mcp-rubber-duck 1.8.0 → 1.9.0

package/tests/guardrails/service.test.ts

@@ -0,0 +1,911 @@
+import { describe, it, expect, jest, beforeEach } from '@jest/globals';
+import {
+  GuardrailsService,
+  createGuardrailContext,
+  cloneContext,
+  GuardrailContext,
+  GuardrailPhase,
+  GuardrailResult,
+  GuardrailPlugin,
+} from '../../src/guardrails';
+
+// Mock logger to avoid console noise during tests
+jest.mock('../../src/utils/logger');
+
+describe('GuardrailsService', () => {
+  describe('initialization', () => {
+    it('should be disabled by default', async () => {
+      const service = new GuardrailsService();
+      await service.initialize();
+
+      expect(service.isEnabled()).toBe(false);
+    });
+
+    it('should be disabled when config.enabled is false', async () => {
+      const service = new GuardrailsService({ enabled: false });
+      await service.initialize();
+
+      expect(service.isEnabled()).toBe(false);
+    });
+
+    it('should have no plugins when disabled', async () => {
+      const service = new GuardrailsService({ enabled: false });
+      await service.initialize();
+
+      expect(service.getPlugins()).toHaveLength(0);
+    });
+  });
+
+  describe('context creation', () => {
+    it('should create context with defaults', () => {
+      const service = new GuardrailsService();
+      const context = service.createContext({});
+
+      expect(context.requestId).toBeDefined();
+      expect(context.provider).toBe('unknown');
+      expect(context.model).toBe('unknown');
+      expect(context.timestamp).toBeInstanceOf(Date);
+      expect(context.messages).toEqual([]);
+      expect(context.metadata).toBeInstanceOf(Map);
+      expect(context.violations).toEqual([]);
+      expect(context.modifications).toEqual([]);
+    });
+
+    it('should create context with provided values', () => {
+      const service = new GuardrailsService();
+      const context = service.createContext({
+        requestId: 'test-123',
+        provider: 'openai',
+        model: 'gpt-4',
+        prompt: 'Hello world',
+      });
+
+      expect(context.requestId).toBe('test-123');
+      expect(context.provider).toBe('openai');
+      expect(context.model).toBe('gpt-4');
+      expect(context.prompt).toBe('Hello world');
+    });
+  });
+
+  describe('execute', () => {
+    it('should allow requests when disabled', async () => {
+      const service = new GuardrailsService({ enabled: false });
+      await service.initialize();
+
+      const context = createGuardrailContext({ prompt: 'test' });
+      const result = await service.execute('pre_request', context);
+
+      expect(result.action).toBe('allow');
+    });
+
+    it('should allow requests when no plugins match phase', async () => {
+      const service = new GuardrailsService({ enabled: true });
+      await service.initialize();
+
+      const context = createGuardrailContext({ prompt: 'test' });
+      const result = await service.execute('pre_request', context);
+
+      expect(result.action).toBe('allow');
+    });
+  });
+
+  describe('shutdown', () => {
+    it('should disable service on shutdown', async () => {
+      const service = new GuardrailsService({ enabled: true });
+      await service.initialize();
+      await service.shutdown();
+
+      expect(service.isEnabled()).toBe(false);
+      expect(service.getPlugins()).toHaveLength(0);
+    });
+  });
+});
+
+describe('createGuardrailContext', () => {
+  it('should generate unique request IDs', () => {
+    const context1 = createGuardrailContext({});
+    const context2 = createGuardrailContext({});
+
+    expect(context1.requestId).not.toBe(context2.requestId);
+  });
+
+  it('should use provided request ID', () => {
+    const context = createGuardrailContext({ requestId: 'custom-id' });
+    expect(context.requestId).toBe('custom-id');
+  });
+
+  it('should initialize empty violations and modifications', () => {
+    const context = createGuardrailContext({});
+
+    expect(context.violations).toEqual([]);
+    expect(context.modifications).toEqual([]);
+  });
+
+  it('should initialize empty metadata map', () => {
+    const context = createGuardrailContext({});
+
+    expect(context.metadata).toBeInstanceOf(Map);
+    expect(context.metadata.size).toBe(0);
+  });
+});
+
+describe('cloneContext', () => {
+  let originalContext: GuardrailContext;
+
+  beforeEach(() => {
+    originalContext = createGuardrailContext({
+      requestId: 'test-id',
