MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-03-17 01:21:10 -07:00
Code Issues Packages Projects Releases Wiki Activity

Fix(cli) - Remove Foldertrust Feature Flag (#7420)

Browse Source 
Co-authored-by: Shi Shu <shii@google.com>
This commit is contained in:
shishu314
2025-09-02 12:01:22 -04:00
committed by GitHub
parent 70938eda17
commit 93820f833f
8 changed files with 14 additions and 244 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/cli/configuration.md
View File

@@ -228,10 +228,6 @@ Settings are organized into categories. All settings should be placed within the
#### `security`
- **`security.folderTrust.featureEnabled`** (boolean):
- **Description:** Enable folder trust feature for enhanced security.
- **Default:** `false`
- **`security.folderTrust.enabled`** (boolean):
- **Description:** Setting to track whether Folder trust is enabled.
- **Default:** `false`

228
packages/cli/src/config/config.test.ts
View File

@@ -4,15 +4,7 @@
* SPDX-License-Identifier: Apache-2.0
*/
import {
describe,
it,
expect,
vi,
beforeEach,
afterEach,
type Mock,
} from 'vitest';
import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
import * as os from 'node:os';
import * as path from 'node:path';
import { ShellTool, EditTool, WriteFileTool } from '@google/gemini-cli-core';
@@ -1492,40 +1484,6 @@ describe('loadCliConfig model selection', () => {
});
});
describe('loadCliConfig folderTrustFeature', () => {
const originalArgv = process.argv;
beforeEach(() => {
vi.resetAllMocks();
vi.mocked(os.homedir).mockReturnValue('/mock/home/user');
vi.stubEnv('GEMINI_API_KEY', 'test-api-key');
});
afterEach(() => {
process.argv = originalArgv;
vi.unstubAllEnvs();
vi.restoreAllMocks();
});
it('should be false by default', async () => {
process.argv = ['node', 'script.js'];
const settings: Settings = {};
const argv = await parseArguments({} as Settings);
const config = await loadCliConfig(settings, [], 'test-session', argv);
expect(config.getFolderTrustFeature()).toBe(false);
});
it('should be true when settings.folderTrustFeature is true', async () => {
process.argv = ['node', 'script.js'];
const argv = await parseArguments({} as Settings);
const settings: Settings = {
security: { folderTrust: { featureEnabled: true } },
};
const config = await loadCliConfig(settings, [], 'test-session', argv);
expect(config.getFolderTrustFeature()).toBe(true);
});
});
describe('loadCliConfig folderTrust', () => {
const originalArgv = process.argv;
@@ -1541,12 +1499,11 @@ describe('loadCliConfig folderTrust', () => {
vi.restoreAllMocks();
});
it('should be false if folderTrustFeature is false and folderTrust is false', async () => {
it('should be false when folderTrust is false', async () => {
process.argv = ['node', 'script.js'];
const settings: Settings = {
security: {
folderTrust: {
featureEnabled: false,
enabled: false,
},
},
@@ -1556,43 +1513,12 @@ describe('loadCliConfig folderTrust', () => {
expect(config.getFolderTrust()).toBe(false);
});
it('should be false if folderTrustFeature is true and folderTrust is false', async () => {
it('should be true when folderTrust is true', async () => {
process.argv = ['node', 'script.js'];
const argv = await parseArguments({} as Settings);
const settings: Settings = {
security: {
folderTrust: {
featureEnabled: true,
enabled: false,
},
},
};
const config = await loadCliConfig(settings, [], 'test-session', argv);
expect(config.getFolderTrust()).toBe(false);
});
it('should be false if folderTrustFeature is false and folderTrust is true', async () => {
process.argv = ['node', 'script.js'];
const argv = await parseArguments({} as Settings);
const settings: Settings = {
security: {
folderTrust: {
featureEnabled: false,
enabled: true,
},
},
};
const config = await loadCliConfig(settings, [], 'test-session', argv);
expect(config.getFolderTrust()).toBe(false);
});
it('should be true when folderTrustFeature is true and folderTrust is true', async () => {
process.argv = ['node', 'script.js'];
const argv = await parseArguments({} as Settings);
const settings: Settings = {
security: {
folderTrust: {
featureEnabled: true,
enabled: true,
},
},
@@ -1600,6 +1526,14 @@ describe('loadCliConfig folderTrust', () => {
