@google/gemini-cli-core 0.30.0-preview.6 → 0.31.0-preview.0

package/dist/src/safety/conseca/conseca.test.js

@@ -0,0 +1,226 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+import { ConsecaSafetyChecker } from './conseca.js';
+import { SafetyCheckDecision } from '../protocol.js';
+import { logConsecaPolicyGeneration, logConsecaVerdict, } from '../../telemetry/index.js';
+import * as policyGenerator from './policy-generator.js';
+import * as policyEnforcer from './policy-enforcer.js';
+vi.mock('../../telemetry/index.js', () => ({
+    logConsecaPolicyGeneration: vi.fn(),
+    ConsecaPolicyGenerationEvent: vi.fn(),
+    logConsecaVerdict: vi.fn(),
+    ConsecaVerdictEvent: vi.fn(),
+}));
+vi.mock('./policy-generator.js');
+vi.mock('./policy-enforcer.js');
+describe('ConsecaSafetyChecker', () => {
+    let checker;
+    let mockConfig;
+    beforeEach(() => {
+        // Reset singleton instance to ensure clean state
+        ConsecaSafetyChecker.resetInstance();
+        // Get the fresh singleton instance
+        checker = ConsecaSafetyChecker.getInstance();
+        mockConfig = {
+            enableConseca: true,
+            getToolRegistry: vi.fn().mockReturnValue({
+                getFunctionDeclarations: vi.fn().mockReturnValue([]),
+            }),
+        };
+        checker.setConfig(mockConfig);
+        vi.clearAllMocks();
+        // Default mock implementations
+        vi.mocked(policyGenerator.generatePolicy).mockResolvedValue({ policy: {} });
+        vi.mocked(policyEnforcer.enforcePolicy).mockResolvedValue({
+            decision: SafetyCheckDecision.ALLOW,
+        });
+    });
+    it('should be a singleton', () => {
+        const instance1 = ConsecaSafetyChecker.getInstance();
+        const instance2 = ConsecaSafetyChecker.getInstance();
+        expect(instance1).toBe(instance2);
+    });
+    it('should return ALLOW when no user prompt is present in context', async () => {
+        const input = {
+            protocolVersion: '1.0.0',
+            toolCall: { name: 'testTool' },
+            context: {
+                environment: { cwd: '/tmp', workspaces: [] },
+            },
+        };
+        const result = await checker.check(input);
+        expect(result.decision).toBe(SafetyCheckDecision.ALLOW);
+    });
+    it('should return ALLOW if enableConseca is false', async () => {
+        const disabledConfig = {
+            enableConseca: false,
+        };
+        checker.setConfig(disabledConfig);
+        const input = {
+            protocolVersion: '1.0.0',
+            toolCall: { name: 'testTool' },
+            context: {
+                environment: { cwd: '/tmp', workspaces: [] },
+            },
+        };
+        const result = await checker.check(input);
+        expect(result.decision).toBe(SafetyCheckDecision.ALLOW);
+        expect(result.reason).toBe('Conseca is disabled');
+        expect(policyGenerator.generatePolicy).not.toHaveBeenCalled();
+    });
+    it('getPolicy should return cached policy if user prompt matches', async () => {
+        const mockPolicy = {
+            tool: {
+                permissions: SafetyCheckDecision.ALLOW,
+                constraints: 'None',
+                rationale: 'Test',
+            },
+        };
+        vi.mocked(policyGenerator.generatePolicy).mockResolvedValue({
+            policy: mockPolicy,
+        });
+        const policy1 = await checker.getPolicy('prompt', 'trusted', mockConfig);
+        const policy2 = await checker.getPolicy('prompt', 'trusted', mockConfig);
+        expect(policy1).toBe(mockPolicy);
+        expect(policy2).toBe(mockPolicy);
+        expect(policyGenerator.generatePolicy).toHaveBeenCalledTimes(1);
+    });
+    it('getPolicy should generate new policy if user prompt changes', async () => {
+        const mockPolicy1 = {
+            tool1: {
+                permissions: SafetyCheckDecision.ALLOW,
+                constraints: 'None',
+                rationale: 'Test',
+            },
+        };
+        const mockPolicy2 = {
+            tool2: {
+                permissions: SafetyCheckDecision.ALLOW,
+                constraints: 'None',
+                rationale: 'Test',
+            },
+        };
+        vi.mocked(policyGenerator.generatePolicy)
+            .mockResolvedValueOnce({ policy: mockPolicy1 })
+            .mockResolvedValueOnce({ policy: mockPolicy2 });
+        const policy1 = await checker.getPolicy('prompt1', 'trusted', mockConfig);
+        const policy2 = await checker.getPolicy('prompt2', 'trusted', mockConfig);
+        expect(policy1).toBe(mockPolicy1);
+        expect(policy2).toBe(mockPolicy2);
+        expect(policyGenerator.generatePolicy).toHaveBeenCalledTimes(2);
+    });
+    it('check should call getPolicy and enforcePolicy', async () => {