+      provider: 'openai',
+      model: 'gpt-4',
+      prompt: 'Hello',
+      messages: [{ role: 'user', content: 'Hello', timestamp: new Date() }],
+      toolArgs: { key: 'value' },
+    });
+    originalContext.metadata.set('testKey', 'testValue');
+    originalContext.violations.push({
+      pluginName: 'test',
+      phase: 'pre_request',
+      rule: 'test-rule',
+      severity: 'warning',
+      message: 'Test violation',
+    });
+    originalContext.modifications.push({
+      pluginName: 'test',
+      phase: 'pre_request',
+      field: 'prompt',
+      reason: 'Test modification',
+    });
+  });
+
+  it('should create a new object (not same reference)', () => {
+    const cloned = cloneContext(originalContext);
+
+    expect(cloned).not.toBe(originalContext);
+  });
+
+  it('should copy all primitive fields', () => {
+    const cloned = cloneContext(originalContext);
+
+    expect(cloned.requestId).toBe(originalContext.requestId);
+    expect(cloned.provider).toBe(originalContext.provider);
+    expect(cloned.model).toBe(originalContext.model);
+    expect(cloned.prompt).toBe(originalContext.prompt);
+  });
+
+  it('should deep copy messages array', () => {
+    const cloned = cloneContext(originalContext);
+
+    expect(cloned.messages).toEqual(originalContext.messages);
+    expect(cloned.messages).not.toBe(originalContext.messages);
+
+    // Modifying cloned messages should not affect original
+    cloned.messages.push({ role: 'assistant', content: 'Hi', timestamp: new Date() });
+    expect(originalContext.messages).toHaveLength(1);
+  });
+
+  it('should deep copy toolArgs object', () => {
+    const cloned = cloneContext(originalContext);
+
+    expect(cloned.toolArgs).toEqual(originalContext.toolArgs);
+    expect(cloned.toolArgs).not.toBe(originalContext.toolArgs);
+  });
+
+  it('should deep copy metadata Map', () => {
+    const cloned = cloneContext(originalContext);
+
+    expect(cloned.metadata.get('testKey')).toBe('testValue');
+    expect(cloned.metadata).not.toBe(originalContext.metadata);
+
+    // Modifying cloned metadata should not affect original
+    cloned.metadata.set('newKey', 'newValue');
+    expect(originalContext.metadata.has('newKey')).toBe(false);
+  });
+
+  it('should copy violations array', () => {
+    const cloned = cloneContext(originalContext);
+
+    expect(cloned.violations).toEqual(originalContext.violations);
+    expect(cloned.violations).not.toBe(originalContext.violations);
+  });
+
+  it('should copy modifications array', () => {
+    const cloned = cloneContext(originalContext);
+
+    expect(cloned.modifications).toEqual(originalContext.modifications);
+    expect(cloned.modifications).not.toBe(originalContext.modifications);
+  });
+
+  it('should handle undefined toolArgs', () => {
+    const contextWithoutToolArgs = createGuardrailContext({ prompt: 'test' });
+    const cloned = cloneContext(contextWithoutToolArgs);
+
+    expect(cloned.toolArgs).toBeUndefined();
+  });
+});
+
+describe('GuardrailsService with real plugins', () => {
+  describe('plugin loading', () => {
+    it('should load rate_limiter plugin from config', async () => {
+      const service = new GuardrailsService({
+        enabled: true,
+        plugins: {
+          rate_limiter: {
+            enabled: true,
+            requests_per_minute: 10,
+          },
+        },
+      });
+
+      await service.initialize();
+
+      expect(service.isEnabled()).toBe(true);
+      const plugins = service.getPlugins();
+      expect(plugins).toHaveLength(1);
+      expect(plugins[0].name).toBe('rate_limiter');
+    });
+
+    it('should load token_limiter plugin from config', async () => {
+      const service = new GuardrailsService({
+        enabled: true,
+        plugins: {
+          token_limiter: {
+            enabled: true,
+            max_input_tokens: 1000,
+          },
+        },
+      });
+
+      await service.initialize();
+
+      const plugins = service.getPlugins();
+      expect(plugins).toHaveLength(1);
+      expect(plugins[0].name).toBe('token_limiter');
+    });
+
+    it('should load pattern_blocker plugin from config', async () => {
+      const service = new GuardrailsService({
+        enabled: true,
+        plugins: {
+          pattern_blocker: {
+            enabled: true,
+            blocked_patterns: ['secret'],
+          },
+        },
+      });
+
+      await service.initialize();
+
+      const plugins = service.getPlugins();
