promptfoo 0.119.13 → 0.119.14

package/dist/src/providers/bedrock/index.d.ts

@@ -1,24 +1,8 @@
-import type { BedrockRuntime, Trace } from '@aws-sdk/client-bedrock-runtime';
-import type { AwsCredentialIdentity, AwsCredentialIdentityProvider } from '@aws-sdk/types';
-import type { EnvOverrides } from '../../types/env';
+import { AwsBedrockGenericProvider, type BedrockOptions } from './base';
 import type { ApiEmbeddingProvider, ApiProvider, CallApiContextParams, ProviderEmbeddingResponse, ProviderResponse } from '../../types/providers';
 import type { TokenUsage } from '../../types/shared';
 export declare const coerceStrToNum: (value: string | number | undefined) => number | undefined;
 export type BedrockModelFamily = 'claude' | 'nova' | 'llama' | 'llama2' | 'llama3' | 'llama3.1' | 'llama3_1' | 'llama3.2' | 'llama3_2' | 'llama3.3' | 'llama3_3' | 'llama4' | 'mistral' | 'cohere' | 'ai21' | 'titan' | 'deepseek' | 'openai' | 'qwen';
-interface BedrockOptions {
-    accessKeyId?: string;
-    apiKey?: string;
-    profile?: string;
-    region?: string;
-    secretAccessKey?: string;
-    sessionToken?: string;
-    guardrailIdentifier?: string;
-    guardrailVersion?: string;
-    trace?: Trace;
-    showThinking?: boolean;
-    endpoint?: string;
-    inferenceModelType?: BedrockModelFamily;
-}
 export interface TextGenerationOptions {
     maxTokenCount?: number;
     stopSequences?: Array<string>;
@@ -460,23 +444,6 @@ export declare const BEDROCK_MODEL: {
     };
 };
 export declare const AWS_BEDROCK_MODELS: Record<string, IBedrockModel>;
-export declare abstract class AwsBedrockGenericProvider {
-    modelName: string;
-    env?: EnvOverrides;
-    bedrock?: BedrockRuntime;
-    config: BedrockOptions;
-    constructor(modelName: string, options?: {
-        config?: BedrockOptions;
-        id?: string;
-        env?: EnvOverrides;
-    });
-    id(): string;
-    toString(): string;
-    protected getApiKey(): string | undefined;
-    getCredentials(): Promise<AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined>;
-    getBedrockInstance(): Promise<BedrockRuntime>;
-    getRegion(): string;
-}
 export declare class AwsBedrockCompletionProvider extends AwsBedrockGenericProvider implements ApiProvider {
     static AWS_BEDROCK_COMPLETION_MODELS: string[];
     callApi(prompt: string, context?: CallApiContextParams): Promise<ProviderResponse>;

