MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-06-14 21:37:20 -07:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into adibakm/clear-context-conversation-approval

Browse Source
This commit is contained in:
Adib234
2026-03-10 16:50:23 -04:00
committed by GitHub
parent 8cd20301b7 519c75f410
commit 0ef720a577
161 changed files with 8705 additions and 2961 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/cli/headless.md
+2 -1
View File
@@ -31,7 +31,8 @@ Returns a stream of newline-delimited JSON (JSONL) events.
- `tool_use`: Tool call requests with arguments.
- `tool_result`: Output from executed tools.
- `error`: Non-fatal warnings and system errors.
- `result`: Final outcome with aggregated statistics.
- `result`: Final outcome with aggregated statistics and per-model token usage
breakdowns.
## Exit codes
docs/cli/settings.md
+2 -1
View File
@@ -67,7 +67,7 @@ they appear in the UI.
| Show Line Numbers | `ui.showLineNumbers` | Show line numbers in the chat. | `true` |
| Show Citations | `ui.showCitations` | Show citations for generated text in the chat. | `false` |
| Show Model Info In Chat | `ui.showModelInfoInChat` | Show the model name in the chat for each model turn. | `false` |
| Show User Identity | `ui.showUserIdentity` | Show the logged-in user's identity (e.g. email) in the UI. | `true` |
| Show User Identity | `ui.showUserIdentity` | Show the signed-in user's identity (e.g. email) in the UI. | `true` |
| Use Alternate Screen Buffer | `ui.useAlternateBuffer` | Use an alternate screen buffer for the UI, preserving shell history. | `false` |
| Use Background Color | `ui.useBackgroundColor` | Whether to use background colors in the UI. | `true` |
| Incremental Rendering | `ui.incrementalRendering` | Enable incremental rendering for the UI. This option will reduce flickering but may cause rendering artifacts. Only supported when useAlternateBuffer is enabled. | `true` |
@@ -126,6 +126,7 @@ they appear in the UI.
| ------------------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- |
| Disable YOLO Mode | `security.disableYoloMode` | Disable YOLO mode, even if enabled by a flag. | `false` |
| Allow Permanent Tool Approval | `security.enablePermanentToolApproval` | Enable the "Allow for all future sessions" option in tool confirmation dialogs. | `false` |
| Auto-add to Policy by Default | `security.autoAddToPolicyByDefault` | When enabled, the "Allow for all future sessions" option becomes the default choice for low-risk tools in trusted workspaces. | `false` |
| Blocks extensions from Git | `security.blockGitExtensions` | Blocks installing and loading extensions from Git. | `false` |
| Extension Source Regex Allowlist | `security.allowedExtensions` | List of Regex patterns for allowed extensions. If nonempty, only extensions that match the patterns in this list are allowed. Overrides the blockGitExtensions setting. | `[]` |
| Folder Trust | `security.folderTrust.enabled` | Setting to track whether Folder trust is enabled. | `true` |
docs/cli/telemetry.md
+955 -688
View File
File diff suppressed because it is too large Load Diff
docs/cli/tutorials/mcp-setup.md
+1 -1
View File
@@ -89,7 +89,7 @@ don't need to learn special commands; just ask in natural language.
The agent will:
1. Recognize the request matches a GitHub tool.
2. Call `github_list_pull_requests`.
2. Call `mcp_github_list_pull_requests`.
3. Present the data to you.
### Scenario: Creating an issue
docs/core/subagents.md
+1 -1
View File
@@ -194,7 +194,7 @@ returns coordinates and element descriptions that the browser agent uses with
the `click_at` tool for precise, coordinate-based interactions.
> **Note:** The visual agent requires API key or Vertex AI authentication. It is
> not available when using Google Login.
> not available when using "Sign in with Google".
## Creating custom subagents
docs/extensions/reference.md
+4 -2
View File
@@ -262,12 +262,14 @@ but lower priority than user or admin policies.
