fix: surface catalog ID in PromptBuilder

[gspencergoog]

Description

This PR Fixes #900 by surfacing the catalog ID in the system prompt generated by PromptBuilder when it is provided in the Catalog.

Changes

• packages/genui/lib/src/facade/prompt_builder.dart:
  • Added a line to the system prompt: The active catalog ID is: "${catalog.catalogId}". if catalog.catalogId is not null.
• packages/genui/test/facade/prompt_builder_test.dart:
  • Added a test to verify that the catalog ID is surfaced.
  • Removed the test for null fallback as the implementation was changed by the user to not include the line when null.
• packages/genui/test/facade/prompt_builder_test.golden/:
  • Updated all 8 golden files to reflect the new prompt content.

Impact & Risks

• No breaking changes.
• Minimal risk.

Testing

• Ran prompt_builder_test.dart and verified that all 10 tests pass.

[gspencergoog]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces the inclusion of the active catalog ID into the system prompt within the _BasicPromptBuilder class, supported by new unit tests and updated golden files. The review feedback identifies a security concern regarding the sanitization of the catalogId, specifically noting that failing to escape backslashes and carriage returns could lead to prompt injection. Additionally, the reviewer pointed out a potential logic inconsistency where the model might expect a catalog ID even when it is null, suggesting a more robust sanitization approach and a check for instruction alignment.

[gemini-code-assist]

The catalogId is embedded into the system prompt within double quotes. The current sanitization logic attempts to escape double quotes and newlines but fails to escape backslashes (\) and carriage returns (\r). A trailing backslash in the catalogId (e.g., foo\) will escape the closing double quote in the prompt, potentially allowing the rest of the prompt to be interpreted as part of the string or allowing an attacker to break out of the quoted section. Carriage return characters (\r) are also not escaped, which could be used for line-break injection in some LLM contexts.

Additionally, there is a logic inconsistency: the system prompt instructions (defined in SurfaceOperations) explicitly tell the model to "use the catalog ID provided in system instructions". However, if catalog.catalogId is null, this line is omitted from the prompt, leaving the model without the required ID for createSurface operations. This will likely lead to model hallucinations or errors. Consider providing a fallback ID or ensuring the instructions are only present when an ID is actually provided.

Suggested change

	String? activeCatalogId = catalog.catalogId
	?.replaceAll('"', '\\"')
	.replaceAll('\n', '\\n');
	String? activeCatalogId = catalog.catalogId
	?.replaceAll('\\', '\\\\')
	.replaceAll('"', '\"')
	.replaceAll('\n', '\\n')
	.replaceAll('\r', '\\r');