": "Google API key", "severity": "CRITICAL", "confidence": 0.9, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - Slack tokenrule:secretRECIPE-SEC-SLACK-TOKENsensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity CRITICAL.
YAML
{ "id": "SEC-SLACK-TOKEN", "pattern": "xox[bpors]-[0-9a-zA-Z\\-]{10,}", "title": "Slack token", "severity": "CRITICAL", "confidence": 0.9, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - Slack webhook URLrule:secretRECIPE-SEC-SLACK-WEBHOOKsensitive_accessegress_external
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity CRITICAL.
examples (1)
- ✓ https://hooks.slack.com/services/T0000/B0000/abcdefg12345
- ✗ https://hooks.slack.com/wrongpath
- ✗ https://example.com
YAML
{ "id": "SEC-SLACK-WEBHOOK", "pattern": "https://hooks\\.slack\\.com/services/T[A-Z0-9]+/B[A-Z0-9]+/[a-zA-Z0-9]+", "title": "Slack webhook URL", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - Discord webhook URLrule:secretRECIPE-SEC-DISCORD-WEBHOOKsensitive_accessegress_external
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity CRITICAL.
YAML
{ "id": "SEC-DISCORD-WEBHOOK", "pattern": "https://discord(?:app)?\\.com/api/webhooks/\\d+/[a-zA-Z0-9_\\-]+", "title": "Discord webhook URL", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - Private keyrule:secretRECIPE-SEC-PRIVKEYsensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity CRITICAL.
examples (2)
- ✓ -----BEGIN RSA PRIVATE KEY-----
- ✓ -----BEGIN OPENSSH PRIVATE KEY-----
- ✗ -----BEGIN CERTIFICATE-----
- ✗ BEGIN PRIVATE KEY without dashes
YAML
{ "id": "SEC-PRIVKEY", "pattern": "-----BEGIN (?:RSA |EC |OPENSSH |PGP |DSA )?PRIVATE KEY-----", "title": "Private key", "severity": "CRITICAL", "confidence": 0.98, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - JWT tokenrule:secretRECIPE-SEC-JWTsensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity MEDIUM.
examples (1)
- ✓ eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.signature_here_xyz
- ✗ eyJonly
- ✗ not.a.jwt
YAML
{ "id": "SEC-JWT", "pattern": "eyJ[A-Za-z0-9\\-_]{10,}\\.eyJ[A-Za-z0-9\\-_]{10,}\\.[A-Za-z0-9\\-_.+/=]+", "title": "JWT token", "severity": "MEDIUM", "confidence": 0.7, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - Connection string with credentialsrule:secretRECIPE-SEC-CONNSTRsensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity CRITICAL.
YAML
{ "id": "SEC-CONNSTR", "pattern": "(?:mongodb|postgres|mysql|redis|amqp)://[^:\\s]+:[^@\\s]+@", "title": "Connection string with credentials", "severity": "CRITICAL", "confidence": 0.9, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - Bearer token in headerrule:secretRECIPE-SEC-BEARERsensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity HIGH.
YAML
{ "id": "SEC-BEARER", "pattern": "(?i)(?:authorization|bearer)\\s*[:=]\\s*Bearer\\s+[A-Za-z0-9\\-_.~+/]+=*", "title": "Bearer token in header", "severity": "HIGH", "confidence": 0.8, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - SendGrid API keyrule:secretRECIPE-SEC-SENDGRIDsensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity CRITICAL.
YAML
{ "id": "SEC-SENDGRID", "pattern": "SG\\.[a-zA-Z0-9\\-_]{10,}\\.[a-zA-Z0-9\\-_]{10,}", "title": "SendGrid API key", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - Twilio API keyrule:secretRECIPE-SEC-TWILIOsensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity HIGH.
YAML
{ "id": "SEC-TWILIO", "pattern": "SK[0-9a-fA-F]{32}", "title": "Twilio API key", "severity": "HIGH", "confidence": 0.8, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - npm access tokenrule:secretRECIPE-SEC-NPM-TOKENsensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity CRITICAL.
YAML
{ "id": "SEC-NPM-TOKEN", "pattern": "npm_[a-zA-Z0-9]{36,}", "title": "npm access token", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - PyPI API tokenrule:secretRECIPE-SEC-PYPI-TOKENsensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity CRITICAL.