```toml
[[rule]]
toolName = "my_server__dangerous_tool"
mcpName = "my_server"
toolName = "dangerous_tool"
decision = "ask_user"
priority = 100
[[safety_checker]]
toolName = "my_server__write_data"
mcpName = "my_server"
toolName = "write_data"
priority = 200
[safety_checker.checker]
type = "in-process"
docs/get-started/authentication.md
+7 -7
View File
@@ -17,8 +17,8 @@ Select the authentication method that matches your situation in the table below:
| User Type / Scenario | Recommended Authentication Method | Google Cloud Project Required |
| :--------------------------------------------------------------------- | :--------------------------------------------------------------- | :---------------------------------------------------------- |
| Individual Google accounts | [Login with Google](#login-google) | No, with exceptions |
| Organization users with a company, school, or Google Workspace account | [Login with Google](#login-google) | [Yes](#set-gcp) |
| Individual Google accounts | [Sign in with Google](#login-google) | No, with exceptions |
| Organization users with a company, school, or Google Workspace account | [Sign in with Google](#login-google) | [Yes](#set-gcp) |
| AI Studio user with a Gemini API key | [Use Gemini API Key](#gemini-api) | No |
| Google Cloud Vertex AI user | [Vertex AI](#vertex-ai) | [Yes](#set-gcp) |
| [Headless mode](#headless) | [Use Gemini API Key](#gemini-api) or<br> [Vertex AI](#vertex-ai) | No (for Gemini API Key)<br> [Yes](#set-gcp) (for Vertex AI) |
@@ -36,7 +36,7 @@ Select the authentication method that matches your situation in the table below:
[Google AI Ultra for Business](https://support.google.com/a/answer/16345165)
subscriptions.
## (Recommended) Login with Google <a id="login-google"></a>
## (Recommended) Sign in with Google <a id="login-google"></a>
If you run Gemini CLI on your local machine, the simplest authentication method
is logging in with your Google account. This method requires a web browser on a
@@ -54,9 +54,9 @@ To authenticate and use Gemini CLI:
gemini
```
2. Select **Login with Google**. Gemini CLI opens a login prompt using your web
browser. Follow the on-screen instructions. Your credentials will be cached
locally for future sessions.
2. Select **Sign in with Google**. Gemini CLI opens a sign in prompt using your
web browser. Follow the on-screen instructions. Your credentials will be
cached locally for future sessions.
### Do I need to set my Google Cloud project?
@@ -391,7 +391,7 @@ on this page.
[Headless mode](../cli/headless) will use your existing authentication method,
if an existing authentication credential is cached.
If you have not already logged in with an authentication credential, you must
If you have not already signed in with an authentication credential, you must
configure authentication using environment variables:
- [Use Gemini API Key](#gemini-api)
docs/get-started/index.md
+1 -1
View File
@@ -38,7 +38,7 @@ cases, you can log in with your existing Google account:
```
2. When asked "How would you like to authenticate for this project?" select **1.
Login with Google**.
Sign in with Google**.
3. Select your Google account.
docs/hooks/reference.md
+1 -1
View File
@@ -85,7 +85,7 @@ compared against the name of the tool being executed.
`run_shell_command`). See the [Tools Reference](../reference/tools) for a full
list of available tool names.
- **MCP Tools**: Tools from MCP servers follow the naming pattern
`mcp__<server_name>__<tool_name>`.
`mcp_<server_name>_<tool_name>`.
- **Regex Support**: Matchers support regular expressions (e.g.,
`matcher: "read_.*"` matches all file reading tools).
docs/local-development.md
+71 -27
View File
@@ -1,23 +1,22 @@
# Local development guide
This guide provides instructions for setting up and using local development
features, such as tracing.
features for Gemini CLI.
## Tracing
Traces are OpenTelemetry (OTel) records that help you debug your code by
instrumenting key events like model calls, tool scheduler operations, and tool
calls.
Gemini CLI uses OpenTelemetry (OTel) to record traces that help you debug agent
behavior. Traces instrument key events like model calls, tool scheduler
operations, and tool calls.
Traces provide deep visibility into agent behavior and are invaluable for
debugging complex issues. They are captured automatically when telemetry is
enabled.
Traces provide deep visibility into agent behavior and help you debug complex
issues. They are captured automatically when you enable telemetry.
### Viewing traces
### View traces
You can view traces using either Jaeger or the Genkit Developer UI.
You can view traces using Genkit Developer UI, Jaeger, or Google Cloud.
#### Using Genkit
#### Use Genkit
Genkit provides a web-based UI for viewing traces and other telemetry data.
