@google/gemini-cli-core 0.30.0-preview.6 → 0.31.0-preview.0

package/dist/src/safety/conseca/policy-generator.js

@@ -0,0 +1,144 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { getResponseText } from '../../utils/partUtils.js';
+import { safeTemplateReplace } from '../../utils/textUtils.js';
+import { DEFAULT_GEMINI_FLASH_MODEL } from '../../config/models.js';
+import { debugLogger } from '../../utils/debugLogger.js';
+import { SafetyCheckDecision } from '../protocol.js';
+import { LlmRole } from '../../telemetry/index.js';
+const CONSECA_POLICY_GENERATION_PROMPT = `
+You are a security expert responsible for generating fine-grained security policies for a large language model integrated into a command-line tool. Your role is to act as a "policy generator" that creates temporary, context-specific rules based on a user's prompt and the tools available to the main LLM.
+
+Your primary goal is to enforce the principle of least privilege. The policies you create should be as restrictive as possible while still allowing the main LLM to complete the user's requested task.
+
+For each tool that is relevant to the user's prompt, you must generate a policy object.
+
+### Output Format
+You must return a JSON object with a "policies" key, which is an array of objects. Each object must have:
+- "tool_name": The name of the tool.
+- "policy": An object with:
+  - "permissions": "allow" | "deny" | "ask_user"
+  - "constraints": A detailed description of conditions (e.g. allowed files, arguments).
+  - "rationale": Explanation for the policy.
+
+Example JSON:
+\`\`\`json
+{
+  "policies": [
+    {
+      "tool_name": "read_file",
+      "policy": {
+        "permissions": "allow",
+        "constraints": "Only allow reading 'main.py'.",
+        "rationale": "User asked to read main.py"
+      }
+    },
+    {
+      "tool_name": "run_shell_command",
+      "policy": {
+        "permissions": "deny",
+        "constraints": "None",
+        "rationale": "Shell commands are not needed for this task"
+      }
+    }
+  ]
+}
+\`\`\`
+
+### Guiding Principles:
+1.  **Permissions:**
+    *   **allow:** Required tools for the task.
+    *   **deny:** Tools clearly outside the scope.
+    *   **ask_user:** Destructive actions or ambiguity.
+
+2.  **Constraints:**
+    *   Be specific! Restrict file paths, command arguments, etc.
+
+3.  **Rationale:**
+    *   Reference the user's prompt.
+
+User Prompt: "{{user_prompt}}"
+
+Trusted Tools (Context):
+{{trusted_content}}
+`;
+import { z } from 'zod';
+import { zodToJsonSchema } from 'zod-to-json-schema';
+const ToolPolicySchema = z.object({
+    permissions: z.nativeEnum(SafetyCheckDecision),
+    constraints: z.string(),
+    rationale: z.string(),
+});
+const SecurityPolicyResponseSchema = z.object({
+    policies: z.array(z.object({
+        tool_name: z.string(),
+        policy: ToolPolicySchema,
+    })),
+});
+/**
+ * Generates a security policy for the given user prompt and trusted content.
+ */
+export async function generatePolicy(userPrompt, trustedContent, config) {
+    const model = DEFAULT_GEMINI_FLASH_MODEL;
+    const contentGenerator = config.getContentGenerator();
+    if (!contentGenerator) {
+        return { policy: {}, error: 'Content generator not initialized' };
+    }
+    try {
+        const result = await contentGenerator.generateContent({
+            model,
+            config: {
+                responseMimeType: 'application/json',
+                responseSchema: zodToJsonSchema(SecurityPolicyResponseSchema, {
+                    target: 'openApi3',
+                }),
+            },
+            contents: [
+                {
+                    role: 'user',
+                    parts: [
+                        {
+                            text: safeTemplateReplace(CONSECA_POLICY_GENERATION_PROMPT, {
+                                user_prompt: userPrompt,
+                                trusted_content: trustedContent,
+                            }),
+                        },
+                    ],
+                },
+            ],
+        }, 'conseca-policy-generation', LlmRole.SUBAGENT);
+        const responseText = getResponseText(result);
+        debugLogger.debug(`[Conseca] Policy Generation Raw Response: ${responseText}`);
+        if (!responseText) {
+            return { policy: {}, error: 'Empty response from policy generator' };
+        }
+        try {
+            const parsed = SecurityPolicyResponseSchema.parse(JSON.parse(responseText));
+            const policiesList = parsed.policies;
+            const policy = {};
+            for (const item of policiesList) {
+                policy[item.tool_name] = item.policy;
+            }
+            debugLogger.debug(`[Conseca] Policy Generation Parsed:`, policy);
+            return { policy };
+        }
+        catch (parseError) {
+            debugLogger.debug(`[Conseca] Policy Generation JSON Parse Error:`, parseError);
+            return {
+                policy: {},
+                error: `JSON Parse Error: ${parseError instanceof Error ? parseError.message : String(parseError)}. Raw: ${responseText}`,
+            };
+        }
+    }
+    catch (error) {
+        debugLogger.error('Policy generation failed:', error);
+        return {
+            policy: {},
+            error: `Policy generation failed: ${error instanceof Error ? error.message : String(error)}`,
+        };
+    }
+}
+//# sourceMappingURL=policy-generator.js.map

