@office-ai/aioncli-core 0.30.0 → 0.30.1

package/dist/src/safety/conseca/policy-enforcer.test.js

@@ -0,0 +1,141 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { enforcePolicy } from './policy-enforcer.js';
+import { SafetyCheckDecision } from '../protocol.js';
+import { LlmRole } from '../../telemetry/index.js';
+describe('policy_enforcer', () => {
+    let mockConfig;
+    let mockContentGenerator;
+    beforeEach(() => {
+        vi.clearAllMocks();
+        mockContentGenerator = {
+            generateContent: vi.fn(),
+        };
+        mockConfig = {
+            getContentGenerator: vi.fn().mockReturnValue(mockContentGenerator),
+        };
+    });
+    it('should return ALLOW when content generator returns ALLOW', async () => {
+        mockContentGenerator.generateContent = vi.fn().mockResolvedValue({
+            candidates: [
+                {
+                    content: {
+                        parts: [
+                            { text: JSON.stringify({ decision: 'allow', reason: 'Safe' }) },
+                        ],
+                    },
+                },
+            ],
+        });
+        const toolCall = { name: 'testTool', args: {} };
+        const policy = {
+            testTool: {
+                permissions: SafetyCheckDecision.ALLOW,
+                constraints: 'None',
+                rationale: 'Test',
+            },
+        };
+        const result = await enforcePolicy(policy, toolCall, mockConfig);
+        expect(mockConfig.getContentGenerator).toHaveBeenCalled();
+        expect(mockContentGenerator.generateContent).toHaveBeenCalledWith(expect.objectContaining({
+            model: expect.any(String),
+            config: expect.objectContaining({
+                responseMimeType: 'application/json',
+                responseSchema: expect.any(Object),
+            }),
+            contents: expect.arrayContaining([
+                expect.objectContaining({
+                    role: 'user',
+                    parts: expect.arrayContaining([
+                        expect.objectContaining({
+                            text: expect.stringContaining('Security Policy:'),
+                        }),
+                    ]),
+                }),
+            ]),
+        }), 'conseca-policy-enforcement', LlmRole.SUBAGENT);
+        expect(result.decision).toBe(SafetyCheckDecision.ALLOW);
+    });
+    it('should handle missing content generator gracefully (error case)', async () => {
+        vi.mocked(mockConfig.getContentGenerator).mockReturnValue(undefined);
+        const toolCall = { name: 'testTool', args: {} };
+        const policy = {
+            testTool: {
+                permissions: SafetyCheckDecision.ALLOW,
+                constraints: 'None',
+                rationale: 'Test',
+            },
+        };
+        const result = await enforcePolicy(policy, toolCall, mockConfig);
+        expect(result.decision).toBe(SafetyCheckDecision.ALLOW);
+    });
+    it('should ALLOW if tool name is missing with the reason and error as tool name is missing', async () => {
+        const toolCall = { args: {} };
+        const policy = {};
+        const result = await enforcePolicy(policy, toolCall, mockConfig);
+        expect(result.decision).toBe(SafetyCheckDecision.ALLOW);
+        expect(result.reason).toBe('Tool name is missing');
+        if (result.decision === SafetyCheckDecision.ALLOW) {
+            expect(result.error).toBe('Tool name is missing');
+        }
+    });
+    it('should handle empty policy by checking with LLM (fail-open/check behavior)', async () => {
+        // Even if policy is empty for the tool, we currently send it to LLM.
+        // The LLM might ALLOW or DENY based on its own judgment of "no policy".
+        // We simulate the LLM allowing the action to match the current fail-open strategy.
+        mockContentGenerator.generateContent = vi.fn().mockResolvedValue({
+            candidates: [
+                {
+                    content: {
+                        parts: [
+                            {
+                                text: JSON.stringify({
+                                    decision: 'allow',
+                                    reason: 'No restrictions',
+                                }),
+                            },
+                        ],
+                    },
+                },
+            ],
+        });
+        const toolCall = { name: 'unknownTool', args: {} };
+        const policy = {}; // Empty policy
+        const result = await enforcePolicy(policy, toolCall, mockConfig);
+        expect(result.decision).toBe(SafetyCheckDecision.ALLOW);
+        expect(mockContentGenerator.generateContent).toHaveBeenCalled();
+        if (result.decision === SafetyCheckDecision.ALLOW) {
+            expect(result.error).toBeUndefined();
+        }
+    });
+    it('should handle malformed JSON response from LLM by failing open (ALLOW)', async () => {
+        mockContentGenerator.generateContent = vi.fn().mockResolvedValue({
+            candidates: [
+                {
+                    content: {
+                        parts: [{ text: 'This is not JSON' }],
+                    },
+                },
+            ],
+        });
+        const toolCall = { name: 'testTool', args: {} };
+        const policy = {
+            testTool: {
+                permissions: SafetyCheckDecision.ALLOW,
+                constraints: 'None',
+                rationale: 'Test',
+            },
+        };
+        const result = await enforcePolicy(policy, toolCall, mockConfig);
+        expect(result.decision).toBe(SafetyCheckDecision.ALLOW);
+        expect(result.reason).toContain('JSON Parse Error');
+        if (result.decision === SafetyCheckDecision.ALLOW) {
+            expect(result.error).toContain('JSON Parse Error');
+        }
+    });
+});
+//# sourceMappingURL=policy-enforcer.test.js.map

