MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-04-23 11:34:44 -07:00
Code Issues Packages Projects Releases Wiki Activity

feat(cli): Add permissions command to modify trust settings (#8792)

Browse Source
This commit is contained in:
shrutip90
2025-09-22 11:45:02 -07:00
committed by GitHub
parent c0c7ad10ca
commit 6c559e2338
26 changed files with 991 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/cli/src/ui/hooks/slashCommandProcessor.ts
+4
View File
@@ -49,6 +49,7 @@ interface SlashCommandProcessorActions {
openEditorDialog: () => void;
openPrivacyNotice: () => void;
openSettingsDialog: () => void;
openPermissionsDialog: () => void;
quit: (messages: HistoryItem[]) => void;
setDebugMessage: (message: string) => void;
toggleCorgiMode: () => void;
@@ -373,6 +374,9 @@ export const useSlashCommandProcessor = (
case 'settings':
actions.openSettingsDialog();
return { type: 'handled' };
case 'permissions':
actions.openPermissionsDialog();
return { type: 'handled' };
case 'help':
return { type: 'handled' };
default: {
packages/cli/src/ui/hooks/useExtensionUpdates.test.ts
+4 -1
View File
@@ -187,7 +187,10 @@ describe('useExtensionUpdates', () => {
JSON.stringify({ name: 'test-extension', version: '1.1.0' }),
);
});
vi.mocked(isWorkspaceTrusted).mockReturnValue(true);
vi.mocked(isWorkspaceTrusted).mockReturnValue({
isTrusted: true,
source: 'file',
});
renderHook(() => useExtensionUpdates([extension], addItem, tempHomeDir));
packages/cli/src/ui/hooks/useFolderTrust.test.ts
+27 -18
View File
@@ -56,7 +56,7 @@ describe('useFolderTrust', () => {
});
it('should not open dialog when folder is already trusted', () => {
isWorkspaceTrustedSpy.mockReturnValue(true);
isWorkspaceTrustedSpy.mockReturnValue({ isTrusted: true, source: 'file' });
const { result } = renderHook(() =>
useFolderTrust(mockSettings, onTrustChange),
);
@@ -65,7 +65,7 @@ describe('useFolderTrust', () => {
});
it('should not open dialog when folder is already untrusted', () => {
isWorkspaceTrustedSpy.mockReturnValue(false);
isWorkspaceTrustedSpy.mockReturnValue({ isTrusted: false, source: 'file' });
const { result } = renderHook(() =>
useFolderTrust(mockSettings, onTrustChange),
);
@@ -74,7 +74,10 @@ describe('useFolderTrust', () => {
});
it('should open dialog when folder trust is undefined', () => {
isWorkspaceTrustedSpy.mockReturnValue(undefined);
isWorkspaceTrustedSpy.mockReturnValue({
isTrusted: undefined,
source: undefined,
});
const { result } = renderHook(() =>
useFolderTrust(mockSettings, onTrustChange),
);
@@ -83,14 +86,14 @@ describe('useFolderTrust', () => {
});
it('should handle TRUST_FOLDER choice', () => {
isWorkspaceTrustedSpy
.mockReturnValueOnce(undefined)
.mockReturnValueOnce(true);
isWorkspaceTrustedSpy.mockReturnValue({
isTrusted: undefined,
source: undefined,
});
const { result } = renderHook(() =>
useFolderTrust(mockSettings, onTrustChange),
);
isWorkspaceTrustedSpy.mockReturnValue(true);
act(() => {
result.current.handleFolderTrustSelect(FolderTrustChoice.TRUST_FOLDER);
});
@@ -105,9 +108,10 @@ describe('useFolderTrust', () => {
});
it('should handle TRUST_PARENT choice', () => {
isWorkspaceTrustedSpy
.mockReturnValueOnce(undefined)
.mockReturnValueOnce(true);
isWorkspaceTrustedSpy.mockReturnValue({
isTrusted: undefined,
source: undefined,
});
const { result } = renderHook(() =>
useFolderTrust(mockSettings, onTrustChange),
);
@@ -125,9 +129,10 @@ describe('useFolderTrust', () => {
});
it('should handle DO_NOT_TRUST choice and trigger restart', () => {
isWorkspaceTrustedSpy
.mockReturnValueOnce(undefined)
.mockReturnValueOnce(false);
isWorkspaceTrustedSpy.mockReturnValue({
isTrusted: undefined,
source: undefined,
});
const { result } = renderHook(() =>
useFolderTrust(mockSettings, onTrustChange),
);
@@ -146,7 +151,10 @@ describe('useFolderTrust', () => {