@@ -29,11 +28,8 @@ Genkit provides a web-based UI for viewing traces and other telemetry data.
npm run telemetry -- --target=genkit
```
The script will output the URL for the Genkit Developer UI, for example:
```
Genkit Developer UI: http://localhost:4000
```
The script will output the URL for the Genkit Developer UI. For example:
`Genkit Developer UI: http://localhost:4000`
2. **Run Gemini CLI:**
@@ -48,21 +44,22 @@ Genkit provides a web-based UI for viewing traces and other telemetry data.
Open the Genkit Developer UI URL in your browser and navigate to the
**Traces** tab to view the traces.
#### Using Jaeger
#### Use Jaeger
You can view traces in the Jaeger UI. To get started, follow these steps:
You can view traces in the Jaeger UI for local development.
1. **Start the telemetry collector:**
Run the following command in your terminal to download and start Jaeger and
an OTEL collector:
an OTel collector:
```bash
npm run telemetry -- --target=local
```
This command also configures your workspace for local telemetry and provides
a link to the Jaeger UI (usually `http://localhost:16686`).
This command configures your workspace for local telemetry and provides a
link to the Jaeger UI (usually `http://localhost:16686`).
- **Collector logs:** `~/.gemini/tmp/<projectHash>/otel/collector.log`
2. **Run Gemini CLI:**
@@ -77,16 +74,63 @@ You can view traces in the Jaeger UI. To get started, follow these steps:
After running your command, open the Jaeger UI link in your browser to view
the traces.
#### Use Google Cloud
You can use an OpenTelemetry collector to forward telemetry data to Google Cloud
Trace for custom processing or routing.
> **Warning:** Ensure you complete the
> [Google Cloud telemetry prerequisites](./cli/telemetry.md#prerequisites)
> (Project ID, authentication, IAM roles, and APIs) before using this method.
1. **Configure `.gemini/settings.json`:**
```json
{
"telemetry": {
"enabled": true,
"target": "gcp",
"useCollector": true
}
}
```
2. **Start the telemetry collector:**
Run the following command to start a local OTel collector that forwards to
Google Cloud:
```bash
npm run telemetry -- --target=gcp
```
The script outputs links to view traces, metrics, and logs in the Google
Cloud Console.
- **Collector logs:** `~/.gemini/tmp/<projectHash>/otel/collector-gcp.log`
3. **Run Gemini CLI:**
In a separate terminal, run your Gemini CLI command:
```bash
gemini
```
4. **View logs, metrics, and traces:**
After sending prompts, view your data in the Google Cloud Console. See the
[telemetry documentation](./cli/telemetry.md#view-google-cloud-telemetry)
for links to Logs, Metrics, and Trace explorers.
For more detailed information on telemetry, see the
[telemetry documentation](./cli/telemetry.md).
### Instrumenting code with traces
### Instrument code with traces
You can add traces to your own code for more detailed instrumentation. This is
useful for debugging and understanding the flow of execution.
You can add traces to your own code for more detailed instrumentation.
Use the `runInDevTraceSpan` function to wrap any section of code in a trace
span.
Adding traces helps you debug and understand the flow of execution. Use the
`runInDevTraceSpan` function to wrap any section of code in a trace span.
Here is a basic example:
@@ -102,13 +146,13 @@ await runInDevTraceSpan(
},
},
async ({ metadata }) => {
// The `metadata` object allows you to record the input and output of the
// metadata allows you to record the input and output of the
// operation as well as other attributes.
metadata.input = { key: 'value' };
// Set custom attributes.
metadata.attributes['custom.attribute'] = 'custom.value';
// Your code to be traced goes here
// Your code to be traced goes here.
try {
const output = await somethingRisky();
metadata.output = output;
docs/reference/configuration.md
+26 -8
View File
@@ -302,7 +302,7 @@ their corresponding top-level category object in your `settings.json` file.
- **Default:** `false`
- **`ui.showUserIdentity`** (boolean):
- **Description:** Show the logged-in user's identity (e.g. email) in the UI.
- **Description:** Show the signed-in user's identity (e.g. email) in the UI.
- **Default:** `true`
- **`ui.useAlternateBuffer`** (boolean):
@@ -877,6 +877,11 @@ their corresponding top-level category object in your `settings.json` file.
confirmation dialogs.
- **Default:** `false`
- **`security.autoAddToPolicyByDefault`** (boolean):
- **Description:** When enabled, the "Allow for all future sessions" option
becomes the default choice for low-risk tools in trusted workspaces.