+        const mockPolicy = {
+            tool: {
+                permissions: SafetyCheckDecision.ALLOW,
+                constraints: 'None',
+                rationale: 'Test',
+            },
+        };
+        vi.mocked(policyGenerator.generatePolicy).mockResolvedValue({
+            policy: mockPolicy,
+        });
+        vi.mocked(policyEnforcer.enforcePolicy).mockResolvedValue({
+            decision: SafetyCheckDecision.ALLOW,
+        });
+        const input = {
+            protocolVersion: '1.0.0',
+            toolCall: { name: 'tool', args: {} },
+            context: {
+                environment: { cwd: '.', workspaces: [] },
+                history: {
+                    turns: [
+                        {
+                            user: { text: 'user prompt' },
+                            model: {},
+                        },
+                    ],
+                },
+            },
+        };
+        const result = await checker.check(input);
+        expect(policyGenerator.generatePolicy).toHaveBeenCalledWith('user prompt', expect.any(String), mockConfig);
+        expect(policyEnforcer.enforcePolicy).toHaveBeenCalledWith(mockPolicy, input.toolCall, mockConfig);
+        expect(result.decision).toBe(SafetyCheckDecision.ALLOW);
+    });
+    it('check should return ALLOW if no user prompt found (fallback)', async () => {
+        const input = {
+            protocolVersion: '1.0.0',
+            toolCall: { name: 'tool', args: {} },
+            context: {
+                environment: { cwd: '.', workspaces: [] },
+            },
+        };
+        const result = await checker.check(input);
+        expect(policyGenerator.generatePolicy).not.toHaveBeenCalled();
+        expect(result.decision).toBe(SafetyCheckDecision.ALLOW);
+    });
+    // Test state helpers
+    it('should expose current state via helpers', async () => {
+        const mockPolicy = {
+            tool: {
+                permissions: SafetyCheckDecision.ALLOW,
+                constraints: 'None',
+                rationale: 'Test',
+            },
+        };
+        vi.mocked(policyGenerator.generatePolicy).mockResolvedValue({
+            policy: mockPolicy,
+        });
+        await checker.getPolicy('prompt', 'trusted', mockConfig);
+        expect(checker.getCurrentPolicy()).toBe(mockPolicy);
+        expect(checker.getActiveUserPrompt()).toBe('prompt');
+    });
+    it('should log policy generation event when config is set', async () => {
+        const mockPolicy = {
+            tool: {
+                permissions: SafetyCheckDecision.ALLOW,
+                constraints: 'None',
+                rationale: 'Test',
+            },
+        };
+        vi.mocked(policyGenerator.generatePolicy).mockResolvedValue({
+            policy: mockPolicy,
+        });
+        await checker.getPolicy('telemetry_prompt', 'trusted', mockConfig);
+        expect(logConsecaPolicyGeneration).toHaveBeenCalledWith(mockConfig, expect.anything());
+    });
+    it('should log verdict event on check', async () => {
+        const mockPolicy = {
+            tool: {
+                permissions: SafetyCheckDecision.ALLOW,
+                constraints: 'None',
+                rationale: 'Test',
+            },
+        };
+        vi.mocked(policyGenerator.generatePolicy).mockResolvedValue({
+            policy: mockPolicy,
+        });
+        vi.mocked(policyEnforcer.enforcePolicy).mockResolvedValue({
+            decision: SafetyCheckDecision.ALLOW,
+            reason: 'Allowed by policy',
+        });
+        const input = {
+            protocolVersion: '1.0.0',
+            toolCall: { name: 'tool', args: {} },
+            context: {
+                environment: { cwd: '.', workspaces: [] },
+                history: {
+                    turns: [
+                        {
+                            user: { text: 'user prompt' },
+                            model: {},
+                        },
+                    ],
+                },
+            },
+        };
+        await checker.check(input);
+        expect(logConsecaVerdict).toHaveBeenCalledWith(mockConfig, expect.anything());
+    });
+});
+//# sourceMappingURL=conseca.test.js.map

