iris-security-gemini 0.1.0__tar.gz

iris_security_gemini-0.1.0/PKG-INFO

@@ -0,0 +1,50 @@
+Metadata-Version: 2.4
+Name: iris-security-gemini
+Version: 0.1.0
+Summary: IRIS governance for Google Gemini via google-genai
+Author-email: IRIS Platform <sdk@iris.ai>
+License: Apache-2.0
+Project-URL: Homepage, https://github.com/gimartinb/iris-sdk
+Project-URL: Repository, https://github.com/gimartinb/iris-sdk
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Requires-Dist: iris-security-core>=0.1.0
+Requires-Dist: iris-security-sdk>=0.1.0
+Provides-Extra: google
+Requires-Dist: google-genai>=0.3; extra == "google"
+Provides-Extra: dev
+Requires-Dist: pytest>=8.0; extra == "dev"
+Requires-Dist: pytest-asyncio>=0.23; extra == "dev"
+Requires-Dist: ruff>=0.4; extra == "dev"
+
+# iris-gemini
+
+Drop-in IRIS governance for the [Google GenAI Python SDK](https://github.com/googleapis/python-genai).
+
+Replace one line:
+
+```python
+# client = google.genai.Client()
+client = IrisGemini(passport=passport)
+```
+
+Every `client.models.generate_content()` and `generate_content_stream()` call is evaluated against Cedar policy, recorded in the Evidence Vault, and enforced per `IRIS_ENV` (warn in dev, block in production).
+
+## Install
+
+```bash
+pip install iris-security-gemini
+```
+
+## Quickstart
+
+See [examples/governed_gemini.py](examples/governed_gemini.py).
+
+## Environment
+
+| `IRIS_ENV`    | Behavior                                    |
+|---------------|---------------------------------------------|
+| `dev`         | Fail open - warnings to stderr, never block |
+| `production`  | Fail closed - `IrisViolationError` on deny  |
+
+Defaults to `dev` when unset.

iris_security_gemini-0.1.0/README.md

@@ -0,0 +1,31 @@
+# iris-gemini
+
+Drop-in IRIS governance for the [Google GenAI Python SDK](https://github.com/googleapis/python-genai).
+
+Replace one line:
+
+```python
+# client = google.genai.Client()
+client = IrisGemini(passport=passport)
+```
+
+Every `client.models.generate_content()` and `generate_content_stream()` call is evaluated against Cedar policy, recorded in the Evidence Vault, and enforced per `IRIS_ENV` (warn in dev, block in production).
+
+## Install
+
+```bash
+pip install iris-security-gemini
+```
+
+## Quickstart
+
+See [examples/governed_gemini.py](examples/governed_gemini.py).
+
+## Environment
+
+| `IRIS_ENV`    | Behavior                                    |
+|---------------|---------------------------------------------|
+| `dev`         | Fail open - warnings to stderr, never block |
+| `production`  | Fail closed - `IrisViolationError` on deny  |
+
+Defaults to `dev` when unset.

iris_security_gemini-0.1.0/iris_gemini/__init__.py

@@ -0,0 +1,31 @@
+"""
+IRIS Gemini integration - one-line drop-in for google.genai.Client().
+"""
+
+from __future__ import annotations
+
+from iris import IrisViolationError
+from iris_core.models.passport import (
+    AgentPassport,
+    ComplianceTag,
+    DataClassification,
+    Environment,
+)
+from iris_core.models.policy import Violation
+
+from iris_gemini.client import IrisGemini, IrisGeminiAsync
+from iris_gemini.guardrails import scan_gemini_content
+
+__version__ = "0.1.0"
+
+__all__ = [
+    "IrisGemini",
+    "IrisGeminiAsync",
+    "IrisViolationError",
+    "AgentPassport",
+    "ComplianceTag",
+    "DataClassification",
+    "Environment",
+    "Violation",
+    "scan_gemini_content",
+]

