[GENAI-2335] Implement Policy Engine for Smart Window tool execution

Add security layer policy enforcement for Smart Window tool execution
with policy to prevent exfiltration links

Components:
- SecurityOrchestrator: Central coordination with pref switch
- PolicyEvaluator/ConditionEvaluator: JSON-based policy evaluation
- SecurityUtils: URL normalization and session-scoped ledgers
- SmartWindowMeta actors: Page metadata extraction (canonical/og:url)
- DecisionTypes: Structured allow/deny decisions

Security model: Explicit seeding with deterministic URL validation,
fail-closed behavior, and pref switch (browser.smartwindow.security.enabled).

Author: randy-concepcion

browser/components/smartwindow/actors/SmartWindowMetaChild.sys.mjs

@@ -0,0 +1,57 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/**
+ * Content-process actor for extracting page metadata (page URL, canonical, og:url).
+ * The parent actor validates and normalizes these URLs before seeding the security ledger.
+ */
+export class SmartWindowMetaChild extends JSWindowActorChild {
+  /**
+   * Receives queries from the parent process.
+   *
+   * @param {ReceiveMessageArgument} message - The message from parent
+   * @returns {Promise<object>} Metadata object with URLs
+   */
+  receiveMessage(message) {
+    switch (message.name) {
+      case "SmartWindowMeta:GetMetadata":
+        return this.getMetadata();
+      default:
+        return Promise.reject(new Error(`Unknown message: ${message.name}`));
+    }
+  }
+
+  /**
+   * Extracts metadata from the current page.
+   *
+   * @returns {object} Metadata with pageUrl, canonical, and ogUrl (raw strings)
+   */
+  getMetadata() {
+    const doc = this.contentWindow?.document;
+
+    if (!doc) {
+      return { pageUrl: "", canonical: "", ogUrl: "" };
+    }
+
+    const pageUrl = doc.location?.href || "";
+
+    let canonical = "";
+    try {
+      const canonicalLink = doc.querySelector('link[rel="canonical"]');
+      canonical = canonicalLink?.getAttribute("href") || "";
+    } catch {
+      // querySelector may fail on some documents (e.g., XML)
+    }
+
+    let ogUrl = "";
+    try {
+      const ogUrlMeta = doc.querySelector('meta[property="og:url"]');
+      ogUrl = ogUrlMeta?.getAttribute("content") || "";
+    } catch {
+      // querySelector may fail on some documents
+    }
+
+    return { pageUrl, canonical, ogUrl };
+  }
+}

browser/components/smartwindow/actors/SmartWindowMetaParent.sys.mjs

@@ -0,0 +1,149 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import {
+  normalizeUrl,
+  isSameETLDPlusOne,
+} from "chrome://global/content/ml/security/SecurityUtils.sys.mjs";
+
+/**
+ * Chrome-process actor for validating page metadata and seeding security ledger.
+ * Validates canonical/og:url have same eTLD+1 as page URL before seeding.
+ */
+export class SmartWindowMetaParent extends JSWindowActorParent {
+  /**
+   * Seeds the security ledger for the given browser/tab.
+   *
+   * @param {object} sessionLedger - The SessionLedger instance
+   * @param {string} tabId - The tab identifier (typically linkedPanel)
+   * @returns {Promise<object>} Result with seededUrls, skippedUrls, and errors
+   */
+  async seedLedgerForTab(sessionLedger, tabId) {
+    const result = {
+      success: false,
+      seededUrls: [],
+      skippedUrls: [],
+      errors: [],
+    };
+
+    try {
+      const metadata = await this.sendQuery("SmartWindowMeta:GetMetadata");
+
+      if (!metadata || !metadata.pageUrl) {
+        result.errors.push("No page URL available from content process");
+        return result;
+      }
+
+      const { pageUrl, canonical, ogUrl } = metadata;
+
+      const normalizedPageUrl = normalizeUrl(pageUrl);
+      if (!normalizedPageUrl.success) {
+        result.errors.push({
+          url: pageUrl,
+          reason: "Page URL normalization failed",
+          error: normalizedPageUrl.error,
+        });
+        return result;
+      }
+
+      const urlsToSeed = [normalizedPageUrl.url];
+      result.seededUrls.push({
+        original: pageUrl,
+        normalized: normalizedPageUrl.url,
+        source: "page",
+      });
+
+      if (canonical) {
+        const validated = this.#validateSecondaryUrl(
+          canonical,
+          normalizedPageUrl.url,
+          pageUrl,
+          "canonical"
+        );
+
+        if (validated.success) {
+          urlsToSeed.push(validated.normalizedUrl);
+          result.seededUrls.push({
+            original: canonical,
+            normalized: validated.normalizedUrl,
+            source: "canonical",
+          });
+        } else {
+          result.skippedUrls.push({
+            original: canonical,
+            source: "canonical",
+            reason: validated.reason,
+          });
+        }
+      }
+
+      if (ogUrl) {
+        const validated = this.#validateSecondaryUrl(
+          ogUrl,
+          normalizedPageUrl.url,
+          pageUrl,
+          "og:url"
+        );
+
+        if (validated.success) {
+          urlsToSeed.push(validated.normalizedUrl);
+          result.seededUrls.push({
+            original: ogUrl,
+            normalized: validated.normalizedUrl,
+            source: "og:url",
+          });
+        } else {
+          result.skippedUrls.push({
+            original: ogUrl,
+            source: "og:url",
+            reason: validated.reason,
+          });
+        }
+      }
+
+      sessionLedger.forTab(tabId).seed(urlsToSeed, pageUrl);
+      result.success = true;
+    } catch (error) {
+      result.errors.push({
+        message: "Actor communication failed",
+        error: error.message || String(error),
+      });
+    }
+
+    return result;
+  }
+
+  /**
+   * Validates a secondary URL (canonical or og:url) against the page's eTLD+1.
+   *
+   * @param {string} url - The URL to validate (may be relative)
+   * @param {string} normalizedPageUrl - The normalized page URL for eTLD+1 comparison
+   * @param {string} baseUrl - The original page URL for resolving relative URLs
+   * @param {string} source - Source identifier ("canonical" or "og:url")
+   * @returns {object} Validation result with success flag and normalizedUrl or reason
+   * @private
+   */
+  #validateSecondaryUrl(url, normalizedPageUrl, baseUrl, source) {
+    const normalized = normalizeUrl(url, baseUrl);
+
+    if (!normalized.success) {
+      return {
+        success: false,
+        reason: "Normalization failed",
+        details: normalized.error,
+      };
+    }
+
+    if (!isSameETLDPlusOne(normalizedPageUrl, normalized.url)) {
+      return {
+        success: false,
+        reason: "Different eTLD+1 from page URL",
+        pageUrl: normalizedPageUrl,
+        secondaryUrl: normalized.url,
+      };
+    }
+
+    return { success: true, normalizedUrl: normalized.url };
+  }
+}