+      expect(plugins).toHaveLength(1);
+      expect(plugins[0].name).toBe('pattern_blocker');
+    });
+
+    it('should load pii_redactor plugin from config', async () => {
+      const service = new GuardrailsService({
+        enabled: true,
+        plugins: {
+          pii_redactor: {
+            enabled: true,
+          },
+        },
+      });
+
+      await service.initialize();
+
+      const plugins = service.getPlugins();
+      expect(plugins).toHaveLength(1);
+      expect(plugins[0].name).toBe('pii_redactor');
+    });
+
+    it('should load multiple plugins and sort by priority', async () => {
+      const service = new GuardrailsService({
+        enabled: true,
+        plugins: {
+          rate_limiter: {
+            enabled: true,
+            priority: 30,
+          },
+          token_limiter: {
+            enabled: true,
+            priority: 10,
+          },
+          pattern_blocker: {
+            enabled: true,
+            priority: 20,
+          },
+        },
+      });
+
+      await service.initialize();
+
+      const plugins = service.getPlugins();
+      expect(plugins).toHaveLength(3);
+      // Should be sorted by priority
+      expect(plugins[0].name).toBe('token_limiter');
+      expect(plugins[1].name).toBe('pattern_blocker');
+      expect(plugins[2].name).toBe('rate_limiter');
+    });
+
+    it('should skip plugins that are disabled in config', async () => {
+      const service = new GuardrailsService({
+        enabled: true,
+        plugins: {
+          rate_limiter: {
+            enabled: true,
+          },
+          token_limiter: {
+            enabled: false,
+          },
+        },
+      });
+
+      await service.initialize();
+
+      const plugins = service.getPlugins();
+      expect(plugins).toHaveLength(1);
+      expect(plugins[0].name).toBe('rate_limiter');
+    });
+
+    it('should remain disabled if no plugins are enabled', async () => {
+      const service = new GuardrailsService({
+        enabled: true,
+        plugins: {
+          rate_limiter: {
+            enabled: false,
+          },
+        },
+      });
+
+      await service.initialize();
+
+      expect(service.isEnabled()).toBe(false);
+      expect(service.getPlugins()).toHaveLength(0);
+    });
+
+    it('should handle unknown plugin names gracefully', async () => {
+      // Access private method via type assertion to test error path
+      const service = new GuardrailsService({ enabled: true });
+
+      // The loadPlugin method throws for unknown plugins, but this is caught
+      // in loadPluginsFromConfig. We test indirectly by checking that unknown
+      // plugins in config don't crash initialization.
+      await service.initialize();
+      expect(service.isEnabled()).toBe(false);
+    });
+
+    it('should continue loading other plugins when one fails to initialize', async () => {
+      // We can't easily make a real plugin fail, but we can verify the error
+      // handling path exists by checking that valid plugins still load even
+      // when the config has issues
+      const service = new GuardrailsService({
+        enabled: true,
+        plugins: {
+          rate_limiter: {
+            enabled: true,
+          },
+          token_limiter: {
+            enabled: true,
+          },
+        },
+      });
+
+      await service.initialize();
+
+      // Both plugins should load successfully
+      expect(service.getPlugins()).toHaveLength(2);
+    });
+  });
+
+  describe('violation logging', () => {
+    it('should log violations when pattern blocker detects blocked content', async () => {
+      const service = new GuardrailsService({
+        enabled: true,
+        log_violations: true,
+        plugins: {
+          pattern_blocker: {
+            enabled: true,
+            blocked_patterns: ['forbidden'],
+            action_on_match: 'block',
+          },
+        },
+      });
+
+      await service.initialize();
+
+      const context = createGuardrailContext({ prompt: 'This contains forbidden content' });
+      const result = await service.execute('pre_request', context);
+
+      expect(result.action).toBe('block');
+      expect(result.context.violations.length).toBeGreaterThan(0);
+      expect(result.context.violations[0].pluginName).toBe('pattern_blocker');
+    });
+  });
+
+  describe('modification logging', () => {
+    it('should log modifications when pii_redactor redacts content', async () => {