iris_security_gemini-0.1.0/iris_gemini/client.py

@@ -0,0 +1,304 @@
+"""Drop-in Google GenAI client wrapper with IRIS governance."""
+
+from __future__ import annotations
+
+import importlib
+import logging
+import os
+import sys
+import threading
+from pathlib import Path
+from typing import Any, Optional
+
+from iris import IrisViolationError
+from iris_core.dlp import DLPScanner
+from iris_core.dlp.enforcement import (
+    enforce_prompt_dlp,
+    extract_gemini_response_text,
+    handle_response_dlp,
+)
+from iris_core.engine.cedar import CedarEngine, EvaluationContext
+from iris_core.rbac.context import UserContext
+from iris_core.evidence.vault import EvidenceVault
+from iris_core.models.passport import AgentPassport, Environment
+from iris_core.models.policy import PolicyResult, Severity
+
+from iris_gemini.guardrails import _extract_text, scan_gemini_content
+
+logger = logging.getLogger("iris.gemini")
+_VAULT_LOCK = threading.Lock()
+
+
+def _lazy_genai():
+    try:
+        return importlib.import_module("google.genai")
+    except ModuleNotFoundError as exc:
+        raise ImportError(
+            "google-genai is required for IrisGemini. Install with: pip install google-genai"
+        ) from exc
+
+
+def _current_environment() -> Environment:
+    return Environment(os.environ.get("IRIS_ENV", "dev"))
+
+
+def _load_passport_policy(engine: CedarEngine, passport: AgentPassport) -> None:
+    if not passport.policy_ref:
+        return
+    policy_path = Path(passport.policy_ref)
+    if not policy_path.is_absolute():
+        policy_path = Path.cwd() / policy_path
+    if policy_path.exists():
+        engine.load_policy_file(passport.agent_id, policy_path)
+
+
+def _has_policy_loaded(engine: CedarEngine, passport: AgentPassport) -> bool:
+    return bool(engine._policy_cache.get(passport.agent_id))
+
+
+def _apply_no_policy_gate(
+    engine: CedarEngine,
+    passport: AgentPassport,
+    env: Environment,
+    result: PolicyResult,
+) -> PolicyResult:
+    if _has_policy_loaded(engine, passport):
+        return result
+    if env in (Environment.DEV, Environment.TEST) and result.decision == "DENY":
+        return PolicyResult(
+            decision="PERMIT_WITH_WARNINGS",
+            violations=result.violations,
+            agent_id=result.agent_id,
+            action=result.action,
+            resource=result.resource,
+            environment=result.environment,
+        )
+    return result
+
+
+def _merge_content_violations(
+    result: PolicyResult, env: Environment, content_violations: list
+) -> PolicyResult:
+    if not content_violations:
+        return result
+    violations = list(result.violations) + list(content_violations)
+    critical = [v for v in violations if v.severity == Severity.CRITICAL]
+    high = [v for v in violations if v.severity in (Severity.HIGH, Severity.CRITICAL)]
+    if critical:
+        decision = "DENY"
+    elif high and result.decision == "PERMIT":
+        decision = "PERMIT_WITH_WARNINGS" if env in (Environment.DEV, Environment.TEST) else "DENY"
+    elif violations and result.decision == "PERMIT":
+        decision = "PERMIT_WITH_WARNINGS"
+    else:
+        decision = result.decision
+    return PolicyResult(
+        decision=decision,
+        violations=violations,
+        agent_id=result.agent_id,
+        action=result.action,
+        resource=result.resource,
+        environment=result.environment,
+    )
+
+
+def _enforce_result(result: PolicyResult, env: Environment) -> None:
+    if result.decision == "DENY":
+        if env in (Environment.DEV, Environment.TEST):
