MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-04-20 18:14:29 -07:00
Code Issues Packages Projects Releases Wiki Activity

feat(cli): Add permissions command to modify trust settings (#8792)

Browse Source
This commit is contained in:
shrutip90
2025-09-22 11:45:02 -07:00
committed by GitHub
parent c0c7ad10ca
commit 6c559e2338
26 changed files with 991 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/cli/src/ui/App.test.tsx
+7
View File
@@ -38,6 +38,13 @@ describe('App', () => {
quittingMessages: null,
dialogsVisible: false,
mainControlsRef: { current: null },
historyManager: {
addItem: vi.fn(),
history: [],
updateItem: vi.fn(),
clearItems: vi.fn(),
loadHistory: vi.fn(),
},
};
it('should render main content and composer when not quitting', () => {
packages/cli/src/ui/App.tsx
+5 -1
View File
@@ -29,7 +29,11 @@ export const App = () => {
<Box flexDirection="column" ref={uiState.mainControlsRef}>
<Notifications />
{uiState.dialogsVisible ? <DialogManager /> : <Composer />}
{uiState.dialogsVisible ? (
<DialogManager addItem={uiState.historyManager.addItem} />
) : (
<Composer />
)}
{uiState.dialogsVisible && uiState.ctrlCPressedOnce && (
<Box marginTop={1}>
packages/cli/src/ui/AppContainer.tsx
+19 -1
View File
@@ -157,6 +157,16 @@ export const AppContainer = (props: AppContainerProps) => {
config.getWorkingDir(),
);
const [isPermissionsDialogOpen, setPermissionsDialogOpen] = useState(false);
const openPermissionsDialog = useCallback(
() => setPermissionsDialogOpen(true),
[],
);
const closePermissionsDialog = useCallback(
() => setPermissionsDialogOpen(false),
[],
);
// Helper to determine the effective model, considering the fallback state.
const getEffectiveModel = useCallback(() => {
if (config.isInFallbackMode()) {
@@ -424,6 +434,7 @@ Logging in with Google... Please restart Gemini CLI to continue.
openEditorDialog,
openPrivacyNotice: () => setShowPrivacyNotice(true),
openSettingsDialog,
openPermissionsDialog,
quit: (messages: HistoryItem[]) => {
setQuittingMessages(messages);
setTimeout(async () => {
@@ -445,6 +456,7 @@ Logging in with Google... Please restart Gemini CLI to continue.
setShowPrivacyNotice,
setCorgiMode,
setExtensionsUpdateState,
openPermissionsDialog,
],
);
@@ -985,6 +997,7 @@ Logging in with Google... Please restart Gemini CLI to continue.
!!loopDetectionConfirmationRequest ||
isThemeDialogOpen ||
isSettingsDialogOpen ||
isPermissionsDialogOpen ||
isAuthenticating ||
isAuthDialogOpen ||
isEditorDialogOpen ||
@@ -999,6 +1012,7 @@ Logging in with Google... Please restart Gemini CLI to continue.
const uiState: UIState = useMemo(
() => ({
history: historyManager.history,
historyManager,
isThemeDialogOpen,
themeError,
isAuthenticating,
@@ -1012,6 +1026,7 @@ Logging in with Google... Please restart Gemini CLI to continue.
debugMessage,
quittingMessages,
isSettingsDialogOpen,
isPermissionsDialogOpen,
slashCommands,
pendingSlashCommandHistoryItems,
commandContext,
@@ -1074,7 +1089,6 @@ Logging in with Google... Please restart Gemini CLI to continue.
embeddedShellFocused,
}),
[
historyManager.history,
isThemeDialogOpen,
themeError,
isAuthenticating,
@@ -1088,6 +1102,7 @@ Logging in with Google... Please restart Gemini CLI to continue.
debugMessage,
quittingMessages,
isSettingsDialogOpen,
isPermissionsDialogOpen,
slashCommands,
pendingSlashCommandHistoryItems,
commandContext,
@@ -1147,6 +1162,7 @@ Logging in with Google... Please restart Gemini CLI to continue.
currentModel,
extensionsUpdateState,
activePtyId,
historyManager,
embeddedShellFocused,
],
);
@@ -1162,6 +1178,7 @@ Logging in with Google... Please restart Gemini CLI to continue.
exitEditorDialog,
exitPrivacyNotice: () => setShowPrivacyNotice(false),
closeSettingsDialog,
closePermissionsDialog,
setShellModeActive,
vimHandleInput,
handleIdePromptComplete,
@@ -1184,6 +1201,7 @@ Logging in with Google... Please restart Gemini CLI to continue.