+      const service = new GuardrailsService({
+        enabled: true,
+        log_modifications: true,
+        plugins: {
+          pii_redactor: {
+            enabled: true,
+            detect_emails: true,
+          },
+        },
+      });
+
+      await service.initialize();
+
+      const context = createGuardrailContext({ prompt: 'Contact me at test@example.com' });
+      const result = await service.execute('pre_request', context);
+
+      // Service returns 'modify' when content was modified
+      expect(result.action).toBe('modify');
+      expect(result.context.modifications.length).toBeGreaterThan(0);
+      expect(result.context.modifications[0].pluginName).toBe('pii_redactor');
+    });
+  });
+
+  describe('real plugin execution flow', () => {
+    it('should block request when rate limit exceeded', async () => {
+      const service = new GuardrailsService({
+        enabled: true,
+        plugins: {
+          rate_limiter: {
+            enabled: true,
+            requests_per_minute: 2,
+            burst_allowance: 0, // No bursting - strict limit
+          },
+        },
+      });
+
+      await service.initialize();
+
+      // First two requests should be allowed
+      const context1 = createGuardrailContext({ prompt: 'Request 1' });
+      const result1 = await service.execute('pre_request', context1);
+      expect(result1.action).toBe('allow');
+
+      const context2 = createGuardrailContext({ prompt: 'Request 2' });
+      const result2 = await service.execute('pre_request', context2);
+      expect(result2.action).toBe('allow');
+
+      // Third request should be blocked
+      const context3 = createGuardrailContext({ prompt: 'Request 3' });
+      const result3 = await service.execute('pre_request', context3);
+      expect(result3.action).toBe('block');
+    });
+
+    it('should block request when token limit exceeded', async () => {
+      const service = new GuardrailsService({
+        enabled: true,
+        plugins: {
+          token_limiter: {
+            enabled: true,
+            max_input_tokens: 10,
+          },
+        },
+      });
+
+      await service.initialize();
+
+      // Long prompt that exceeds token limit
+      const context = createGuardrailContext({
+        prompt: 'This is a very long prompt that should definitely exceed the token limit we set',
+      });
+      const result = await service.execute('pre_request', context);
+
+      expect(result.action).toBe('block');
+    });
+
+    it('should redact PII and allow request', async () => {
+      const service = new GuardrailsService({
+        enabled: true,
+        plugins: {
+          pii_redactor: {
+            enabled: true,
+            detect_emails: true,
+          },
+        },
+      });
+
+      await service.initialize();
+
+      const context = createGuardrailContext({
+        prompt: 'My email is user@domain.com',
+      });
+      const result = await service.execute('pre_request', context);
+
+      // Service returns 'modify' when content was modified
+      expect(result.action).toBe('modify');
+      expect(result.context.prompt).not.toContain('user@domain.com');
+      expect(result.context.prompt).toContain('[EMAIL_');
+      expect(result.context.modifications.length).toBeGreaterThan(0);
+    });
+
+    it('should run multiple plugins in order', async () => {
+      const service = new GuardrailsService({
+        enabled: true,
+        plugins: {
+          rate_limiter: {
+            enabled: true,
+            requests_per_minute: 100,
+            priority: 10,
+          },
+          pii_redactor: {
+            enabled: true,
+            detect_emails: true,
+            priority: 20,
+          },
+        },
+      });
+
+      await service.initialize();
+
+      const context = createGuardrailContext({
+        prompt: 'Contact: test@example.com',
+      });
+      const result = await service.execute('pre_request', context);
+
+      // Rate limiter runs first (priority 10), then PII redactor (priority 20)
+      // Service returns 'modify' when content was modified
+      expect(result.action).toBe('modify');
+      expect(result.context.prompt).not.toContain('test@example.com');
+      expect(result.context.modifications.length).toBeGreaterThan(0);
+    });
+  });
+});
+
+describe('GuardrailsService integration', () => {
+  // Helper to create a mock plugin
+  function createMockPlugin(
+    name: string,