YAML
{ "id": "SEC-PYPI-TOKEN", "pattern": "pypi-[A-Za-z0-9\\-_]{50,}", "title": "PyPI API token", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - Hex-encoded secret in assignmentrule:secretRECIPE-SEC-HEX-SECRETsensitive_access
Pattern shipped in the bundled strict rule pack (secrets.yaml). Severity HIGH.
YAML
{ "id": "SEC-HEX-SECRET", "pattern": "(?i)(?:secret(?:_key)?|api[_-]?key|access[_-]?token|auth[_-]?token)\\s*[=:]\\s*[\"'][a-f0-9]{32,}[\"']", "title": "Hex-encoded secret in assignment", "severity": "HIGH", "confidence": 0.72, "tags": [ "credential" ] }policies/guardrail/strict/rules/secrets.yaml - SSH directory accessrule:sensitive-pathRECIPE-PATH-SSH-DIRsensitive_access
Pattern shipped in the bundled strict rule pack (sensitive-paths.yaml). Severity HIGH.
YAML
{ "id": "PATH-SSH-DIR", "pattern": "(?:~|\\$\\{?HOME\\}?|/home/\\w+|/root|/Users/\\w+)/\\.ssh/", "title": "SSH directory access", "severity": "HIGH", "confidence": 0.95, "tags": [ "credential", "file-sensitive" ] }policies/guardrail/strict/rules/sensitive-paths.yaml - SSH private key file pathrule:sensitive-pathRECIPE-PATH-SSH-KEYsensitive_access
Pattern shipped in the bundled strict rule pack (sensitive-paths.yaml). Severity CRITICAL.
YAML
{ "id": "PATH-SSH-KEY", "pattern": "(?i)(?:^|[\\\\/])id_(?:rsa|ed25519|ecdsa|dsa)(?:$|[^A-Za-z0-9_.-])", "title": "SSH private key file path", "severity": "CRITICAL", "confidence": 0.9, "tags": [ "credential", "file-sensitive" ] }policies/guardrail/strict/rules/sensitive-paths.yaml - AWS credentials filerule:sensitive-pathRECIPE-PATH-AWS-CREDSsensitive_access
Pattern shipped in the bundled strict rule pack (sensitive-paths.yaml). Severity CRITICAL.
YAML
{ "id": "PATH-AWS-CREDS", "pattern": "(?:~|\\$\\{?HOME\\}?|/home/\\w+|/root|/Users/\\w+)/\\.aws/credentials", "title": "AWS credentials file", "severity": "CRITICAL", "confidence": 0.98, "tags": [ "credential", "file-sensitive" ] }policies/guardrail/strict/rules/sensitive-paths.yaml - AWS config filerule:sensitive-pathRECIPE-PATH-AWS-CONFIGsensitive_access
Pattern shipped in the bundled strict rule pack (sensitive-paths.yaml). Severity HIGH.
YAML
{ "id": "PATH-AWS-CONFIG", "pattern": "(?:~|\\$\\{?HOME\\}?|/home/\\w+|/root|/Users/\\w+)/\\.aws/config", "title": "AWS config file", "severity": "HIGH", "confidence": 0.85, "tags": [ "credential", "file-sensitive" ] }policies/guardrail/strict/rules/sensitive-paths.yaml - Kubernetes configrule:sensitive-pathRECIPE-PATH-KUBEsensitive_access
Pattern shipped in the bundled strict rule pack (sensitive-paths.yaml). Severity HIGH.
YAML
{ "id": "PATH-KUBE", "pattern": "(?:~|\\$\\{?HOME\\}?|/home/\\w+|/root|/Users/\\w+)/\\.kube/config", "title": "Kubernetes config", "severity": "HIGH", "confidence": 0.9, "tags": [ "credential", "file-sensitive" ] }policies/guardrail/strict/rules/sensitive-paths.yaml - Docker configrule:sensitive-pathRECIPE-PATH-DOCKERsensitive_access
Pattern shipped in the bundled strict rule pack (sensitive-paths.yaml). Severity HIGH.
YAML
{ "id": "PATH-DOCKER", "pattern": "(?:~|\\$\\{?HOME\\}?|/home/\\w+|/root|/Users/\\w+)/\\.docker/config\\.json", "title": "Docker config", "severity": "HIGH", "confidence": 0.9, "tags": [ "credential", "file-sensitive" ] }policies/guardrail/strict/rules/sensitive-paths.yaml - GPG keyring accessrule:sensitive-pathRECIPE-PATH-GNUPGsensitive_access
Pattern shipped in the bundled strict rule pack (sensitive-paths.yaml). Severity HIGH.