handleEditorSelect,
exitEditorDialog,
closeSettingsDialog,
closePermissionsDialog,
setShellModeActive,
vimHandleInput,
handleIdePromptComplete,
packages/cli/src/ui/commands/permissionsCommand.test.ts
+35
View File
@@ -0,0 +1,35 @@
/**
* @license
* Copyright 2025 Google LLC
* SPDX-License-Identifier: Apache-2.0
*/
import { describe, it, expect, beforeEach } from 'vitest';
import { permissionsCommand } from './permissionsCommand.js';
import { type CommandContext, CommandKind } from './types.js';
import { createMockCommandContext } from '../../test-utils/mockCommandContext.js';
describe('permissionsCommand', () => {
let mockContext: CommandContext;
beforeEach(() => {
mockContext = createMockCommandContext();
});
it('should have the correct name and description', () => {
expect(permissionsCommand.name).toBe('permissions');
expect(permissionsCommand.description).toBe('Manage folder trust settings');
});
it('should be a built-in command', () => {
expect(permissionsCommand.kind).toBe(CommandKind.BUILT_IN);
});
it('should return an action to open the permissions dialog', () => {
const actionResult = permissionsCommand.action?.(mockContext, '');
expect(actionResult).toEqual({
type: 'dialog',
dialog: 'permissions',
});
});
});
packages/cli/src/ui/commands/permissionsCommand.ts
+18
View File
@@ -0,0 +1,18 @@
/**
* @license
* Copyright 2025 Google LLC
* SPDX-License-Identifier: Apache-2.0
*/
import type { OpenDialogActionReturn, SlashCommand } from './types.js';
import { CommandKind } from './types.js';
export const permissionsCommand: SlashCommand = {
name: 'permissions',
description: 'Manage folder trust settings',
kind: CommandKind.BUILT_IN,
action: (): OpenDialogActionReturn => ({
type: 'dialog',
dialog: 'permissions',
}),
};
packages/cli/src/ui/commands/types.ts
+8 -1
View File
@@ -108,7 +108,14 @@ export interface MessageActionReturn {
export interface OpenDialogActionReturn {
type: 'dialog';
dialog: 'help' | 'auth' | 'theme' | 'editor' | 'privacy' | 'settings';
dialog:
| 'help'
| 'auth'
| 'theme'
| 'editor'
| 'privacy'
| 'settings'
| 'permissions';
}
/**
packages/cli/src/ui/components/DialogManager.tsx
+16 -1
View File
@@ -18,15 +18,21 @@ import { EditorSettingsDialog } from './EditorSettingsDialog.js';
import { PrivacyNotice } from '../privacy/PrivacyNotice.js';
import { WorkspaceMigrationDialog } from './WorkspaceMigrationDialog.js';
import { ProQuotaDialog } from './ProQuotaDialog.js';
import { PermissionsModifyTrustDialog } from './PermissionsModifyTrustDialog.js';
import { theme } from '../semantic-colors.js';
import { useUIState } from '../contexts/UIStateContext.js';
import { useUIActions } from '../contexts/UIActionsContext.js';
import { useConfig } from '../contexts/ConfigContext.js';
import { useSettings } from '../contexts/SettingsContext.js';
import process from 'node:process';
import { type UseHistoryManagerReturn } from '../hooks/useHistoryManager.js';
interface DialogManagerProps {
addItem: UseHistoryManagerReturn['addItem'];
}
// Props for DialogManager
export const DialogManager = () => {
export const DialogManager = ({ addItem }: DialogManagerProps) => {
const config = useConfig();
const settings = useSettings();
@@ -188,5 +194,14 @@ export const DialogManager = () => {
);
}
if (uiState.isPermissionsDialogOpen) {
return (
<PermissionsModifyTrustDialog
onExit={uiActions.closePermissionsDialog}
addItem={addItem}
/>
);
}
return null;
};
packages/cli/src/ui/components/PermissionsModifyTrustDialog.test.tsx
+204
View File
@@ -0,0 +1,204 @@
/**
* @license
* Copyright 2025 Google LLC
* SPDX-License-Identifier: Apache-2.0
*/
/// <reference types="vitest/globals" />
import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
import type { Mock } from 'vitest';
import { renderWithProviders } from '../../test-utils/render.js';
import { PermissionsModifyTrustDialog } from './PermissionsModifyTrustDialog.js';
import { TrustLevel } from '../../config/trustedFolders.js';
import { waitFor, act } from '@testing-library/react';
import * as processUtils from '../../utils/processUtils.js';
import { usePermissionsModifyTrust } from '../hooks/usePermissionsModifyTrust.js';