package/dist/src/safety/conseca/policy-generator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-generator.js","sourceRoot":"","sources":["../../../../src/safety/conseca/policy-generator.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,EAAE,0BAA0B,EAAE,MAAM,wBAAwB,CAAC;AACpE,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAErD,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAEnD,MAAM,gCAAgC,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuDxC,CAAC;AAEF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErD,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,WAAW,EAAE,CAAC,CAAC,UAAU,CAAC,mBAAmB,CAAC;IAC9C,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;IACvB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAC;AAEH,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,QAAQ,EAAE,CAAC,CAAC,KAAK,CACf,CAAC,CAAC,MAAM,CAAC;QACP,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,MAAM,EAAE,gBAAgB;KACzB,CAAC,CACH;CACF,CAAC,CAAC;AAOH;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,UAAkB,EAClB,cAAsB,EACtB,MAAc;IAEd,MAAM,KAAK,GAAG,0BAA0B,CAAC;IACzC,MAAM,gBAAgB,GAAG,MAAM,CAAC,mBAAmB,EAAE,CAAC;IAEtD,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC;IACpE,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,eAAe,CACnD;YACE,KAAK;YACL,MAAM,EAAE;gBACN,gBAAgB,EAAE,kBAAkB;gBACpC,cAAc,EAAE,eAAe,CAAC,4BAA4B,EAAE;oBAC5D,MAAM,EAAE,UAAU;iBACnB,CAAC;aACH;YACD,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE;wBACL;4BACE,IAAI,EAAE,mBAAmB,CAAC,gCAAgC,EAAE;gCAC1D,WAAW,EAAE,UAAU;gCACvB,eAAe,EAAE,cAAc;6BAChC,CAAC;yBACH;qBACF;iBACF;aACF;SACF,EACD,2BAA2B,EAC3B,OAAO,CAAC,QAAQ,CACjB,CAAC;QAEF,MAAM,YAAY,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QAC7C,WAAW,CAAC,KAAK,CACf,6CAA6C,YAAY,EAAE,CAC5D,CAAC;QAEF,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAC;QACvE,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,4BAA4B,CAAC,KAAK,CAC/C,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CACzB,CAAC;YACF,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC;YACrC,MAAM,MAAM,GAAmB,EAAE,CAAC;YAClC,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC;YACvC,CAAC;YAED,WAAW,CAAC,KAAK,CAAC,qCAAqC,EAAE,MAAM,CAAC,CAAC;YACjE,OAAO,EAAE,MAAM,EAAE,CAAC;QACpB,CAAC;QAAC,OAAO,UAAU,EAAE,CAAC;YACpB,WAAW,CAAC,KAAK,CACf,+CAA+C,EAC/C,UAAU,CACX,CAAC;YACF,OAAO;gBACL,MAAM,EAAE,EAAE;gBACV,KAAK,EAAE,qBAAqB,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,YAAY,EAAE;aAC1H,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,WAAW,CAAC,KAAK,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;QACtD,OAAO;YACL,MAAM,EAAE,EAAE;YACV,KAAK,EAAE,6BAA6B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;SAC7F,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/src/safety/conseca/policy-generator.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export {};

