MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-03-10 14:10:37 -07:00
Code Issues Packages Projects Releases Wiki Activity

docs: document tool exclusion from memory via deny policy (#21428)

Browse Source 
Co-authored-by: Sam Roberts <158088236+g-samroberts@users.noreply.github.com>
This commit is contained in:
Abhijit Balaji
2026-03-09 09:29:52 -07:00
committed by GitHub
parent 96b939f63a
commit 09e99824d4
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/reference/policy-engine.md
View File

@@ -91,10 +91,17 @@ the arguments don't match the pattern, the rule does not apply.
There are three possible decisions a rule can enforce: There are three possible decisions a rule can enforce:
- `allow`: The tool call is executed automatically without user interaction. - `allow`: The tool call is executed automatically without user interaction.
- `deny`: The tool call is blocked and is not executed. - `deny`: The tool call is blocked and is not executed. For global rules (those
without an `argsPattern`), tools that are denied are **completely excluded
from the model's memory**. This means the model will not even see the tool as
an option, which is more secure and saves context window space.
- `ask_user`: The user is prompted to approve or deny the tool call. (In - `ask_user`: The user is prompted to approve or deny the tool call. (In
non-interactive mode, this is treated as `deny`.) non-interactive mode, this is treated as `deny`.)
> **Note:** The `deny` decision is the recommended way to exclude tools. The
> legacy `tools.exclude` setting in `settings.json` is deprecated in favor of
> policy rules with a `deny` decision.
### Priority system and tiers ### Priority system and tiers
The policy engine uses a sophisticated priority system to resolve conflicts when The policy engine uses a sophisticated priority system to resolve conflicts when