// Hoist mocks for dependencies of the usePermissionsModifyTrust hook
const mockedCwd = vi.hoisted(() => vi.fn());
const mockedLoadTrustedFolders = vi.hoisted(() => vi.fn());
const mockedIsWorkspaceTrusted = vi.hoisted(() => vi.fn());
const mockedUseSettings = vi.hoisted(() => vi.fn());
// Mock the modules themselves
vi.mock('node:process', async (importOriginal) => {
const actual = await importOriginal<typeof import('node:process')>();
return {
...actual,
cwd: mockedCwd,
};
});
vi.mock('../../config/trustedFolders.js', () => ({
loadTrustedFolders: mockedLoadTrustedFolders,
isWorkspaceTrusted: mockedIsWorkspaceTrusted,
TrustLevel: {
TRUST_FOLDER: 'TRUST_FOLDER',
TRUST_PARENT: 'TRUST_PARENT',
DO_NOT_TRUST: 'DO_NOT_TRUST',
},
}));
vi.mock('../contexts/SettingsContext.js', () => ({
useSettings: mockedUseSettings,
}));
vi.mock('../hooks/usePermissionsModifyTrust.js');
describe('PermissionsModifyTrustDialog', () => {
let mockUpdateTrustLevel: Mock;
let mockCommitTrustLevelChange: Mock;
beforeEach(() => {
mockUpdateTrustLevel = vi.fn();
mockCommitTrustLevelChange = vi.fn();
vi.mocked(usePermissionsModifyTrust).mockReturnValue({
cwd: '/test/dir',
currentTrustLevel: TrustLevel.DO_NOT_TRUST,
isInheritedTrustFromParent: false,
isInheritedTrustFromIde: false,
needsRestart: false,
updateTrustLevel: mockUpdateTrustLevel,
commitTrustLevelChange: mockCommitTrustLevelChange,
isFolderTrustEnabled: true,
});
});
afterEach(() => {
vi.resetAllMocks();
});
it('should render the main dialog with current trust level', async () => {
const { lastFrame } = renderWithProviders(
<PermissionsModifyTrustDialog onExit={vi.fn()} addItem={vi.fn()} />,
);
await waitFor(() => {
expect(lastFrame()).toContain('Modify Trust Level');
expect(lastFrame()).toContain('Folder: /test/dir');
expect(lastFrame()).toContain('Current Level: DO_NOT_TRUST');
});
});
it('should display the inherited trust note from parent', async () => {
vi.mocked(usePermissionsModifyTrust).mockReturnValue({
cwd: '/test/dir',
currentTrustLevel: TrustLevel.DO_NOT_TRUST,
isInheritedTrustFromParent: true,
isInheritedTrustFromIde: false,
needsRestart: false,
updateTrustLevel: mockUpdateTrustLevel,
commitTrustLevelChange: mockCommitTrustLevelChange,
isFolderTrustEnabled: true,
});
const { lastFrame } = renderWithProviders(
<PermissionsModifyTrustDialog onExit={vi.fn()} addItem={vi.fn()} />,
);
await waitFor(() => {
expect(lastFrame()).toContain(
'Note: This folder behaves as a trusted folder because one of the parent folders is trusted.',
);
});
});
it('should display the inherited trust note from IDE', async () => {
vi.mocked(usePermissionsModifyTrust).mockReturnValue({
cwd: '/test/dir',
currentTrustLevel: TrustLevel.DO_NOT_TRUST,
isInheritedTrustFromParent: false,
isInheritedTrustFromIde: true,
needsRestart: false,
updateTrustLevel: mockUpdateTrustLevel,
commitTrustLevelChange: mockCommitTrustLevelChange,
isFolderTrustEnabled: true,
});
const { lastFrame } = renderWithProviders(
<PermissionsModifyTrustDialog onExit={vi.fn()} addItem={vi.fn()} />,
);
await waitFor(() => {
expect(lastFrame()).toContain(
'Note: This folder behaves as a trusted folder because the connected IDE workspace is trusted.',
);
});
});
it('should call onExit when escape is pressed', async () => {
const onExit = vi.fn();
const { stdin, lastFrame } = renderWithProviders(
<PermissionsModifyTrustDialog onExit={onExit} addItem={vi.fn()} />,
);
await waitFor(() => expect(lastFrame()).not.toContain('Loading...'));
act(() => {
stdin.write('\x1b'); // escape key
});
await waitFor(() => {
expect(onExit).toHaveBeenCalled();
});
});
it('should commit, restart, and exit on `r` keypress', async () => {
const mockRelaunchApp = vi
.spyOn(processUtils, 'relaunchApp')
.mockResolvedValue(undefined);
vi.mocked(usePermissionsModifyTrust).mockReturnValue({
cwd: '/test/dir',
currentTrustLevel: TrustLevel.DO_NOT_TRUST,
isInheritedTrustFromParent: false,
isInheritedTrustFromIde: false,
needsRestart: true,
updateTrustLevel: mockUpdateTrustLevel,
commitTrustLevelChange: mockCommitTrustLevelChange,
isFolderTrustEnabled: true,
});
const onExit = vi.fn();
const { stdin, lastFrame } = renderWithProviders(