YAML
{ "id": "PATH-GNUPG", "pattern": "(?:~|\\$\\{?HOME\\}?|/home/\\w+|/root|/Users/\\w+)/\\.gnupg/", "title": "GPG keyring access", "severity": "HIGH", "confidence": 0.95, "tags": [ "credential", "file-sensitive" ] }policies/guardrail/strict/rules/sensitive-paths.yaml - npm config (may contain tokens)rule:sensitive-pathRECIPE-PATH-NPMRCsensitive_access
Pattern shipped in the bundled strict rule pack (sensitive-paths.yaml). Severity MEDIUM.
YAML
{ "id": "PATH-NPMRC", "pattern": "(?:~|\\$\\{?HOME\\}?|/home/\\w+|/root|/Users/\\w+)/\\.npmrc", "title": "npm config (may contain tokens)", "severity": "MEDIUM", "confidence": 0.8, "tags": [ "credential", "file-sensitive" ] }policies/guardrail/strict/rules/sensitive-paths.yaml - PyPI config (may contain tokens)rule:sensitive-pathRECIPE-PATH-PYPIRCsensitive_access
Pattern shipped in the bundled strict rule pack (sensitive-paths.yaml). Severity MEDIUM.
YAML
{ "id": "PATH-PYPIRC", "pattern": "(?:~|\\$\\{?HOME\\}?|/home/\\w+|/root|/Users/\\w+)/\\.pypirc", "title": "PyPI config (may contain tokens)", "severity": "MEDIUM", "confidence": 0.8, "tags": [ "credential", "file-sensitive" ] }policies/guardrail/strict/rules/sensitive-paths.yaml - Git credentials filerule:sensitive-pathRECIPE-PATH-GIT-CREDSsensitive_access
Pattern shipped in the bundled strict rule pack (sensitive-paths.yaml). Severity CRITICAL.
YAML
{ "id": "PATH-GIT-CREDS", "pattern": "(?:~|\\$\\{?HOME\\}?|/home/\\w+|/root|/Users/\\w+)/\\.git-credentials", "title": "Git credentials file", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "credential", "file-sensitive" ] }policies/guardrail/strict/rules/sensitive-paths.yaml - netrc credentials filerule:sensitive-pathRECIPE-PATH-NETRCsensitive_access
Pattern shipped in the bundled strict rule pack (sensitive-paths.yaml). Severity CRITICAL.
YAML
{ "id": "PATH-NETRC", "pattern": "(?:~|\\$\\{?HOME\\}?|/home/\\w+|/root|/Users/\\w+)/\\.netrc", "title": "netrc credentials file", "severity": "CRITICAL", "confidence": 0.9, "tags": [ "credential", "file-sensitive" ] }policies/guardrail/strict/rules/sensitive-paths.yaml - Environment filerule:sensitive-pathRECIPE-PATH-ENV-FILEsensitive_access
Pattern shipped in the bundled strict rule pack (sensitive-paths.yaml). Severity HIGH.
YAML
{ "id": "PATH-ENV-FILE", "pattern": "(?:^|[\\s/])\\.env(?:\\.(?:local|production|staging|development))?\\s*[\"'\\s,;\\]})]*$|(?:^|[\\s/])\\.env(?:\\.(?:local|production|staging|development))?[\"'\\s,;\\]})]", "title": "Environment file", "severity": "HIGH", "confidence": 0.85, "tags": [ "credential", "file-sensitive" ] }policies/guardrail/strict/rules/sensitive-paths.yaml - /etc/passwd accessrule:sensitive-pathRECIPE-PATH-ETC-PASSWDsensitive_access
Pattern shipped in the bundled strict rule pack (sensitive-paths.yaml). Severity HIGH.
YAML
{ "id": "PATH-ETC-PASSWD", "pattern": "(?i)(?:\\betc[\\s/\\\\]+(?:slash[\\s]+)?pas{1,4}wd\\b|\\betc%2Fpas{1,4}wd\\b)", "title": "/etc/passwd access", "severity": "HIGH", "confidence": 0.9, "tags": [ "system-file" ] }policies/guardrail/strict/rules/sensitive-paths.yaml - /etc/shadow accessrule:sensitive-pathRECIPE-PATH-ETC-SHADOWsensitive_access
Pattern shipped in the bundled strict rule pack (sensitive-paths.yaml). Severity CRITICAL.