package/dist/src/safety/conseca/conseca.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"conseca.test.js","sourceRoot":"","sources":["../../../../src/safety/conseca/conseca.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAErD,OAAO,EACL,0BAA0B,EAC1B,iBAAiB,GAClB,MAAM,0BAA0B,CAAC;AAElC,OAAO,KAAK,eAAe,MAAM,uBAAuB,CAAC;AACzD,OAAO,KAAK,cAAc,MAAM,sBAAsB,CAAC;AAEvD,EAAE,CAAC,IAAI,CAAC,0BAA0B,EAAE,GAAG,EAAE,CAAC,CAAC;IACzC,0BAA0B,EAAE,EAAE,CAAC,EAAE,EAAE;IACnC,4BAA4B,EAAE,EAAE,CAAC,EAAE,EAAE;IACrC,iBAAiB,EAAE,EAAE,CAAC,EAAE,EAAE;IAC1B,mBAAmB,EAAE,EAAE,CAAC,EAAE,EAAE;CAC7B,CAAC,CAAC,CAAC;AAEJ,EAAE,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;AACjC,EAAE,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;AAEhC,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;IACpC,IAAI,OAA6B,CAAC;IAClC,IAAI,UAAkB,CAAC;IAEvB,UAAU,CAAC,GAAG,EAAE;QACd,iDAAiD;QACjD,oBAAoB,CAAC,aAAa,EAAE,CAAC;QACrC,mCAAmC;QACnC,OAAO,GAAG,oBAAoB,CAAC,WAAW,EAAE,CAAC;QAE7C,UAAU,GAAG;YACX,aAAa,EAAE,IAAI;YACnB,eAAe,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC;gBACvC,uBAAuB,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,EAAE,CAAC;aACrD,CAAC;SACkB,CAAC;QACvB,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAC9B,EAAE,CAAC,aAAa,EAAE,CAAC;QAEnB,+BAA+B;QAC/B,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,iBAAiB,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;QAC5E,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,iBAAiB,CAAC;YACxD,QAAQ,EAAE,mBAAmB,CAAC,KAAK;SACpC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;QAC/B,MAAM,SAAS,GAAG,oBAAoB,CAAC,WAAW,EAAE,CAAC;QACrD,MAAM,SAAS,GAAG,oBAAoB,CAAC,WAAW,EAAE,CAAC;QACrD,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;QAC7E,MAAM,KAAK,GAAqB;YAC9B,eAAe,EAAE,OAAO;YACxB,QAAQ,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE;YAC9B,OAAO,EAAE;gBACP,WAAW,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE;aAC7C;SACF,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7D,MAAM,cAAc,GAAG;YACrB,aAAa,EAAE,KAAK;SACA,CAAC;QACvB,OAAO,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QAElC,MAAM,KAAK,GAAqB;YAC9B,eAAe,EAAE,OAAO;YACxB,QAAQ,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE;YAC9B,OAAO,EAAE;gBACP,WAAW,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE;aAC7C;SACF,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QAClD,MAAM,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8DAA8D,EAAE,KAAK,IAAI,EAAE;QAC5E,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE;gBACJ,WAAW,EAAE,mBAAmB,CAAC,KAAK;gBACtC,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,MAAM;aAClB;SACF,CAAC;QACF,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,iBAAiB,CAAC;YAC1D,MAAM,EAAE,UAAU;SACnB,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,QAAQ,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QACzE,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,QAAQ,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QAEzE,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACjC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACjC,MAAM,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6DAA6D,EAAE,KAAK,IAAI,EAAE;QAC3E,MAAM,WAAW,GAAG;YAClB,KAAK,EAAE;gBACL,WAAW,EAAE,mBAAmB,CAAC,KAAK;gBACtC,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,MAAM;aAClB;SACF,CAAC;QACF,MAAM,WAAW,GAAG;YAClB,KAAK,EAAE;gBACL,WAAW,EAAE,mBAAmB,CAAC,KAAK;gBACtC,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,MAAM;aAClB;SACF,CAAC;QACF,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,cAAc,CAAC;aACtC,qBAAqB,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;aAC9C,qBAAqB,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;QAElD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QAC1E,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QAE1E,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAClC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAClC,MAAM,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7D,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE;gBACJ,WAAW,EAAE,mBAAmB,CAAC,KAAK;gBACtC,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,MAAM;aAClB;SACF,CAAC;QACF,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,iBAAiB,CAAC;YAC1D,MAAM,EAAE,UAAU;SACnB,CAAC,CAAC;QACH,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,iBAAiB,CAAC;YACxD,QAAQ,EAAE,mBAAmB,CAAC,KAAK;SACpC,CAAC,CAAC;QAEH,MAAM,KAAK,GAAqB;YAC9B,eAAe,EAAE,OAAO;YACxB,QAAQ,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE;YACpC,OAAO,EAAE;gBACP,WAAW,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE;gBACzC,OAAO,EAAE;oBACP,KAAK,EAAE;wBACL;4BACE,IAAI,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE;4BAC7B,KAAK,EAAE,EAAE;yBACV;qBACF;iBACF;aACF;SACF,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAE1C,MAAM,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,oBAAoB,CACzD,aAAa,EACb,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAClB,UAAU,CACX,CAAC;QACF,MAAM,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,oBAAoB,CACvD,UAAU,EACV,KAAK,CAAC,QAAQ,EACd,UAAU,CACX,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8DAA8D,EAAE,KAAK,IAAI,EAAE;QAC5E,MAAM,KAAK,GAAqB;YAC9B,eAAe,EAAE,OAAO;YACxB,QAAQ,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE;YACpC,OAAO,EAAE;gBACP,WAAW,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE;aAC1C;SACF,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAE1C,MAAM,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC9D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,qBAAqB;IACrB,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE;gBACJ,WAAW,EAAE,mBAAmB,CAAC,KAAK;gBACtC,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,MAAM;aAClB;SACF,CAAC;QACF,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,iBAAiB,CAAC;YAC1D,MAAM,EAAE,UAAU;SACnB,CAAC,CAAC;QAEH,MAAM,OAAO,CAAC,SAAS,CAAC,QAAQ,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QAEzD,MAAM,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACpD,MAAM,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;QACrE,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE;gBACJ,WAAW,EAAE,mBAAmB,CAAC,KAAK;gBACtC,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,MAAM;aAClB;SACF,CAAC;QACF,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,iBAAiB,CAAC;YAC1D,MAAM,EAAE,UAAU;SACnB,CAAC,CAAC;QAEH,MAAM,OAAO,CAAC,SAAS,CAAC,kBAAkB,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QAEnE,MAAM,CAAC,0BAA0B,CAAC,CAAC,oBAAoB,CACrD,UAAU,EACV,MAAM,CAAC,QAAQ,EAAE,CAClB,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;QACjD,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE;gBACJ,WAAW,EAAE,mBAAmB,CAAC,KAAK;gBACtC,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,MAAM;aAClB;SACF,CAAC;QACF,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,iBAAiB,CAAC;YAC1D,MAAM,EAAE,UAAU;SACnB,CAAC,CAAC;QACH,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,iBAAiB,CAAC;YACxD,QAAQ,EAAE,mBAAmB,CAAC,KAAK;YACnC,MAAM,EAAE,mBAAmB;SAC5B,CAAC,CAAC;QAEH,MAAM,KAAK,GAAqB;YAC9B,eAAe,EAAE,OAAO;YACxB,QAAQ,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE;YACpC,OAAO,EAAE;gBACP,WAAW,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE;gBACzC,OAAO,EAAE;oBACP,KAAK,EAAE;wBACL;4BACE,IAAI,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE;4BAC7B,KAAK,EAAE,EAAE;yBACV;qBACF;iBACF;aACF;SACF,CAAC;QAEF,MAAM,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAE3B,MAAM,CAAC,iBAAiB,CAAC,CAAC,oBAAoB,CAC5C,UAAU,EACV,MAAM,CAAC,QAAQ,EAAE,CAClB,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/safety/conseca/integration.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export {};

package/dist/src/safety/conseca/integration.test.js

@@ -0,0 +1,19 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { describe, it, expect } from 'vitest';
+import { ConsecaSafetyChecker } from './conseca.js';
+import { InProcessCheckerType } from '../../policy/types.js';
+import { CheckerRegistry } from '../registry.js';
+describe('Conseca Integration', () => {
+    it('should be registered and resolvable via CheckerRegistry', () => {
+        const registry = new CheckerRegistry('.');
+        const checker = registry.resolveInProcess(InProcessCheckerType.CONSECA);
+        expect(checker).toBeDefined();
+        expect(checker).toBeInstanceOf(ConsecaSafetyChecker);
+        expect(checker).toBe(ConsecaSafetyChecker.getInstance());
+    });
+});
+//# sourceMappingURL=integration.test.js.map

package/dist/src/safety/conseca/integration.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"integration.test.js","sourceRoot":"","sources":["../../../../src/safety/conseca/integration.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEjD,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,QAAQ,CAAC,gBAAgB,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;QAExE,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAO,CAAC,CAAC,cAAc,CAAC,oBAAoB,CAAC,CAAC;QACrD,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,WAAW,EAAE,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/safety/conseca/policy-enforcer.d.ts

@@ -0,0 +1,13 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import type { Config } from '../../config/config.js';
+import type { FunctionCall } from '@google/genai';
+import { type SafetyCheckResult } from '../protocol.js';
+import type { SecurityPolicy } from './types.js';
+/**
+ * Enforces the security policy for a given tool call.
+ */
+export declare function enforcePolicy(policy: SecurityPolicy, toolCall: FunctionCall, config: Config): Promise<SafetyCheckResult>;

package/dist/src/safety/conseca/policy-enforcer.js

@@ -0,0 +1,135 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { SafetyCheckDecision } from '../protocol.js';
+import { getResponseText } from '../../utils/partUtils.js';
+import { safeTemplateReplace } from '../../utils/textUtils.js';
+import { DEFAULT_GEMINI_FLASH_MODEL } from '../../config/models.js';
+import { debugLogger } from '../../utils/debugLogger.js';
+import { LlmRole } from '../../telemetry/index.js';
+const CONSECA_ENFORCEMENT_PROMPT = `
+You are a security enforcement engine. Your goal is to check if a specific tool call complies with a given security policy.
