MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-05-03 08:24:10 -07:00
Code Issues Packages Projects Releases Wiki Activity

fix(core): enable granular shell command allowlisting in policy engine (#15601)

Browse Source
This commit is contained in:
Abhi
2025-12-26 18:48:44 -05:00
committed by GitHub
parent 5566292cc8
commit 37be162435
6 changed files with 241 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/core/src/tools/shell.ts
+9 -1
View File
@@ -89,7 +89,15 @@ export class ShellToolInvocation extends BaseToolInvocation<
protected override getPolicyUpdateOptions(
outcome: ToolConfirmationOutcome,
): PolicyUpdateOptions | undefined {
if (outcome === ToolConfirmationOutcome.ProceedAlwaysAndSave) {
if (
outcome === ToolConfirmationOutcome.ProceedAlwaysAndSave ||
outcome === ToolConfirmationOutcome.ProceedAlways
) {
const command = stripShellWrapper(this.params.command);
const rootCommands = [...new Set(getCommandRoots(command))];
if (rootCommands.length > 0) {
return { commandPrefix: rootCommands };
}
return { commandPrefix: this.params.command };
}
return undefined;
packages/core/src/tools/tools.ts
+1 -1
View File
@@ -69,7 +69,7 @@ export interface ToolInvocation<
* Options for policy updates that can be customized by tool invocations.
*/
export interface PolicyUpdateOptions {
commandPrefix?: string;
commandPrefix?: string | string[];
mcpName?: string;
}