- **Default:** `false`
- **`security.blockGitExtensions`** (boolean):
- **Description:** Blocks installing and loading extensions from Git.
- **Default:** `false`
@@ -1003,6 +1008,12 @@ their corresponding top-level category object in your `settings.json` file.
- **Default:** `false`
- **Requires restart:** Yes
- **`experimental.extensionRegistryURI`** (string):
- **Description:** The URI (web URL or local file path) of the extension
registry.
- **Default:** `"https://geminicli.com/extensions.json"`
- **Requires restart:** Yes
- **`experimental.extensionReloading`** (boolean):
- **Description:** Enables extension loading/unloading within the CLI session.
- **Default:** `false`
@@ -1176,13 +1187,20 @@ their corresponding top-level category object in your `settings.json` file.
Configures connections to one or more Model-Context Protocol (MCP) servers for
discovering and using custom tools. Gemini CLI attempts to connect to each
configured MCP server to discover available tools. If multiple MCP servers
expose a tool with the same name, the tool names will be prefixed with the
server alias you defined in the configuration (e.g.,
`serverAlias__actualToolName`) to avoid conflicts. Note that the system might
strip certain schema properties from MCP tool definitions for compatibility. At
least one of `command`, `url`, or `httpUrl` must be provided. If multiple are
specified, the order of precedence is `httpUrl`, then `url`, then `command`.
configured MCP server to discover available tools. Every discovered tool is
prepended with the `mcp_` prefix and its server alias to form a fully qualified
name (FQN) (e.g., `mcp_serverAlias_actualToolName`) to avoid conflicts. Note
that the system might strip certain schema properties from MCP tool definitions
for compatibility. At least one of `command`, `url`, or `httpUrl` must be
provided. If multiple are specified, the order of precedence is `httpUrl`, then
`url`, then `command`.
> **Warning:** Avoid using underscores (`_`) in your server aliases (e.g., use
> `my-server` instead of `my_server`). The underlying policy engine parses Fully
> Qualified Names (`mcp_server_tool`) using the first underscore after the
> `mcp_` prefix. An underscore in your server alias will cause the parser to
> misidentify the server name, which can cause security policies to fail
> silently.
- **`mcpServers.<SERVER_NAME>`** (object): The server parameters for the named
server.
docs/reference/keyboard-shortcuts.md
+14 -9
View File
@@ -106,20 +106,25 @@ available combinations.
| Cycle through approval modes: default (prompt), auto_edit (auto-approve edits), and plan (read-only). Plan mode is skipped when the agent is busy. | `Shift+Tab` |
| Expand and collapse blocks of content when not in alternate buffer mode. | `Ctrl+O` |
| Expand or collapse a paste placeholder when cursor is over placeholder. | `Ctrl+O` |
| Toggle current background shell visibility. | `Ctrl+B` |
| Toggle background shell list. | `Ctrl+L` |
| Kill the active background shell. | `Ctrl+K` |
| Confirm selection in background shell list. | `Enter` |
| Dismiss background shell list. | `Esc` |
| Move focus from background shell to Gemini. | `Shift+Tab` |
| Move focus from background shell list to Gemini. | `Tab` |
| Show warning when trying to move focus away from background shell. | `Tab` |
| Show warning when trying to move focus away from shell input. | `Tab` |
| Move focus from Gemini to the active shell. | `Tab` |
| Move focus from the shell back to Gemini. | `Shift+Tab` |
| Clear the terminal screen and redraw the UI. | `Ctrl+L` |
| Restart the application. | `R`<br />`Shift+R` |
| Suspend the CLI and move it to the background. | `Ctrl+Z` |
| Show warning when trying to move focus away from shell input. | `Tab` |
#### Background Shell Controls
| Action | Keys |
| ------------------------------------------------------------------ | ----------- |
| Dismiss background shell list. | `Esc` |
| Confirm selection in background shell list. | `Enter` |
| Toggle current background shell visibility. | `Ctrl+B` |
| Toggle background shell list. | `Ctrl+L` |
| Kill the active background shell. | `Ctrl+K` |
| Move focus from background shell to Gemini. | `Shift+Tab` |
| Move focus from background shell list to Gemini. | `Tab` |
| Show warning when trying to move focus away from background shell. | `Tab` |
<!-- KEYBINDINGS-AUTOGEN:END -->
docs/reference/policy-engine.md
+20 -7
View File
@@ -76,9 +76,13 @@ The `toolName` in the rule must match the name of the tool being called.