+
+Input:
+1.  **Security Policy:** A set of rules defining allowed and denied actions for this specific tool.
+2.  **Tool Call:** The actual function call the system intends to execute.
+
+Security Policy:
+{{policy}}
+
+Tool Call:
+{{tool_call}}
+
+Evaluate the tool call against the policy.
+1. Check if the tool is allowed.
+2. Check if the arguments match the constraints.
+3. Output a JSON object with:
+   - "decision": "allow", "deny", or "ask_user".
+   - "reason": A brief explanation.
+
+Output strictly JSON.
+`;
+import { z } from 'zod';
+import { zodToJsonSchema } from 'zod-to-json-schema';
+const EnforcementResultSchema = z.object({
+    decision: z.enum(['allow', 'deny', 'ask_user']),
+    reason: z.string(),
+});
+/**
+ * Enforces the security policy for a given tool call.
+ */
+export async function enforcePolicy(policy, toolCall, config) {
+    const model = DEFAULT_GEMINI_FLASH_MODEL;
+    const contentGenerator = config.getContentGenerator();
+    if (!contentGenerator) {
+        return {
+            decision: SafetyCheckDecision.ALLOW,
+            reason: 'Content generator not initialized',
+            error: 'Content generator not initialized',
+        };
+    }
+    const toolName = toolCall.name;
+    // If tool name is missing, we cannot enforce the policy. Allow by default.
+    if (!toolName) {
+        return {
+            decision: SafetyCheckDecision.ALLOW,
+            reason: 'Tool name is missing',
+            error: 'Tool name is missing',
+        };
+    }
+    const toolPolicyStr = JSON.stringify(policy[toolName] || {}, null, 2);
+    const toolCallStr = JSON.stringify(toolCall, null, 2);
+    debugLogger.debug(`[Conseca] Enforcing policy for tool: ${toolName}`, toolCall, toolPolicyStr, toolCallStr);
+    try {
+        const result = await contentGenerator.generateContent({
+            model,
+            config: {
+                responseMimeType: 'application/json',
+                responseSchema: zodToJsonSchema(EnforcementResultSchema, {
+                    target: 'openApi3',
+                }),
+            },
+            contents: [
+                {
+                    role: 'user',
+                    parts: [
+                        {
+                            text: safeTemplateReplace(CONSECA_ENFORCEMENT_PROMPT, {
+                                policy: toolPolicyStr,
+                                tool_call: toolCallStr,
+                            }),
+                        },
+                    ],
+                },
+            ],
+        }, 'conseca-policy-enforcement', LlmRole.SUBAGENT);
+        const responseText = getResponseText(result);
+        debugLogger.debug(`[Conseca] Enforcement Raw Response: ${responseText}`);
+        if (!responseText) {
+            return {
+                decision: SafetyCheckDecision.ALLOW,
+                reason: 'Empty response from policy enforcer',
+                error: 'Empty response from policy enforcer',
+            };
+        }
+        try {
+            const parsed = EnforcementResultSchema.parse(JSON.parse(responseText));
+            debugLogger.debug(`[Conseca] Enforcement Parsed:`, parsed);
+            let decision;
+            switch (parsed.decision) {
+                case 'allow':
+                    decision = SafetyCheckDecision.ALLOW;
+                    break;
+                case 'ask_user':
+                    decision = SafetyCheckDecision.ASK_USER;
+                    break;
+                case 'deny':
+                default:
+                    decision = SafetyCheckDecision.DENY;
+                    break;
+            }
+            return {
+                decision,
+                reason: parsed.reason,
+            };
+        }
+        catch (parseError) {
+            return {
+                decision: SafetyCheckDecision.ALLOW,
+                reason: 'JSON Parse Error in enforcement response',
+                error: `JSON Parse Error: ${parseError instanceof Error ? parseError.message : String(parseError)}. Raw: ${responseText}`,
+            };
+        }
+    }
+    catch (error) {
+        debugLogger.error('Policy enforcement failed:', error);
+        return {
+            decision: SafetyCheckDecision.ALLOW,
+            reason: 'Policy enforcement failed',
+            error: `Policy enforcement failed: ${error instanceof Error ? error.message : String(error)}`,
+        };
+    }
+}
+//# sourceMappingURL=policy-enforcer.js.map

