feat(cli): Add permissions command to modify trust settings (#8792)

packages/cli/src/ui/components/DialogManager.tsx

@@ -18,15 +18,21 @@ import { EditorSettingsDialog } from './EditorSettingsDialog.js';
 import { PrivacyNotice } from '../privacy/PrivacyNotice.js';
 import { WorkspaceMigrationDialog } from './WorkspaceMigrationDialog.js';
 import { ProQuotaDialog } from './ProQuotaDialog.js';
+import { PermissionsModifyTrustDialog } from './PermissionsModifyTrustDialog.js';
 import { theme } from '../semantic-colors.js';
 import { useUIState } from '../contexts/UIStateContext.js';
 import { useUIActions } from '../contexts/UIActionsContext.js';
 import { useConfig } from '../contexts/ConfigContext.js';
 import { useSettings } from '../contexts/SettingsContext.js';
 import process from 'node:process';
+import { type UseHistoryManagerReturn } from '../hooks/useHistoryManager.js';
+
+interface DialogManagerProps {
+  addItem: UseHistoryManagerReturn['addItem'];
+}
 
 // Props for DialogManager
-export const DialogManager = () => {
+export const DialogManager = ({ addItem }: DialogManagerProps) => {
   const config = useConfig();
   const settings = useSettings();
 
@@ -188,5 +194,14 @@ export const DialogManager = () => {
     );
   }
 
+  if (uiState.isPermissionsDialogOpen) {
+    return (
+      <PermissionsModifyTrustDialog
+        onExit={uiActions.closePermissionsDialog}
+        addItem={addItem}
+      />
+    );
+  }
+
   return null;
 };