<PermissionsModifyTrustDialog onExit={onExit} addItem={vi.fn()} />,
);
await waitFor(() => expect(lastFrame()).not.toContain('Loading...'));
act(() => stdin.write('r')); // Press 'r' to restart
await waitFor(() => {
expect(mockCommitTrustLevelChange).toHaveBeenCalled();
expect(mockRelaunchApp).toHaveBeenCalled();
expect(onExit).toHaveBeenCalled();
});
mockRelaunchApp.mockRestore();
});
it('should not commit when escape is pressed during restart prompt', async () => {
vi.mocked(usePermissionsModifyTrust).mockReturnValue({
cwd: '/test/dir',
currentTrustLevel: TrustLevel.DO_NOT_TRUST,
isInheritedTrustFromParent: false,
isInheritedTrustFromIde: false,
needsRestart: true,
updateTrustLevel: mockUpdateTrustLevel,
commitTrustLevelChange: mockCommitTrustLevelChange,
isFolderTrustEnabled: true,
});
const onExit = vi.fn();
const { stdin, lastFrame } = renderWithProviders(
<PermissionsModifyTrustDialog onExit={onExit} addItem={vi.fn()} />,
);
await waitFor(() => expect(lastFrame()).not.toContain('Loading...'));
act(() => stdin.write('\x1b')); // Press escape
await waitFor(() => {
expect(mockCommitTrustLevelChange).not.toHaveBeenCalled();
expect(onExit).toHaveBeenCalled();
});
});
});
packages/cli/src/ui/components/PermissionsModifyTrustDialog.tsx
+122
View File
@@ -0,0 +1,122 @@
/**
* @license
* Copyright 2025 Google LLC
* SPDX-License-Identifier: Apache-2.0
*/
import { Box, Text } from 'ink';
import type React from 'react';
import { TrustLevel } from '../../config/trustedFolders.js';
import { useKeypress } from '../hooks/useKeypress.js';
import { usePermissionsModifyTrust } from '../hooks/usePermissionsModifyTrust.js';
import { theme } from '../semantic-colors.js';
import { RadioButtonSelect } from './shared/RadioButtonSelect.js';
import { relaunchApp } from '../../utils/processUtils.js';
import { type UseHistoryManagerReturn } from '../hooks/useHistoryManager.js';
interface PermissionsModifyTrustDialogProps {
onExit: () => void;
addItem: UseHistoryManagerReturn['addItem'];
}
const TRUST_LEVEL_ITEMS = [
{
label: 'Trust this folder',
value: TrustLevel.TRUST_FOLDER,
},
{
label: 'Trust parent folder',
value: TrustLevel.TRUST_PARENT,
},
{
label: "Don't trust",
value: TrustLevel.DO_NOT_TRUST,
},
];
export function PermissionsModifyTrustDialog({
onExit,
addItem,
}: PermissionsModifyTrustDialogProps): React.JSX.Element {
const {
cwd,
currentTrustLevel,
isInheritedTrustFromParent,
isInheritedTrustFromIde,
needsRestart,
updateTrustLevel,
commitTrustLevelChange,
} = usePermissionsModifyTrust(onExit, addItem);
useKeypress(
(key) => {
if (key.name === 'escape') {
onExit();
}
if (needsRestart && key.name === 'r') {
commitTrustLevelChange();
relaunchApp();
onExit();
}
},
{ isActive: true },
);
const index = TRUST_LEVEL_ITEMS.findIndex(
(item) => item.value === currentTrustLevel,
);
const initialIndex = index === -1 ? 0 : index;
return (
<>
<Box
borderStyle="round"
borderColor={theme.border.default}
flexDirection="column"
padding={1}
>
<Box flexDirection="column" paddingBottom={1}>
<Text bold>{'> '}Modify Trust Level</Text>
<Box marginTop={1} />
<Text>Folder: {cwd}</Text>
<Text>
Current Level: <Text bold>{currentTrustLevel || 'Not Set'}</Text>
</Text>
{isInheritedTrustFromParent && (
<Text color={theme.text.secondary}>
Note: This folder behaves as a trusted folder because one of the
parent folders is trusted. It will remain trusted even if you set
a different trust level here. To change this, you need to modify
the trust setting in the parent folder.
</Text>
)}
{isInheritedTrustFromIde && (
<Text color={theme.text.secondary}>
Note: This folder behaves as a trusted folder because the
connected IDE workspace is trusted. It will remain trusted even if
you set a different trust level here.
</Text>
)}
</Box>
<RadioButtonSelect
items={TRUST_LEVEL_ITEMS}
onSelect={updateTrustLevel}
isFocused={true}
initialIndex={initialIndex}
/>
<Box marginTop={1}>
<Text color={theme.text.secondary}>(Use Enter to select)</Text>
</Box>
</Box>
{needsRestart && (
<Box marginLeft={1} marginTop={1}>
<Text color={theme.status.warning}>
To apply the trust changes, Gemini CLI must be restarted. Press
&apos;r&apos; to restart CLI now.