package/dist/src/providers/bedrock/index.js

@@ -1,42 +1,9 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.AwsBedrockEmbeddingProvider = exports.AwsBedrockCompletionProvider = exports.AwsBedrockGenericProvider = exports.AWS_BEDROCK_MODELS = exports.BEDROCK_MODEL = exports.getLlamaModelHandler = exports.formatPromptLlama4 = exports.formatPromptLlama3Instruct = exports.formatPromptLlama2Chat = exports.LlamaVersion = exports.coerceStrToNum = void 0;
+exports.AwsBedrockEmbeddingProvider = exports.AwsBedrockCompletionProvider = exports.AWS_BEDROCK_MODELS = exports.BEDROCK_MODEL = exports.getLlamaModelHandler = exports.formatPromptLlama4 = exports.formatPromptLlama3Instruct = exports.formatPromptLlama2Chat = exports.LlamaVersion = exports.coerceStrToNum = void 0;
 exports.parseValue = parseValue;
 exports.addConfigParam = addConfigParam;
 const sdk_1 = __importDefault(require("@anthropic-ai/sdk"));
@@ -44,11 +11,11 @@ const dedent_1 = __importDefault(require("dedent"));
 const cache_1 = require("../../cache");
 const envars_1 = require("../../envars");
 const logger_1 = __importDefault(require("../../logger"));
-const telemetry_1 = __importDefault(require("../../telemetry"));
 const index_1 = require("../../util/index");
 const tokenUsageUtils_1 = require("../../util/tokenUsageUtils");
 const util_1 = require("../anthropic/util");
 const shared_1 = require("../shared");
+const base_1 = require("./base");
 const util_2 = require("./util");
 // Utility function to coerce string values to numbers
 const coerceStrToNum = (value) => value === undefined ? undefined : typeof value === 'string' ? Number(value) : value;
@@ -1072,129 +1039,7 @@ function getHandlerForModel(modelName, config) {
     }
     throw new Error(`Unknown Amazon Bedrock model: ${modelName}`);
 }
-class AwsBedrockGenericProvider {
-    constructor(modelName, options = {}) {
-        const { config, id, env } = options;
-        this.env = env;
-        this.modelName = modelName;
-        this.config = config || {};
-        this.id = id ? () => id : this.id;
-        if (this.config.guardrailIdentifier) {
-            telemetry_1.default.record('feature_used', {
-                feature: 'guardrail',
-                provider: 'bedrock',
-            });
-        }
-    }
-    id() {
-        return `bedrock:${this.modelName}`;
-    }
-    toString() {
-        return `[Amazon Bedrock Provider ${this.modelName}]`;
-    }
-    getApiKey() {
-        return this.config.apiKey || (0, envars_1.getEnvString)('AWS_BEARER_TOKEN_BEDROCK');
-    }
-    async getCredentials() {
-        // 1. Explicit credentials have ABSOLUTE highest priority (as documented)
-        if (this.config.accessKeyId && this.config.secretAccessKey) {
-            logger_1.default.debug(`Using credentials from config file`);
-            return {
-                accessKeyId: this.config.accessKeyId,
-                secretAccessKey: this.config.secretAccessKey,
-                sessionToken: this.config.sessionToken,
-            };
-        }
-        // 2. API key authentication as second priority
-        const apiKey = this.getApiKey();
-        if (apiKey) {
-            logger_1.default.debug(`Using Bedrock API key authentication`);
-            // For Bedrock API keys, we don't need traditional AWS credentials
-            // The API key will be handled in the request headers
-            return undefined;
-        }
-        // 3. SSO profile as third priority
-        if (this.config.profile) {
-            logger_1.default.debug(`Using SSO profile: ${this.config.profile}`);
-            try {
-                const { fromSSO } = await Promise.resolve().then(() => __importStar(require('@aws-sdk/credential-provider-sso')));
-                return fromSSO({ profile: this.config.profile });
-            }
-            catch (err) {
-                logger_1.default.error(`Error loading @aws-sdk/credential-provider-sso: ${err}`);
-                throw new Error('The @aws-sdk/credential-provider-sso package is required for SSO profiles. Please install it: npm install @aws-sdk/credential-provider-sso');
-            }
-        }
-        // 4. AWS default credential chain (lowest priority)
-        logger_1.default.debug(`No explicit credentials in config, falling back to AWS default chain`);
-        return undefined;
-    }
-    async getBedrockInstance() {
-        if (!this.bedrock) {
-            let handler;
-            const apiKey = this.getApiKey();
-            // Create request handler for proxy or API key scenarios
-            if ((0, envars_1.getEnvString)('HTTP_PROXY') || (0, envars_1.getEnvString)('HTTPS_PROXY') || apiKey) {
-                try {
-                    const { NodeHttpHandler } = await Promise.resolve().then(() => __importStar(require('@smithy/node-http-handler')));
-                    const { ProxyAgent } = await Promise.resolve().then(() => __importStar(require('proxy-agent')));
-                    // Create handler with proxy support if needed
-                    const proxyAgent = (0, envars_1.getEnvString)('HTTP_PROXY') || (0, envars_1.getEnvString)('HTTPS_PROXY')
-                        ? new ProxyAgent()
-                        : undefined;
-                    handler = new NodeHttpHandler({
-                        ...(proxyAgent ? { httpsAgent: proxyAgent } : {}),
-                        requestTimeout: 300000, // 5 minutes
-                    });
-                    // Add Bearer token middleware for API key authentication
-                    if (apiKey) {
-                        const originalHandle = handler.handle.bind(handler);
-                        handler.handle = async (request, options) => {
-                            // Add Authorization header with Bearer token
-                            request.headers = {
-                                ...request.headers,
-                                Authorization: `Bearer ${apiKey}`,
-                            };
-                            return originalHandle(request, options);
-                        };
-                    }
-                }
-                catch {
-                    const reason = apiKey
-                        ? 'API key authentication requires the @smithy/node-http-handler package'
-                        : 'Proxy configuration requires the @smithy/node-http-handler package';
-                    throw new Error(`${reason}. Please install it in your project or globally.`);
-                }
-            }
-            try {
-                const { BedrockRuntime } = await Promise.resolve().then(() => __importStar(require('@aws-sdk/client-bedrock-runtime')));
-                const credentials = await this.getCredentials();
-                const bedrock = new BedrockRuntime({
-                    region: this.getRegion(),
-                    maxAttempts: (0, envars_1.getEnvInt)('AWS_BEDROCK_MAX_RETRIES', 10),
-                    retryMode: 'adaptive',
-                    ...(credentials ? { credentials } : {}),
-                    ...(handler ? { requestHandler: handler } : {}),
-                    ...(this.config.endpoint ? { endpoint: this.config.endpoint } : {}),
-                });
-                this.bedrock = bedrock;
-            }
-            catch (err) {
-                logger_1.default.error(`Error creating BedrockRuntime: ${err}`);
-                throw new Error('The @aws-sdk/client-bedrock-runtime package is required as a peer dependency. Please install it in your project or globally.');
-            }
-        }
-        return this.bedrock;
-    }
-    getRegion() {
-        return (this.config?.region ||
-            this.env?.AWS_BEDROCK_REGION ||
-            (0, envars_1.getEnvString)('AWS_BEDROCK_REGION') ||
-            'us-east-1');
-    }
-}
-exports.AwsBedrockGenericProvider = AwsBedrockGenericProvider;
-class AwsBedrockCompletionProvider extends AwsBedrockGenericProvider {
+class AwsBedrockCompletionProvider extends base_1.AwsBedrockGenericProvider {
     async callApi(prompt, context) {
         let stop;
         try {
@@ -1331,7 +1176,7 @@ class AwsBedrockCompletionProvider extends AwsBedrockGenericProvider {
 }
 exports.AwsBedrockCompletionProvider = AwsBedrockCompletionProvider;
 AwsBedrockCompletionProvider.AWS_BEDROCK_COMPLETION_MODELS = Object.keys(exports.AWS_BEDROCK_MODELS);
-class AwsBedrockEmbeddingProvider extends AwsBedrockGenericProvider {
+class AwsBedrockEmbeddingProvider extends base_1.AwsBedrockGenericProvider {
     async callApi() {
         throw new Error('callApi is not implemented for embedding provider');
     }