+            for violation in result.violations:
+                msg = (
+                    f"[IRIS WARNING] {violation.message} "
+                    f"Remediation: {violation.remediation}"
+                )
+                logger.warning(msg)
+                print(msg, file=sys.stderr)
+            return
+        raise IrisViolationError(result)
+    if result.decision == "PERMIT_WITH_WARNINGS":
+        for violation in result.violations:
+            msg = f"[IRIS WARNING] {violation.message} Remediation: {violation.remediation}"
+            logger.warning(msg)
+            print(msg, file=sys.stderr)
+
+
+class _IrisGeminiBase:
+    _passport: AgentPassport
+    _engine: CedarEngine
+    _vault: EvidenceVault
+    _dlp: DLPScanner
+    _user_email: Optional[str] = None
+    _user_role: Optional[str] = None
+
+
+class IrisModelsResource:
+    """Governed wrapper around google.genai client.models."""
+
+    def __init__(self, parent: _IrisGeminiBase, models_resource: Any):
+        self._parent = parent
+        self._models = models_resource
+
+    @property
+    def _passport(self) -> AgentPassport:
+        return self._parent._passport
+
+    @property
+    def _engine(self) -> CedarEngine:
+        return self._parent._engine
+
+    @property
+    def _vault(self) -> EvidenceVault:
+        return self._parent._vault
+
+    def _govern(self, model: Optional[str], contents: Any, kwargs: dict) -> None:
+        env = _current_environment()
+        model_name = model or kwargs.get("model") or "unknown-model"
+        request_contents = contents if contents is not None else kwargs.get("contents")
+        prompt_text = "\n".join(_extract_text(request_contents))
+        dlp_result = enforce_prompt_dlp(
+            self._parent._dlp,
+            self._vault,
+            self._passport,
+            env,
+            prompt_text,
+            resource=f"gemini-api/{model_name}",
+        )
+        content_violations = scan_gemini_content(request_contents, self._passport)
+        user_ctx = UserContext.from_params(self._parent._user_email, self._parent._user_role)
+        ctx = EvaluationContext(
+            agent_id=self._passport.agent_id,
+            action="call",
+            resource=f"gemini-api/{model_name}",
+            resource_type="api",
+            environment=env,
+            data_classification=self._passport.data_classification.value,
+            dlp_prompt_findings=dlp_result.findings,
+            additional={
+                "model": model_name,
+                "content_violation_count": len(content_violations),
+            },
+            **user_ctx.evaluation_fields(),
+        )
+        result = self._engine.evaluate(self._passport, ctx)
+        result = _apply_no_policy_gate(self._engine, self._passport, env, result)
+        result = _merge_content_violations(result, env, content_violations)
+        with _VAULT_LOCK:
+            self._vault.record(ctx, result)
+        _enforce_result(result, env)
+
+    def _scan_response(self, response: Any) -> Any:
+        env = _current_environment()
+        response_text = extract_gemini_response_text(response)
+        blocked, _ = handle_response_dlp(
+            self._parent._dlp,
+            self._vault,
+            self._passport,
+            env,
+            response_text,
+            response,
+            resource="gemini-api",
+        )
+        return blocked
+
+    def generate_content(self, model: Any = None, contents: Any = None, **kwargs: Any) -> Any:
+        self._govern(model, contents, kwargs)