package/dist/src/safety/conseca/policy-enforcer.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-enforcer.test.js","sourceRoot":"","sources":["../../../../src/safety/conseca/policy-enforcer.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAGrD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAErD,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAEnD,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,IAAI,UAAkB,CAAC;IACvB,IAAI,oBAAsC,CAAC;IAE3C,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,CAAC,aAAa,EAAE,CAAC;QACnB,oBAAoB,GAAG;YACrB,eAAe,EAAE,EAAE,CAAC,EAAE,EAAE;SACM,CAAC;QAEjC,UAAU,GAAG;YACX,mBAAmB,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,oBAAoB,CAAC;SAC9C,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,oBAAoB,CAAC,eAAe,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;YAC/D,UAAU,EAAE;gBACV;oBACE,OAAO,EAAE;wBACP,KAAK,EAAE;4BACL,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE;yBAChE;qBACF;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QAC9D,MAAM,MAAM,GAAG;YACb,QAAQ,EAAE;gBACR,WAAW,EAAE,mBAAmB,CAAC,KAAK;gBACtC,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,MAAM;aAClB;SACF,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QAEjE,MAAM,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC,gBAAgB,EAAE,CAAC;QAC1D,MAAM,CAAC,oBAAoB,CAAC,eAAe,CAAC,CAAC,oBAAoB,CAC/D,MAAM,CAAC,gBAAgB,CAAC;YACtB,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;YACzB,MAAM,EAAE,MAAM,CAAC,gBAAgB,CAAC;gBAC9B,gBAAgB,EAAE,kBAAkB;gBACpC,cAAc,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;aACnC,CAAC;YACF,QAAQ,EAAE,MAAM,CAAC,eAAe,CAAC;gBAC/B,MAAM,CAAC,gBAAgB,CAAC;oBACtB,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE,MAAM,CAAC,eAAe,CAAC;wBAC5B,MAAM,CAAC,gBAAgB,CAAC;4BACtB,IAAI,EAAE,MAAM,CAAC,gBAAgB,CAAC,kBAAkB,CAAC;yBAClD,CAAC;qBACH,CAAC;iBACH,CAAC;aACH,CAAC;SACH,CAAC,EACF,4BAA4B,EAC5B,OAAO,CAAC,QAAQ,CACjB,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC,eAAe,CACvD,SAAwC,CACzC,CAAC;QAEF,MAAM,QAAQ,GAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QAC9D,MAAM,MAAM,GAAG;YACb,QAAQ,EAAE;gBACR,WAAW,EAAE,mBAAmB,CAAC,KAAK;gBACtC,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,MAAM;aAClB;SACF,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QAEjE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wFAAwF,EAAE,KAAK,IAAI,EAAE;QACtG,MAAM,QAAQ,GAAG,EAAE,IAAI,EAAE,EAAE,EAAkB,CAAC;QAC9C,MAAM,MAAM,GAAG,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QAEjE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACnD,IAAI,MAAM,CAAC,QAAQ,KAAK,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAClD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4EAA4E,EAAE,KAAK,IAAI,EAAE;QAC1F,qEAAqE;QACrE,wEAAwE;QACxE,mFAAmF;QACnF,oBAAoB,CAAC,eAAe,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;YAC/D,UAAU,EAAE;gBACV;oBACE,OAAO,EAAE;wBACP,KAAK,EAAE;4BACL;gCACE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oCACnB,QAAQ,EAAE,OAAO;oCACjB,MAAM,EAAE,iBAAiB;iCAC1B,CAAC;6BACH;yBACF;qBACF;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAiB,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QACjE,MAAM,MAAM,GAAG,EAAE,CAAC,CAAC,eAAe;QAClC,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QAEjE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,oBAAoB,CAAC,eAAe,CAAC,CAAC,gBAAgB,EAAE,CAAC;QAChE,IAAI,MAAM,CAAC,QAAQ,KAAK,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAClD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,aAAa,EAAE,CAAC;QACvC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wEAAwE,EAAE,KAAK,IAAI,EAAE;QACtF,oBAAoB,CAAC,eAAe,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;YAC/D,UAAU,EAAE;gBACV;oBACE,OAAO,EAAE;wBACP,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC;qBACtC;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QAC9D,MAAM,MAAM,GAAG;YACb,QAAQ,EAAE;gBACR,WAAW,EAAE,mBAAmB,CAAC,KAAK;gBACtC,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,MAAM;aAClB;SACF,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QAEjE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;QACpD,IAAI,MAAM,CAAC,QAAQ,KAAK,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAClD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;QACrD,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/safety/conseca/policy-generator.d.ts