package/dist/src/safety/conseca/policy-generator.test.js

@@ -0,0 +1,84 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { generatePolicy } from './policy-generator.js';
+import { SafetyCheckDecision } from '../protocol.js';
+import { LlmRole } from '../../telemetry/index.js';
+describe('policy_generator', () => {
+    let mockConfig;
+    let mockContentGenerator;
+    beforeEach(() => {
+        mockContentGenerator = {
+            generateContent: vi.fn(),
+        };
+        mockConfig = {
+            getContentGenerator: vi.fn().mockReturnValue(mockContentGenerator),
+        };
+    });
+    it('should return a policy object when content generator is available', async () => {
+        const mockPolicy = {
+            read_file: {
+                permissions: SafetyCheckDecision.ALLOW,
+                constraints: 'None',
+                rationale: 'Test',
+            },
+        };
+        mockContentGenerator.generateContent = vi.fn().mockResolvedValue({
+            candidates: [
+                {
+                    content: {
+                        parts: [
+                            {
+                                text: JSON.stringify({
+                                    policies: [
+                                        {
+                                            tool_name: 'read_file',
+                                            policy: mockPolicy.read_file,
+                                        },
+                                    ],
+                                }),
+                            },
+                        ],
+                    },
+                },
+            ],
+        });
+        const result = await generatePolicy('test prompt', 'trusted content', mockConfig);
+        expect(mockConfig.getContentGenerator).toHaveBeenCalled();
+        expect(mockContentGenerator.generateContent).toHaveBeenCalledWith(expect.objectContaining({
+            model: expect.any(String),
+            config: expect.objectContaining({
+                responseMimeType: 'application/json',
+                responseSchema: expect.any(Object),
+            }),
+            contents: expect.any(Array),
+        }), 'conseca-policy-generation', LlmRole.SUBAGENT);
+        expect(result.policy).toEqual(mockPolicy);
+        expect(result.error).toBeUndefined();
+    });
+    it('should handle missing content generator gracefully', async () => {
+        vi.mocked(mockConfig.getContentGenerator).mockReturnValue(undefined);
+        const result = await generatePolicy('test prompt', 'trusted content', mockConfig);
+        expect(result.policy).toEqual({});
+        expect(result.error).toBe('Content generator not initialized');
+    });
+    it('should prevent template injection (double interpolation)', async () => {
+        mockContentGenerator.generateContent = vi.fn().mockResolvedValue({});
+        const userPrompt = '{{trusted_content}}';
+        const trustedContent = 'SECRET_DATA';
+        await generatePolicy(userPrompt, trustedContent, mockConfig);
+        const generateContentCall = vi.mocked(mockContentGenerator.generateContent)
+            .mock.calls[0];
+        const request = generateContentCall[0];
+        const promptText = request.contents[0].parts[0].text;
+        // The user prompt should contain the literal placeholder, NOT the secret data
+        expect(promptText).toContain('User Prompt: "{{trusted_content}}"');
+        expect(promptText).not.toContain('User Prompt: "SECRET_DATA"');
+        // The trusted tools section SHOULD contain the secret data
+        expect(promptText).toContain('Trusted Tools (Context):\nSECRET_DATA');
+    });
+});
+//# sourceMappingURL=policy-generator.test.js.map

package/dist/src/safety/conseca/policy-generator.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-generator.test.js","sourceRoot":"","sources":["../../../../src/safety/conseca/policy-generator.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAGrD,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAEnD,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,IAAI,UAAkB,CAAC;IACvB,IAAI,oBAAsC,CAAC;IAE3C,UAAU,CAAC,GAAG,EAAE;QACd,oBAAoB,GAAG;YACrB,eAAe,EAAE,EAAE,CAAC,EAAE,EAAE;SACM,CAAC;QAEjC,UAAU,GAAG;YACX,mBAAmB,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,oBAAoB,CAAC;SAC9C,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,MAAM,UAAU,GAAG;YACjB,SAAS,EAAE;gBACT,WAAW,EAAE,mBAAmB,CAAC,KAAK;gBACtC,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,MAAM;aAClB;SACF,CAAC;QACF,oBAAoB,CAAC,eAAe,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;YAC/D,UAAU,EAAE;gBACV;oBACE,OAAO,EAAE;wBACP,KAAK,EAAE;4BACL;gCACE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oCACnB,QAAQ,EAAE;wCACR;4CACE,SAAS,EAAE,WAAW;4CACtB,MAAM,EAAE,UAAU,CAAC,SAAS;yCAC7B;qCACF;iCACF,CAAC;6BACH;yBACF;qBACF;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,cAAc,CACjC,aAAa,EACb,iBAAiB,EACjB,UAAU,CACX,CAAC;QAEF,MAAM,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC,gBAAgB,EAAE,CAAC;QAC1D,MAAM,CAAC,oBAAoB,CAAC,eAAe,CAAC,CAAC,oBAAoB,CAC/D,MAAM,CAAC,gBAAgB,CAAC;YACtB,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;YACzB,MAAM,EAAE,MAAM,CAAC,gBAAgB,CAAC;gBAC9B,gBAAgB,EAAE,kBAAkB;gBACpC,cAAc,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;aACnC,CAAC;YACF,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC;SAC5B,CAAC,EACF,2BAA2B,EAC3B,OAAO,CAAC,QAAQ,CACjB,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,aAAa,EAAE,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC,eAAe,CACvD,SAAwC,CACzC,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,cAAc,CACjC,aAAa,EACb,iBAAiB,EACjB,UAAU,CACX,CAAC;QAEF,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;IACjE,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,oBAAoB,CAAC,eAAe,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QAErE,MAAM,UAAU,GAAG,qBAAqB,CAAC;QACzC,MAAM,cAAc,GAAG,aAAa,CAAC;QAErC,MAAM,cAAc,CAAC,UAAU,EAAE,cAAc,EAAE,UAAU,CAAC,CAAC;QAE7D,MAAM,mBAAmB,GAAG,EAAE,CAAC,MAAM,CAAC,oBAAoB,CAAC,eAAe,CAAC;aACxE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjB,MAAM,OAAO,GAAG,mBAAmB,CAAC,CAAC,CAEpC,CAAC;QACF,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAErD,8EAA8E;QAC9E,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,oCAAoC,CAAC,CAAC;QACnE,MAAM,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,4BAA4B,CAAC,CAAC;QAE/D,2DAA2D;QAC3D,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,uCAAuC,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/safety/conseca/types.d.ts

