Override Gemini CLI trust with VScode workspace trust when in IDE (#7433)

packages/core/src/config/config.ts

@@ -43,6 +43,7 @@ import {
 import { shouldAttemptBrowserLaunch } from '../utils/browser.js';
 import type { MCPOAuthConfig } from '../mcp/oauth-provider.js';
 import { IdeClient } from '../ide/ide-client.js';
+import { ideContext } from '../ide/ideContext.js';
 import type { Content } from '@google/genai';
 import type { FileSystemService } from '../services/fileSystemService.js';
 import { StandardFileSystemService } from '../services/fileSystemService.js';
@@ -749,6 +750,11 @@ export class Config {
     // restarts in the more common path. If the user chooses to mark the folder
     // as untrusted, the CLI will restart and we will have the trust value
     // reloaded.
+    const context = ideContext.getIdeContext();
+    if (context?.workspaceState?.isTrusted !== undefined) {
+      return context.workspaceState.isTrusted;
+    }
+
     return this.trustedFolder ?? true;
   }
 

packages/core/src/ide/ide-client.ts

@@ -77,6 +77,7 @@ export class IdeClient {
   private ideProcessInfo: { pid: number; command: string } | undefined;
   private diffResponses = new Map<string, (result: DiffUpdateResult) => void>();
   private statusListeners = new Set<(state: IDEConnectionState) => void>();
+  private trustChangeListeners = new Set<(isTrusted: boolean) => void>();
 
   private constructor() {}
 
@@ -103,6 +104,14 @@ export class IdeClient {
     this.statusListeners.delete(listener);
   }
 
+  addTrustChangeListener(listener: (isTrusted: boolean) => void) {
+    this.trustChangeListeners.add(listener);
+  }
+
+  removeTrustChangeListener(listener: (isTrusted: boolean) => void) {
+    this.trustChangeListeners.delete(listener);
+  }
+
   async connect(): Promise<void> {
     if (!this.currentIde || !this.currentIdeDisplayName) {
       this.setState(
@@ -422,6 +431,12 @@ export class IdeClient {
       IdeContextNotificationSchema,
       (notification) => {
         ideContext.setIdeContext(notification.params);
+        const isTrusted = notification.params.workspaceState?.isTrusted;
+        if (isTrusted !== undefined) {
+          for (const listener of this.trustChangeListeners) {
+            listener(isTrusted);
+          }
+        }
       },
     );
     this.client.onerror = (_error) => {

packages/core/src/ide/ideContext.ts

@@ -27,6 +27,7 @@ export const IdeContextSchema = z.object({
   workspaceState: z
     .object({
       openFiles: z.array(FileSchema).optional(),
+      isTrusted: z.boolean().optional(),
     })
     .optional(),
 });

packages/core/src/index.ts

@@ -47,6 +47,7 @@ export * from './utils/errorParsing.js';
 export * from './utils/workspaceContext.js';
 export * from './utils/ignorePatterns.js';
 export * from './utils/partUtils.js';
+export * from './utils/ide-trust.js';
 
 // Export services
 export * from './services/fileDiscoveryService.js';

packages/core/src/utils/ide-trust.ts

@@ -0,0 +1,15 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { ideContext } from '../ide/ideContext.js';
+
+/**
+ * Gets the workspace trust from the IDE if available.
+ * @returns A boolean if the IDE provides a trust value, otherwise undefined.
+ */
+export function getIdeTrust(): boolean | undefined {
+  return ideContext.getIdeContext()?.workspaceState?.isTrusted;
+}