@@ -0,0 +1,15 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import type { Config } from '../../config/config.js';
+import type { SecurityPolicy } from './types.js';
+export interface PolicyGenerationResult {
+    policy: SecurityPolicy;
+    error?: string;
+}
+/**
+ * Generates a security policy for the given user prompt and trusted content.
+ */
+export declare function generatePolicy(userPrompt: string, trustedContent: string, config: Config): Promise<PolicyGenerationResult>;

package/dist/src/safety/conseca/policy-generator.js

@@ -0,0 +1,144 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { getResponseText } from '../../utils/partUtils.js';
+import { safeTemplateReplace } from '../../utils/textUtils.js';
+import { DEFAULT_GEMINI_FLASH_MODEL } from '../../config/models.js';
+import { debugLogger } from '../../utils/debugLogger.js';
+import { SafetyCheckDecision } from '../protocol.js';
+import { LlmRole } from '../../telemetry/index.js';
+const CONSECA_POLICY_GENERATION_PROMPT = `
+You are a security expert responsible for generating fine-grained security policies for a large language model integrated into a command-line tool. Your role is to act as a "policy generator" that creates temporary, context-specific rules based on a user's prompt and the tools available to the main LLM.
+
+Your primary goal is to enforce the principle of least privilege. The policies you create should be as restrictive as possible while still allowing the main LLM to complete the user's requested task.
+
+For each tool that is relevant to the user's prompt, you must generate a policy object.
+
+### Output Format
+You must return a JSON object with a "policies" key, which is an array of objects. Each object must have:
+- "tool_name": The name of the tool.
+- "policy": An object with:
+  - "permissions": "allow" | "deny" | "ask_user"
+  - "constraints": A detailed description of conditions (e.g. allowed files, arguments).
+  - "rationale": Explanation for the policy.
+
+Example JSON:
+\`\`\`json
+{
+  "policies": [
+    {
+      "tool_name": "read_file",
+      "policy": {
+        "permissions": "allow",
+        "constraints": "Only allow reading 'main.py'.",
+        "rationale": "User asked to read main.py"
+      }
+    },
+    {
+      "tool_name": "run_shell_command",
+      "policy": {
+        "permissions": "deny",
+        "constraints": "None",
+        "rationale": "Shell commands are not needed for this task"
+      }
+    }
+  ]
+}
+\`\`\`
+
+### Guiding Principles:
+1.  **Permissions:**
+    *   **allow:** Required tools for the task.
+    *   **deny:** Tools clearly outside the scope.
+    *   **ask_user:** Destructive actions or ambiguity.
+
+2.  **Constraints:**
+    *   Be specific! Restrict file paths, command arguments, etc.
+
+3.  **Rationale:**
+    *   Reference the user's prompt.
+
+User Prompt: "{{user_prompt}}"
+
+Trusted Tools (Context):
+{{trusted_content}}
+`;
+import { z } from 'zod';
+import { zodToJsonSchema } from 'zod-to-json-schema';
+const ToolPolicySchema = z.object({
+    permissions: z.nativeEnum(SafetyCheckDecision),
+    constraints: z.string(),
+    rationale: z.string(),
+});
+const SecurityPolicyResponseSchema = z.object({
+    policies: z.array(z.object({
+        tool_name: z.string(),
+        policy: ToolPolicySchema,
+    })),
+});
+/**
+ * Generates a security policy for the given user prompt and trusted content.
+ */
+export async function generatePolicy(userPrompt, trustedContent, config) {
+    const model = DEFAULT_GEMINI_FLASH_MODEL;
+    const contentGenerator = config.getContentGenerator();
+    if (!contentGenerator) {
+        return { policy: {}, error: 'Content generator not initialized' };
+    }
+    try {
+        const result = await contentGenerator.generateContent({
+            model,
+            config: {
+                responseMimeType: 'application/json',
+                responseSchema: zodToJsonSchema(SecurityPolicyResponseSchema, {
+                    target: 'openApi3',
+                }),
+            },
+            contents: [
+                {
+                    role: 'user',
+                    parts: [
+                        {
+                            text: safeTemplateReplace(CONSECA_POLICY_GENERATION_PROMPT, {
+                                user_prompt: userPrompt,
+                                trusted_content: trustedContent,