package/dist/src/providers/bedrock/knowledgeBase.d.ts

@@ -1,4 +1,4 @@
-import { AwsBedrockGenericProvider } from './index';
+import { AwsBedrockGenericProvider } from './base';
 import type { BedrockAgentRuntimeClient } from '@aws-sdk/client-bedrock-agent-runtime';
 import type { EnvOverrides } from '../../types/env';
 import type { ApiProvider, ProviderResponse } from '../../types/providers';

package/dist/src/providers/bedrock/knowledgeBase.js

@@ -42,12 +42,12 @@ const envars_1 = require("../../envars");
 const logger_1 = __importDefault(require("../../logger"));
 const telemetry_1 = __importDefault(require("../../telemetry"));
 const tokenUsageUtils_1 = require("../../util/tokenUsageUtils");
-const index_1 = require("./index");
+const base_1 = require("./base");
 /**
  * AWS Bedrock Knowledge Base provider for RAG (Retrieval Augmented Generation).
  * Allows querying an existing AWS Bedrock Knowledge Base with text queries.
  */
-class AwsBedrockKnowledgeBaseProvider extends index_1.AwsBedrockGenericProvider {
+class AwsBedrockKnowledgeBaseProvider extends base_1.AwsBedrockGenericProvider {
     constructor(modelName, options = {}) {
         super(modelName, options);
         // Ensure we have a knowledgeBaseId

package/dist/src/providers/bedrock/nova-sonic.d.ts

@@ -1,4 +1,5 @@
-import { AwsBedrockGenericProvider, type BedrockAmazonNovaSonicGenerationOptions } from '.';
+import { AwsBedrockGenericProvider } from './base';
+import type { BedrockAmazonNovaSonicGenerationOptions } from '.';
 import type { ApiProvider, CallApiContextParams, ProviderOptions, ProviderResponse } from '../../types/providers';
 export declare class NovaSonicProvider extends AwsBedrockGenericProvider implements ApiProvider {
     private sessions;

