feat(policy): map --yolo to allowedTools wildcard policy

This PR maps the `--yolo` flag natively into a wildcard policy array (`allowedTools: ["*"]`) and removes the concept of `ApprovalMode.YOLO` as a distinct state in the application, fulfilling issue #11303. This removes the hardcoded `ApprovalMode.YOLO` state and its associated UI/bypasses. The `PolicyEngine` now evaluates YOLO purely via data-driven rules. - Removes `ApprovalMode.YOLO` - Removes UI toggle (`Ctrl+Y`) and indicators for YOLO - Removes `yolo.toml` - Updates A2A server and CLI config logic to translate YOLO into a wildcard tool - Rewrites policy engine tests to evaluate the wildcard - Enforces enterprise `disableYoloMode` and `secureModeEnabled` controls by actively preventing manual `--allowed-tools=*` bypasses. Fixes #11303
2026-06-20 16:26:44 -07:00 · 2026-03-19 02:43:14 +00:00
parent 08b926796c
commit 822e098d32
77 changed files with 541 additions and 746 deletions
@@ -21,7 +21,8 @@ preferred method for enforcing policy.

 **Enabled/Disabled** | Default: enabled

-If enabled, users will not be able to enter yolo mode.
+If enabled, users will not be able to use the `--yolo` flag or wildcard tool
+policies.

 ### Extensions

@@ -52,8 +52,8 @@ These commands are available within the interactive REPL.
 | `--prompt-interactive`           | `-i`  | string  | -         | Execute prompt and continue in interactive mode                                                                                                                        |
 | `--worktree`                     | `-w`  | string  | -         | Start Gemini in a new git worktree. If no name is provided, one is generated automatically. Requires `experimental.worktrees: true` in settings.                       |
 | `--sandbox`                      | `-s`  | boolean | `false`   | Run in a sandboxed environment for safer execution                                                                                                                     |
-| `--approval-mode`                | -     | string  | `default` | Approval mode for tool execution. Choices: `default`, `auto_edit`, `yolo`, `plan`                                                                                      |
-| `--yolo`                         | `-y`  | boolean | `false`   | **Deprecated.** Auto-approve all actions. Use `--approval-mode=yolo` instead.                                                                                          |
+| `--approval-mode`                | -     | string  | `default` | Approval mode for tool execution. Choices: `default`, `auto_edit`, `plan`                                                                                              |
+| `--yolo`                         | `-y`  | boolean | `false`   | Auto-approve all actions. Equivalent to `--allowed-tools=*`.                                                                                                           |
 | `--experimental-acp`             | -     | boolean | -         | Start in ACP (Agent Code Pilot) mode. **Experimental feature.**                                                                                                        |
 | `--experimental-zed-integration` | -     | boolean | -         | Run in Zed editor integration mode. **Experimental feature.**                                                                                                          |
 | `--allowed-mcp-server-names`     | -     | array   | -         | Allowed MCP server names (comma-separated or multiple flags)                                                                                                           |
@@ -46,8 +46,13 @@ To start Plan Mode while using Gemini CLI:
 - **Natural Language:** Ask Gemini CLI to "start a plan for...". Gemini CLI
  calls the
  [`enter_plan_mode`](../tools/planning.md#1-enter_plan_mode-enterplanmode) tool
-  to switch modes. This tool is not available when Gemini CLI is in
-  [YOLO mode](../reference/configuration.md#command-line-arguments).
+  to switch modes.
+
+  <!-- prettier-ignore -->
+  > [!NOTE]
+  > This tool is not available when Gemini CLI has been instructed to
+  > [auto-approve all actions](../reference/configuration.md#command-line-arguments)
+  > (e.g. via `--yolo`).

 ## How to use Plan Mode

@@ -258,8 +258,8 @@ but lower priority than user or admin policies.

 <!-- prettier-ignore -->
 > [!WARNING]
-> For security, Gemini CLI ignores any `allow` decisions or `yolo`
-> mode configurations in extension policies. This ensures that an extension
+> For security, Gemini CLI ignores any `allow` decisions or `allow-all`
+> wildcard configurations in extension policies. This ensures that an extension
 > cannot automatically approve tool calls or bypass security measures without
 > your confirmation.