+                            }),
+                        },
+                    ],
+                },
+            ],
+        }, 'conseca-policy-generation', LlmRole.SUBAGENT);
+        const responseText = getResponseText(result);
+        debugLogger.debug(`[Conseca] Policy Generation Raw Response: ${responseText}`);
+        if (!responseText) {
+            return { policy: {}, error: 'Empty response from policy generator' };
+        }
+        try {
+            const parsed = SecurityPolicyResponseSchema.parse(JSON.parse(responseText));
+            const policiesList = parsed.policies;
+            const policy = {};
+            for (const item of policiesList) {
+                policy[item.tool_name] = item.policy;
+            }
+            debugLogger.debug(`[Conseca] Policy Generation Parsed:`, policy);
+            return { policy };
+        }
+        catch (parseError) {
+            debugLogger.debug(`[Conseca] Policy Generation JSON Parse Error:`, parseError);
+            return {
+                policy: {},
+                error: `JSON Parse Error: ${parseError instanceof Error ? parseError.message : String(parseError)}. Raw: ${responseText}`,
+            };
+        }
+    }
+    catch (error) {
+        debugLogger.error('Policy generation failed:', error);
+        return {
+            policy: {},
+            error: `Policy generation failed: ${error instanceof Error ? error.message : String(error)}`,
+        };
+    }
+}
+//# sourceMappingURL=policy-generator.js.map

package/dist/src/safety/conseca/policy-generator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-generator.js","sourceRoot":"","sources":["../../../../src/safety/conseca/policy-generator.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,EAAE,0BAA0B,EAAE,MAAM,wBAAwB,CAAC;AACpE,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAErD,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAEnD,MAAM,gCAAgC,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuDxC,CAAC;AAEF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErD,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,WAAW,EAAE,CAAC,CAAC,UAAU,CAAC,mBAAmB,CAAC;IAC9C,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;IACvB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAC;AAEH,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,QAAQ,EAAE,CAAC,CAAC,KAAK,CACf,CAAC,CAAC,MAAM,CAAC;QACP,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,MAAM,EAAE,gBAAgB;KACzB,CAAC,CACH;CACF,CAAC,CAAC;AAOH;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,UAAkB,EAClB,cAAsB,EACtB,MAAc;IAEd,MAAM,KAAK,GAAG,0BAA0B,CAAC;IACzC,MAAM,gBAAgB,GAAG,MAAM,CAAC,mBAAmB,EAAE,CAAC;IAEtD,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC;IACpE,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,eAAe,CACnD;YACE,KAAK;YACL,MAAM,EAAE;gBACN,gBAAgB,EAAE,kBAAkB;gBACpC,cAAc,EAAE,eAAe,CAAC,4BAA4B,EAAE;oBAC5D,MAAM,EAAE,UAAU;iBACnB,CAAC;aACH;YACD,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE;wBACL;4BACE,IAAI,EAAE,mBAAmB,CAAC,gCAAgC,EAAE;gCAC1D,WAAW,EAAE,UAAU;gCACvB,eAAe,EAAE,cAAc;6BAChC,CAAC;yBACH;qBACF;iBACF;aACF;SACF,EACD,2BAA2B,EAC3B,OAAO,CAAC,QAAQ,CACjB,CAAC;QAEF,MAAM,YAAY,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QAC7C,WAAW,CAAC,KAAK,CACf,6CAA6C,YAAY,EAAE,CAC5D,CAAC;QAEF,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAC;QACvE,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,4BAA4B,CAAC,KAAK,CAC/C,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CACzB,CAAC;YACF,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC;YACrC,MAAM,MAAM,GAAmB,EAAE,CAAC;YAClC,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC;YACvC,CAAC;YAED,WAAW,CAAC,KAAK,CAAC,qCAAqC,EAAE,MAAM,CAAC,CAAC;YACjE,OAAO,EAAE,MAAM,EAAE,CAAC;QACpB,CAAC;QAAC,OAAO,UAAU,EAAE,CAAC;YACpB,WAAW,CAAC,KAAK,CACf,+CAA+C,EAC/C,UAAU,CACX,CAAC;YACF,OAAO;gBACL,MAAM,EAAE,EAAE;gBACV,KAAK,EAAE,qBAAqB,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,YAAY,EAAE;aAC1H,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,WAAW,CAAC,KAAK,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;QACtD,OAAO;YACL,MAAM,EAAE,EAAE;YACV,KAAK,EAAE,6BAA6B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;SAC7F,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/src/safety/conseca/policy-generator.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export {};