@@ -0,0 +1,15 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import type { SafetyCheckDecision } from '../protocol.js';
+export interface ToolPolicy {
+    permissions: SafetyCheckDecision;
+    constraints: string;
+    rationale: string;
+}
+/**
+ * A map of tool names to their specific security policies.
+ */
+export type SecurityPolicy = Record<string, ToolPolicy>;

package/dist/src/safety/conseca/types.js

@@ -0,0 +1,7 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/src/safety/conseca/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/safety/conseca/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}

package/dist/src/safety/context-builder.d.ts

@@ -3,15 +3,14 @@
  * Copyright 2025 Google LLC
  * SPDX-License-Identifier: Apache-2.0
  */
-import type { SafetyCheckInput, ConversationTurn } from './protocol.js';
+import type { SafetyCheckInput } from './protocol.js';
 import type { Config } from '../config/config.js';
 /**
  * Builds context objects for safety checkers, ensuring sensitive data is filtered.
  */
 export declare class ContextBuilder {
     private readonly config;
-    private readonly conversationHistory;
-    constructor(config: Config, conversationHistory?: ConversationTurn[]);
+    constructor(config: Config);
     /**
      * Builds the full context object with all available data.
      */
@@ -20,4 +19,5 @@ export declare class ContextBuilder {
      * Builds a minimal context with only the specified keys.
      */
     buildMinimalContext(requiredKeys: Array<keyof SafetyCheckInput['context']>): SafetyCheckInput['context'];
+    private convertHistoryToTurns;
 }

package/dist/src/safety/context-builder.js

@@ -3,20 +3,34 @@
  * Copyright 2025 Google LLC
  * SPDX-License-Identifier: Apache-2.0
  */
+import { debugLogger } from '../utils/debugLogger.js';
 /**
  * Builds context objects for safety checkers, ensuring sensitive data is filtered.
  */
 export class ContextBuilder {
     config;
-    conversationHistory;
-    constructor(config, conversationHistory = []) {
+    constructor(config) {
         this.config = config;
-        this.conversationHistory = conversationHistory;
     }
     /**
      * Builds the full context object with all available data.
      */
     buildFullContext() {
+        const clientHistory = this.config.getGeminiClient()?.getHistory() || [];
+        const history = this.convertHistoryToTurns(clientHistory);
+        debugLogger.debug(`[ContextBuilder] buildFullContext called. Converted history length: ${history.length}`);
+        // ContextBuilder's responsibility is to provide the *current* context.
+        // If the conversation hasn't started (history is empty), we check if there's a pending question.
+        // However, if the history is NOT empty, we trust it reflects the true state.
+        const currentQuestion = this.config.getQuestion();
+        if (currentQuestion && history.length === 0) {
+            history.push({
+                user: {
+                    text: currentQuestion,
+                },
+                model: {},
+            });
+        }
         return {
             environment: {
                 cwd: process.cwd(),
@@ -26,7 +40,7 @@ export class ContextBuilder {
                     .getDirectories(),
             },
             history: {
-                turns: this.conversationHistory,
+                turns: history,
             },
         };
     }
@@ -45,5 +59,47 @@ export class ContextBuilder {
         // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
         return minimalContext;
     }
+    // Helper to convert Google GenAI Content[] to Safety Protocol ConversationTurn[]
+    convertHistoryToTurns(history) {
+        const turns = [];
+        let currentUserRequest;
+        for (const content of history) {
+            if (content.role === 'user') {
+                if (currentUserRequest) {
+                    // Previous user turn didn't have a matching model response (or it was filtered out)
+                    // Push it as a turn with empty model response
+                    turns.push({ user: currentUserRequest, model: {} });
+                }
+                currentUserRequest = {
+                    text: content.parts?.map((p) => p.text).join('') || '',
+                };
+            }
+            else if (content.role === 'model') {
+                const modelResponse = {
+                    text: content.parts
+                        ?.filter((p) => p.text)
+                        .map((p) => p.text)
+                        .join('') || '',
+                    toolCalls: content.parts
+                        ?.filter((p) => 'functionCall' in p)
+                        // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
+                        .map((p) => p.functionCall) || [],
+                };
+                if (currentUserRequest) {
+                    turns.push({ user: currentUserRequest, model: modelResponse });
+                    currentUserRequest = undefined;
+                }
+                else {
+                    // Model response without preceding user request.
+                    // This creates a turn with empty user text.
+                    turns.push({ user: { text: '' }, model: modelResponse });
+                }
+            }
+        }
+        if (currentUserRequest) {
+            turns.push({ user: currentUserRequest, model: {} });
+        }
+        return turns;
+    }
 }
 //# sourceMappingURL=context-builder.js.map