});
it('should do nothing for default choice', () => {
isWorkspaceTrustedSpy.mockReturnValue(undefined);
isWorkspaceTrustedSpy.mockReturnValue({
isTrusted: undefined,
source: undefined,
});
const { result } = renderHook(() =>
useFolderTrust(mockSettings, onTrustChange),
);
@@ -164,7 +172,7 @@ describe('useFolderTrust', () => {
});
it('should set isRestarting to true when trust status changes from false to true', () => {
isWorkspaceTrustedSpy.mockReturnValueOnce(false).mockReturnValueOnce(true); // Initially untrusted, then trusted
isWorkspaceTrustedSpy.mockReturnValue({ isTrusted: false, source: 'file' }); // Initially untrusted
const { result } = renderHook(() =>
useFolderTrust(mockSettings, onTrustChange),
);
@@ -178,9 +186,10 @@ describe('useFolderTrust', () => {
});
it('should not set isRestarting to true when trust status does not change', () => {
isWorkspaceTrustedSpy
.mockReturnValueOnce(undefined)
.mockReturnValueOnce(true); // Initially undefined, then trust
isWorkspaceTrustedSpy.mockReturnValue({
isTrusted: undefined,
source: undefined,
});
const { result } = renderHook(() =>
useFolderTrust(mockSettings, onTrustChange),
);
packages/cli/src/ui/hooks/useFolderTrust.ts
+1 -1
View File
@@ -25,7 +25,7 @@ export const useFolderTrust = (
const folderTrust = settings.merged.security?.folderTrust?.enabled;
useEffect(() => {
const trusted = isWorkspaceTrusted(settings.merged);
const { isTrusted: trusted } = isWorkspaceTrusted(settings.merged);
setIsTrusted(trusted);
setIsFolderTrustDialogOpen(trusted === undefined);
onTrustChange(trusted);
packages/cli/src/ui/hooks/usePermissionsModifyTrust.test.ts
+263
View File
@@ -0,0 +1,263 @@
/**
* @license
* Copyright 2025 Google LLC
* SPDX-License-Identifier: Apache-2.0
*/
/// <reference types="vitest/globals" />
import {
describe,
it,
expect,
vi,
beforeEach,
afterEach,
type Mock,
} from 'vitest';
import { renderHook, act } from '@testing-library/react';
import { usePermissionsModifyTrust } from './usePermissionsModifyTrust.js';
import { TrustLevel } from '../../config/trustedFolders.js';
import type { LoadedSettings } from '../../config/settings.js';
import type { LoadedTrustedFolders } from '../../config/trustedFolders.js';
// Hoist mocks
const mockedCwd = vi.hoisted(() => vi.fn());
const mockedLoadTrustedFolders = vi.hoisted(() => vi.fn());
const mockedIsWorkspaceTrusted = vi.hoisted(() => vi.fn());
const mockedUseSettings = vi.hoisted(() => vi.fn());
// Mock modules
vi.mock('node:process', () => ({
cwd: mockedCwd,
}));
vi.mock('../../config/trustedFolders.js', () => ({
loadTrustedFolders: mockedLoadTrustedFolders,
isWorkspaceTrusted: mockedIsWorkspaceTrusted,
TrustLevel: {
TRUST_FOLDER: 'TRUST_FOLDER',
TRUST_PARENT: 'TRUST_PARENT',
DO_NOT_TRUST: 'DO_NOT_TRUST',
},
}));
vi.mock('../contexts/SettingsContext.js', () => ({
useSettings: mockedUseSettings,
}));
describe('usePermissionsModifyTrust', () => {
let mockOnExit: Mock;
let mockAddItem: Mock;
beforeEach(() => {
mockAddItem = vi.fn();
mockOnExit = vi.fn();
mockedCwd.mockReturnValue('/test/dir');
mockedUseSettings.mockReturnValue({
merged: {
security: {
folderTrust: {
enabled: true,
},
},
},
} as LoadedSettings);
mockedIsWorkspaceTrusted.mockReturnValue({
isTrusted: undefined,
source: undefined,
});
});
afterEach(() => {
vi.resetAllMocks();
});
it('should initialize with the correct trust level', () => {
mockedLoadTrustedFolders.mockReturnValue({
user: { config: { '/test/dir': TrustLevel.TRUST_FOLDER } },
} as unknown as LoadedTrustedFolders);
mockedIsWorkspaceTrusted.mockReturnValue({
isTrusted: true,
source: 'file',
});
const { result } = renderHook(() =>
usePermissionsModifyTrust(mockOnExit, mockAddItem),
);
expect(result.current.currentTrustLevel).toBe(TrustLevel.TRUST_FOLDER);
});