@@ -117,7 +117,7 @@ their corresponding top-level category object in your `settings.json` file.
  - **Description:** The default approval mode for tool execution. 'default'
    prompts for approval, 'auto_edit' auto-approves edit tools, and 'plan' is
    read-only mode. YOLO mode (auto-approve all actions) can only be enabled via
-    command line (--yolo or --approval-mode=yolo).
+    command line (--yolo).
  - **Default:** `"default"`
  - **Values:** `"default"`, `"auto_edit"`, `"plan"`

@@ -1860,7 +1860,7 @@ their corresponding top-level category object in your `settings.json` file.
 #### `admin`

 - **`admin.secureModeEnabled`** (boolean):
-  - **Description:** If true, disallows YOLO mode and "Always allow" options
+  - **Description:** If true, disallows YOLO mode (wildcard policies) and "Always allow" options
    from being used.
  - **Default:** `false`

@@ -2262,13 +2262,10 @@ for that specific session.
    - `default`: Prompt for approval on each tool call (default behavior)
    - `auto_edit`: Automatically approve edit tools (replace, write_file) while
      prompting for others
-    - `yolo`: Automatically approve all tool calls (equivalent to `--yolo`)
    - `plan`: Read-only mode for tool calls (requires experimental planning to
      be enabled).
      > **Note:** This mode is currently under development and not yet fully
      > functional.
-  - Cannot be used together with `--yolo`. Use `--approval-mode=yolo` instead of
-    `--yolo` for the new unified approach.
  - Example: `gemini --approval-mode auto_edit`
 - **`--debug`** (**`-d`**):
  - Enables debug mode for this session, providing more verbose output. Open the
@@ -2340,7 +2337,7 @@ for that specific session.
 - **`--version`**:
  - Displays the version of the CLI.
 - **`--yolo`**:
-  - Enables YOLO mode, which automatically approves all tool calls.
+  - Automatically approves all actions. Equivalent to `--allowed-tools=*`.

 ## Context files (hierarchical instructional context)

@@ -2454,7 +2451,7 @@ Sandboxing is disabled by default, but you can enable it in a few ways:

 - Using `--sandbox` or `-s` flag.
 - Setting `GEMINI_SANDBOX` environment variable.
- Sandbox is enabled when using `--yolo` or `--approval-mode=yolo` by default.
+- Sandbox is enabled when using `--yolo` by default.

 By default, it uses a pre-built `gemini-cli-sandbox` Docker image.

@@ -103,7 +103,6 @@ available combinations.
 | `app.showIdeContextDetail`    | Show IDE context details.                                                                                                                          | `Ctrl+G`           |
 | `app.toggleMarkdown`          | Toggle Markdown rendering.                                                                                                                         | `Alt+M`            |
 | `app.toggleCopyMode`          | Toggle copy mode when in alternate buffer mode.                                                                                                    | `Ctrl+S`           |
-| `app.toggleYolo`              | Toggle YOLO (auto-approval) mode for tool calls.                                                                                                   | `Ctrl+Y`           |
 | `app.cycleApprovalMode`       | Cycle through approval modes: default (prompt), auto_edit (auto-approve edits), and plan (read-only). Plan mode is skipped when the agent is busy. | `Shift+Tab`        |
 | `app.showMoreLines`           | Expand and collapse blocks of content when not in alternate buffer mode.                                                                           | `Ctrl+O`           |
 | `app.expandPaste`             | Expand or collapse a paste placeholder when cursor is over placeholder.                                                                            | `Ctrl+O`           |
@@ -156,7 +155,6 @@ a `key` combination.
  },
  {
    // prefix "-" to unbind a key
-    "command": "-app.toggleYolo",
    "key": "ctrl+y"
  },
  {
@@ -159,7 +159,7 @@ For example:

 Approval modes allow the policy engine to apply different sets of rules based on
 the CLI's operational mode. A rule in a TOML policy file can be associated with
-one or more modes (e.g., `yolo`, `autoEdit`, `plan`). The rule will only be
+one or more modes (e.g., `autoEdit`, `plan`). The rule will only be
 active if the CLI is running in one of its specified modes. If a rule has no
 modes specified, it is always active.

@@ -169,7 +169,6 @@ modes specified, it is always active.
  auto-approved.
 - `plan`: A strict, read-only mode for research and design. See
  [Customizing Plan Mode Policies](../cli/plan-mode.md#customizing-policies).
- `yolo`: A mode where all tools are auto-approved (use with extreme caution).

 ## Rule matching

@@ -430,6 +429,5 @@ out-of-the-box experience.
  checked individually.
 - **Write tools** (like `write_file`, `run_shell_command`) default to
  **`ask_user`**.
- In **`yolo`** mode, a high-priority rule allows all tools.
 - In **`autoEdit`** mode, rules allow certain write operations to happen without
  prompting.
@@ -13,7 +13,8 @@ and planning.

 <!-- prettier-ignore -->
 > [!NOTE]
-> This tool is not available when the CLI is in YOLO mode.
+> This tool is disabled when all tools are auto-approved via `--yolo`
+> or wildcard policies.

 - **Tool name:** `enter_plan_mode`
 - **Display name:** Enter Plan Mode