</Text>
</Box>
)}
</>
);
}
packages/cli/src/ui/contexts/UIActionsContext.tsx
+1
View File
@@ -31,6 +31,7 @@ export interface UIActions {
exitEditorDialog: () => void;
exitPrivacyNotice: () => void;
closeSettingsDialog: () => void;
closePermissionsDialog: () => void;
setShellModeActive: (value: boolean) => void;
vimHandleInput: (key: Key) => boolean;
handleIdePromptComplete: (result: IdeIntegrationNudgeResult) => void;
packages/cli/src/ui/contexts/UIStateContext.tsx
+4
View File
@@ -35,8 +35,11 @@ export interface ProQuotaDialogRequest {
resolve: (intent: FallbackIntent) => void;
}
import { type UseHistoryManagerReturn } from '../hooks/useHistoryManager.js';
export interface UIState {
history: HistoryItem[];
historyManager: UseHistoryManagerReturn;
isThemeDialogOpen: boolean;
themeError: string | null;
isAuthenticating: boolean;
@@ -50,6 +53,7 @@ export interface UIState {
debugMessage: string;
quittingMessages: HistoryItem[] | null;
isSettingsDialogOpen: boolean;
isPermissionsDialogOpen: boolean;
slashCommands: readonly SlashCommand[];
pendingSlashCommandHistoryItems: HistoryItemWithoutId[];
commandContext: CommandContext;
packages/cli/src/ui/hooks/slashCommandProcessor.ts
+4
View File
@@ -49,6 +49,7 @@ interface SlashCommandProcessorActions {
openEditorDialog: () => void;
openPrivacyNotice: () => void;
openSettingsDialog: () => void;
openPermissionsDialog: () => void;
quit: (messages: HistoryItem[]) => void;
setDebugMessage: (message: string) => void;
toggleCorgiMode: () => void;
@@ -373,6 +374,9 @@ export const useSlashCommandProcessor = (
case 'settings':
actions.openSettingsDialog();
return { type: 'handled' };
case 'permissions':
actions.openPermissionsDialog();
return { type: 'handled' };
case 'help':
return { type: 'handled' };
default: {
packages/cli/src/ui/hooks/useExtensionUpdates.test.ts
+4 -1
View File
@@ -187,7 +187,10 @@ describe('useExtensionUpdates', () => {
JSON.stringify({ name: 'test-extension', version: '1.1.0' }),
);
});
vi.mocked(isWorkspaceTrusted).mockReturnValue(true);
vi.mocked(isWorkspaceTrusted).mockReturnValue({
isTrusted: true,
source: 'file',
});
renderHook(() => useExtensionUpdates([extension], addItem, tempHomeDir));
packages/cli/src/ui/hooks/useFolderTrust.test.ts
+27 -18
View File
@@ -56,7 +56,7 @@ describe('useFolderTrust', () => {
});
it('should not open dialog when folder is already trusted', () => {
isWorkspaceTrustedSpy.mockReturnValue(true);
isWorkspaceTrustedSpy.mockReturnValue({ isTrusted: true, source: 'file' });
const { result } = renderHook(() =>
useFolderTrust(mockSettings, onTrustChange),
);
@@ -65,7 +65,7 @@ describe('useFolderTrust', () => {
});
it('should not open dialog when folder is already untrusted', () => {
isWorkspaceTrustedSpy.mockReturnValue(false);
isWorkspaceTrustedSpy.mockReturnValue({ isTrusted: false, source: 'file' });
const { result } = renderHook(() =>
useFolderTrust(mockSettings, onTrustChange),
);
@@ -74,7 +74,10 @@ describe('useFolderTrust', () => {
});
it('should open dialog when folder trust is undefined', () => {
isWorkspaceTrustedSpy.mockReturnValue(undefined);
isWorkspaceTrustedSpy.mockReturnValue({
isTrusted: undefined,
source: undefined,
});
const { result } = renderHook(() =>
useFolderTrust(mockSettings, onTrustChange),
);
@@ -83,14 +86,14 @@ describe('useFolderTrust', () => {
});
it('should handle TRUST_FOLDER choice', () => {
isWorkspaceTrustedSpy
.mockReturnValueOnce(undefined)
.mockReturnValueOnce(true);
isWorkspaceTrustedSpy.mockReturnValue({
isTrusted: undefined,
source: undefined,
});
const { result } = renderHook(() =>
useFolderTrust(mockSettings, onTrustChange),
);
isWorkspaceTrustedSpy.mockReturnValue(true);
act(() => {
result.current.handleFolderTrustSelect(FolderTrustChoice.TRUST_FOLDER);
});
@@ -105,9 +108,10 @@ describe('useFolderTrust', () => {
});
it('should handle TRUST_PARENT choice', () => {
isWorkspaceTrustedSpy
.mockReturnValueOnce(undefined)
.mockReturnValueOnce(true);
isWorkspaceTrustedSpy.mockReturnValue({