const config = await loadCliConfig(settings, [], 'test-session', argv);
expect(config.getFolderTrust()).toBe(true);
});
it('should be false by default', async () => {
process.argv = ['node', 'script.js'];
const argv = await parseArguments({} as Settings);
const settings: Settings = {};
const config = await loadCliConfig(settings, [], 'test-session', argv);
expect(config.getFolderTrust()).toBe(false);
});
});
describe('loadCliConfig with includeDirectories', () => {
@@ -1959,143 +1893,3 @@ describe('loadCliConfig approval mode', () => {
});
});
});
describe('loadCliConfig trustedFolder', () => {
const originalArgv = process.argv;
beforeEach(() => {
vi.resetAllMocks();
vi.mocked(os.homedir).mockReturnValue('/mock/home/user');
vi.stubEnv('GEMINI_API_KEY', 'test-api-key');
process.argv = ['node', 'script.js']; // Reset argv for each test
});
afterEach(() => {
process.argv = originalArgv;
vi.unstubAllEnvs();
vi.restoreAllMocks();
});
const testCases = [
// Cases where folderTrustFeature is false (feature disabled)
{
folderTrustFeature: false,
folderTrust: true,
isWorkspaceTrusted: true,
expectedFolderTrust: false,
expectedIsTrustedFolder: true,
description:
'feature disabled, folderTrust true, workspace trusted -> behave as trusted',
},
{
folderTrustFeature: false,
folderTrust: true,
isWorkspaceTrusted: false,
expectedFolderTrust: false,
expectedIsTrustedFolder: true,
description:
'feature disabled, folderTrust true, workspace not trusted -> behave as trusted',
},
{
folderTrustFeature: false,
folderTrust: false,
isWorkspaceTrusted: true,
expectedFolderTrust: false,
expectedIsTrustedFolder: true,
description:
'feature disabled, folderTrust false, workspace trusted -> behave as trusted',
},
{
folderTrustFeature: false,
folderTrust: false,
isWorkspaceTrusted: false,
expectedFolderTrust: false,
expectedIsTrustedFolder: true,
description:
'feature disabled, folderTrust false, workspace not trusted -> behave as trusted',
},
// Cases where folderTrustFeature is true (feature enabled)
{
folderTrustFeature: true,
folderTrust: true,
isWorkspaceTrusted: true,
expectedFolderTrust: true,
expectedIsTrustedFolder: true,
description:
'feature enabled, folderTrust true, workspace trusted -> behave as trusted',
},
{
folderTrustFeature: true,
folderTrust: true,
isWorkspaceTrusted: false,
expectedFolderTrust: true,
expectedIsTrustedFolder: false,
description:
'feature enabled, folderTrust true, workspace not trusted -> behave as not trusted',
},
{
folderTrustFeature: true,
folderTrust: true,
isWorkspaceTrusted: undefined,
expectedFolderTrust: true,
expectedIsTrustedFolder: true,
description:
'feature enabled, folderTrust false, workspace trust unknown -> behave as trusted',
},
{
folderTrustFeature: true,
folderTrust: false,
isWorkspaceTrusted: true,
expectedFolderTrust: false,
expectedIsTrustedFolder: true,
description:
'feature enabled, folderTrust false, workspace trusted -> behave as trusted',
},
{
folderTrustFeature: true,
folderTrust: false,
isWorkspaceTrusted: false,
expectedFolderTrust: false,
expectedIsTrustedFolder: true,
description:
'feature enabled, folderTrust false, workspace not trusted -> behave as trusted',
},
];
for (const {
folderTrustFeature,
folderTrust,
isWorkspaceTrusted: isWorkspaceTrustedValue,
expectedFolderTrust,
expectedIsTrustedFolder,
description,
} of testCases) {
it(`should correctly set folderTrust and isTrustedFolder when ${description}`, async () => {
(isWorkspaceTrusted as Mock).mockImplementation((settings: Settings) => {
const folderTrustFeature =
settings.security?.folderTrust?.featureEnabled ?? false;
const folderTrustSetting =
settings.security?.folderTrust?.enabled ?? true;
const folderTrustEnabled = folderTrustFeature && folderTrustSetting;
if (!folderTrustEnabled) {
return true;
}
return isWorkspaceTrustedValue; // This is the part that comes from the test case
});
const argv = await parseArguments({} as Settings);
const settings: Settings = {
security: {
folderTrust: {
featureEnabled: folderTrustFeature,
enabled: folderTrust,
},
},
};
const config = await loadCliConfig(settings, [], 'test-session', argv);
expect(config.getFolderTrust()).toBe(expectedFolderTrust);
expect(config.isTrustedFolder()).toBe(expectedIsTrustedFolder);
});
}
});