- **Wildcards**: You can use wildcards to match multiple tools.
- `*`: Matches **any tool** (built-in or MCP).
- `server__*`: Matches any tool from a specific MCP server.
- `*__toolName`: Matches a specific tool name across **all** MCP servers.
- `*__*`: Matches **any tool from any MCP server**.
- `mcp_server_*`: Matches any tool from a specific MCP server.
- `mcp_*_toolName`: Matches a specific tool name across **all** MCP servers.
- `mcp_*`: Matches **any tool from any MCP server**.
> **Recommendation:** While FQN wildcards are supported, the recommended
> approach for MCP tools is to use the `mcpName` field in your TOML rules. See
> [Special syntax for MCP tools](#special-syntax-for-mcp-tools).
#### Arguments pattern
@@ -164,8 +168,8 @@ A rule matches a tool call if all of its conditions are met:
1. **Tool name**: The `toolName` in the rule must match the name of the tool
being called.
- **Wildcards**: You can use wildcards like `*`, `server__*`, or
`*__toolName` to match multiple tools. See [Tool Name](#tool-name) for
- **Wildcards**: You can use wildcards like `*`, `mcp_server_*`, or
`mcp_*_toolName` to match multiple tools. See [Tool Name](#tool-name) for
details.
2. **Arguments pattern**: If `argsPattern` is specified, the tool's arguments
are converted to a stable JSON string, which is then tested against the
@@ -224,7 +228,7 @@ toolName = "run_shell_command"
subagent = "generalist"
# (Optional) The name of an MCP server. Can be combined with toolName
# to form a composite name like "mcpName__toolName".
# to form a composite FQN internally like "mcp_mcpName_toolName".
mcpName = "my-custom-server"
# (Optional) Metadata hints provided by the tool. A rule matches if all
@@ -301,7 +305,16 @@ priority = 100
### Special syntax for MCP tools
You can create rules that target tools from Model Context Protocol (MCP) servers
using the `mcpName` field or composite wildcard patterns.
using the `mcpName` field. **This is the recommended approach** for defining MCP
policies, as it is much more robust than manually writing Fully Qualified Names
(FQNs) or string wildcards.
> **Warning:** Do not use underscores (`_`) in your MCP server names (e.g., use
> `my-server` rather than `my_server`). The policy parser splits Fully Qualified
> Names (`mcp_server_tool`) on the _first_ underscore following the `mcp_`
> prefix. If your server name contains an underscore, the parser will
> misinterpret the server identity, which can cause wildcard rules and security
> policies to fail silently.
**1. Targeting a specific tool on a server**
docs/release-confidence.md
+2 -2
View File
@@ -79,8 +79,8 @@ manually run through this checklist.
- [ ] Verify version: `gemini --version`
- **Authentication:**
- [ ] In interactive mode run `/auth` and verify all login flows work:
- [ ] Login With Google
- [ ] In interactive mode run `/auth` and verify all sign in flows work:
- [ ] Sign in with Google
- [ ] API Key
- [ ] Vertex AI
docs/resources/tos-privacy.md
+3 -3
View File
@@ -46,7 +46,7 @@ for further information.
| Gemini Developer API Key | Gemini API - Paid Services | [Gemini API Terms of Service - Paid Services](https://ai.google.dev/gemini-api/terms#paid-services) | [Google Privacy Policy](https://policies.google.com/privacy) |
| Vertex AI GenAI API Key | Vertex AI GenAI API | [Google Cloud Platform Terms of Service](https://cloud.google.com/terms/service-terms/) | [Google Cloud Privacy Notice](https://cloud.google.com/terms/cloud-privacy-notice) |
## 1. If you have logged in with your Google account to Gemini Code Assist
## 1. If you have signed in with your Google account to Gemini Code Assist
For users who use their Google account to access
[Gemini Code Assist](https://codeassist.google), these Terms of Service and
@@ -68,7 +68,7 @@ Code Assist Standard or Enterprise edition, the terms and privacy policy of
Gemini Code Assist Standard or Enterprise edition will apply to all your use of
Gemini Code Assist._
## 2. If you have logged in with a Gemini API key to the Gemini Developer API
## 2. If you have signed in with a Gemini API key to the Gemini Developer API
If you are using a Gemini API key for authentication with the
[Gemini Developer API](https://ai.google.dev/gemini-api/docs), these Terms of
@@ -84,7 +84,7 @@ Service and Privacy Notice documents apply:
- Privacy Notice: The collection and use of your data is described in the
[Google Privacy Policy](https://policies.google.com/privacy).