+        if model is not None:
+            kwargs["model"] = model
+        if contents is not None:
+            kwargs["contents"] = contents
+        response = self._models.generate_content(**kwargs)
+        return self._scan_response(response)
+
+    def generate_content_stream(
+        self, model: Any = None, contents: Any = None, **kwargs: Any
+    ) -> Any:
+        self._govern(model, contents, kwargs)
+        if model is not None:
+            kwargs["model"] = model
+        if contents is not None:
+            kwargs["contents"] = contents
+        return self._models.generate_content_stream(**kwargs)
+
+    async def generate_content_async(
+        self, model: Any = None, contents: Any = None, **kwargs: Any
+    ) -> Any:
+        self._govern(model, contents, kwargs)
+        if model is not None:
+            kwargs["model"] = model
+        if contents is not None:
+            kwargs["contents"] = contents
+        response = await self._models.generate_content_async(**kwargs)
+        return self._scan_response(response)
+
+    async def generate_content_stream_async(
+        self, model: Any = None, contents: Any = None, **kwargs: Any
+    ) -> Any:
+        self._govern(model, contents, kwargs)
+        if model is not None:
+            kwargs["model"] = model
+        if contents is not None:
+            kwargs["contents"] = contents
+        return await self._models.generate_content_stream_async(**kwargs)
+
+    def __getattr__(self, name: str) -> Any:
+        return getattr(self._models, name)
+
+
+class IrisGemini(_IrisGeminiBase):
+    """Drop-in replacement for google.genai.Client()."""
+
+    def __init__(
+        self,
+        passport: AgentPassport,
+        user_email: Optional[str] = None,
+        user_role: Optional[str] = None,
+        **genai_kwargs: Any,
+    ):
+        from iris_core.dev_trust import print_dev_trust_message
+
+        print_dev_trust_message()
+        genai = _lazy_genai()
+        self._passport = passport
+        self._user_email = user_email
+        self._user_role = user_role
+        self._engine = CedarEngine()
+        self._vault = EvidenceVault(agent_id=passport.agent_id)
+        self._dlp = DLPScanner(passport)
+        _load_passport_policy(self._engine, passport)
+        self._client = genai.Client(**genai_kwargs)
+        self._models_resource = IrisModelsResource(self, self._client.models)
+
+    @property
+    def models(self) -> IrisModelsResource:
+        return self._models_resource
+
+    def __getattr__(self, name: str) -> Any:
+        return getattr(self._client, name)
+
+
+class IrisGeminiAsync(_IrisGeminiBase):
+    """Async drop-in wrapper for google.genai.Client async methods."""
+
+    def __init__(
+        self,
+        passport: AgentPassport,
+        user_email: Optional[str] = None,
+        user_role: Optional[str] = None,
+        **genai_kwargs: Any,
+    ):
+        genai = _lazy_genai()
+        self._passport = passport
+        self._user_email = user_email
+        self._user_role = user_role
+        self._engine = CedarEngine()
+        self._vault = EvidenceVault(agent_id=passport.agent_id)
+        self._dlp = DLPScanner(passport)
+        _load_passport_policy(self._engine, passport)
+        self._client = genai.Client(**genai_kwargs)
+        self._models_resource = IrisModelsResource(self, self._client.models)
+
+    @property
+    def models(self) -> IrisModelsResource:
+        return self._models_resource
+
+    def __getattr__(self, name: str) -> Any:
+        return getattr(self._client, name)