6
packages/cli/src/config/config.ts
View File

@@ -384,10 +384,7 @@ export async function loadCliConfig(
const ideMode = settings.ide?.enabled ?? false;
const folderTrustFeature =
settings.security?.folderTrust?.featureEnabled ?? false;
const folderTrustSetting = settings.security?.folderTrust?.enabled ?? true;
const folderTrust = folderTrustFeature && folderTrustSetting;
const folderTrust = settings.security?.folderTrust?.enabled ?? false;
const trustedFolder = isWorkspaceTrusted(settings) ?? true;
const allExtensions = annotateActiveExtensions(
@@ -613,7 +610,6 @@ export async function loadCliConfig(
summarizeToolOutput: settings.model?.summarizeToolOutput,
ideMode,
chatCompression: settings.model?.chatCompression,
folderTrustFeature,
folderTrust,
interactive,
trustedFolder,

1
packages/cli/src/config/settings.ts
View File

@@ -74,7 +74,6 @@ const MIGRATION_MAP: Record<string, string> = {
mcpServerCommand: 'mcp.serverCommand',
allowMCPServers: 'mcp.allowed',
excludeMCPServers: 'mcp.excluded',
folderTrustFeature: 'security.folderTrust.featureEnabled',
folderTrust: 'security.folderTrust.enabled',
selectedAuthType: 'security.auth.selectedType',
useExternalAuth: 'security.auth.useExternal',

9
packages/cli/src/config/settingsSchema.ts
View File

@@ -640,15 +640,6 @@ export const SETTINGS_SCHEMA = {
description: 'Settings for folder trust.',
showInDialog: false,
properties: {
featureEnabled: {
type: 'boolean',
label: 'Folder Trust Feature',
category: 'Security',
requiresRestart: true,
default: false,
description: 'Enable folder trust feature for enhanced security.',
showInDialog: true,
},
enabled: {
type: 'boolean',
label: 'Folder Trust',

1
packages/cli/src/config/trustedFolders.test.ts
View File

@@ -180,7 +180,6 @@ describe('isWorkspaceTrusted', () => {
const mockSettings: Settings = {
security: {
folderTrust: {
featureEnabled: true,
enabled: true,
},
},

4
packages/cli/src/config/trustedFolders.ts
View File

@@ -155,10 +155,8 @@ export function saveTrustedFolders(
/** Is folder trust feature enabled per the current applied settings */
export function isFolderTrustEnabled(settings: Settings): boolean {
const folderTrustFeature =
settings.security?.folderTrust?.featureEnabled ?? false;
const folderTrustSetting = settings.security?.folderTrust?.enabled ?? false;
return folderTrustFeature && folderTrustSetting;
return folderTrustSetting;
}
export function isWorkspaceTrusted(settings: Settings): boolean | undefined {

5
packages/cli/src/ui/hooks/useFolderTrust.ts
View File

@@ -23,14 +23,11 @@ export const useFolderTrust = (
const [isRestarting, setIsRestarting] = useState(false);
const folderTrust = settings.merged.security?.folderTrust?.enabled;
const folderTrustFeature =
settings.merged.security?.folderTrust?.featureEnabled;
useEffect(() => {
const trusted = isWorkspaceTrusted({
security: {
folderTrust: {
featureEnabled: folderTrustFeature,
enabled: folderTrust,
},
},
@@ -38,7 +35,7 @@ export const useFolderTrust = (
setIsTrusted(trusted);
setIsFolderTrustDialogOpen(trusted === undefined);
onTrustChange(trusted);
}, [onTrustChange, folderTrust, folderTrustFeature]);
}, [onTrustChange, folderTrust]);
const handleFolderTrustSelect = useCallback(
(choice: FolderTrustChoice) => {