mirror of
https://github.com/google-gemini/gemini-cli.git
synced 2026-05-14 13:53:02 -07:00
Clean up dead code (#17443)
This commit is contained in:
Tommaso Sciortino
committed by
GitHub
GitHub
parent
84e882770b
commit
80e1fa198f
@@ -11,8 +11,6 @@ import {
|
||||
type PolicyRule,
|
||||
type SafetyCheckerRule,
|
||||
type HookCheckerRule,
|
||||
type HookExecutionContext,
|
||||
getHookSource,
|
||||
ApprovalMode,
|
||||
type CheckResult,
|
||||
} from './types.js';
|
||||
@@ -20,7 +18,6 @@ import { stableStringify } from './stable-stringify.js';
|
||||
import { debugLogger } from '../utils/debugLogger.js';
|
||||
import type { CheckerRunner } from '../safety/checker-runner.js';
|
||||
import { SafetyCheckDecision } from '../safety/protocol.js';
|
||||
import type { HookExecutionRequest } from '../confirmation-bus/types.js';
|
||||
import {
|
||||
SHELL_TOOL_NAMES,
|
||||
initializeShellParsers,
|
||||
@@ -81,26 +78,6 @@ function ruleMatches(
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a hook checker rule matches a hook execution context.
|
||||
*/
|
||||
function hookCheckerMatches(
|
||||
rule: HookCheckerRule,
|
||||
context: HookExecutionContext,
|
||||
): boolean {
|
||||
// Check event name if specified
|
||||
if (rule.eventName && rule.eventName !== context.eventName) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check hook source if specified
|
||||
if (rule.hookSource && rule.hookSource !== context.hookSource) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
export class PolicyEngine {
|
||||
private rules: PolicyRule[];
|
||||
private checkers: SafetyCheckerRule[];
|
||||
@@ -108,7 +85,6 @@ export class PolicyEngine {
|
||||
private readonly defaultDecision: PolicyDecision;
|
||||
private readonly nonInteractive: boolean;
|
||||
private readonly checkerRunner?: CheckerRunner;
|
||||
private readonly allowHooks: boolean;
|
||||
private approvalMode: ApprovalMode;
|
||||
|
||||
constructor(config: PolicyEngineConfig = {}, checkerRunner?: CheckerRunner) {
|
||||
@@ -124,7 +100,6 @@ export class PolicyEngine {
|
||||
this.defaultDecision = config.defaultDecision ?? PolicyDecision.ASK_USER;
|
||||
this.nonInteractive = config.nonInteractive ?? false;
|
||||
this.checkerRunner = checkerRunner;
|
||||
this.allowHooks = config.allowHooks ?? true;
|
||||
this.approvalMode = config.approvalMode ?? ApprovalMode.DEFAULT;
|
||||
}
|
||||
|
||||
@@ -495,84 +470,6 @@ export class PolicyEngine {
|
||||
return this.hookCheckers;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a hook execution is allowed based on the configured policies.
|
||||
* Runs hook-specific safety checkers if configured.
|
||||
*/
|
||||
async checkHook(
|
||||
request: HookExecutionRequest | HookExecutionContext,
|
||||
): Promise<PolicyDecision> {
|
||||
// If hooks are globally disabled, deny all hook executions
|
||||
if (!this.allowHooks) {
|
||||
return PolicyDecision.DENY;
|
||||
}
|
||||
|
||||
const context: HookExecutionContext =
|
||||
'input' in request
|
||||
? {
|
||||
eventName: request.eventName,
|
||||
hookSource: getHookSource(request.input),
|
||||
trustedFolder:
|
||||
typeof request.input['trusted_folder'] === 'boolean'
|
||||
? request.input['trusted_folder']
|
||||
: undefined,
|
||||
}
|
||||
: request;
|
||||
|
||||
// In untrusted folders, deny project-level hooks
|
||||
if (context.trustedFolder === false && context.hookSource === 'project') {
|
||||
return PolicyDecision.DENY;
|
||||
}
|
||||
|
||||
// Run hook-specific safety checkers if configured
|
||||
if (this.checkerRunner && this.hookCheckers.length > 0) {
|
||||
for (const checkerRule of this.hookCheckers) {
|
||||
if (hookCheckerMatches(checkerRule, context)) {
|
||||
debugLogger.debug(
|
||||
`[PolicyEngine.checkHook] Running hook checker: ${checkerRule.checker.name} for event: ${context.eventName}`,
|
||||
);
|
||||
try {
|
||||
// Create a synthetic function call for the checker runner
|
||||
// This allows reusing the existing checker infrastructure
|
||||
const syntheticCall = {
|
||||
name: `hook:${context.eventName}`,
|
||||
args: {
|
||||
hookSource: context.hookSource,
|
||||
trustedFolder: context.trustedFolder,
|
||||
},
|
||||
};
|
||||
|
||||
const result = await this.checkerRunner.runChecker(
|
||||
syntheticCall,
|
||||
checkerRule.checker,
|
||||
);
|
||||
|
||||
if (result.decision === SafetyCheckDecision.DENY) {
|
||||
debugLogger.debug(
|
||||
`[PolicyEngine.checkHook] Hook checker denied: ${result.reason}`,
|
||||
);
|
||||
return PolicyDecision.DENY;
|
||||
} else if (result.decision === SafetyCheckDecision.ASK_USER) {
|
||||
debugLogger.debug(
|
||||
`[PolicyEngine.checkHook] Hook checker requested ASK_USER: ${result.reason}`,
|
||||
);
|
||||
// For hooks, ASK_USER is treated as DENY in non-interactive mode
|
||||
return this.applyNonInteractiveMode(PolicyDecision.ASK_USER);
|
||||
}
|
||||
} catch (error) {
|
||||
debugLogger.debug(
|
||||
`[PolicyEngine.checkHook] Hook checker failed: ${error}`,
|
||||
);
|
||||
return PolicyDecision.DENY;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Default: Allow hooks
|
||||
return PolicyDecision.ALLOW;
|
||||
}
|
||||
|
||||
private applyNonInteractiveMode(decision: PolicyDecision): PolicyDecision {
|
||||
// In non-interactive mode, ASK_USER becomes DENY
|
||||
if (this.nonInteractive && decision === PolicyDecision.ASK_USER) {
|
||||
|
||||
Reference in New Issue
Block a user