package/dist/src/safety/conseca/policy-generator.test.js

@@ -0,0 +1,84 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { generatePolicy } from './policy-generator.js';
+import { SafetyCheckDecision } from '../protocol.js';
+import { LlmRole } from '../../telemetry/index.js';
+describe('policy_generator', () => {
+    let mockConfig;
+    let mockContentGenerator;
+    beforeEach(() => {
+        mockContentGenerator = {
+            generateContent: vi.fn(),
+        };
+        mockConfig = {
+            getContentGenerator: vi.fn().mockReturnValue(mockContentGenerator),
+        };
+    });
+    it('should return a policy object when content generator is available', async () => {
+        const mockPolicy = {
+            read_file: {
+                permissions: SafetyCheckDecision.ALLOW,
+                constraints: 'None',
+                rationale: 'Test',
+            },
+        };
+        mockContentGenerator.generateContent = vi.fn().mockResolvedValue({
+            candidates: [
+                {
+                    content: {
+                        parts: [
+                            {
+                                text: JSON.stringify({
+                                    policies: [
+                                        {
+                                            tool_name: 'read_file',
+                                            policy: mockPolicy.read_file,
+                                        },
+                                    ],
+                                }),
+                            },
+                        ],
+                    },
+                },
+            ],
+        });
+        const result = await generatePolicy('test prompt', 'trusted content', mockConfig);
+        expect(mockConfig.getContentGenerator).toHaveBeenCalled();
+        expect(mockContentGenerator.generateContent).toHaveBeenCalledWith(expect.objectContaining({
+            model: expect.any(String),
+            config: expect.objectContaining({
+                responseMimeType: 'application/json',
+                responseSchema: expect.any(Object),
+            }),
+            contents: expect.any(Array),
+        }), 'conseca-policy-generation', LlmRole.SUBAGENT);
+        expect(result.policy).toEqual(mockPolicy);
+        expect(result.error).toBeUndefined();
+    });
+    it('should handle missing content generator gracefully', async () => {
+        vi.mocked(mockConfig.getContentGenerator).mockReturnValue(undefined);
+        const result = await generatePolicy('test prompt', 'trusted content', mockConfig);
+        expect(result.policy).toEqual({});
+        expect(result.error).toBe('Content generator not initialized');
+    });
+    it('should prevent template injection (double interpolation)', async () => {
+        mockContentGenerator.generateContent = vi.fn().mockResolvedValue({});
+        const userPrompt = '{{trusted_content}}';
+        const trustedContent = 'SECRET_DATA';
+        await generatePolicy(userPrompt, trustedContent, mockConfig);
+        const generateContentCall = vi.mocked(mockContentGenerator.generateContent)
+            .mock.calls[0];
+        const request = generateContentCall[0];
+        const promptText = request.contents[0].parts[0].text;
+        // The user prompt should contain the literal placeholder, NOT the secret data
+        expect(promptText).toContain('User Prompt: "{{trusted_content}}"');
+        expect(promptText).not.toContain('User Prompt: "SECRET_DATA"');
+        // The trusted tools section SHOULD contain the secret data
+        expect(promptText).toContain('Trusted Tools (Context):\nSECRET_DATA');
+    });
+});
+//# sourceMappingURL=policy-generator.test.js.map