isTrusted: undefined,
source: undefined,
});
const { result } = renderHook(() =>
useFolderTrust(mockSettings, onTrustChange),
);
@@ -125,9 +129,10 @@ describe('useFolderTrust', () => {
});
it('should handle DO_NOT_TRUST choice and trigger restart', () => {
isWorkspaceTrustedSpy
.mockReturnValueOnce(undefined)
.mockReturnValueOnce(false);
isWorkspaceTrustedSpy.mockReturnValue({
isTrusted: undefined,
source: undefined,
});
const { result } = renderHook(() =>
useFolderTrust(mockSettings, onTrustChange),
);
@@ -146,7 +151,10 @@ describe('useFolderTrust', () => {
});
it('should do nothing for default choice', () => {
isWorkspaceTrustedSpy.mockReturnValue(undefined);
isWorkspaceTrustedSpy.mockReturnValue({
isTrusted: undefined,
source: undefined,
});
const { result } = renderHook(() =>
useFolderTrust(mockSettings, onTrustChange),
);
@@ -164,7 +172,7 @@ describe('useFolderTrust', () => {
});
it('should set isRestarting to true when trust status changes from false to true', () => {
isWorkspaceTrustedSpy.mockReturnValueOnce(false).mockReturnValueOnce(true); // Initially untrusted, then trusted
isWorkspaceTrustedSpy.mockReturnValue({ isTrusted: false, source: 'file' }); // Initially untrusted
const { result } = renderHook(() =>
useFolderTrust(mockSettings, onTrustChange),
);
@@ -178,9 +186,10 @@ describe('useFolderTrust', () => {
});
it('should not set isRestarting to true when trust status does not change', () => {
isWorkspaceTrustedSpy
.mockReturnValueOnce(undefined)
.mockReturnValueOnce(true); // Initially undefined, then trust
isWorkspaceTrustedSpy.mockReturnValue({
isTrusted: undefined,
source: undefined,
});
const { result } = renderHook(() =>
useFolderTrust(mockSettings, onTrustChange),
);
packages/cli/src/ui/hooks/useFolderTrust.ts
+1 -1
View File
@@ -25,7 +25,7 @@ export const useFolderTrust = (
const folderTrust = settings.merged.security?.folderTrust?.enabled;
useEffect(() => {
const trusted = isWorkspaceTrusted(settings.merged);
const { isTrusted: trusted } = isWorkspaceTrusted(settings.merged);
setIsTrusted(trusted);
setIsFolderTrustDialogOpen(trusted === undefined);
onTrustChange(trusted);
packages/cli/src/ui/hooks/usePermissionsModifyTrust.test.ts
+263
View File
@@ -0,0 +1,263 @@
/**
* @license
* Copyright 2025 Google LLC
* SPDX-License-Identifier: Apache-2.0
*/
/// <reference types="vitest/globals" />
import {
describe,
it,
expect,
vi,
beforeEach,
afterEach,
type Mock,
} from 'vitest';
import { renderHook, act } from '@testing-library/react';
import { usePermissionsModifyTrust } from './usePermissionsModifyTrust.js';
import { TrustLevel } from '../../config/trustedFolders.js';
import type { LoadedSettings } from '../../config/settings.js';
import type { LoadedTrustedFolders } from '../../config/trustedFolders.js';
// Hoist mocks
const mockedCwd = vi.hoisted(() => vi.fn());
const mockedLoadTrustedFolders = vi.hoisted(() => vi.fn());
const mockedIsWorkspaceTrusted = vi.hoisted(() => vi.fn());
const mockedUseSettings = vi.hoisted(() => vi.fn());
// Mock modules
vi.mock('node:process', () => ({
cwd: mockedCwd,
}));
vi.mock('../../config/trustedFolders.js', () => ({
loadTrustedFolders: mockedLoadTrustedFolders,
isWorkspaceTrusted: mockedIsWorkspaceTrusted,
TrustLevel: {
TRUST_FOLDER: 'TRUST_FOLDER',
TRUST_PARENT: 'TRUST_PARENT',
DO_NOT_TRUST: 'DO_NOT_TRUST',
},
}));
vi.mock('../contexts/SettingsContext.js', () => ({
useSettings: mockedUseSettings,
}));
describe('usePermissionsModifyTrust', () => {
let mockOnExit: Mock;
let mockAddItem: Mock;
beforeEach(() => {
mockAddItem = vi.fn();
mockOnExit = vi.fn();
mockedCwd.mockReturnValue('/test/dir');
mockedUseSettings.mockReturnValue({
merged: {
security: {
folderTrust: {
enabled: true,
},
},
},
} as LoadedSettings);
mockedIsWorkspaceTrusted.mockReturnValue({
isTrusted: undefined,
source: undefined,
});
});
afterEach(() => {
vi.resetAllMocks();
});
it('should initialize with the correct trust level', () => {
mockedLoadTrustedFolders.mockReturnValue({