package/dist/src/safety/conseca/policy-enforcer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-enforcer.js","sourceRoot":"","sources":["../../../../src/safety/conseca/policy-enforcer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,EAAE,mBAAmB,EAA0B,MAAM,gBAAgB,CAAC;AAE7E,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAE/D,OAAO,EAAE,0BAA0B,EAAE,MAAM,wBAAwB,CAAC;AACpE,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAEzD,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAEnD,MAAM,0BAA0B,GAAG;;;;;;;;;;;;;;;;;;;;;CAqBlC,CAAC;AAEF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErD,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;IAC/C,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;CACnB,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAsB,EACtB,QAAsB,EACtB,MAAc;IAEd,MAAM,KAAK,GAAG,0BAA0B,CAAC;IACzC,MAAM,gBAAgB,GAAG,MAAM,CAAC,mBAAmB,EAAE,CAAC;IAEtD,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,OAAO;YACL,QAAQ,EAAE,mBAAmB,CAAC,KAAK;YACnC,MAAM,EAAE,mCAAmC;YAC3C,KAAK,EAAE,mCAAmC;SAC3C,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC;IAC/B,2EAA2E;IAC3E,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO;YACL,QAAQ,EAAE,mBAAmB,CAAC,KAAK;YACnC,MAAM,EAAE,sBAAsB;YAC9B,KAAK,EAAE,sBAAsB;SAC9B,CAAC;IACJ,CAAC;IAED,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACtE,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACtD,WAAW,CAAC,KAAK,CACf,wCAAwC,QAAQ,EAAE,EAClD,QAAQ,EACR,aAAa,EACb,WAAW,CACZ,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,eAAe,CACnD;YACE,KAAK;YACL,MAAM,EAAE;gBACN,gBAAgB,EAAE,kBAAkB;gBACpC,cAAc,EAAE,eAAe,CAAC,uBAAuB,EAAE;oBACvD,MAAM,EAAE,UAAU;iBACnB,CAAC;aACH;YACD,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE;wBACL;4BACE,IAAI,EAAE,mBAAmB,CAAC,0BAA0B,EAAE;gCACpD,MAAM,EAAE,aAAa;gCACrB,SAAS,EAAE,WAAW;6BACvB,CAAC;yBACH;qBACF;iBACF;aACF;SACF,EACD,4BAA4B,EAC5B,OAAO,CAAC,QAAQ,CACjB,CAAC;QAEF,MAAM,YAAY,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QAC7C,WAAW,CAAC,KAAK,CAAC,uCAAuC,YAAY,EAAE,CAAC,CAAC;QAEzE,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO;gBACL,QAAQ,EAAE,mBAAmB,CAAC,KAAK;gBACnC,MAAM,EAAE,qCAAqC;gBAC7C,KAAK,EAAE,qCAAqC;aAC7C,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,uBAAuB,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;YACvE,WAAW,CAAC,KAAK,CAAC,+BAA+B,EAAE,MAAM,CAAC,CAAC;YAE3D,IAAI,QAA6B,CAAC;YAClC,QAAQ,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACxB,KAAK,OAAO;oBACV,QAAQ,GAAG,mBAAmB,CAAC,KAAK,CAAC;oBACrC,MAAM;gBACR,KAAK,UAAU;oBACb,QAAQ,GAAG,mBAAmB,CAAC,QAAQ,CAAC;oBACxC,MAAM;gBACR,KAAK,MAAM,CAAC;gBACZ;oBACE,QAAQ,GAAG,mBAAmB,CAAC,IAAI,CAAC;oBACpC,MAAM;YACV,CAAC;YAED,OAAO;gBACL,QAAQ;gBACR,MAAM,EAAE,MAAM,CAAC,MAAM;aACtB,CAAC;QACJ,CAAC;QAAC,OAAO,UAAU,EAAE,CAAC;YACpB,OAAO;gBACL,QAAQ,EAAE,mBAAmB,CAAC,KAAK;gBACnC,MAAM,EAAE,0CAA0C;gBAClD,KAAK,EAAE,qBAAqB,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,YAAY,EAAE;aAC1H,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,WAAW,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;QACvD,OAAO;YACL,QAAQ,EAAE,mBAAmB,CAAC,KAAK;YACnC,MAAM,EAAE,2BAA2B;YACnC,KAAK,EAAE,8BAA8B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;SAC9F,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/src/safety/conseca/policy-enforcer.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export {};

package/dist/src/safety/conseca/policy-enforcer.test.js

@@ -0,0 +1,141 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { enforcePolicy } from './policy-enforcer.js';
+import { SafetyCheckDecision } from '../protocol.js';
+import { LlmRole } from '../../telemetry/index.js';
+describe('policy_enforcer', () => {
+    let mockConfig;
+    let mockContentGenerator;
+    beforeEach(() => {
+        vi.clearAllMocks();
+        mockContentGenerator = {
+            generateContent: vi.fn(),
+        };
+        mockConfig = {
+            getContentGenerator: vi.fn().mockReturnValue(mockContentGenerator),
+        };
+    });
+    it('should return ALLOW when content generator returns ALLOW', async () => {
+        mockContentGenerator.generateContent = vi.fn().mockResolvedValue({
+            candidates: [
+                {
+                    content: {
+                        parts: [
+                            { text: JSON.stringify({ decision: 'allow', reason: 'Safe' }) },
+                        ],
+                    },
+                },
+            ],
+        });
+        const toolCall = { name: 'testTool', args: {} };
+        const policy = {
+            testTool: {
+                permissions: SafetyCheckDecision.ALLOW,
+                constraints: 'None',
+                rationale: 'Test',
+            },
+        };
+        const result = await enforcePolicy(policy, toolCall, mockConfig);