YAML
{ "id": "PATH-ETC-SHADOW", "pattern": "(?i)(?:\\betc[\\s/\\\\]+(?:slash[\\s]+)?shadow\\b|\\betc%2Fshadow\\b)", "title": "/etc/shadow access", "severity": "CRITICAL", "confidence": 0.95, "tags": [ "system-file", "credential" ] }policies/guardrail/strict/rules/sensitive-paths.yaml - /etc/sudoers accessrule:sensitive-pathRECIPE-PATH-ETC-SUDOERSsensitive_access
Pattern shipped in the bundled strict rule pack (sensitive-paths.yaml). Severity HIGH.
YAML
{ "id": "PATH-ETC-SUDOERS", "pattern": "(?i)(?:\\betc[\\s/\\\\]+(?:slash[\\s]+)?sudoers\\b|\\betc%2Fsudoers\\b)", "title": "/etc/sudoers access", "severity": "HIGH", "confidence": 0.9, "tags": [ "system-file", "privilege" ] }policies/guardrail/strict/rules/sensitive-paths.yaml - /proc environ accessrule:sensitive-pathRECIPE-PATH-PROC-ENVIRONsensitive_access
Pattern shipped in the bundled strict rule pack (sensitive-paths.yaml). Severity CRITICAL.
YAML
{ "id": "PATH-PROC-ENVIRON", "pattern": "/proc/(?:\\d+|self)/environ", "title": "/proc environ access", "severity": "CRITICAL", "confidence": 0.9, "tags": [ "credential" ] }policies/guardrail/strict/rules/sensitive-paths.yaml - Shell history filerule:sensitive-pathRECIPE-PATH-HISTORYsensitive_access
Pattern shipped in the bundled strict rule pack (sensitive-paths.yaml). Severity MEDIUM.
YAML
{ "id": "PATH-HISTORY", "pattern": "(?:~|\\$\\{?HOME\\}?|/home/\\w+|/root|/Users/\\w+)/\\.(?:bash_history|zsh_history|python_history)", "title": "Shell history file", "severity": "MEDIUM", "confidence": 0.8, "tags": [ "credential", "file-sensitive" ] }policies/guardrail/strict/rules/sensitive-paths.yaml - Authority claim in tool argsrule:trust-exploitRECIPE-TRUST-AUTHORITYingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity HIGH.
YAML
{ "id": "TRUST-AUTHORITY", "pattern": "(?i)(?:i am|i'm)\\s+(?:your|the)\\s+(?:creator|developer|admin|owner|operator)", "title": "Authority claim in tool args", "severity": "HIGH", "confidence": 0.85, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - Fake mode activationrule:trust-exploitRECIPE-TRUST-MAINTENANCEingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity HIGH.
YAML
{ "id": "TRUST-MAINTENANCE", "pattern": "(?i)(?:maintenance|debug|admin|developer)\\s+mode\\s+(?:enabled|activated|on)", "title": "Fake mode activation", "severity": "HIGH", "confidence": 0.85, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - Safety override attemptrule:trust-exploitRECIPE-TRUST-SAFETY-OVERRIDEingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity CRITICAL.
YAML
{ "id": "TRUST-SAFETY-OVERRIDE", "pattern": "(?i)(?:safety|guardrail|filter|restriction)\\s+(?:override|bypass|disable|turn\\s+off|remove)", "title": "Safety override attempt", "severity": "CRITICAL", "confidence": 0.9, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - Fake instruction updaterule:trust-exploitRECIPE-TRUST-NEW-INSTRUCTIONSingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity HIGH.
YAML
{ "id": "TRUST-NEW-INSTRUCTIONS", "pattern": "(?i)(?:your|new|updated)\\s+(?:instructions|system\\s+prompt|rules)\\s+(?:have\\s+changed|are|say)", "title": "Fake instruction update", "severity": "HIGH", "confidence": 0.85, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - Ignore previous instructionsrule:trust-exploitRECIPE-TRUST-IGNORE-PREVIOUSingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity CRITICAL.