packages/cli/src/ui/components/PermissionsModifyTrustDialog.test.tsx

@@ -0,0 +1,204 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/// <reference types="vitest/globals" />
+
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+import type { Mock } from 'vitest';
+import { renderWithProviders } from '../../test-utils/render.js';
+import { PermissionsModifyTrustDialog } from './PermissionsModifyTrustDialog.js';
+import { TrustLevel } from '../../config/trustedFolders.js';
+import { waitFor, act } from '@testing-library/react';
+import * as processUtils from '../../utils/processUtils.js';
+import { usePermissionsModifyTrust } from '../hooks/usePermissionsModifyTrust.js';
+
+// Hoist mocks for dependencies of the usePermissionsModifyTrust hook
+const mockedCwd = vi.hoisted(() => vi.fn());
+const mockedLoadTrustedFolders = vi.hoisted(() => vi.fn());
+const mockedIsWorkspaceTrusted = vi.hoisted(() => vi.fn());
+const mockedUseSettings = vi.hoisted(() => vi.fn());
+
+// Mock the modules themselves
+vi.mock('node:process', async (importOriginal) => {
+  const actual = await importOriginal<typeof import('node:process')>();
+  return {
+    ...actual,
+    cwd: mockedCwd,
+  };
+});
+
+vi.mock('../../config/trustedFolders.js', () => ({
+  loadTrustedFolders: mockedLoadTrustedFolders,
+  isWorkspaceTrusted: mockedIsWorkspaceTrusted,
+  TrustLevel: {
+    TRUST_FOLDER: 'TRUST_FOLDER',
+    TRUST_PARENT: 'TRUST_PARENT',
+    DO_NOT_TRUST: 'DO_NOT_TRUST',
+  },
+}));
+
+vi.mock('../contexts/SettingsContext.js', () => ({
+  useSettings: mockedUseSettings,
+}));
+
+vi.mock('../hooks/usePermissionsModifyTrust.js');
+
+describe('PermissionsModifyTrustDialog', () => {
+  let mockUpdateTrustLevel: Mock;
+  let mockCommitTrustLevelChange: Mock;
+
+  beforeEach(() => {
+    mockUpdateTrustLevel = vi.fn();
+    mockCommitTrustLevelChange = vi.fn();
+    vi.mocked(usePermissionsModifyTrust).mockReturnValue({
+      cwd: '/test/dir',
+      currentTrustLevel: TrustLevel.DO_NOT_TRUST,
+      isInheritedTrustFromParent: false,
+      isInheritedTrustFromIde: false,
+      needsRestart: false,
+      updateTrustLevel: mockUpdateTrustLevel,
+      commitTrustLevelChange: mockCommitTrustLevelChange,
+      isFolderTrustEnabled: true,
+    });
+  });
+
+  afterEach(() => {
+    vi.resetAllMocks();
+  });
+
+  it('should render the main dialog with current trust level', async () => {
+    const { lastFrame } = renderWithProviders(
+      <PermissionsModifyTrustDialog onExit={vi.fn()} addItem={vi.fn()} />,
+    );
+
+    await waitFor(() => {
+      expect(lastFrame()).toContain('Modify Trust Level');
+      expect(lastFrame()).toContain('Folder: /test/dir');
+      expect(lastFrame()).toContain('Current Level: DO_NOT_TRUST');
+    });
+  });
+
+  it('should display the inherited trust note from parent', async () => {
+    vi.mocked(usePermissionsModifyTrust).mockReturnValue({
+      cwd: '/test/dir',
+      currentTrustLevel: TrustLevel.DO_NOT_TRUST,
+      isInheritedTrustFromParent: true,
+      isInheritedTrustFromIde: false,
+      needsRestart: false,
+      updateTrustLevel: mockUpdateTrustLevel,
+      commitTrustLevelChange: mockCommitTrustLevelChange,
+      isFolderTrustEnabled: true,
+    });
+    const { lastFrame } = renderWithProviders(
+      <PermissionsModifyTrustDialog onExit={vi.fn()} addItem={vi.fn()} />,
+    );
+
+    await waitFor(() => {
+      expect(lastFrame()).toContain(
+        'Note: This folder behaves as a trusted folder because one of the parent folders is trusted.',
+      );
+    });
+  });
+
+  it('should display the inherited trust note from IDE', async () => {
+    vi.mocked(usePermissionsModifyTrust).mockReturnValue({
+      cwd: '/test/dir',
+      currentTrustLevel: TrustLevel.DO_NOT_TRUST,
+      isInheritedTrustFromParent: false,
+      isInheritedTrustFromIde: true,
+      needsRestart: false,
+      updateTrustLevel: mockUpdateTrustLevel,
+      commitTrustLevelChange: mockCommitTrustLevelChange,
+      isFolderTrustEnabled: true,
+    });
+    const { lastFrame } = renderWithProviders(
+      <PermissionsModifyTrustDialog onExit={vi.fn()} addItem={vi.fn()} />,
+    );
+
+    await waitFor(() => {
+      expect(lastFrame()).toContain(
+        'Note: This folder behaves as a trusted folder because the connected IDE workspace is trusted.',
+      );
+    });
+  });
+
+  it('should call onExit when escape is pressed', async () => {
+    const onExit = vi.fn();
+    const { stdin, lastFrame } = renderWithProviders(
+      <PermissionsModifyTrustDialog onExit={onExit} addItem={vi.fn()} />,
+    );
+
+    await waitFor(() => expect(lastFrame()).not.toContain('Loading...'));
+
+    act(() => {
+      stdin.write('\x1b'); // escape key
+    });
+
+    await waitFor(() => {
+      expect(onExit).toHaveBeenCalled();
+    });
+  });
+
+  it('should commit, restart, and exit on `r` keypress', async () => {
+    const mockRelaunchApp = vi
+      .spyOn(processUtils, 'relaunchApp')
+      .mockResolvedValue(undefined);
+    vi.mocked(usePermissionsModifyTrust).mockReturnValue({
+      cwd: '/test/dir',
+      currentTrustLevel: TrustLevel.DO_NOT_TRUST,
+      isInheritedTrustFromParent: false,
+      isInheritedTrustFromIde: false,
+      needsRestart: true,
+      updateTrustLevel: mockUpdateTrustLevel,
+      commitTrustLevelChange: mockCommitTrustLevelChange,
+      isFolderTrustEnabled: true,
+    });
+
+    const onExit = vi.fn();
+    const { stdin, lastFrame } = renderWithProviders(
+      <PermissionsModifyTrustDialog onExit={onExit} addItem={vi.fn()} />,
+    );
+
+    await waitFor(() => expect(lastFrame()).not.toContain('Loading...'));
+
+    act(() => stdin.write('r')); // Press 'r' to restart
+
+    await waitFor(() => {
+      expect(mockCommitTrustLevelChange).toHaveBeenCalled();
+      expect(mockRelaunchApp).toHaveBeenCalled();
+      expect(onExit).toHaveBeenCalled();
+    });
+
+    mockRelaunchApp.mockRestore();
+  });
+
+  it('should not commit when escape is pressed during restart prompt', async () => {
+    vi.mocked(usePermissionsModifyTrust).mockReturnValue({
+      cwd: '/test/dir',
+      currentTrustLevel: TrustLevel.DO_NOT_TRUST,
+      isInheritedTrustFromParent: false,
+      isInheritedTrustFromIde: false,
+      needsRestart: true,
+      updateTrustLevel: mockUpdateTrustLevel,
+      commitTrustLevelChange: mockCommitTrustLevelChange,
+      isFolderTrustEnabled: true,
+    });
+
+    const onExit = vi.fn();
+    const { stdin, lastFrame } = renderWithProviders(
+      <PermissionsModifyTrustDialog onExit={onExit} addItem={vi.fn()} />,
+    );
+
+    await waitFor(() => expect(lastFrame()).not.toContain('Loading...'));
+
+    act(() => stdin.write('\x1b')); // Press escape
+
+    await waitFor(() => {
+      expect(mockCommitTrustLevelChange).not.toHaveBeenCalled();
+      expect(onExit).toHaveBeenCalled();
+    });
+  });
+});