+        expect(mockConfig.getContentGenerator).toHaveBeenCalled();
+        expect(mockContentGenerator.generateContent).toHaveBeenCalledWith(expect.objectContaining({
+            model: expect.any(String),
+            config: expect.objectContaining({
+                responseMimeType: 'application/json',
+                responseSchema: expect.any(Object),
+            }),
+            contents: expect.arrayContaining([
+                expect.objectContaining({
+                    role: 'user',
+                    parts: expect.arrayContaining([
+                        expect.objectContaining({
+                            text: expect.stringContaining('Security Policy:'),
+                        }),
+                    ]),
+                }),
+            ]),
+        }), 'conseca-policy-enforcement', LlmRole.SUBAGENT);
+        expect(result.decision).toBe(SafetyCheckDecision.ALLOW);
+    });
+    it('should handle missing content generator gracefully (error case)', async () => {
+        vi.mocked(mockConfig.getContentGenerator).mockReturnValue(undefined);
+        const toolCall = { name: 'testTool', args: {} };
+        const policy = {
+            testTool: {
+                permissions: SafetyCheckDecision.ALLOW,
+                constraints: 'None',
+                rationale: 'Test',
+            },
+        };
+        const result = await enforcePolicy(policy, toolCall, mockConfig);
+        expect(result.decision).toBe(SafetyCheckDecision.ALLOW);
+    });
+    it('should ALLOW if tool name is missing with the reason and error as tool name is missing', async () => {
+        const toolCall = { args: {} };
+        const policy = {};
+        const result = await enforcePolicy(policy, toolCall, mockConfig);
+        expect(result.decision).toBe(SafetyCheckDecision.ALLOW);
+        expect(result.reason).toBe('Tool name is missing');
+        if (result.decision === SafetyCheckDecision.ALLOW) {
+            expect(result.error).toBe('Tool name is missing');
+        }
+    });
+    it('should handle empty policy by checking with LLM (fail-open/check behavior)', async () => {
+        // Even if policy is empty for the tool, we currently send it to LLM.
+        // The LLM might ALLOW or DENY based on its own judgment of "no policy".
+        // We simulate the LLM allowing the action to match the current fail-open strategy.
+        mockContentGenerator.generateContent = vi.fn().mockResolvedValue({
+            candidates: [
+                {
+                    content: {
+                        parts: [
+                            {
+                                text: JSON.stringify({
+                                    decision: 'allow',
+                                    reason: 'No restrictions',
+                                }),
+                            },
+                        ],
+                    },
+                },
+            ],
+        });
+        const toolCall = { name: 'unknownTool', args: {} };
+        const policy = {}; // Empty policy
+        const result = await enforcePolicy(policy, toolCall, mockConfig);
+        expect(result.decision).toBe(SafetyCheckDecision.ALLOW);
+        expect(mockContentGenerator.generateContent).toHaveBeenCalled();
+        if (result.decision === SafetyCheckDecision.ALLOW) {
+            expect(result.error).toBeUndefined();
+        }
+    });
+    it('should handle malformed JSON response from LLM by failing open (ALLOW)', async () => {
+        mockContentGenerator.generateContent = vi.fn().mockResolvedValue({
+            candidates: [
+                {
+                    content: {
+                        parts: [{ text: 'This is not JSON' }],
+                    },
+                },
+            ],
+        });
+        const toolCall = { name: 'testTool', args: {} };
+        const policy = {
+            testTool: {
+                permissions: SafetyCheckDecision.ALLOW,
+                constraints: 'None',
+                rationale: 'Test',
+            },
+        };
+        const result = await enforcePolicy(policy, toolCall, mockConfig);
+        expect(result.decision).toBe(SafetyCheckDecision.ALLOW);
+        expect(result.reason).toContain('JSON Parse Error');
+        if (result.decision === SafetyCheckDecision.ALLOW) {
+            expect(result.error).toContain('JSON Parse Error');
+        }
+    });
+});
+//# sourceMappingURL=policy-enforcer.test.js.map