package/dist/src/providers/bedrock/nova-sonic.js

@@ -43,7 +43,7 @@ const rxjs_1 = require("rxjs");
 const operators_1 = require("rxjs/operators");
 const logger_1 = __importDefault(require("../../logger"));
 const tokenUsageUtils_1 = require("../../util/tokenUsageUtils");
-const _1 = require(".");
+const base_1 = require("./base");
 const DEFAULT_CONFIG = {
     inference: {
         maxTokens: 1024,
@@ -73,7 +73,7 @@ const DEFAULT_CONFIG = {
         mediaType: 'text/plain',
     },
 };
-class NovaSonicProvider extends _1.AwsBedrockGenericProvider {
+class NovaSonicProvider extends base_1.AwsBedrockGenericProvider {
     constructor(modelName = 'amazon.nova-sonic-v1:0', options = {}) {
         super(modelName, options);
         this.sessions = new Map();

package/dist/src/providers/claude-agent-sdk.d.ts

@@ -1,5 +1,5 @@
 import { MCPConfig } from './mcp/types';
-import type { SettingSource } from '@anthropic-ai/claude-agent-sdk';
+import type { AgentDefinition, HookCallbackMatcher, HookEvent, OutputFormat, SettingSource } from '@anthropic-ai/claude-agent-sdk';
 import type { ApiProvider, CallApiContextParams, CallApiOptionsParams, ProviderResponse } from '../types/index';
 import type { EnvOverrides } from '../types/env';
 /**
@@ -62,6 +62,63 @@ export interface ClaudeCodeOptions {
      * if not supplied, it won't look for any settings, CLAUDE.md, or slash commands
      */
     setting_sources?: SettingSource[];
+    /**
+     * 'plugins' allows loading Claude Code plugins from local file system paths
+     * Each plugin must be a directory containing .claude-plugin/plugin.json manifest
+     */
+    plugins?: Array<{
+        type: 'local';
+        path: string;
+    }>;
+    /**
+     * Maximum budget in USD for this session. When exceeded, the SDK will stop with error_max_budget_usd.
+     * Useful for cost control in automated evaluations.
+     */
+    max_budget_usd?: number;
+    /**
+     * Additional directories the agent can access beyond the working directory.
+     * Useful when the agent needs to read files from multiple locations.
+     */
+    additional_directories?: string[];
+    /**
+     * Session ID to resume a previous conversation. The agent will continue from where it left off.
+     * Use with 'fork_session' to branch instead of continuing the same session.
+     */
+    resume?: string;
+    /**
+     * When true and 'resume' is set, creates a new session branching from the resumed point
+     * instead of continuing the original session.
+     */
+    fork_session?: boolean;
+    /**
+     * When resuming, only restore messages up to this message UUID.
+     * Allows resuming from a specific point in the conversation history.
+     */
+    resume_session_at?: string;
+    /**
+     * When true, continues from the previous conversation without requiring a resume session ID.
+     */
+    continue?: boolean;
+    /**
+     * Programmatic agent definitions. Allows defining custom subagents inline without filesystem dependencies.
+     * Keys are agent names, values are agent definitions with description, tools, and prompt.
+     */
+    agents?: Record<string, AgentDefinition>;
+    /**
+     * Output format specification for structured outputs.
+     * When set, the agent will return validated JSON matching the provided schema.
+     */
+    output_format?: OutputFormat;
+    /**
+     * Hooks for intercepting events during agent execution.
+     * Allows custom logic at various points like PreToolUse, PostToolUse, etc.
+     */
+    hooks?: Partial<Record<HookEvent, HookCallbackMatcher[]>>;
+    /**
+     * When true, includes partial/streaming messages in the response.
+     * Useful for debugging or when you need to see intermediate outputs.
+     */
+    include_partial_messages?: boolean;
 }
 export declare class ClaudeCodeSDKProvider implements ApiProvider {
     static ANTHROPIC_MODELS: {