package/dist/src/safety/context-builder.js.map

@@ -1 +1 @@
-{"version":3,"file":"context-builder.js","sourceRoot":"","sources":["../../../src/safety/context-builder.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH;;GAEG;AACH,MAAM,OAAO,cAAc;IAEN;IACA;IAFnB,YACmB,MAAc,EACd,sBAA0C,EAAE;QAD5C,WAAM,GAAN,MAAM,CAAQ;QACd,wBAAmB,GAAnB,mBAAmB,CAAyB;IAC5D,CAAC;IAEJ;;OAEG;IACH,gBAAgB;QACd,OAAO;YACL,WAAW,EAAE;gBACX,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;gBAClB,uEAAuE;gBACvE,UAAU,EAAE,IAAI,CAAC,MAAM;qBACpB,mBAAmB,EAAE;qBACrB,cAAc,EAAc;aAChC;YACD,OAAO,EAAE;gBACP,KAAK,EAAE,IAAI,CAAC,mBAAmB;aAChC;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,mBAAmB,CACjB,YAAsD;QAEtD,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC5C,MAAM,cAAc,GAAyC,EAAE,CAAC;QAEhE,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;YAC/B,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC;gBACvB,2GAA2G;gBAC1G,cAAsB,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;QAED,uEAAuE;QACvE,OAAO,cAA6C,CAAC;IACvD,CAAC;CACF"}
+{"version":3,"file":"context-builder.js","sourceRoot":"","sources":["../../../src/safety/context-builder.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAGtD;;GAEG;AACH,MAAM,OAAO,cAAc;IACI;IAA7B,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAE/C;;OAEG;IACH,gBAAgB;QACd,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;QACxE,MAAM,OAAO,GAAG,IAAI,CAAC,qBAAqB,CAAC,aAAa,CAAC,CAAC;QAE1D,WAAW,CAAC,KAAK,CACf,uEAAuE,OAAO,CAAC,MAAM,EAAE,CACxF,CAAC;QAEF,uEAAuE;QACvE,iGAAiG;QACjG,6EAA6E;QAC7E,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QAClD,IAAI,eAAe,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5C,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE;oBACJ,IAAI,EAAE,eAAe;iBACtB;gBACD,KAAK,EAAE,EAAE;aACV,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,WAAW,EAAE;gBACX,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;gBAClB,uEAAuE;gBACvE,UAAU,EAAE,IAAI,CAAC,MAAM;qBACpB,mBAAmB,EAAE;qBACrB,cAAc,EAAc;aAChC;YACD,OAAO,EAAE;gBACP,KAAK,EAAE,OAAO;aACf;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,mBAAmB,CACjB,YAAsD;QAEtD,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC5C,MAAM,cAAc,GAAyC,EAAE,CAAC;QAEhE,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;YAC/B,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC;gBACvB,2GAA2G;gBAC1G,cAAsB,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;QAED,uEAAuE;QACvE,OAAO,cAA6C,CAAC;IACvD,CAAC;IAED,iFAAiF;IACzE,qBAAqB,CAAC,OAAkB;QAC9C,MAAM,KAAK,GAAuB,EAAE,CAAC;QACrC,IAAI,kBAAgD,CAAC;QAErD,KAAK,MAAM,OAAO,IAAI,OAAO,EAAE,CAAC;YAC9B,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBAC5B,IAAI,kBAAkB,EAAE,CAAC;oBACvB,oFAAoF;oBACpF,8CAA8C;oBAC9C,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;gBACtD,CAAC;gBACD,kBAAkB,GAAG;oBACnB,IAAI,EAAE,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE;iBACvD,CAAC;YACJ,CAAC;iBAAM,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;gBACpC,MAAM,aAAa,GAAG;oBACpB,IAAI,EACF,OAAO,CAAC,KAAK;wBACX,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;yBACtB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;yBAClB,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE;oBACnB,SAAS,EACP,OAAO,CAAC,KAAK;wBACX,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,IAAI,CAAC,CAAC;wBACpC,uEAAuE;yBACtE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAA4B,CAAC,IAAI,EAAE;iBACtD,CAAC;gBAEF,IAAI,kBAAkB,EAAE,CAAC;oBACvB,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC,CAAC;oBAC/D,kBAAkB,GAAG,SAAS,CAAC;gBACjC,CAAC;qBAAM,CAAC;oBACN,iDAAiD;oBACjD,4CAA4C;oBAC5C,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC,CAAC;gBAC3D,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,kBAAkB,EAAE,CAAC;YACvB,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;QACtD,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}

