feat(policy): map --yolo to allowedTools wildcard policy

This PR maps the `--yolo` flag natively into a wildcard policy array (`allowedTools: ["*"]`) and removes the concept of `ApprovalMode.YOLO` as a distinct state in the application, fulfilling issue #11303. This removes the hardcoded `ApprovalMode.YOLO` state and its associated UI/bypasses. The `PolicyEngine` now evaluates YOLO purely via data-driven rules. - Removes `ApprovalMode.YOLO` - Removes UI toggle (`Ctrl+Y`) and indicators for YOLO - Removes `yolo.toml` - Updates A2A server and CLI config logic to translate YOLO into a wildcard tool - Rewrites policy engine tests to evaluate the wildcard - Enforces enterprise `disableYoloMode` and `secureModeEnabled` controls by actively preventing manual `--allowed-tools=*` bypasses. Fixes #11303
2026-03-25 13:30:45 -07:00 · 2026-03-19 02:43:14 +00:00
parent 8db2948361
commit 9556a1d620
84 changed files with 521 additions and 1057 deletions
--- a/docs/reference/configuration.md
+++ b/docs/reference/configuration.md
@@ -1938,19 +1938,14 @@ for that specific session.
 - **`--help`** (or **`-h`**):
  - Displays help information about command-line arguments.
 - **`--yolo`**:
-  - Enables YOLO mode, which automatically approves all tool calls.
+  - Automatically approves all actions. Equivalent to `--allowed-tools=*`.
 - **`--approval-mode <mode>`**:
  - Sets the approval mode for tool calls. Available modes:
    - `default`: Prompt for approval on each tool call (default behavior)
    - `auto_edit`: Automatically approve edit tools (replace, write_file) while
      prompting for others
-    - `yolo`: Automatically approve all tool calls (equivalent to `--yolo`)
    - `plan`: Read-only mode for tool calls (requires experimental planning to
      be enabled).
-      > **Note:** This mode is currently under development and not yet fully
-      > functional.
-  - Cannot be used together with `--yolo`. Use `--approval-mode=yolo` instead of
-    `--yolo` for the new unified approach.
  - Example: `gemini --approval-mode auto_edit`
 - **`--allowed-tools <tool1,tool2,...>`**:
  - A comma-separated list of tool names that will bypass the confirmation
@@ -2114,7 +2109,7 @@ Sandboxing is disabled by default, but you can enable it in a few ways:

 - Using `--sandbox` or `-s` flag.
 - Setting `GEMINI_SANDBOX` environment variable.
- Sandbox is enabled when using `--yolo` or `--approval-mode=yolo` by default.
+- Sandbox is enabled when using `--yolo` by default.

 By default, it uses a pre-built `gemini-cli-sandbox` Docker image.

--- a/docs/reference/keyboard-shortcuts.md
+++ b/docs/reference/keyboard-shortcuts.md
@@ -102,7 +102,6 @@ available combinations.
 | `app.showIdeContextDetail`    | Show IDE context details.                                                                                                                          | `Ctrl+G`           |
 | `app.toggleMarkdown`          | Toggle Markdown rendering.                                                                                                                         | `Alt+M`            |
 | `app.toggleCopyMode`          | Toggle copy mode when in alternate buffer mode.                                                                                                    | `Ctrl+S`           |
-| `app.toggleYolo`              | Toggle YOLO (auto-approval) mode for tool calls.                                                                                                   | `Ctrl+Y`           |
 | `app.cycleApprovalMode`       | Cycle through approval modes: default (prompt), auto_edit (auto-approve edits), and plan (read-only). Plan mode is skipped when the agent is busy. | `Shift+Tab`        |
 | `app.showMoreLines`           | Expand and collapse blocks of content when not in alternate buffer mode.                                                                           | `Ctrl+O`           |
 | `app.expandPaste`             | Expand or collapse a paste placeholder when cursor is over placeholder.                                                                            | `Ctrl+O`           |
@@ -148,7 +147,6 @@ a `key` combination.
  },
  {
    // prefix "-" to unbind a key
-    "command": "-app.toggleYolo",
    "key": "ctrl+y"
  },
  {
--- a/docs/reference/policy-engine.md
+++ b/docs/reference/policy-engine.md
@@ -157,9 +157,9 @@ For example:

 Approval modes allow the policy engine to apply different sets of rules based on
 the CLI's operational mode. A rule can be associated with one or more modes
-(e.g., `yolo`, `autoEdit`, `plan`). The rule will only be active if the CLI is
-running in one of its specified modes. If a rule has no modes specified, it is
-always active.
+(e.g., `autoEdit`, `plan`). The rule will only be active if the CLI is running
+in one of its specified modes. If a rule has no modes specified, it is always
+active.

 - `default`: The standard interactive mode where most write tools require
  confirmation.
@@ -167,7 +167,6 @@ always active.
  auto-approved.
 - `plan`: A strict, read-only mode for research and design. See
  [Customizing Plan Mode Policies](../cli/plan-mode.md#customizing-policies).
- `yolo`: A mode where all tools are auto-approved (use with extreme caution).

 ## Rule matching

@@ -424,6 +423,5 @@ out-of-the-box experience.
  checked individually.
 - **Write tools** (like `write_file`, `run_shell_command`) default to
  **`ask_user`**.
- In **`yolo`** mode, a high-priority rule allows all tools.
 - In **`autoEdit`** mode, rules allow certain write operations to happen without
  prompting.