package/dist/src/providers/claude-agent-sdk.js

@@ -180,6 +180,17 @@ class ClaudeCodeSDKProvider {
             maxThinkingTokens: config.max_thinking_tokens,
             allowedTools,
             disallowedTools,
+            plugins: config.plugins,
+            maxBudgetUsd: config.max_budget_usd,
+            additionalDirectories: config.additional_directories,
+            resume: config.resume,
+            forkSession: config.fork_session,
+            resumeSessionAt: config.resume_session_at,
+            continue: config.continue,
+            agents: config.agents,
+            outputFormat: config.output_format,
+            hooks: config.hooks,
+            includePartialMessages: config.include_partial_messages,
             env,
         };
         let shouldCache = (0, cache_1.isCacheEnabled)();
@@ -295,13 +306,23 @@ class ClaudeCodeSDKProvider {
                     const sessionId = msg.session_id;
                     if (msg.subtype == 'success') {
                         logger_1.default.debug(`Claude Agent SDK response: ${raw}`);
+                        // When structured output is enabled and available, use it as the output
+                        // Otherwise fall back to the text result
+                        const output = msg.structured_output !== undefined ? msg.structured_output : msg.result;
                         const response = {
-                            output: msg.result,
+                            output,
                             tokenUsage,
                             cost,
                             raw,
                             sessionId,
                         };
+                        // Include structured output in metadata if available
+                        if (msg.structured_output !== undefined) {
+                            response.metadata = {
+                                ...response.metadata,
+                                structuredOutput: msg.structured_output,
+                            };
+                        }
                         if (shouldWriteCache && cache && cacheKey) {
                             try {
                                 await cache.set(cacheKey, JSON.stringify(response));

package/dist/src/providers/defaults.js

@@ -84,6 +84,7 @@ async function getDefaultProviders(env) {
             moderationProvider: defaults_4.DefaultModerationProvider,
             suggestionsProvider: azureProvider,
             synthesizeProvider: azureProvider,
+            // Azure doesn't have web search by default
         };
     }
     else if (preferAnthropic) {
@@ -97,6 +98,7 @@ async function getDefaultProviders(env) {
             moderationProvider: defaults_4.DefaultModerationProvider,
             suggestionsProvider: anthropicProviders.suggestionsProvider,
             synthesizeProvider: anthropicProviders.synthesizeProvider,
+            webSearchProvider: anthropicProviders.webSearchProvider,
         };
     }
     else if (!hasOpenAiCredentials && !hasAnthropicCredentials && hasGoogleAiStudioCredentials) {
@@ -138,6 +140,7 @@ async function getDefaultProviders(env) {
             moderationProvider: defaults_4.DefaultModerationProvider,
             suggestionsProvider: defaults_2.DefaultSuggestionsProvider,
             synthesizeProvider: defaults_2.DefaultSynthesizeProvider,
+            // Mistral doesn't have web search
         };
     }
     else if (!hasOpenAiCredentials &&
@@ -165,6 +168,7 @@ async function getDefaultProviders(env) {
             moderationProvider: defaults_4.DefaultModerationProvider,
             suggestionsProvider: defaults_4.DefaultSuggestionsProvider,
             synthesizeProvider: defaults_4.DefaultGradingJsonProvider,
+            webSearchProvider: defaults_4.DefaultWebSearchProvider,
         };
     }
     // If Azure Content Safety endpoint is available, use it for moderation

package/dist/src/providers/github/defaults.js

@@ -8,28 +8,28 @@ const githubConfig = {
     apiBaseUrl: 'https://models.github.ai',
     apiKeyEnvar: 'GITHUB_TOKEN',
 };
-exports.DefaultGitHubGradingProvider = new chat_1.OpenAiChatCompletionProvider('openai/gpt-4.1', {
+exports.DefaultGitHubGradingProvider = new chat_1.OpenAiChatCompletionProvider('openai/gpt-5', {
     config: githubConfig,
 });
-exports.DefaultGitHubGradingJsonProvider = new chat_1.OpenAiChatCompletionProvider('openai/gpt-4.1', {
+exports.DefaultGitHubGradingJsonProvider = new chat_1.OpenAiChatCompletionProvider('openai/gpt-5', {
     config: {
         ...githubConfig,
         response_format: { type: 'json_object' },
     },
 });
-exports.DefaultGitHubSuggestionsProvider = new chat_1.OpenAiChatCompletionProvider('openai/gpt-4.1', {
+exports.DefaultGitHubSuggestionsProvider = new chat_1.OpenAiChatCompletionProvider('openai/gpt-5', {
     config: githubConfig,
 });
 // Fast model for quick evaluations
-exports.DefaultGitHubFastProvider = new chat_1.OpenAiChatCompletionProvider('openai/gpt-4.1-nano', {
+exports.DefaultGitHubFastProvider = new chat_1.OpenAiChatCompletionProvider('openai/gpt-5-nano', {
     config: githubConfig,
 });
 // Balanced model for general use
-exports.DefaultGitHubBalancedProvider = new chat_1.OpenAiChatCompletionProvider('openai/gpt-4.1-mini', {
+exports.DefaultGitHubBalancedProvider = new chat_1.OpenAiChatCompletionProvider('openai/gpt-5-mini', {
     config: githubConfig,
 });
 // Reasoning model for complex evaluations
-exports.DefaultGitHubReasoningProvider = new chat_1.OpenAiChatCompletionProvider('openai/o3-mini', {
+exports.DefaultGitHubReasoningProvider = new chat_1.OpenAiChatCompletionProvider('openai/o4-mini', {
     config: githubConfig,
 });
 //# sourceMappingURL=defaults.js.map