package/dist/src/safety/context-builder.test.js

@@ -8,42 +8,122 @@ import { ContextBuilder } from './context-builder.js';
 describe('ContextBuilder', () => {
     let contextBuilder;
     let mockConfig;
-    const mockHistory = [
-        { user: { text: 'hello' }, model: { text: 'hi' } },
-    ];
+    let mockHistory;
     const mockCwd = '/home/user/project';
     const mockWorkspaces = ['/home/user/project'];
     beforeEach(() => {
         vi.spyOn(process, 'cwd').mockReturnValue(mockCwd);
+        mockHistory = [];
         mockConfig = {
             getWorkspaceContext: vi.fn().mockReturnValue({
                 getDirectories: vi.fn().mockReturnValue(mockWorkspaces),
             }),
-            apiKey: 'secret-api-key',
-            somePublicConfig: 'public-value',
-            nested: {
-                secretToken: 'hidden',
-                public: 'visible',
+            getQuestion: vi.fn().mockReturnValue('mock question'),
+            getGeminiClient: vi.fn().mockReturnValue({
+                getHistory: vi.fn().mockImplementation(() => mockHistory),
+            }),
+        };
+        contextBuilder = new ContextBuilder(mockConfig);
+    });
+    it('should build full context with empty history', () => {
+        mockHistory = [];
+        // Should inject current question
+        const context = contextBuilder.buildFullContext();
+        expect(context.history?.turns).toEqual([
+            {
+                user: { text: 'mock question' },
+                model: {},
             },
+        ]);
+    });
+    it('should build full context with existing history (User -> Model)', () => {
+        mockHistory = [
+            { role: 'user', parts: [{ text: 'Hello' }] },
+            { role: 'model', parts: [{ text: 'Hi there' }] },
+        ];
+        // Should NOT inject current question if history exists
+        const context = contextBuilder.buildFullContext();
+        expect(context.history?.turns).toHaveLength(1);
+        expect(context.history?.turns[0]).toEqual({
+            user: { text: 'Hello' },
+            model: { text: 'Hi there', toolCalls: [] },
+        });
+    });
+    it('should handle history with tool calls', () => {
+        const mockToolCall = {
+            id: 'call_1',
+            name: 'list_files',
+            args: { path: '.' },
         };
-        contextBuilder = new ContextBuilder(mockConfig, mockHistory);
+        mockHistory = [
+            { role: 'user', parts: [{ text: 'List files' }] },
+            {
+                role: 'model',
+                parts: [
+                    { text: 'Sure, listing files.' },
+                    { functionCall: mockToolCall },
+                ],
+            },
+        ];
+        const context = contextBuilder.buildFullContext();
+        expect(context.history?.turns).toHaveLength(1);
+        expect(context.history?.turns[0].model.toolCalls).toEqual([mockToolCall]);
+        expect(context.history?.turns[0].model.text).toBe('Sure, listing files.');
     });
-    it('should build full context with all fields', () => {
+    it('should handle orphan model response (Model starts conversation)', () => {
+        mockHistory = [
+            { role: 'model', parts: [{ text: 'Welcome!' }] },
+            { role: 'user', parts: [{ text: 'Thanks' }] },
+        ];
         const context = contextBuilder.buildFullContext();
-        expect(context.environment.cwd).toBe(mockCwd);
-        expect(context.environment.workspaces).toEqual(mockWorkspaces);
-        expect(context.history?.turns).toEqual(mockHistory);
+        // 1. Orphan model response -> Turn 1: User="" Model="Welcome!"
+        // 2. User "Thanks" -> Turn 2: User="Thanks" Model={} (pending)
+        expect(context.history?.turns).toHaveLength(2);
+        expect(context.history?.turns[0]).toEqual({
+            user: { text: '' },
+            model: { text: 'Welcome!', toolCalls: [] },
+        });
+        expect(context.history?.turns[1]).toEqual({
+            user: { text: 'Thanks' },
+            model: {},
+        });
     });
-    it('should build minimal context with only required keys', () => {
+    it('should handle multiple user turns in a row', () => {
+        mockHistory = [
+            { role: 'user', parts: [{ text: 'Q1' }] },
+            { role: 'user', parts: [{ text: 'Q2' }] },
+            { role: 'model', parts: [{ text: 'A2' }] },
+        ];
+        const context = contextBuilder.buildFullContext();
+        // 1. "Q1" -> Turn 1: User="Q1" Model={}
+        // 2. "Q2" -> Turn 2: User="Q2" Model="A2"
+        expect(context.history?.turns).toHaveLength(2);
+        expect(context.history?.turns[0]).toEqual({
+            user: { text: 'Q1' },
+            model: {},
+        });
+        expect(context.history?.turns[1]).toEqual({
+            user: { text: 'Q2' },
+            model: { text: 'A2', toolCalls: [] },
+        });
+    });
+    it('should build minimal context', () => {
+        mockHistory = [{ role: 'user', parts: [{ text: 'test' }] }];
         const context = contextBuilder.buildMinimalContext(['environment']);
         expect(context).toHaveProperty('environment');
-        expect(context).not.toHaveProperty('config');
         expect(context).not.toHaveProperty('history');
     });
-    it('should handle missing history', () => {
-        contextBuilder = new ContextBuilder(mockConfig);
+    it('should handle undefined parts gracefully', () => {
+        mockHistory = [
+            { role: 'user', parts: undefined },
+            { role: 'model', parts: undefined },
+        ];
         const context = contextBuilder.buildFullContext();
-        expect(context.history?.turns).toEqual([]);
+        expect(context.history?.turns).toHaveLength(1);
+        expect(context.history?.turns[0]).toEqual({
+            user: { text: '' },
+            model: { text: '', toolCalls: [] },
+        });
     });
 });
 //# sourceMappingURL=context-builder.test.js.map