it('should detect inherited trust from parent', () => {
mockedLoadTrustedFolders.mockReturnValue({
user: { config: {} },
setValue: vi.fn(),
} as unknown as LoadedTrustedFolders);
mockedIsWorkspaceTrusted.mockReturnValue({
isTrusted: true,
source: 'file',
});
const { result } = renderHook(() =>
usePermissionsModifyTrust(mockOnExit, mockAddItem),
);
expect(result.current.isInheritedTrustFromParent).toBe(true);
expect(result.current.isInheritedTrustFromIde).toBe(false);
});
it('should detect inherited trust from IDE', () => {
mockedLoadTrustedFolders.mockReturnValue({
user: { config: {} }, // No explicit trust
} as unknown as LoadedTrustedFolders);
mockedIsWorkspaceTrusted.mockReturnValue({
isTrusted: true,
source: 'ide',
});
const { result } = renderHook(() =>
usePermissionsModifyTrust(mockOnExit, mockAddItem),
);
expect(result.current.isInheritedTrustFromIde).toBe(true);
expect(result.current.isInheritedTrustFromParent).toBe(false);
});
it('should set needsRestart but not save when trust changes', () => {
const mockSetValue = vi.fn();
mockedLoadTrustedFolders.mockReturnValue({
user: { config: {} },
setValue: mockSetValue,
} as unknown as LoadedTrustedFolders);
mockedIsWorkspaceTrusted
.mockReturnValueOnce({ isTrusted: false, source: 'file' })
.mockReturnValueOnce({ isTrusted: true, source: 'file' });
const { result } = renderHook(() =>
usePermissionsModifyTrust(mockOnExit, mockAddItem),
);
act(() => {
result.current.updateTrustLevel(TrustLevel.TRUST_FOLDER);
});
expect(result.current.needsRestart).toBe(true);
expect(mockSetValue).not.toHaveBeenCalled();
});
it('should save immediately if trust does not change', () => {
const mockSetValue = vi.fn();
mockedLoadTrustedFolders.mockReturnValue({
user: { config: {} },
setValue: mockSetValue,
} as unknown as LoadedTrustedFolders);
mockedIsWorkspaceTrusted.mockReturnValue({
isTrusted: true,
source: 'file',
});
const { result } = renderHook(() =>
usePermissionsModifyTrust(mockOnExit, mockAddItem),
);
act(() => {
result.current.updateTrustLevel(TrustLevel.TRUST_PARENT);
});
expect(result.current.needsRestart).toBe(false);
expect(mockSetValue).toHaveBeenCalledWith(
'/test/dir',
TrustLevel.TRUST_PARENT,
);
expect(mockOnExit).toHaveBeenCalled();
});
it('should commit the pending trust level change', () => {
const mockSetValue = vi.fn();
mockedLoadTrustedFolders.mockReturnValue({
user: { config: {} },
setValue: mockSetValue,
} as unknown as LoadedTrustedFolders);
mockedIsWorkspaceTrusted
.mockReturnValueOnce({ isTrusted: false, source: 'file' })
.mockReturnValueOnce({ isTrusted: true, source: 'file' });
const { result } = renderHook(() =>
usePermissionsModifyTrust(mockOnExit, mockAddItem),
);
act(() => {
result.current.updateTrustLevel(TrustLevel.TRUST_FOLDER);
});
expect(result.current.needsRestart).toBe(true);
act(() => {
result.current.commitTrustLevelChange();
});
expect(mockSetValue).toHaveBeenCalledWith(
'/test/dir',
TrustLevel.TRUST_FOLDER,
);
});
it('should add warning when setting DO_NOT_TRUST but still trusted by parent', () => {
mockedLoadTrustedFolders.mockReturnValue({
user: { config: {} },
setValue: vi.fn(),
} as unknown as LoadedTrustedFolders);
mockedIsWorkspaceTrusted.mockReturnValue({
isTrusted: true,
source: 'file',
});
const { result } = renderHook(() =>
usePermissionsModifyTrust(mockOnExit, mockAddItem),
);
act(() => {
result.current.updateTrustLevel(TrustLevel.DO_NOT_TRUST);
});
expect(mockAddItem).toHaveBeenCalledWith(
{
type: 'warning',
text: 'Note: This folder is still trusted because a parent folder is trusted.',
},
expect.any(Number),
);
});
it('should add warning when setting DO_NOT_TRUST but still trusted by IDE', () => {
mockedLoadTrustedFolders.mockReturnValue({
user: { config: {} },
setValue: vi.fn(),
} as unknown as LoadedTrustedFolders);