user: { config: { '/test/dir': TrustLevel.TRUST_FOLDER } },
} as unknown as LoadedTrustedFolders);
mockedIsWorkspaceTrusted.mockReturnValue({
isTrusted: true,
source: 'file',
});
const { result } = renderHook(() =>
usePermissionsModifyTrust(mockOnExit, mockAddItem),
);
expect(result.current.currentTrustLevel).toBe(TrustLevel.TRUST_FOLDER);
});
it('should detect inherited trust from parent', () => {
mockedLoadTrustedFolders.mockReturnValue({
user: { config: {} },
setValue: vi.fn(),
} as unknown as LoadedTrustedFolders);
mockedIsWorkspaceTrusted.mockReturnValue({
isTrusted: true,
source: 'file',
});
const { result } = renderHook(() =>
usePermissionsModifyTrust(mockOnExit, mockAddItem),
);
expect(result.current.isInheritedTrustFromParent).toBe(true);
expect(result.current.isInheritedTrustFromIde).toBe(false);
});
it('should detect inherited trust from IDE', () => {
mockedLoadTrustedFolders.mockReturnValue({
user: { config: {} }, // No explicit trust
} as unknown as LoadedTrustedFolders);
mockedIsWorkspaceTrusted.mockReturnValue({
isTrusted: true,
source: 'ide',
});
const { result } = renderHook(() =>
usePermissionsModifyTrust(mockOnExit, mockAddItem),
);
expect(result.current.isInheritedTrustFromIde).toBe(true);
expect(result.current.isInheritedTrustFromParent).toBe(false);
});
it('should set needsRestart but not save when trust changes', () => {
const mockSetValue = vi.fn();
mockedLoadTrustedFolders.mockReturnValue({
user: { config: {} },
setValue: mockSetValue,
} as unknown as LoadedTrustedFolders);
mockedIsWorkspaceTrusted
.mockReturnValueOnce({ isTrusted: false, source: 'file' })
.mockReturnValueOnce({ isTrusted: true, source: 'file' });
const { result } = renderHook(() =>
usePermissionsModifyTrust(mockOnExit, mockAddItem),
);
act(() => {
result.current.updateTrustLevel(TrustLevel.TRUST_FOLDER);
});
expect(result.current.needsRestart).toBe(true);
expect(mockSetValue).not.toHaveBeenCalled();
});
it('should save immediately if trust does not change', () => {
const mockSetValue = vi.fn();
mockedLoadTrustedFolders.mockReturnValue({
user: { config: {} },
setValue: mockSetValue,
} as unknown as LoadedTrustedFolders);
mockedIsWorkspaceTrusted.mockReturnValue({
isTrusted: true,
source: 'file',
});
const { result } = renderHook(() =>
usePermissionsModifyTrust(mockOnExit, mockAddItem),
);
act(() => {
result.current.updateTrustLevel(TrustLevel.TRUST_PARENT);
});
expect(result.current.needsRestart).toBe(false);
expect(mockSetValue).toHaveBeenCalledWith(
'/test/dir',
TrustLevel.TRUST_PARENT,
);
expect(mockOnExit).toHaveBeenCalled();
});
it('should commit the pending trust level change', () => {
const mockSetValue = vi.fn();
mockedLoadTrustedFolders.mockReturnValue({
user: { config: {} },
setValue: mockSetValue,
} as unknown as LoadedTrustedFolders);
mockedIsWorkspaceTrusted
.mockReturnValueOnce({ isTrusted: false, source: 'file' })
.mockReturnValueOnce({ isTrusted: true, source: 'file' });
const { result } = renderHook(() =>
usePermissionsModifyTrust(mockOnExit, mockAddItem),
);
act(() => {
result.current.updateTrustLevel(TrustLevel.TRUST_FOLDER);
});
expect(result.current.needsRestart).toBe(true);
act(() => {
result.current.commitTrustLevelChange();
});
expect(mockSetValue).toHaveBeenCalledWith(
'/test/dir',
TrustLevel.TRUST_FOLDER,
);
});
it('should add warning when setting DO_NOT_TRUST but still trusted by parent', () => {
mockedLoadTrustedFolders.mockReturnValue({
user: { config: {} },
setValue: vi.fn(),
} as unknown as LoadedTrustedFolders);
mockedIsWorkspaceTrusted.mockReturnValue({
isTrusted: true,
source: 'file',
});
const { result } = renderHook(() =>
usePermissionsModifyTrust(mockOnExit, mockAddItem),
);
act(() => {
result.current.updateTrustLevel(TrustLevel.DO_NOT_TRUST);
});
expect(mockAddItem).toHaveBeenCalledWith(
{
type: 'warning',
text: 'Note: This folder is still trusted because a parent folder is trusted.',
},
expect.any(Number),
);
});