## 3. If you have logged in with a Gemini API key to the Vertex AI GenAI API
## 3. If you have signed in with a Gemini API key to the Vertex AI GenAI API
If you are using a Gemini API key for authentication with a
[Vertex AI GenAI API](https://cloud.google.com/vertex-ai/generative-ai/docs/reference/rest)
docs/resources/troubleshooting.md
+2 -2
View File
@@ -29,13 +29,13 @@ topics on:
added to your organization's Gemini Code Assist subscription.
- **Error:
`Failed to login. Message: Your current account is not eligible... because it is not currently available in your location.`**
`Failed to sign in. Message: Your current account is not eligible... because it is not currently available in your location.`**
- **Cause:** Gemini CLI does not currently support your location. For a full
list of supported locations, see the following pages:
- Gemini Code Assist for individuals:
[Available locations](https://developers.google.com/gemini-code-assist/resources/available-locations#americas)
- **Error: `Failed to login. Message: Request contains an invalid argument`**
- **Error: `Failed to sign in. Message: Request contains an invalid argument`**
- **Cause:** Users with Google Workspace accounts or Google Cloud accounts
associated with their Gmail accounts may not be able to activate the free
tier of the Google Code Assist plan.
docs/sidebar.json
+1 -1
View File
@@ -111,7 +111,7 @@
"badge": "🔬",
"slug": "docs/cli/notifications"
},
{ "label": "Plan mode", "badge": "🔬", "slug": "docs/cli/plan-mode" },
{ "label": "Plan mode", "slug": "docs/cli/plan-mode" },
{
"label": "Subagents",
"badge": "🔬",
docs/tools/mcp-server.md
+25 -12
View File
@@ -555,21 +555,34 @@ Upon successful connection:
`excludeTools` configuration
4. **Name sanitization:** Tool names are cleaned to meet Gemini API
requirements:
- Invalid characters (non-alphanumeric, underscore, dot, hyphen) are replaced
with underscores
- Characters other than letters, numbers, underscore (`_`), hyphen (`-`), dot
(`.`), and colon (`:`) are replaced with underscores
- Names longer than 63 characters are truncated with middle replacement
(`___`)
(`...`)
### 3. Conflict resolution
### 3. Tool naming and namespaces
When multiple servers expose tools with the same name:
To prevent collisions across multiple servers or conflicting built-in tools,
every discovered MCP tool is assigned a strict namespace.
1. **First registration wins:** The first server to register a tool name gets
the unprefixed name
2. **Automatic prefixing:** Subsequent servers get prefixed names:
`serverName__toolName`
3. **Registry tracking:** The tool registry maintains mappings between server
names and their tools
1. **Automatic FQN:** All MCP tools are unconditionally assigned a fully
qualified name (FQN) using the format `mcp_{serverName}_{toolName}`.
2. **Registry tracking:** The tool registry maintains metadata mappings between
these FQNs and their original server identities.
3. **Overwrites:** If two servers share the exact same alias in your
configuration and provide tools with the exact same name, the last registered
tool overwrites the previous one.
4. **Policies:** To configure permissions (like auto-approval or denial) for MCP
tools, see
[Special syntax for MCP tools](../reference/policy-engine.md#special-syntax-for-mcp-tools)
in the Policy Engine documentation.
> **Warning:** Do not use underscores (`_`) in your MCP server names (e.g., use
> `my-server` rather than `my_server`). The policy parser splits Fully Qualified
> Names (`mcp_server_tool`) on the _first_ underscore following the `mcp_`
> prefix. If your server name contains an underscore, the parser will
> misinterpret the server identity, which can cause wildcard rules and security
> policies to fail silently.
### 4. Schema processing
@@ -695,7 +708,7 @@ MCP Servers Status:
🐳 dockerizedServer (CONNECTED)
Command: docker run -i --rm -e API_KEY my-mcp-server:latest
Tools: docker__deploy, docker__status
Tools: mcp_dockerizedServer_docker_deploy, mcp_dockerizedServer_docker_status
Discovery State: COMPLETED
```