mockedIsWorkspaceTrusted.mockReturnValue({
isTrusted: true,
source: 'ide',
});
const { result } = renderHook(() =>
usePermissionsModifyTrust(mockOnExit, mockAddItem),
);
act(() => {
result.current.updateTrustLevel(TrustLevel.DO_NOT_TRUST);
});
expect(mockAddItem).toHaveBeenCalledWith(
{
type: 'warning',
text: 'Note: This folder is still trusted because the connected IDE workspace is trusted.',
},
expect.any(Number),
);
});
});
packages/cli/src/ui/hooks/usePermissionsModifyTrust.ts
+128
View File
@@ -0,0 +1,128 @@
/**
* @license
* Copyright 2025 Google LLC
* SPDX-License-Identifier: Apache-2.0
*/
import { useState, useCallback } from 'react';
import * as process from 'node:process';
import {
loadTrustedFolders,
TrustLevel,
isWorkspaceTrusted,
} from '../../config/trustedFolders.js';
import { useSettings } from '../contexts/SettingsContext.js';
import { MessageType } from '../types.js';
import { type UseHistoryManagerReturn } from './useHistoryManager.js';
import type { LoadedSettings } from '../../config/settings.js';
interface TrustState {
currentTrustLevel: TrustLevel | undefined;
isInheritedTrustFromParent: boolean;
isInheritedTrustFromIde: boolean;
}
function getInitialTrustState(
settings: LoadedSettings,
cwd: string,
): TrustState {
const folders = loadTrustedFolders();
const explicitTrustLevel = folders.user.config[cwd];
const { isTrusted, source } = isWorkspaceTrusted(settings.merged);
const isInheritedTrust =
isTrusted &&
(!explicitTrustLevel || explicitTrustLevel === TrustLevel.DO_NOT_TRUST);
return {
currentTrustLevel: explicitTrustLevel,
isInheritedTrustFromParent: !!(source === 'file' && isInheritedTrust),
isInheritedTrustFromIde: !!(source === 'ide' && isInheritedTrust),
};
}
export const usePermissionsModifyTrust = (
onExit: () => void,
addItem: UseHistoryManagerReturn['addItem'],
) => {
const settings = useSettings();
const cwd = process.cwd();
const [initialState] = useState(() => getInitialTrustState(settings, cwd));
const [currentTrustLevel] = useState<TrustLevel | undefined>(
initialState.currentTrustLevel,
);
const [pendingTrustLevel, setPendingTrustLevel] = useState<
TrustLevel | undefined
>();
const [isInheritedTrustFromParent] = useState(
initialState.isInheritedTrustFromParent,
);
const [isInheritedTrustFromIde] = useState(
initialState.isInheritedTrustFromIde,
);
const [needsRestart, setNeedsRestart] = useState(false);
const isFolderTrustEnabled = !!settings.merged.security?.folderTrust?.enabled;
const updateTrustLevel = useCallback(
(trustLevel: TrustLevel) => {
const wasTrusted = isWorkspaceTrusted(settings.merged).isTrusted;
// Create a temporary config to check the new trust status without writing
const currentConfig = loadTrustedFolders().user.config;
const newConfig = { ...currentConfig, [cwd]: trustLevel };
const { isTrusted, source } = isWorkspaceTrusted(
settings.merged,
newConfig,
);
if (trustLevel === TrustLevel.DO_NOT_TRUST && isTrusted) {
let message =
'Note: This folder is still trusted because the connected IDE workspace is trusted.';
if (source === 'file') {
message =
'Note: This folder is still trusted because a parent folder is trusted.';
}
addItem(
{
type: MessageType.WARNING,
text: message,
},
Date.now(),
);
}
if (wasTrusted !== isTrusted) {
setPendingTrustLevel(trustLevel);
setNeedsRestart(true);
} else {
const folders = loadTrustedFolders();
folders.setValue(cwd, trustLevel);
onExit();
}
},
[cwd, settings.merged, onExit, addItem],
);
const commitTrustLevelChange = useCallback(() => {
if (pendingTrustLevel) {
const folders = loadTrustedFolders();
folders.setValue(cwd, pendingTrustLevel);
}
}, [cwd, pendingTrustLevel]);
return {
cwd,
currentTrustLevel,
isInheritedTrustFromParent,
isInheritedTrustFromIde,
needsRestart,
updateTrustLevel,
commitTrustLevelChange,
isFolderTrustEnabled,
};
};