package/dist/src/safety/conseca/policy-enforcer.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-enforcer.test.js","sourceRoot":"","sources":["../../../../src/safety/conseca/policy-enforcer.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAGrD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAErD,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAEnD,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,IAAI,UAAkB,CAAC;IACvB,IAAI,oBAAsC,CAAC;IAE3C,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,CAAC,aAAa,EAAE,CAAC;QACnB,oBAAoB,GAAG;YACrB,eAAe,EAAE,EAAE,CAAC,EAAE,EAAE;SACM,CAAC;QAEjC,UAAU,GAAG;YACX,mBAAmB,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,oBAAoB,CAAC;SAC9C,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,oBAAoB,CAAC,eAAe,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;YAC/D,UAAU,EAAE;gBACV;oBACE,OAAO,EAAE;wBACP,KAAK,EAAE;4BACL,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE;yBAChE;qBACF;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QAC9D,MAAM,MAAM,GAAG;YACb,QAAQ,EAAE;gBACR,WAAW,EAAE,mBAAmB,CAAC,KAAK;gBACtC,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,MAAM;aAClB;SACF,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QAEjE,MAAM,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC,gBAAgB,EAAE,CAAC;QAC1D,MAAM,CAAC,oBAAoB,CAAC,eAAe,CAAC,CAAC,oBAAoB,CAC/D,MAAM,CAAC,gBAAgB,CAAC;YACtB,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;YACzB,MAAM,EAAE,MAAM,CAAC,gBAAgB,CAAC;gBAC9B,gBAAgB,EAAE,kBAAkB;gBACpC,cAAc,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;aACnC,CAAC;YACF,QAAQ,EAAE,MAAM,CAAC,eAAe,CAAC;gBAC/B,MAAM,CAAC,gBAAgB,CAAC;oBACtB,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE,MAAM,CAAC,eAAe,CAAC;wBAC5B,MAAM,CAAC,gBAAgB,CAAC;4BACtB,IAAI,EAAE,MAAM,CAAC,gBAAgB,CAAC,kBAAkB,CAAC;yBAClD,CAAC;qBACH,CAAC;iBACH,CAAC;aACH,CAAC;SACH,CAAC,EACF,4BAA4B,EAC5B,OAAO,CAAC,QAAQ,CACjB,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC,eAAe,CACvD,SAAwC,CACzC,CAAC;QAEF,MAAM,QAAQ,GAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QAC9D,MAAM,MAAM,GAAG;YACb,QAAQ,EAAE;gBACR,WAAW,EAAE,mBAAmB,CAAC,KAAK;gBACtC,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,MAAM;aAClB;SACF,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QAEjE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wFAAwF,EAAE,KAAK,IAAI,EAAE;QACtG,MAAM,QAAQ,GAAG,EAAE,IAAI,EAAE,EAAE,EAAkB,CAAC;QAC9C,MAAM,MAAM,GAAG,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QAEjE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACnD,IAAI,MAAM,CAAC,QAAQ,KAAK,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAClD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4EAA4E,EAAE,KAAK,IAAI,EAAE;QAC1F,qEAAqE;QACrE,wEAAwE;QACxE,mFAAmF;QACnF,oBAAoB,CAAC,eAAe,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;YAC/D,UAAU,EAAE;gBACV;oBACE,OAAO,EAAE;wBACP,KAAK,EAAE;4BACL;gCACE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oCACnB,QAAQ,EAAE,OAAO;oCACjB,MAAM,EAAE,iBAAiB;iCAC1B,CAAC;6BACH;yBACF;qBACF;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAiB,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QACjE,MAAM,MAAM,GAAG,EAAE,CAAC,CAAC,eAAe;QAClC,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QAEjE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,oBAAoB,CAAC,eAAe,CAAC,CAAC,gBAAgB,EAAE,CAAC;QAChE,IAAI,MAAM,CAAC,QAAQ,KAAK,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAClD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,aAAa,EAAE,CAAC;QACvC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wEAAwE,EAAE,KAAK,IAAI,EAAE;QACtF,oBAAoB,CAAC,eAAe,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;YAC/D,UAAU,EAAE;gBACV;oBACE,OAAO,EAAE;wBACP,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC;qBACtC;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QAC9D,MAAM,MAAM,GAAG;YACb,QAAQ,EAAE;gBACR,WAAW,EAAE,mBAAmB,CAAC,KAAK;gBACtC,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,MAAM;aAClB;SACF,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QAEjE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;QACpD,IAAI,MAAM,CAAC,QAAQ,KAAK,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAClD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;QACrD,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/safety/conseca/policy-generator.d.ts

@@ -0,0 +1,15 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import type { Config } from '../../config/config.js';
+import type { SecurityPolicy } from './types.js';
+export interface PolicyGenerationResult {
+    policy: SecurityPolicy;
+    error?: string;
+}
+/**
+ * Generates a security policy for the given user prompt and trusted content.
+ */
+export declare function generatePolicy(userPrompt: string, trustedContent: string, config: Config): Promise<PolicyGenerationResult>;