package/dist/src/providers/google/types.d.ts

@@ -1,4 +1,23 @@
 import type { MCPConfig } from '../mcp/types';
+/**
+ * Model Armor configuration for Vertex AI integration.
+ * Model Armor screens prompts and responses for safety, security, and compliance.
+ * @see https://cloud.google.com/security-command-center/docs/model-armor-vertex-integration
+ */
+export interface ModelArmorConfig {
+    /**
+     * Full resource path to the Model Armor template for screening prompts.
+     * Format: projects/{project}/locations/{location}/templates/{template_id}
+     * @example "projects/my-project/locations/us-central1/templates/strict-safety"
+     */
+    promptTemplate?: string;
+    /**
+     * Full resource path to the Model Armor template for screening responses.
+     * Format: projects/{project}/locations/{location}/templates/{template_id}
+     * @example "projects/my-project/locations/us-central1/templates/strict-safety"
+     */
+    responseTemplate?: string;
+}
 interface Blob {
     mimeType: string;
     data: string;
@@ -182,6 +201,12 @@ export interface CompletionOptions {
      * If false (default), maps 'assistant' to 'model' (for newer Gemini versions).
      */
     useAssistantRole?: boolean;
+    /**
+     * Model Armor configuration for screening prompts and responses.
+     * Only applicable for Vertex AI provider.
+     * @see https://cloud.google.com/security-command-center/docs/model-armor-vertex-integration
+     */
+    modelArmor?: ModelArmorConfig;
 }
 interface ClaudeMessage {
     role: string;

package/dist/src/providers/google/util.d.ts

@@ -37,6 +37,8 @@ export interface GeminiResponseData {
             probability: string;
         }>;
         blockReason: any;
+        /** Message explaining why content was blocked (e.g., by Model Armor) */
+        blockReasonMessage?: string;
     };
 }
 interface GeminiPromptFeedback {