package/dist/src/safety/context-builder.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"context-builder.test.js","sourceRoot":"","sources":["../../../src/safety/context-builder.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAItD,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,IAAI,cAA8B,CAAC;IACnC,IAAI,UAAkB,CAAC;IACvB,MAAM,WAAW,GAAuB;QACtC,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;KACnD,CAAC;IACF,MAAM,OAAO,GAAG,oBAAoB,CAAC;IACrC,MAAM,cAAc,GAAG,CAAC,oBAAoB,CAAC,CAAC;IAE9C,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QAClD,UAAU,GAAG;YACX,mBAAmB,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC;gBAC3C,cAAc,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,cAAc,CAAC;aACxD,CAAC;YACF,MAAM,EAAE,gBAAgB;YACxB,gBAAgB,EAAE,cAAc;YAChC,MAAM,EAAE;gBACN,WAAW,EAAE,QAAQ;gBACrB,MAAM,EAAE,SAAS;aAClB;SACmB,CAAC;QACvB,cAAc,GAAG,IAAI,cAAc,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,OAAO,GAAG,cAAc,CAAC,gBAAgB,EAAE,CAAC;QAClD,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAC/D,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,OAAO,GAAG,cAAc,CAAC,mBAAmB,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC;QACpE,MAAM,CAAC,OAAO,CAAC,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;QAC9C,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC7C,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,cAAc,GAAG,IAAI,cAAc,CAAC,UAAU,CAAC,CAAC;QAChD,MAAM,OAAO,GAAG,cAAc,CAAC,gBAAgB,EAAE,CAAC;QAClD,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"context-builder.test.js","sourceRoot":"","sources":["../../../src/safety/context-builder.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAItD,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,IAAI,cAA8B,CAAC;IACnC,IAAI,UAA2B,CAAC;IAChC,IAAI,WAAsB,CAAC;IAC3B,MAAM,OAAO,GAAG,oBAAoB,CAAC;IACrC,MAAM,cAAc,GAAG,CAAC,oBAAoB,CAAC,CAAC;IAE9C,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QAClD,WAAW,GAAG,EAAE,CAAC;QAEjB,UAAU,GAAG;YACX,mBAAmB,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC;gBAC3C,cAAc,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,cAAc,CAAC;aACxD,CAAC;YACF,WAAW,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,eAAe,CAAC;YACrD,eAAe,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC;gBACvC,UAAU,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC;aAC1D,CAAC;SACH,CAAC;QACF,cAAc,GAAG,IAAI,cAAc,CAAC,UAA+B,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,WAAW,GAAG,EAAE,CAAC;QACjB,iCAAiC;QACjC,MAAM,OAAO,GAAG,cAAc,CAAC,gBAAgB,EAAE,CAAC;QAClD,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC;YACrC;gBACE,IAAI,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE;gBAC/B,KAAK,EAAE,EAAE;aACV;SACF,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,GAAG,EAAE;QACzE,WAAW,GAAG;YACZ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE;YAC5C,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,EAAE;SACjD,CAAC;QACF,uDAAuD;QACvD,MAAM,OAAO,GAAG,cAAc,CAAC,gBAAgB,EAAE,CAAC;QAClD,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC/C,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;YACxC,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE;YACvB,KAAK,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,EAAE,EAAE;SAC3C,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,YAAY,GAAiB;YACjC,EAAE,EAAE,QAAQ;YACZ,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE;SACpB,CAAC;QACF,WAAW,GAAG;YACZ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,EAAE;YACjD;gBACE,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE;oBACL,EAAE,IAAI,EAAE,sBAAsB,EAAE;oBAChC,EAAE,YAAY,EAAE,YAAY,EAAE;iBAC/B;aACF;SACF,CAAC;QAEF,MAAM,OAAO,GAAG,cAAc,CAAC,gBAAgB,EAAE,CAAC;QAClD,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC/C,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;QAC1E,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAC5E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,GAAG,EAAE;QACzE,WAAW,GAAG;YACZ,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,EAAE;YAChD,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE;SAC9C,CAAC;QAEF,MAAM,OAAO,GAAG,cAAc,CAAC,gBAAgB,EAAE,CAAC;QAClD,+DAA+D;QAC/D,+DAA+D;QAC/D,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC/C,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;YACxC,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;YAClB,KAAK,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,EAAE,EAAE;SAC3C,CAAC,CAAC;QACH,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;YACxC,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YACxB,KAAK,EAAE,EAAE;SACV,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,WAAW,GAAG;YACZ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE;YACzC,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE;YACzC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE;SAC3C,CAAC;QAEF,MAAM,OAAO,GAAG,cAAc,CAAC,gBAAgB,EAAE,CAAC;QAClD,wCAAwC;QACxC,0CAA0C;QAC1C,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC/C,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;YACxC,IAAI,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACpB,KAAK,EAAE,EAAE;SACV,CAAC,CAAC;QACH,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;YACxC,IAAI,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACpB,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE;SACrC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,WAAW,GAAG,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;QAC5D,MAAM,OAAO,GAAG,cAAc,CAAC,mBAAmB,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC;QAEpE,MAAM,CAAC,OAAO,CAAC,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;QAC9C,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,WAAW,GAAG;YACZ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,SAA0B,EAAE;YACnD,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,SAA0B,EAAE;SACrD,CAAC;QACF,MAAM,OAAO,GAAG,cAAc,CAAC,gBAAgB,EAAE,CAAC;QAClD,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC/C,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;YACxC,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;YAClB,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE;SACnC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/safety/protocol.d.ts