YAML
{ "id": "TRUST-IGNORE-PREVIOUS", "pattern": "(?i)ignore\\s+(?:all\\s+)?(?:previous|prior|above|earlier)\\s+(?:instructions|rules|guidelines|context)", "title": "Ignore previous instructions", "severity": "CRITICAL", "confidence": 0.9, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - Disregard instructionsrule:trust-exploitRECIPE-TRUST-DISREGARDingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity CRITICAL.
YAML
{ "id": "TRUST-DISREGARD", "pattern": "(?i)disregard\\s+(?:all\\s+)?(?:previous|prior|above|your|earlier)\\s+(?:instructions|rules|guidelines|programming|context)", "title": "Disregard instructions", "severity": "CRITICAL", "confidence": 0.9, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - Jailbreak attemptrule:trust-exploitRECIPE-TRUST-JAILBREAKingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity CRITICAL.
YAML
{ "id": "TRUST-JAILBREAK", "pattern": "(?i)(?:jailbreak|dan\\s+mode|do\\s+anything\\s+now|you\\s+are\\s+now\\s+(?:free|unfiltered))", "title": "Jailbreak attempt", "severity": "CRITICAL", "confidence": 0.92, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - Identity override attemptrule:trust-exploitRECIPE-TRUST-PRETENDingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity HIGH.
YAML
{ "id": "TRUST-PRETEND", "pattern": "(?i)(?:pretend|act\\s+as(?:\\s+if)?)\\s+(?:you\\s+are|you're)\\s+(?:a\\s+|an\\s+)?(?:different|evil|unrestricted|unfiltered|uncensored)", "title": "Identity override attempt", "severity": "HIGH", "confidence": 0.85, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - Forget instructions attackrule:trust-exploitRECIPE-TRUST-FORGETingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity CRITICAL.
YAML
{ "id": "TRUST-FORGET", "pattern": "(?i)forget\\s+(?:everything|all)\\s+(?:you\\s+)?(?:know|learned|were\\s+told)", "title": "Forget instructions attack", "severity": "CRITICAL", "confidence": 0.9, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - Direct instruction injection prefixrule:trust-exploitRECIPE-TRUST-NEW-INSTRUCT-PREFIXingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity HIGH.
YAML
{ "id": "TRUST-NEW-INSTRUCT-PREFIX", "pattern": "(?i)new\\s+instructions?\\s*:\\s*", "title": "Direct instruction injection prefix", "severity": "HIGH", "confidence": 0.85, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - Override instructionsrule:trust-exploitRECIPE-TRUST-OVERRIDE-INSTRUCTingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity CRITICAL.
YAML
{ "id": "TRUST-OVERRIDE-INSTRUCT", "pattern": "(?i)override\\s+(?:previous\\s+)?(?:instructions?|rules?|guidelines?)", "title": "Override instructions", "severity": "CRITICAL", "confidence": 0.88, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - Persistent behavior changerule:trust-exploitRECIPE-TRUST-FROM-NOW-ONingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity HIGH.
YAML
{ "id": "TRUST-FROM-NOW-ON", "pattern": "(?i)from\\s+now\\s+on[,\\s]+you\\s+(?:are|will|must|should)", "title": "Persistent behavior change", "severity": "HIGH", "confidence": 0.85, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - Mode/personality switchrule:trust-exploitRECIPE-TRUST-SWITCH-MODEingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity HIGH.
YAML
{ "id": "TRUST-SWITCH-MODE", "pattern": "(?i)switch\\s+(?:to\\s+)?(?:a\\s+)?(?:different|new|unrestricted)\\s+(?:mode|personality|character|persona)", "title": "Mode/personality switch", "severity": "HIGH", "confidence": 0.85, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - System prompt extraction attemptrule:trust-exploitRECIPE-TRUST-PROMPT-EXTRACTingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity MEDIUM.
YAML
{ "id": "TRUST-PROMPT-EXTRACT", "pattern": "(?i)(?:show|reveal|print|output|display|repeat|tell\\s+me)\\s+(?:me\\s+)?(?:your\\s+)?(?:the\\s+)?(?:system\\s+|initial\\s+)?(?:prompt|instructions?|rules?|guidelines?)", "title": "System prompt extraction attempt", "severity": "MEDIUM", "confidence": 0.75, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - Fictional framing / purpose launderingrule:trust-exploitRECIPE-TRUST-FICTIONALingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity MEDIUM.