package/dist/src/safety/conseca/policy-generator.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-generator.test.js","sourceRoot":"","sources":["../../../../src/safety/conseca/policy-generator.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAGrD,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAEnD,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,IAAI,UAAkB,CAAC;IACvB,IAAI,oBAAsC,CAAC;IAE3C,UAAU,CAAC,GAAG,EAAE;QACd,oBAAoB,GAAG;YACrB,eAAe,EAAE,EAAE,CAAC,EAAE,EAAE;SACM,CAAC;QAEjC,UAAU,GAAG;YACX,mBAAmB,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,oBAAoB,CAAC;SAC9C,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,MAAM,UAAU,GAAG;YACjB,SAAS,EAAE;gBACT,WAAW,EAAE,mBAAmB,CAAC,KAAK;gBACtC,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,MAAM;aAClB;SACF,CAAC;QACF,oBAAoB,CAAC,eAAe,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;YAC/D,UAAU,EAAE;gBACV;oBACE,OAAO,EAAE;wBACP,KAAK,EAAE;4BACL;gCACE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oCACnB,QAAQ,EAAE;wCACR;4CACE,SAAS,EAAE,WAAW;4CACtB,MAAM,EAAE,UAAU,CAAC,SAAS;yCAC7B;qCACF;iCACF,CAAC;6BACH;yBACF;qBACF;iBACF;aACF;SACF,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,cAAc,CACjC,aAAa,EACb,iBAAiB,EACjB,UAAU,CACX,CAAC;QAEF,MAAM,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC,gBAAgB,EAAE,CAAC;QAC1D,MAAM,CAAC,oBAAoB,CAAC,eAAe,CAAC,CAAC,oBAAoB,CAC/D,MAAM,CAAC,gBAAgB,CAAC;YACtB,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;YACzB,MAAM,EAAE,MAAM,CAAC,gBAAgB,CAAC;gBAC9B,gBAAgB,EAAE,kBAAkB;gBACpC,cAAc,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;aACnC,CAAC;YACF,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC;SAC5B,CAAC,EACF,2BAA2B,EAC3B,OAAO,CAAC,QAAQ,CACjB,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,aAAa,EAAE,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC,eAAe,CACvD,SAAwC,CACzC,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,cAAc,CACjC,aAAa,EACb,iBAAiB,EACjB,UAAU,CACX,CAAC;QAEF,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;IACjE,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,oBAAoB,CAAC,eAAe,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QAErE,MAAM,UAAU,GAAG,qBAAqB,CAAC;QACzC,MAAM,cAAc,GAAG,aAAa,CAAC;QAErC,MAAM,cAAc,CAAC,UAAU,EAAE,cAAc,EAAE,UAAU,CAAC,CAAC;QAE7D,MAAM,mBAAmB,GAAG,EAAE,CAAC,MAAM,CAAC,oBAAoB,CAAC,eAAe,CAAC;aACxE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjB,MAAM,OAAO,GAAG,mBAAmB,CAAC,CAAC,CAEpC,CAAC;QACF,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAErD,8EAA8E;QAC9E,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,oCAAoC,CAAC,CAAC;QACnE,MAAM,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,4BAA4B,CAAC,CAAC;QAE/D,2DAA2D;QAC3D,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,uCAAuC,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/safety/conseca/types.d.ts

@@ -0,0 +1,15 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import type { SafetyCheckDecision } from '../protocol.js';
+export interface ToolPolicy {
+    permissions: SafetyCheckDecision;
+    constraints: string;
+    rationale: string;
+}
+/**
+ * A map of tool names to their specific security policies.
+ */
+export type SecurityPolicy = Record<string, ToolPolicy>;

package/dist/src/safety/conseca/types.js

@@ -0,0 +1,7 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/src/safety/conseca/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/safety/conseca/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}

package/dist/src/scheduler/scheduler_parallel.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export {};