iris_security_gemini-0.1.0/iris_gemini/guardrails.py

@@ -0,0 +1,114 @@
+"""Guardrail scanning for Gemini contents payloads."""
+
+from __future__ import annotations
+
+import re
+from typing import Any, List
+
+from iris_core.models.passport import AgentPassport
+from iris_core.models.policy import Severity, Violation
+
+_SSN = re.compile(r"\b\d{3}-\d{2}-\d{4}\b")
+_CREDIT_CARD = re.compile(r"\b(?:\d{4}[-\s]?){3}\d{4}\b")
+_DOB = re.compile(
+    r"\b(?:0[1-9]|1[0-2])[/-](?:0[1-9]|[12]\d|3[01])[/-](?:19|20)\d{2}\b"
+)
+_CROSS_REGION = re.compile(r"cn-north|china|beijing", re.IGNORECASE)
+_HIGH_RISK_DOMAIN = re.compile(r"\b(loan|diagnosis|hiring)\b", re.IGNORECASE)
+
+
+def _extract_text(contents: Any) -> List[str]:
+    if contents is None:
+        return []
+    if isinstance(contents, str):
+        return [contents]
+    if isinstance(contents, dict):
+        values: List[str] = []
+        for key in ("text", "content"):
+            value = contents.get(key)
+            if isinstance(value, str):
+                values.append(value)
+            elif value is not None:
+                values.extend(_extract_text(value))
+        if not values:
+            for value in contents.values():
+                values.extend(_extract_text(value))
+        return values
+    if isinstance(contents, (list, tuple)):
+        values: List[str] = []
+        for item in contents:
+            values.extend(_extract_text(item))
+        return values
+
+    text = getattr(contents, "text", None)
+    if isinstance(text, str):
+        return [text]
+    content = getattr(contents, "content", None)
+    if content is not None:
+        return _extract_text(content)
+    return []
+
+
+def scan_gemini_content(contents: Any, passport: AgentPassport) -> List[Violation]:
+    """Scan Gemini request contents and return policy violations."""
+    prompt = "\n".join(_extract_text(contents))
+    if not prompt:
+        return []
+
+    violations: List[Violation] = []
+
+    if _SSN.search(prompt) or _CREDIT_CARD.search(prompt) or _DOB.search(prompt):
+        violations.append(
+            Violation(
+                rule_id="IRIS-DATA-001",
+                severity=Severity.HIGH,
+                message=(
+                    f"Gemini prompt for agent '{passport.name}' may contain PII "
+                    "(SSN, payment card, or date-of-birth pattern)."
+                ),
+                compliance_refs=[
+                    "colorado-ai-act:impact-assessment",
+                    "gdpr:data-minimization",
+                ],
+                remediation=(
+                    "Remove sensitive identifiers from contents or update the "
+                    "passport data_classification before this call."
+                ),
+            )
+        )
+
+    if _CROSS_REGION.search(prompt):
+        violations.append(
+            Violation(
+                rule_id="IRIS-XR-001",
+                severity=Severity.CRITICAL,
+                message=(
+                    f"Gemini prompt for agent '{passport.name}' references "
+                    "restricted cross-region geography (China / cn-north)."
+                ),
+                compliance_refs=["china-pipl:cross-border-transfer"],
+                remediation=(
+                    "Remove cross-region references from contents or document an "
+                    "approved exception with security."
+                ),
+            )
+        )
+
+    if _HIGH_RISK_DOMAIN.search(prompt):
+        violations.append(
+            Violation(
+                rule_id="CO-004",
+                severity=Severity.HIGH,
+                message=(
+                    f"Gemini prompt for agent '{passport.name}' references a "
+                    "high-risk consequential domain (loan, diagnosis, or hiring)."
+                ),
+                compliance_refs=["colorado-ai-act:sb-24-205:consumer-opt-out"],
+                remediation=(
+                    "Set consent evidence in policy context for consequential "
+                    "processing, or run an IRIS compliance assessment."
+                ),
+            )
+        )
+
+    return violations

iris_security_gemini-0.1.0/iris_gemini/init.py

@@ -0,0 +1,5 @@
+"""Compatibility shim; use iris_gemini package import."""
+
+from iris_gemini import IrisGemini, IrisGeminiAsync
+
+__all__ = ["IrisGemini", "IrisGeminiAsync"]

iris_security_gemini-0.1.0/iris_security_gemini.egg-info/PKG-INFO

@@ -0,0 +1,50 @@
+Metadata-Version: 2.4
+Name: iris-security-gemini
+Version: 0.1.0
+Summary: IRIS governance for Google Gemini via google-genai
+Author-email: IRIS Platform <sdk@iris.ai>
+License: Apache-2.0
+Project-URL: Homepage, https://github.com/gimartinb/iris-sdk
+Project-URL: Repository, https://github.com/gimartinb/iris-sdk
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Requires-Dist: iris-security-core>=0.1.0
+Requires-Dist: iris-security-sdk>=0.1.0
+Provides-Extra: google
+Requires-Dist: google-genai>=0.3; extra == "google"
+Provides-Extra: dev
+Requires-Dist: pytest>=8.0; extra == "dev"
+Requires-Dist: pytest-asyncio>=0.23; extra == "dev"
+Requires-Dist: ruff>=0.4; extra == "dev"
+
+# iris-gemini
+
+Drop-in IRIS governance for the [Google GenAI Python SDK](https://github.com/googleapis/python-genai).
+
+Replace one line:
+
+```python
+# client = google.genai.Client()
+client = IrisGemini(passport=passport)
+```
+
+Every `client.models.generate_content()` and `generate_content_stream()` call is evaluated against Cedar policy, recorded in the Evidence Vault, and enforced per `IRIS_ENV` (warn in dev, block in production).
+
+## Install
+
+```bash
+pip install iris-security-gemini
+```
+
+## Quickstart
+
+See [examples/governed_gemini.py](examples/governed_gemini.py).
+
+## Environment
+
+| `IRIS_ENV`    | Behavior                                    |
+|---------------|---------------------------------------------|
+| `dev`         | Fail open - warnings to stderr, never block |
+| `production`  | Fail closed - `IrisViolationError` on deny  |
+
+Defaults to `dev` when unset.