@@ -79,6 +79,10 @@ export type SafetyCheckResult = {
      * This will be shown to the user.
      */
     reason?: string;
+    /**
+     * Optional error message if the decision was made due to a system failure (fail-open).
+     */
+    error?: string;
 } | {
     decision: SafetyCheckDecision.DENY;
     reason: string;

package/dist/src/safety/registry.d.ts

@@ -10,7 +10,8 @@ import { type InProcessChecker } from './built-in.js';
 export declare class CheckerRegistry {
     private readonly checkersPath;
     private static readonly BUILT_IN_EXTERNAL_CHECKERS;
-    private static readonly BUILT_IN_IN_PROCESS_CHECKERS;
+    private static BUILT_IN_IN_PROCESS_CHECKERS;
+    private static getBuiltInInProcessCheckers;
     private static readonly VALID_NAME_PATTERN;
     constructor(checkersPath: string);
     /**

package/dist/src/safety/registry.js

@@ -7,6 +7,7 @@ import * as path from 'node:path';
 import * as fs from 'node:fs';
 import { AllowedPathChecker } from './built-in.js';
 import { InProcessCheckerType } from '../policy/types.js';
+import { ConsecaSafetyChecker } from './conseca/conseca.js';
 /**
  * Registry for managing safety checker resolution.
  */
@@ -15,7 +16,16 @@ export class CheckerRegistry {
     static BUILT_IN_EXTERNAL_CHECKERS = new Map([
     // No external built-ins for now
     ]);
-    static BUILT_IN_IN_PROCESS_CHECKERS = new Map([[InProcessCheckerType.ALLOWED_PATH, new AllowedPathChecker()]]);
+    static BUILT_IN_IN_PROCESS_CHECKERS;
+    static getBuiltInInProcessCheckers() {
+        if (!CheckerRegistry.BUILT_IN_IN_PROCESS_CHECKERS) {
+            CheckerRegistry.BUILT_IN_IN_PROCESS_CHECKERS = new Map([
+                [InProcessCheckerType.ALLOWED_PATH, new AllowedPathChecker()],
+                [InProcessCheckerType.CONSECA, ConsecaSafetyChecker.getInstance()],
+            ]);
+        }
+        return CheckerRegistry.BUILT_IN_IN_PROCESS_CHECKERS;
+    }
     // Regex to validate checker names (alphanumeric and hyphens only)
     static VALID_NAME_PATTERN = /^[a-z0-9-]+$/;
     constructor(checkersPath) {
@@ -46,11 +56,11 @@ export class CheckerRegistry {
         if (!CheckerRegistry.isValidCheckerName(name)) {
             throw new Error(`Invalid checker name "${name}".`);
         }
-        const checker = CheckerRegistry.BUILT_IN_IN_PROCESS_CHECKERS.get(name);
+        const checker = CheckerRegistry.getBuiltInInProcessCheckers().get(name);
         if (checker) {
             return checker;
         }
-        throw new Error(`Unknown in-process checker "${name}". Available: ${Array.from(CheckerRegistry.BUILT_IN_IN_PROCESS_CHECKERS.keys()).join(', ')}`);
+        throw new Error(`Unknown in-process checker "${name}". Available: ${Array.from(CheckerRegistry.getBuiltInInProcessCheckers().keys()).join(', ')}`);
     }
     static isValidCheckerName(name) {
         return this.VALID_NAME_PATTERN.test(name) && !name.includes('..');
@@ -58,7 +68,7 @@ export class CheckerRegistry {
     static getBuiltInCheckers() {
         return [
             ...Array.from(this.BUILT_IN_EXTERNAL_CHECKERS.keys()),
-            ...Array.from(this.BUILT_IN_IN_PROCESS_CHECKERS.keys()),
+            ...Array.from(this.getBuiltInInProcessCheckers().keys()),
         ];
     }
 }