+    phases: GuardrailPhase[],
+    executeFn: (phase: GuardrailPhase, context: GuardrailContext) => Promise<GuardrailResult>
+  ): GuardrailPlugin {
+    return {
+      name,
+      enabled: true,
+      priority: 50,
+      phases,
+      initialize: jest.fn<() => Promise<void>>().mockResolvedValue(undefined),
+      execute: jest.fn(executeFn),
+      shutdown: jest.fn<() => Promise<void>>().mockResolvedValue(undefined),
+    };
+  }
+
+  describe('plugin execution', () => {
+    it('should execute plugins in priority order', async () => {
+      const executionOrder: string[] = [];
+
+      const plugin1 = createMockPlugin('first', ['pre_request'], async (_phase, context) => {
+        executionOrder.push('first');
+        return { action: 'allow', context };
+      });
+      plugin1.priority = 10;
+
+      const plugin2 = createMockPlugin('second', ['pre_request'], async (_phase, context) => {
+        executionOrder.push('second');
+        return { action: 'allow', context };
+      });
+      plugin2.priority = 20;
+
+      const plugin3 = createMockPlugin('third', ['pre_request'], async (_phase, context) => {
+        executionOrder.push('third');
+        return { action: 'allow', context };
+      });
+      plugin3.priority = 5; // Lowest priority number = runs first
+
+      const service = new GuardrailsService({ enabled: true });
+      await service.initialize();
+
+      // Manually add plugins (simulating plugin loading)
+      (service as unknown as { plugins: GuardrailPlugin[] }).plugins = [plugin1, plugin2, plugin3];
+      (service as unknown as { plugins: GuardrailPlugin[] }).plugins.sort((a, b) => a.priority - b.priority);
+      (service as unknown as { enabled: boolean }).enabled = true;
+
+      const context = createGuardrailContext({ prompt: 'test' });
+      await service.execute('pre_request', context);
+
+      expect(executionOrder).toEqual(['third', 'first', 'second']);
+    });
+
+    it('should only execute plugins that handle the requested phase', async () => {
+      const executedPlugins: string[] = [];
+
+      const preRequestPlugin = createMockPlugin('pre_only', ['pre_request'], async (_phase, context) => {
+        executedPlugins.push('pre_only');
+        return { action: 'allow', context };
+      });
+
+      const postResponsePlugin = createMockPlugin('post_only', ['post_response'], async (_phase, context) => {
+        executedPlugins.push('post_only');
+        return { action: 'allow', context };
+      });
+
+      const service = new GuardrailsService({ enabled: true });
+      await service.initialize();
+
+      (service as unknown as { plugins: GuardrailPlugin[] }).plugins = [preRequestPlugin, postResponsePlugin];
+      (service as unknown as { enabled: boolean }).enabled = true;
+
+      const context = createGuardrailContext({ prompt: 'test' });
+      await service.execute('pre_request', context);
+
+      expect(executedPlugins).toEqual(['pre_only']);
+    });
+
+    it('should stop execution and return block when plugin blocks', async () => {
+      const executedPlugins: string[] = [];
+
+      const blockingPlugin = createMockPlugin('blocker', ['pre_request'], async (_phase, context) => {
+        executedPlugins.push('blocker');
+        return {
+          action: 'block',
+          context,
+          blockedBy: 'blocker',
+          blockReason: 'Content not allowed',
+        };
+      });
+
+      const afterPlugin = createMockPlugin('after', ['pre_request'], async (_phase, context) => {
+        executedPlugins.push('after');
+        return { action: 'allow', context };
+      });
+      afterPlugin.priority = 100;
+
+      const service = new GuardrailsService({ enabled: true });
+      await service.initialize();
+
+      (service as unknown as { plugins: GuardrailPlugin[] }).plugins = [blockingPlugin, afterPlugin];
+      (service as unknown as { enabled: boolean }).enabled = true;
+
+      const context = createGuardrailContext({ prompt: 'test' });
+      const result = await service.execute('pre_request', context);
+
+      expect(result.action).toBe('block');
+      expect(result.blockedBy).toBe('blocker');
+      expect(result.blockReason).toBe('Content not allowed');
+      expect(executedPlugins).toEqual(['blocker']); // 'after' should not run
+    });
+
+    it('should pass modified context to subsequent plugins', async () => {
+      const plugin1 = createMockPlugin('modifier', ['pre_request'], async (_phase, context) => {