iris_security_gemini-0.1.0/iris_security_gemini.egg-info/SOURCES.txt

@@ -0,0 +1,12 @@
+README.md
+pyproject.toml
+iris_gemini/__init__.py
+iris_gemini/client.py
+iris_gemini/guardrails.py
+iris_gemini/init.py
+iris_security_gemini.egg-info/PKG-INFO
+iris_security_gemini.egg-info/SOURCES.txt
+iris_security_gemini.egg-info/dependency_links.txt
+iris_security_gemini.egg-info/requires.txt
+iris_security_gemini.egg-info/top_level.txt
+tests/test_gemini_integration.py

iris_security_gemini-0.1.0/iris_security_gemini.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

iris_security_gemini-0.1.0/iris_security_gemini.egg-info/requires.txt

@@ -0,0 +1,10 @@
+iris-security-core>=0.1.0
+iris-security-sdk>=0.1.0
+
+[dev]
+pytest>=8.0
+pytest-asyncio>=0.23
+ruff>=0.4
+
+[google]
+google-genai>=0.3

iris_security_gemini-0.1.0/iris_security_gemini.egg-info/top_level.txt

@@ -0,0 +1 @@
+iris_gemini

iris_security_gemini-0.1.0/pyproject.toml

@@ -0,0 +1,39 @@
+[build-system]
+requires = ["setuptools>=68", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "iris-security-gemini"
+version = "0.1.0"
+description = "IRIS governance for Google Gemini via google-genai"
+readme = "README.md"
+license = { text = "Apache-2.0" }
+requires-python = ">=3.10"
+authors = [{ name = "IRIS Platform", email = "sdk@iris.ai" }]
+dependencies = [
+  "iris-security-core>=0.1.0",
+  "iris-security-sdk>=0.1.0",
+]
+
+[project.optional-dependencies]
+google = ["google-genai>=0.3"]
+dev = [
+  "pytest>=8.0",
+  "pytest-asyncio>=0.23",
+  "ruff>=0.4",
+]
+
+[project.urls]
+Homepage = "https://github.com/gimartinb/iris-sdk"
+Repository = "https://github.com/gimartinb/iris-sdk"
+
+[tool.setuptools]
+packages = ["iris_gemini"]
+
+[tool.ruff]
+line-length = 100
+target-version = "py310"
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+asyncio_mode = "auto"