YAML
{ "id": "TRUST-FICTIONAL", "pattern": "(?i)(?:hypothetically|in\\s+a\\s+fictional\\s+(?:scenario|world|story)|for\\s+(?:educational|research|academic)\\s+purposes?\\s+only|this\\s+is\\s+just\\s+a\\s+(?:test|experiment|hypothetical))", "title": "Fictional framing / purpose laundering", "severity": "MEDIUM", "confidence": 0.7, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - Ethics removal attemptrule:trust-exploitRECIPE-TRUST-NO-ETHICSingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity HIGH.
YAML
{ "id": "TRUST-NO-ETHICS", "pattern": "(?i)no\\s+(?:ethical|moral)\\s+(?:guidelines?|restrictions?|limits?|constraints?)", "title": "Ethics removal attempt", "severity": "HIGH", "confidence": 0.88, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - Tool manipulation directiverule:trust-exploitRECIPE-TRUST-TOOL-MANIPingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity HIGH.
YAML
{ "id": "TRUST-TOOL-MANIP", "pattern": "(?i)(?:use\\s+the\\s+\\w+\\s+tool\\s+to\\s+(?:delete|remove|destroy|wipe)|invoke\\s+(?:the\\s+)?\\w+\\s+(?:tool|function)\\s+without\\s+(?:asking|confirmation|approval)|automatically\\s+(?:execute|run|call)\\s+(?:all\\s+)?(?:tools?|functions?))", "title": "Tool manipulation directive", "severity": "HIGH", "confidence": 0.85, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - Malicious persona adoptionrule:trust-exploitRECIPE-TRUST-PERSONAingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity HIGH.
YAML
{ "id": "TRUST-PERSONA", "pattern": "(?i)(?:act\\s+as|you\\s+are\\s+now|roleplay\\s+as|simulate\\s+being|play\\s+the\\s+role\\s+of)\\s+(?:a\\s+|an\\s+)?(?:hacker|pentester|attacker|malware\\s+author|evil|unethical|criminal)", "title": "Malicious persona adoption", "severity": "HIGH", "confidence": 0.88, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - Delimiter hijacking / prompt framing escaperule:trust-exploitRECIPE-TRUST-DELIMITERingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity CRITICAL.
YAML
{ "id": "TRUST-DELIMITER", "pattern": "(?i)(?:system\\s+override|end\\s+system\\s+prompt|<\\/system>|<\\|im_end\\|>|\\[INST\\]|\\[\\/INST\\]|<\\|endoftext\\|>|<<\\s*SYS\\s*>>)", "title": "Delimiter hijacking / prompt framing escape", "severity": "CRITICAL", "confidence": 0.93, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - Forced encoding to bypass filtersrule:trust-exploitRECIPE-TRUST-OUTPUT-CONSTRAINTingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity HIGH.
YAML
{ "id": "TRUST-OUTPUT-CONSTRAINT", "pattern": "(?i)(?:respond\\s+only\\s+in\\s+(?:hex|base64|rot13|binary|morse|unicode)|encode\\s+your\\s+(?:response|answer|output)\\s+in\\s+(?:base64|hex|rot13|url)|output\\s+as\\s+(?:hex|base64|rot13|url)\\s+encoded|(?:rot13|unicode\\s+escape|url\\s+(?:decode|encode))\\s+(?:the|your|this))", "title": "Forced encoding to bypass filters", "severity": "HIGH", "confidence": 0.85, "tags": [ "prompt-injection", "obfuscation" ] }policies/guardrail/strict/rules/trust-exploit.yaml - Payload splitting / forced compliance prefixrule:trust-exploitRECIPE-TRUST-PAYLOAD-SPLITingress_untrusted
Pattern shipped in the bundled strict rule pack (trust-exploit.yaml). Severity HIGH.
YAML
{ "id": "TRUST-PAYLOAD-SPLIT", "pattern": "(?i)(?:start\\s+your\\s+(?:response|answer|output)\\s+with\\s+[\"'](?:Sure|Absolutely|Of\\s+course|Here\\s+is|I\\s+can\\s+help))|(?:begin\\s+by\\s+saying\\s+[\"'](?:Sure|Yes|Absolutely))", "title": "Payload splitting / forced compliance prefix", "severity": "HIGH", "confidence": 0.87, "tags": [ "prompt-injection" ] }policies/guardrail/strict/rules/trust-exploit.yaml - System sender metadata injected by agent frameworkpre_judge_stripRECIPE-STRIP-SYSTEM-SENDER
Pre-judge strip shipped in the bundled strict pack. Applies to pii.