browser/components/smartwindow/content/smartwindow.mjs

@@ -31,11 +31,36 @@ const { SessionStore } = ChromeUtils.importESModule(
 const { TabStateFlusher } = ChromeUtils.importESModule(
   "resource:///modules/sessionstore/TabStateFlusher.sys.mjs"
 );
+const { SecurityOrchestrator } = ChromeUtils.importESModule(
+  "chrome://global/content/ml/security/SecurityOrchestrator.sys.mjs"
+);
 const { embedderElement, topChromeWindow } = window.browsingContext;
 const gBrowser = topChromeWindow.gBrowser;
 
 const FIRST_RUN_PREF = "browser.smartwindow.firstrun.didSeeWelcome";
 
+// Register SmartWindowMeta actor for secure page metadata extraction
+try {
+  ChromeUtils.registerWindowActor("SmartWindowMeta", {
+    parent: {
+      esModuleURI: "chrome://browser/content/smartwindow/actors/SmartWindowMetaParent.sys.mjs",
+    },
+    child: {
+      esModuleURI: "chrome://browser/content/smartwindow/actors/SmartWindowMetaChild.sys.mjs",
+      events: {
+        DOMContentLoaded: {},
+      },
+    },
+    allFrames: true,
+  });
+} catch (e) {
+  // Actor already registered - this is expected if Smart Window
+  // has been opened before in this browser session
+  if (!e.message?.includes("already registered")) {
+    console.error("Failed to register SmartWindowMeta actor:", e);
+  }
+}
+
 /**
  *
  */
@@ -88,6 +113,25 @@ class SmartWindowPage {
 
     this.#chatHistory = new ChatHistory();
 
+    // Initialize security orchestrator (if enabled)
+    // Creates the SessionLedger that tracks trusted URLs across tabs
+    // Only initialize if Smart Window security is enabled
+    const sessionId = `smart-window-${Date.now()}-${Math.random().toString(36).slice(2, 11)}`;
+    const securityEnabled = Services.prefs.getBoolPref("browser.smartwindow.security.enabled", true);
+    
+    if (securityEnabled) {
+      SecurityOrchestrator.init(sessionId).then(sessionLedger => {
+        this.sessionLedger = sessionLedger;
+        console.log("[Security] Smart Window security enabled - orchestrator initialized");
+      }).catch(error => {
+        console.error("[Security] Failed to initialize orchestrator:", error);
+        this.sessionLedger = null;
+      });
+    } else {
+      this.sessionLedger = null;
+      console.log("[Security] Smart Window security DISABLED via kill switch - running in pass-through mode");
+    }
+
     gBrowser.selectedTab.conversation = new ChatHistoryConversation({
       title: "",
       description: "",
@@ -134,6 +178,8 @@ class SmartWindowPage {
         this.onboardingPrefObserver
       );
     }
+
+    SecurityOrchestrator.reset();
   }
 
   getQueryTypeIcon(type) {