+        context.prompt = 'modified prompt';
+        return { action: 'modify', context };
+      });
+
+      let receivedPrompt = '';
+      const plugin2 = createMockPlugin('receiver', ['pre_request'], async (_phase, context) => {
+        receivedPrompt = context.prompt || '';
+        return { action: 'allow', context };
+      });
+      plugin2.priority = 100;
+
+      const service = new GuardrailsService({ enabled: true });
+      await service.initialize();
+
+      (service as unknown as { plugins: GuardrailPlugin[] }).plugins = [plugin1, plugin2];
+      (service as unknown as { enabled: boolean }).enabled = true;
+
+      const context = createGuardrailContext({ prompt: 'original' });
+      await service.execute('pre_request', context);
+
+      expect(receivedPrompt).toBe('modified prompt');
+    });
+  });
+
+  describe('error handling', () => {
+    it('should block on plugin error when fail_open is false', async () => {
+      const errorPlugin = createMockPlugin('error_plugin', ['pre_request'], async () => {
+        throw new Error('Plugin crashed');
+      });
+
+      const service = new GuardrailsService({ enabled: true, fail_open: false });
+      await service.initialize();
+
+      (service as unknown as { plugins: GuardrailPlugin[] }).plugins = [errorPlugin];
+      (service as unknown as { enabled: boolean }).enabled = true;
+
+      const context = createGuardrailContext({ prompt: 'test' });
+      const result = await service.execute('pre_request', context);
+
+      expect(result.action).toBe('block');
+      expect(result.blockedBy).toBe('error_plugin');
+      expect(result.blockReason).toContain('Plugin error');
+    });
+
+    it('should continue on plugin error when fail_open is true', async () => {
+      const executedPlugins: string[] = [];
+
+      const errorPlugin = createMockPlugin('error_plugin', ['pre_request'], async () => {
+        executedPlugins.push('error_plugin');
+        throw new Error('Plugin crashed');
+      });
+
+      const afterPlugin = createMockPlugin('after', ['pre_request'], async (_phase, context) => {
+        executedPlugins.push('after');
+        return { action: 'allow', context };
+      });
+      afterPlugin.priority = 100;
+
+      const service = new GuardrailsService({ enabled: true, fail_open: true });
+      await service.initialize();
+
+      (service as unknown as { plugins: GuardrailPlugin[] }).plugins = [errorPlugin, afterPlugin];
+      (service as unknown as { enabled: boolean }).enabled = true;
+
+      const context = createGuardrailContext({ prompt: 'test' });
+      const result = await service.execute('pre_request', context);
+
+      expect(result.action).toBe('allow');
+      expect(executedPlugins).toEqual(['error_plugin', 'after']);
+    });
+
+    it('should handle non-Error thrown values', async () => {
+      const errorPlugin = createMockPlugin('string_error', ['pre_request'], async () => {
+        throw 'String error message';
+      });
+
+      const service = new GuardrailsService({ enabled: true, fail_open: false });
+      await service.initialize();
+
+      (service as unknown as { plugins: GuardrailPlugin[] }).plugins = [errorPlugin];
+      (service as unknown as { enabled: boolean }).enabled = true;
+
+      const context = createGuardrailContext({ prompt: 'test' });
+      const result = await service.execute('pre_request', context);
+
+      expect(result.action).toBe('block');
+      expect(result.blockReason).toContain('String error message');
+    });
+  });
+
+  describe('shutdown', () => {
+    it('should call shutdown on all plugins', async () => {
+      const plugin1 = createMockPlugin('plugin1', ['pre_request'], async (_phase, context) => {
+        return { action: 'allow', context };
+      });
+      const plugin2 = createMockPlugin('plugin2', ['pre_request'], async (_phase, context) => {
+        return { action: 'allow', context };
+      });
+
+      const service = new GuardrailsService({ enabled: true });
+      await service.initialize();
+
+      (service as unknown as { plugins: GuardrailPlugin[] }).plugins = [plugin1, plugin2];
+      (service as unknown as { enabled: boolean }).enabled = true;
+
+      await service.shutdown();
+
+      expect(plugin1.shutdown).toHaveBeenCalled();
+      expect(plugin2.shutdown).toHaveBeenCalled();
+    });
+
+    it('should handle plugin shutdown errors gracefully', async () => {