YAML
{ "id": "STRIP-SYSTEM-SENDER", "pattern": "\\b(cli|system|bot|admin)\\b", "context": "System sender metadata injected by agent framework", "applies_to": [ "pii" ] }policies/guardrail/strict/suppressions.yaml - Messaging bridge status banners (WhatsApp/Telegram/Slack/Discord gateway connect/disconnect lines) embed channel IDs or phone numbers that are transport metadata, not user-provided PIIpre_judge_stripRECIPE-STRIP-MESSAGING-BRIDGE-STATUS
Pre-judge strip shipped in the bundled strict pack. Applies to pii.
YAML
{ "id": "STRIP-MESSAGING-BRIDGE-STATUS", "pattern": "(?im)^[ \\t]*System:[ \\t]*\\[[^\\]\\n]+\\][ \\t]+[^\\n]*?\\b(?:connected|disconnected|reconnected|linked|unlinked|online|offline)\\b[^\\n]*$", "context": "Messaging bridge status banners (WhatsApp/Telegram/Slack/Discord gateway connect/disconnect lines) embed channel IDs or phone numbers that are transport metadata, not user-provided PII", "applies_to": [ "pii" ] }policies/guardrail/strict/suppressions.yaml - System metadata, not real usernamefinding_suppressionRECIPE-SUPP-USERNAME-METADATA
Finding suppression shipped in the bundled strict pack.
YAML
{ "id": "SUPP-USERNAME-METADATA", "finding_pattern": "JUDGE-PII-USER", "entity_pattern": "^(cli|system|bot|admin|root)$", "reason": "System metadata, not real username" }policies/guardrail/strict/suppressions.yaml - Teams chatId format, not email addressfinding_suppressionRECIPE-SUPP-EMAIL-CHATID
Finding suppression shipped in the bundled strict pack.
YAML
{ "id": "SUPP-EMAIL-CHATID", "finding_pattern": "JUDGE-PII-EMAIL", "entity_pattern": "^19:[a-f0-9\\-]+@unq\\.gbl\\.spaces$", "reason": "Teams chatId format, not email address" }policies/guardrail/strict/suppressions.yaml - Suppress cosmetic shell commands (git status / log / diff)tool_suppressionRECIPE-SUPP-TOOL-COSMETIC-SHELLexec_shell
Tool suppressions let you silence findings on tools whose name matches a regex. Use this to drop noisy verdicts on read-only commands while keeping write/destructive commands surfaced.
examples (2)
- ✓ shell.execute
- ✓ bash.execute
- ✗ shell.write
- ✗ fs.unlink
YAML
{ "tool_pattern": "^(shell|bash|sh)\\.execute$", "suppress_findings": [ "JUDGE-INJ-DESTRUCTIVE" ], "reason": "Cosmetic shell commands (git status, ls, pwd) generate noise without security risk" }docs-site/scripts/build-policy-assets.ts (illustrative)
Reading a recipe
| Field | Meaning |
|---|---|
kind | What this recipe slots into — a regex rule (rule:secrets, rule:injection, …) or one of the three suppression layers (pre_judge_strip, finding_suppression, tool_suppression). |
id | Stable identifier the engine uses for telemetry. Keep this stable across edits. |
pattern | The Go-regexp (RE2) source the engine compiles. The wizard's regex tester checks this is RE2-compatible. |
severity | The wizard's severity ladder is CRITICAL > HIGH > MEDIUM > LOW > INFO. The guardrail block/alert thresholds use ranks. |
confidence | Hint to the judge: how confident you are this is a true positive. |
tags | Free-form. Useful for filtering and reporting. |
examples / counterexamples | What the wizard's live tester will run through your pattern. Add your own in the regex tester for sanity. |
Verify a policy locally
Test a policy-creator install script in an isolated DefenseClaw home, validate its Rego, and dry-run an admission decision before promotion.
Suppression cookbook
Patterns for tuning DefenseClaw's three suppression layers — pre-judge strips, finding suppressions, and tool suppressions — without losing real signals.