MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-04-26 13:04:49 -07:00
Code Issues Packages Projects Releases Wiki Activity

feat(cli): Add permissions command to modify trust settings (#8792)

Browse Source
This commit is contained in:
shrutip90
2025-09-22 11:45:02 -07:00
committed by GitHub
parent c0c7ad10ca
commit 6c559e2338
26 changed files with 991 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/cli/src/ui/hooks/usePermissionsModifyTrust.ts
+128
View File
@@ -0,0 +1,128 @@
/**
* @license
* Copyright 2025 Google LLC
* SPDX-License-Identifier: Apache-2.0
*/
import { useState, useCallback } from 'react';
import * as process from 'node:process';
import {
loadTrustedFolders,
TrustLevel,
isWorkspaceTrusted,
} from '../../config/trustedFolders.js';
import { useSettings } from '../contexts/SettingsContext.js';
import { MessageType } from '../types.js';
import { type UseHistoryManagerReturn } from './useHistoryManager.js';
import type { LoadedSettings } from '../../config/settings.js';
interface TrustState {
currentTrustLevel: TrustLevel | undefined;
isInheritedTrustFromParent: boolean;
isInheritedTrustFromIde: boolean;
}
function getInitialTrustState(
settings: LoadedSettings,
cwd: string,
): TrustState {
const folders = loadTrustedFolders();
const explicitTrustLevel = folders.user.config[cwd];
const { isTrusted, source } = isWorkspaceTrusted(settings.merged);
const isInheritedTrust =
isTrusted &&
(!explicitTrustLevel || explicitTrustLevel === TrustLevel.DO_NOT_TRUST);
return {
currentTrustLevel: explicitTrustLevel,
isInheritedTrustFromParent: !!(source === 'file' && isInheritedTrust),
isInheritedTrustFromIde: !!(source === 'ide' && isInheritedTrust),
};
}
export const usePermissionsModifyTrust = (
onExit: () => void,
addItem: UseHistoryManagerReturn['addItem'],
) => {
const settings = useSettings();
const cwd = process.cwd();
const [initialState] = useState(() => getInitialTrustState(settings, cwd));
const [currentTrustLevel] = useState<TrustLevel | undefined>(
initialState.currentTrustLevel,
);
const [pendingTrustLevel, setPendingTrustLevel] = useState<
TrustLevel | undefined
>();
const [isInheritedTrustFromParent] = useState(
initialState.isInheritedTrustFromParent,
);
const [isInheritedTrustFromIde] = useState(
initialState.isInheritedTrustFromIde,
);
const [needsRestart, setNeedsRestart] = useState(false);
const isFolderTrustEnabled = !!settings.merged.security?.folderTrust?.enabled;
const updateTrustLevel = useCallback(
(trustLevel: TrustLevel) => {
const wasTrusted = isWorkspaceTrusted(settings.merged).isTrusted;
// Create a temporary config to check the new trust status without writing
const currentConfig = loadTrustedFolders().user.config;
const newConfig = { ...currentConfig, [cwd]: trustLevel };
const { isTrusted, source } = isWorkspaceTrusted(
settings.merged,
newConfig,
);
if (trustLevel === TrustLevel.DO_NOT_TRUST && isTrusted) {
let message =
'Note: This folder is still trusted because the connected IDE workspace is trusted.';
if (source === 'file') {
message =
'Note: This folder is still trusted because a parent folder is trusted.';
}
addItem(
{
type: MessageType.WARNING,
text: message,
},
Date.now(),
);
}
if (wasTrusted !== isTrusted) {
setPendingTrustLevel(trustLevel);
setNeedsRestart(true);
} else {
const folders = loadTrustedFolders();
folders.setValue(cwd, trustLevel);
onExit();
}
},
[cwd, settings.merged, onExit, addItem],
);
const commitTrustLevelChange = useCallback(() => {
if (pendingTrustLevel) {
const folders = loadTrustedFolders();
folders.setValue(cwd, pendingTrustLevel);
}
}, [cwd, pendingTrustLevel]);
return {
cwd,
currentTrustLevel,
isInheritedTrustFromParent,
isInheritedTrustFromIde,
needsRestart,
updateTrustLevel,
commitTrustLevelChange,
isFolderTrustEnabled,
};
};