iris_security_gemini-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

iris_security_gemini-0.1.0/tests/test_gemini_integration.py

@@ -0,0 +1,213 @@
+"""Integration tests for iris-gemini - mocked google-genai, no network calls."""
+
+from __future__ import annotations
+
+import types
+from unittest.mock import AsyncMock, MagicMock, patch
+
+import pytest
+
+from iris import IrisViolationError
+from iris_core.engine.cedar import CedarEngine
+from iris_core.evidence.vault import EvidenceVault
+from iris_core.models.passport import AgentPassport, ComplianceTag, DataClassification, Environment
+from iris_gemini import IrisGemini
+from iris_gemini.guardrails import scan_gemini_content
+
+
+@pytest.fixture
+def compliant_passport():
+    return AgentPassport(
+        name="gemini-agent",
+        owner="team@company.com",
+        data_classification=DataClassification.INTERNAL,
+        compliance_tags=[ComplianceTag.COLORADO_AI_ACT],
+        environments=[Environment.DEV, Environment.PRODUCTION],
+        is_high_risk_ai=True,
+        evidence_vault_id="vault-abc",
+        intent_ref="governance/agents/gemini-agent/policy-intent.md",
+    )
+
+
+@pytest.fixture
+def high_risk_incomplete_passport():
+    return AgentPassport(
+        name="loan-agent",
+        owner="gmoney@gmail.com",
+        compliance_tags=[ComplianceTag.COLORADO_AI_ACT],
+        environments=[Environment.DEV, Environment.PRODUCTION],
+        is_high_risk_ai=True,
+        evidence_vault_id=None,
+        intent_ref=None,
+    )
+
+
+def _mock_google_genai_module():
+    genai_module = MagicMock()
+    response = MagicMock()
+    response.text = "Hello from Gemini"
+    models = MagicMock()
+    models.generate_content.return_value = response
+    models.generate_content_stream.return_value = iter([response])
+    models.generate_content_async = AsyncMock(return_value=response)
+    models.generate_content_stream_async = AsyncMock(return_value=response)
+
+    client = MagicMock()
+    client.models = models
+    client.api_key = "test-key"
+    client.endpoint = "https://generativelanguage.googleapis.com"
+    genai_module.Client.return_value = client
+
+    google_module = types.ModuleType("google")
+    google_module.genai = genai_module
+    return google_module, genai_module, client
+
+
+class Part:
+    def __init__(self, text):
+        self.text = text
+
+
+class TestIrisGeminiClient:
+    def test_client_permits_allowed_call(self, compliant_passport, tmp_path, monkeypatch):
+        monkeypatch.setenv("IRIS_ENV", "dev")
+        google_module, genai_module, mock_client = _mock_google_genai_module()
+        engine = CedarEngine()
+        engine.load_policy(compliant_passport.agent_id, "permit(principal, action, resource);")
+        vault = EvidenceVault(agent_id=compliant_passport.agent_id, vault_dir=tmp_path)
+
+        with patch.dict("sys.modules", {"google": google_module, "google.genai": genai_module}):
+            client = IrisGemini(passport=compliant_passport)
+            client._engine = engine
+            client._vault = vault
+            result = client.models.generate_content(
+                model="gemini-2.0-flash",
+                contents="Help this customer.",
+            )
+
+        assert result.text == "Hello from Gemini"
+        mock_client.models.generate_content.assert_called_once()
+        events = vault.get_events()
+        assert len(events) == 1
+        assert events[0]["decision"] in ("PERMIT", "PERMIT_WITH_WARNINGS")
+        assert events[0]["resource"] == "gemini-api/gemini-2.0-flash"
+
+    def test_client_blocks_in_production(
+        self, high_risk_incomplete_passport, tmp_path, monkeypatch
+    ):
+        monkeypatch.setenv("IRIS_ENV", "production")
+        google_module, genai_module, mock_client = _mock_google_genai_module()
+        engine = CedarEngine()
+        engine.load_policy(
+            high_risk_incomplete_passport.agent_id,
+            "permit(principal, action, resource);",
+        )
+        vault = EvidenceVault(
+            agent_id=high_risk_incomplete_passport.agent_id,
+            vault_dir=tmp_path,
+        )
+
+        with patch.dict("sys.modules", {"google": google_module, "google.genai": genai_module}):
+            client = IrisGemini(passport=high_risk_incomplete_passport)
+            client._engine = engine
+            client._vault = vault
+            with pytest.raises(IrisViolationError):
+                client.models.generate_content(
+                    model="gemini-2.0-flash",