packages/cli/src/ui/components/PermissionsModifyTrustDialog.tsx

@@ -0,0 +1,122 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { Box, Text } from 'ink';
+import type React from 'react';
+import { TrustLevel } from '../../config/trustedFolders.js';
+import { useKeypress } from '../hooks/useKeypress.js';
+import { usePermissionsModifyTrust } from '../hooks/usePermissionsModifyTrust.js';
+import { theme } from '../semantic-colors.js';
+import { RadioButtonSelect } from './shared/RadioButtonSelect.js';
+import { relaunchApp } from '../../utils/processUtils.js';
+import { type UseHistoryManagerReturn } from '../hooks/useHistoryManager.js';
+
+interface PermissionsModifyTrustDialogProps {
+  onExit: () => void;
+  addItem: UseHistoryManagerReturn['addItem'];
+}
+
+const TRUST_LEVEL_ITEMS = [
+  {
+    label: 'Trust this folder',
+    value: TrustLevel.TRUST_FOLDER,
+  },
+  {
+    label: 'Trust parent folder',
+    value: TrustLevel.TRUST_PARENT,
+  },
+  {
+    label: "Don't trust",
+    value: TrustLevel.DO_NOT_TRUST,
+  },
+];
+
+export function PermissionsModifyTrustDialog({
+  onExit,
+  addItem,
+}: PermissionsModifyTrustDialogProps): React.JSX.Element {
+  const {
+    cwd,
+    currentTrustLevel,
+    isInheritedTrustFromParent,
+    isInheritedTrustFromIde,
+    needsRestart,
+    updateTrustLevel,
+    commitTrustLevelChange,
+  } = usePermissionsModifyTrust(onExit, addItem);
+
+  useKeypress(
+    (key) => {
+      if (key.name === 'escape') {
+        onExit();
+      }
+      if (needsRestart && key.name === 'r') {
+        commitTrustLevelChange();
+        relaunchApp();
+        onExit();
+      }
+    },
+    { isActive: true },
+  );
+
+  const index = TRUST_LEVEL_ITEMS.findIndex(
+    (item) => item.value === currentTrustLevel,
+  );
+  const initialIndex = index === -1 ? 0 : index;
+
+  return (
+    <>
+      <Box
+        borderStyle="round"
+        borderColor={theme.border.default}
+        flexDirection="column"
+        padding={1}
+      >
+        <Box flexDirection="column" paddingBottom={1}>
+          <Text bold>{'> '}Modify Trust Level</Text>
+          <Box marginTop={1} />
+          <Text>Folder: {cwd}</Text>
+          <Text>
+            Current Level: <Text bold>{currentTrustLevel || 'Not Set'}</Text>
+          </Text>
+          {isInheritedTrustFromParent && (
+            <Text color={theme.text.secondary}>
+              Note: This folder behaves as a trusted folder because one of the
+              parent folders is trusted. It will remain trusted even if you set
+              a different trust level here. To change this, you need to modify
+              the trust setting in the parent folder.
+            </Text>
+          )}
+          {isInheritedTrustFromIde && (
+            <Text color={theme.text.secondary}>
+              Note: This folder behaves as a trusted folder because the
+              connected IDE workspace is trusted. It will remain trusted even if
+              you set a different trust level here.
+            </Text>
+          )}
+        </Box>
+
+        <RadioButtonSelect
+          items={TRUST_LEVEL_ITEMS}
+          onSelect={updateTrustLevel}
+          isFocused={true}
+          initialIndex={initialIndex}
+        />
+        <Box marginTop={1}>
+          <Text color={theme.text.secondary}>(Use Enter to select)</Text>
+        </Box>
+      </Box>
+      {needsRestart && (
+        <Box marginLeft={1} marginTop={1}>
+          <Text color={theme.status.warning}>
+            To apply the trust changes, Gemini CLI must be restarted. Press
+            &apos;r&apos; to restart CLI now.
+          </Text>
+        </Box>
+      )}
+    </>
+  );
+}