package/dist/src/providers/google/vertex.js

@@ -245,6 +245,19 @@ class VertexChatProvider extends VertexGenericProvider {
             ...(config.toolConfig ? { toolConfig: config.toolConfig } : {}),
             ...(allTools.length > 0 ? { tools: allTools } : {}),
             ...(systemInstruction ? { systemInstruction } : {}),
+            // Model Armor integration: inject template configuration for prompt/response screening
+            // See: https://cloud.google.com/security-command-center/docs/model-armor-vertex-integration
+            ...(config.modelArmor &&
+                (config.modelArmor.promptTemplate || config.modelArmor.responseTemplate) && {
+                model_armor_config: {
+                    ...(config.modelArmor.promptTemplate && {
+                        prompt_template_name: config.modelArmor.promptTemplate,
+                    }),
+                    ...(config.modelArmor.responseTemplate && {
+                        response_template_name: config.modelArmor.responseTemplate,
+                    }),
+                },
+            }),
         };
         if (config.responseSchema) {
             if (body.generationConfig.response_schema) {
@@ -326,20 +339,77 @@ class VertexChatProvider extends VertexGenericProvider {
                 const dataWithResponse = data;
                 let output;
                 for (const datum of dataWithResponse) {
+                    // Check for blockReason first (before getCandidate) since blocked responses have no candidates
+                    if (datum.promptFeedback?.blockReason) {
+                        // Handle Model Armor blocks with detailed guardrails information
+                        const isModelArmor = datum.promptFeedback.blockReason === 'MODEL_ARMOR';
+                        const blockReasonMessage = datum.promptFeedback.blockReasonMessage ||
+                            `Content was blocked due to ${isModelArmor ? 'Model Armor' : 'safety settings'}: ${datum.promptFeedback.blockReason}`;
+                        const tokenUsage = {
+                            total: datum.usageMetadata?.totalTokenCount || 0,
+                            prompt: datum.usageMetadata?.promptTokenCount || 0,
+                            completion: datum.usageMetadata?.candidatesTokenCount || 0,
+                        };
+                        // Build guardrails response with Model Armor details
+                        const guardrails = {
+                            flagged: true,
+                            flaggedInput: true,
+                            flaggedOutput: false,
+                            reason: blockReasonMessage,
+                        };
+                        if (cliState_1.default.config?.redteam) {
+                            // Refusals are not errors during redteams, they're actually successes.
+                            return {
+                                output: blockReasonMessage,
+                                tokenUsage,
+                                guardrails,
+                                metadata: {
+                                    modelArmor: isModelArmor
+                                        ? {
+                                            blockReason: datum.promptFeedback.blockReason,
+                                            ...(datum.promptFeedback.blockReasonMessage && {
+                                                blockReasonMessage: datum.promptFeedback.blockReasonMessage,
+                                            }),
+                                        }
+                                        : undefined,
+                                },
+                            };
+                        }
+                        return {
+                            error: blockReasonMessage,
+                            guardrails,
+                            metadata: {
+                                modelArmor: isModelArmor
+                                    ? {
+                                        blockReason: datum.promptFeedback.blockReason,
+                                        ...(datum.promptFeedback.blockReasonMessage && {
+                                            blockReasonMessage: datum.promptFeedback.blockReasonMessage,
+                                        }),
+                                    }
+                                    : undefined,
+                            },
+                        };
+                    }
                     const candidate = (0, util_1.getCandidate)(datum);
                     if (candidate.finishReason && candidate.finishReason === 'SAFETY') {
                         const finishReason = 'Content was blocked due to safety settings.';
+                        const tokenUsage = {
+                            total: datum.usageMetadata?.totalTokenCount || 0,
+                            prompt: datum.usageMetadata?.promptTokenCount || 0,
+                            completion: datum.usageMetadata?.candidatesTokenCount || 0,
+                        };
+                        // Build guardrails response for safety blocks
+                        const guardrails = {
+                            flagged: true,
+                            flaggedInput: false,
+                            flaggedOutput: true,
+                            reason: finishReason,
+                        };
                         if (cliState_1.default.config?.redteam) {
                             // Refusals are not errors during redteams, they're actually successes.
-                            // Calculate token usage even for safety-blocked responses
-                            const tokenUsage = {
-                                total: datum.usageMetadata?.totalTokenCount || 0,
-                                prompt: datum.usageMetadata?.promptTokenCount || 0,
-                                completion: datum.usageMetadata?.candidatesTokenCount || 0,
-                            };
-                            return { output: finishReason, tokenUsage };
+                            return { output: finishReason, tokenUsage, guardrails };
                         }
-                        return { error: finishReason };
+                        return { error: finishReason, guardrails };
                     }
                     else if (candidate.finishReason && candidate.finishReason !== 'STOP') {
                         // e.g. MALFORMED_FUNCTION_CALL
@@ -347,20 +417,6 @@ class VertexChatProvider extends VertexGenericProvider {
                             error: `Finish reason ${candidate.finishReason}: ${JSON.stringify(data)}`,
                         };
                     }
-                    else if (datum.promptFeedback?.blockReason) {
-                        const blockReason = `Content was blocked due to safety settings: ${datum.promptFeedback.blockReason}`;
-                        if (cliState_1.default.config?.redteam) {
-                            // Refusals are not errors during redteams, they're actually successes.
-                            // Calculate token usage even for safety-blocked responses
-                            const tokenUsage = {
-                                total: datum.usageMetadata?.totalTokenCount || 0,
-                                prompt: datum.usageMetadata?.promptTokenCount || 0,
-                                completion: datum.usageMetadata?.candidatesTokenCount || 0,
-                            };
-                            return { output: blockReason, tokenUsage };
-                        }
-                        return { error: blockReason };
-                    }
                     else if (candidate.content?.parts) {
                         output = (0, util_1.mergeParts)(output, (0, util_1.formatCandidateContents)(candidate));
                     }