+                    contents="Approve this loan application for decisioning.",
+                )
+
+        mock_client.models.generate_content.assert_not_called()
+
+    def test_client_warns_in_dev(self, high_risk_incomplete_passport, tmp_path, monkeypatch, capsys):
+        monkeypatch.setenv("IRIS_ENV", "dev")
+        google_module, genai_module, mock_client = _mock_google_genai_module()
+        engine = CedarEngine()
+        engine.load_policy(
+            high_risk_incomplete_passport.agent_id,
+            "permit(principal, action, resource);",
+        )
+        vault = EvidenceVault(
+            agent_id=high_risk_incomplete_passport.agent_id,
+            vault_dir=tmp_path,
+        )
+
+        with patch.dict("sys.modules", {"google": google_module, "google.genai": genai_module}):
+            client = IrisGemini(passport=high_risk_incomplete_passport)
+            client._engine = engine
+            client._vault = vault
+            client.models.generate_content(
+                model="gemini-2.0-flash",
+                contents="Approve this loan application for decisioning.",
+            )
+
+        mock_client.models.generate_content.assert_called_once()
+        captured = capsys.readouterr()
+        assert "[IRIS WARNING]" in captured.err
+
+    def test_streaming_intercept(self, compliant_passport, tmp_path, monkeypatch):
+        monkeypatch.setenv("IRIS_ENV", "dev")
+        google_module, genai_module, mock_client = _mock_google_genai_module()
+        engine = CedarEngine()
+        engine.load_policy(compliant_passport.agent_id, "permit(principal, action, resource);")
+        vault = EvidenceVault(agent_id=compliant_passport.agent_id, vault_dir=tmp_path)
+
+        with patch.dict("sys.modules", {"google": google_module, "google.genai": genai_module}):
+            client = IrisGemini(passport=compliant_passport)
+            client._engine = engine
+            client._vault = vault
+            stream = client.models.generate_content_stream(
+                model="gemini-2.0-flash",
+                contents="Stream a short response.",
+            )
+            list(stream)
+
+        mock_client.models.generate_content_stream.assert_called_once()
+        assert len(vault.get_events()) == 1
+
+    def test_evidence_vault_records_call(self, compliant_passport, tmp_path, monkeypatch):
+        monkeypatch.setenv("IRIS_ENV", "dev")
+        google_module, genai_module, _ = _mock_google_genai_module()
+        engine = CedarEngine()
+        engine.load_policy(compliant_passport.agent_id, "permit(principal, action, resource);")
+        vault = EvidenceVault(agent_id=compliant_passport.agent_id, vault_dir=tmp_path)
+
+        with patch.dict("sys.modules", {"google": google_module, "google.genai": genai_module}):
+            client = IrisGemini(passport=compliant_passport)
+            client._engine = engine
+            client._vault = vault
+            client.models.generate_content(model="gemini-2.0-flash", contents="First call")
+
+        events = vault.get_events()
+        assert len(events) == 1
+        assert events[0]["action"] == "call"
+        assert events[0]["resource"] == "gemini-api/gemini-2.0-flash"
+
+    def test_drop_in_replacement_compatibility(self, compliant_passport, monkeypatch):
+        monkeypatch.setenv("IRIS_ENV", "dev")
+        google_module, genai_module, mock_client = _mock_google_genai_module()
+
+        with patch.dict("sys.modules", {"google": google_module, "google.genai": genai_module}):
+            client = IrisGemini(passport=compliant_passport, api_key="test-key")
+
+        assert client.api_key == "test-key"
+        assert client.endpoint == "https://generativelanguage.googleapis.com"
+        genai_module.Client.assert_called_once_with(api_key="test-key")
+        assert client.models is not None
+        assert mock_client.models is not None
+
+
+class TestGeminiGuardrails:
+    def test_pii_detection_in_contents(self, compliant_passport):
+        violations = scan_gemini_content(
+            [Part("Customer SSN is 123-45-6789 for verification.")],
+            compliant_passport,
+        )
+        assert any(v.rule_id == "IRIS-DATA-001" for v in violations)
+
+    def test_cross_region_detection(self, compliant_passport):
+        violations = scan_gemini_content(
+            ["Send this data to beijing data center."],
+            compliant_passport,
+        )
+        assert any(v.rule_id == "IRIS-XR-001" for v in violations)