+      const errorPlugin = createMockPlugin('error_plugin', ['pre_request'], async (_phase, context) => {
+        return { action: 'allow', context };
+      });
+      (errorPlugin.shutdown as jest.MockedFunction<typeof errorPlugin.shutdown>).mockRejectedValue(
+        new Error('Shutdown failed')
+      );
+
+      const normalPlugin = createMockPlugin('normal', ['pre_request'], async (_phase, context) => {
+        return { action: 'allow', context };
+      });
+
+      const service = new GuardrailsService({ enabled: true });
+      await service.initialize();
+
+      (service as unknown as { plugins: GuardrailPlugin[] }).plugins = [errorPlugin, normalPlugin];
+      (service as unknown as { enabled: boolean }).enabled = true;
+
+      // Should not throw
+      await expect(service.shutdown()).resolves.toBeUndefined();
+
+      // Should still try to shutdown all plugins
+      expect(errorPlugin.shutdown).toHaveBeenCalled();
+      expect(normalPlugin.shutdown).toHaveBeenCalled();
+
+      // Service should be disabled after shutdown
+      expect(service.isEnabled()).toBe(false);
+    });
+
+    it('should clear plugins list after shutdown', async () => {
+      const plugin = createMockPlugin('plugin', ['pre_request'], async (_phase, context) => {
+        return { action: 'allow', context };
+      });
+
+      const service = new GuardrailsService({ enabled: true });
+      await service.initialize();
+
+      (service as unknown as { plugins: GuardrailPlugin[] }).plugins = [plugin];
+      (service as unknown as { enabled: boolean }).enabled = true;
+
+      await service.shutdown();
+
+      expect(service.getPlugins()).toHaveLength(0);
+    });
+  });
+
+  describe('disabled plugins', () => {
+    it('should skip disabled plugins', async () => {
+      const executedPlugins: string[] = [];
+
+      const enabledPlugin = createMockPlugin('enabled', ['pre_request'], async (_phase, context) => {
+        executedPlugins.push('enabled');
+        return { action: 'allow', context };
+      });
+
+      const disabledPlugin = createMockPlugin('disabled', ['pre_request'], async (_phase, context) => {
+        executedPlugins.push('disabled');
+        return { action: 'allow', context };
+      });
+      disabledPlugin.enabled = false;
+
+      const service = new GuardrailsService({ enabled: true });
+      await service.initialize();
+
+      (service as unknown as { plugins: GuardrailPlugin[] }).plugins = [enabledPlugin, disabledPlugin];
+      (service as unknown as { enabled: boolean }).enabled = true;
+
+      const context = createGuardrailContext({ prompt: 'test' });
+      await service.execute('pre_request', context);
+
+      expect(executedPlugins).toEqual(['enabled']);
+    });
+  });
+
+  describe('error handling edge cases', () => {
+    it('should throw error for unknown plugin name', async () => {
+      const service = new GuardrailsService({
+        enabled: true,
+        plugins: {
+          unknown_plugin: { enabled: true },
+        },
+      });
+
+      // The service logs error but doesn't throw during initialize
+      await service.initialize();
+
+      // Plugin should not be loaded
+      expect(service.getPlugins()).toHaveLength(0);
+    });
+
+    it('should handle plugin initialization failure gracefully', async () => {
+      // Create a service with a valid plugin name but cause initialization to fail
+      const service = new GuardrailsService({
+        enabled: true,
+        plugins: {
+          // rate_limiter with invalid config that will cause internal errors
+          rate_limiter: {
+            enabled: true,
+            // These are all valid, but let's test that a broken plugin doesn't crash the service
+          },
+        },
+      });
+
+      // Should not throw
+      await service.initialize();
+
+      // Plugin should be loaded (if config is valid)
+      expect(service.getPlugins().length).toBeGreaterThanOrEqual(0);
+    });
+
+    it('should continue loading other plugins when one fails', async () => {
+      const service = new GuardrailsService({
+        enabled: true,
+        plugins: {
+          unknown_plugin: { enabled: true }, // This will fail
+          rate_limiter: { enabled: true },   // This should succeed
+        },
+      });
+
+      await service.initialize();
+
+      // Only rate_limiter should be loaded
+      expect(service.getPlugins()).toHaveLength(1);
+      expect(service.getPlugins()[0].name).toBe('rate_limiter');
+    });
+  });
+});