it('should add warning when setting DO_NOT_TRUST but still trusted by IDE', () => {
mockedLoadTrustedFolders.mockReturnValue({
user: { config: {} },
setValue: vi.fn(),
} as unknown as LoadedTrustedFolders);
mockedIsWorkspaceTrusted.mockReturnValue({
isTrusted: true,
source: 'ide',
});
const { result } = renderHook(() =>
usePermissionsModifyTrust(mockOnExit, mockAddItem),
);
act(() => {
result.current.updateTrustLevel(TrustLevel.DO_NOT_TRUST);
});
expect(mockAddItem).toHaveBeenCalledWith(
{
type: 'warning',
text: 'Note: This folder is still trusted because the connected IDE workspace is trusted.',
},
expect.any(Number),
);
});
});
packages/cli/src/ui/hooks/usePermissionsModifyTrust.ts
+128
View File
@@ -0,0 +1,128 @@
/**
* @license
* Copyright 2025 Google LLC
* SPDX-License-Identifier: Apache-2.0
*/
import { useState, useCallback } from 'react';
import * as process from 'node:process';
import {
loadTrustedFolders,
TrustLevel,
isWorkspaceTrusted,
} from '../../config/trustedFolders.js';
import { useSettings } from '../contexts/SettingsContext.js';
import { MessageType } from '../types.js';
import { type UseHistoryManagerReturn } from './useHistoryManager.js';
import type { LoadedSettings } from '../../config/settings.js';
interface TrustState {
currentTrustLevel: TrustLevel | undefined;
isInheritedTrustFromParent: boolean;
isInheritedTrustFromIde: boolean;
}
function getInitialTrustState(
settings: LoadedSettings,
cwd: string,
): TrustState {
const folders = loadTrustedFolders();
const explicitTrustLevel = folders.user.config[cwd];
const { isTrusted, source } = isWorkspaceTrusted(settings.merged);
const isInheritedTrust =
isTrusted &&
(!explicitTrustLevel || explicitTrustLevel === TrustLevel.DO_NOT_TRUST);
return {
currentTrustLevel: explicitTrustLevel,
isInheritedTrustFromParent: !!(source === 'file' && isInheritedTrust),
isInheritedTrustFromIde: !!(source === 'ide' && isInheritedTrust),
};
}
export const usePermissionsModifyTrust = (
onExit: () => void,
addItem: UseHistoryManagerReturn['addItem'],
) => {
const settings = useSettings();
const cwd = process.cwd();
const [initialState] = useState(() => getInitialTrustState(settings, cwd));
const [currentTrustLevel] = useState<TrustLevel | undefined>(
initialState.currentTrustLevel,
);
const [pendingTrustLevel, setPendingTrustLevel] = useState<
TrustLevel | undefined
>();
const [isInheritedTrustFromParent] = useState(
initialState.isInheritedTrustFromParent,
);
const [isInheritedTrustFromIde] = useState(
initialState.isInheritedTrustFromIde,
);
const [needsRestart, setNeedsRestart] = useState(false);
const isFolderTrustEnabled = !!settings.merged.security?.folderTrust?.enabled;
const updateTrustLevel = useCallback(
(trustLevel: TrustLevel) => {
const wasTrusted = isWorkspaceTrusted(settings.merged).isTrusted;
// Create a temporary config to check the new trust status without writing
const currentConfig = loadTrustedFolders().user.config;
const newConfig = { ...currentConfig, [cwd]: trustLevel };
const { isTrusted, source } = isWorkspaceTrusted(
settings.merged,
newConfig,
);
if (trustLevel === TrustLevel.DO_NOT_TRUST && isTrusted) {
let message =
'Note: This folder is still trusted because the connected IDE workspace is trusted.';
if (source === 'file') {
message =
'Note: This folder is still trusted because a parent folder is trusted.';
}
addItem(
{
type: MessageType.WARNING,
text: message,
},
Date.now(),
);
}
if (wasTrusted !== isTrusted) {
setPendingTrustLevel(trustLevel);
setNeedsRestart(true);
} else {
const folders = loadTrustedFolders();
folders.setValue(cwd, trustLevel);
onExit();
}
},
[cwd, settings.merged, onExit, addItem],
);
const commitTrustLevelChange = useCallback(() => {
if (pendingTrustLevel) {
const folders = loadTrustedFolders();
folders.setValue(cwd, pendingTrustLevel);
}
}, [cwd, pendingTrustLevel]);
return {
cwd,
currentTrustLevel,
isInheritedTrustFromParent,
isInheritedTrustFromIde,
needsRestart,
updateTrustLevel,
commitTrustLevelChange,
isFolderTrustEnabled,
};
};