mirror of
https://github.com/google-gemini/gemini-cli.git
synced 2026-04-18 17:20:38 -07:00
Check folder trust before allowing add directory (#12652)
This commit is contained in:
shrutip90
@@ -4,11 +4,69 @@
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*/
|
||||
|
||||
import {
|
||||
isFolderTrustEnabled,
|
||||
isWorkspaceTrusted,
|
||||
loadTrustedFolders,
|
||||
} from '../../config/trustedFolders.js';
|
||||
import { MultiFolderTrustDialog } from '../components/MultiFolderTrustDialog.js';
|
||||
import type { SlashCommand, CommandContext } from './types.js';
|
||||
import { CommandKind } from './types.js';
|
||||
import { MessageType } from '../types.js';
|
||||
import { MessageType, type HistoryItem } from '../types.js';
|
||||
import { refreshServerHierarchicalMemory } from '@google/gemini-cli-core';
|
||||
import { expandHomeDir } from '../utils/directoryUtils.js';
|
||||
import type { Config } from '@google/gemini-cli-core';
|
||||
|
||||
async function finishAddingDirectories(
|
||||
config: Config,
|
||||
addItem: (itemData: Omit<HistoryItem, 'id'>, baseTimestamp: number) => number,
|
||||
added: string[],
|
||||
errors: string[],
|
||||
) {
|
||||
if (!config) {
|
||||
addItem(
|
||||
{
|
||||
type: MessageType.ERROR,
|
||||
text: 'Configuration is not available.',
|
||||
},
|
||||
Date.now(),
|
||||
);
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
if (config.shouldLoadMemoryFromIncludeDirectories()) {
|
||||
await refreshServerHierarchicalMemory(config);
|
||||
}
|
||||
addItem(
|
||||
{
|
||||
type: MessageType.INFO,
|
||||
text: `Successfully added GEMINI.md files from the following directories if there are:\n- ${added.join('\n- ')}`,
|
||||
},
|
||||
Date.now(),
|
||||
);
|
||||
} catch (error) {
|
||||
errors.push(`Error refreshing memory: ${(error as Error).message}`);
|
||||
}
|
||||
|
||||
if (added.length > 0) {
|
||||
const gemini = config.getGeminiClient();
|
||||
if (gemini) {
|
||||
await gemini.addDirectoryContext();
|
||||
}
|
||||
addItem(
|
||||
{
|
||||
type: MessageType.INFO,
|
||||
text: `Successfully added directories:\n- ${added.join('\n- ')}`,
|
||||
},
|
||||
Date.now(),
|
||||
);
|
||||
}
|
||||
|
||||
if (errors.length > 0) {
|
||||
addItem({ type: MessageType.ERROR, text: errors.join('\n') }, Date.now());
|
||||
}
|
||||
}
|
||||
|
||||
export const directoryCommand: SlashCommand = {
|
||||
name: 'directory',
|
||||
@@ -24,7 +82,7 @@ export const directoryCommand: SlashCommand = {
|
||||
action: async (context: CommandContext, args: string) => {
|
||||
const {
|
||||
ui: { addItem },
|
||||
services: { config },
|
||||
services: { config, settings },
|
||||
} = context;
|
||||
const [...rest] = args.split(' ');
|
||||
|
||||
@@ -39,7 +97,14 @@ export const directoryCommand: SlashCommand = {
|
||||
return;
|
||||
}
|
||||
|
||||
const workspaceContext = config.getWorkspaceContext();
|
||||
if (config.isRestrictiveSandbox()) {
|
||||
return {
|
||||
type: 'message' as const,
|
||||
messageType: 'error' as const,
|
||||
content:
|
||||
'The /directory add command is not supported in restrictive sandbox profiles. Please use --include-directories when starting the session instead.',
|
||||
};
|
||||
}
|
||||
|
||||
const pathsToAdd = rest
|
||||
.join(' ')
|
||||
@@ -56,63 +121,109 @@ export const directoryCommand: SlashCommand = {
|
||||
return;
|
||||
}
|
||||
|
||||
if (config.isRestrictiveSandbox()) {
|
||||
return {
|
||||
type: 'message' as const,
|
||||
messageType: 'error' as const,
|
||||
content:
|
||||
'The /directory add command is not supported in restrictive sandbox profiles. Please use --include-directories when starting the session instead.',
|
||||
};
|
||||
}
|
||||
|
||||
const added: string[] = [];
|
||||
const errors: string[] = [];
|
||||
const alreadyAdded: string[] = [];
|
||||
|
||||
const workspaceContext = config.getWorkspaceContext();
|
||||
const currentWorkspaceDirs = workspaceContext.getDirectories();
|
||||
const pathsToProcess: string[] = [];
|
||||
|
||||
for (const pathToAdd of pathsToAdd) {
|
||||
try {
|
||||
workspaceContext.addDirectory(expandHomeDir(pathToAdd.trim()));
|
||||
added.push(pathToAdd.trim());
|
||||
} catch (e) {
|
||||
const error = e as Error;
|
||||
errors.push(`Error adding '${pathToAdd.trim()}': ${error.message}`);
|
||||
const expandedPath = expandHomeDir(pathToAdd.trim());
|
||||
if (currentWorkspaceDirs.includes(expandedPath)) {
|
||||
alreadyAdded.push(pathToAdd.trim());
|
||||
} else {
|
||||
pathsToProcess.push(pathToAdd.trim());
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
if (config.shouldLoadMemoryFromIncludeDirectories()) {
|
||||
await refreshServerHierarchicalMemory(config);
|
||||
}
|
||||
if (alreadyAdded.length > 0) {
|
||||
addItem(
|
||||
{
|
||||
type: MessageType.INFO,
|
||||
text: `Successfully added GEMINI.md files from the following directories if there are:\n- ${added.join('\n- ')}`,
|
||||
},
|
||||
Date.now(),
|
||||
);
|
||||
} catch (error) {
|
||||
errors.push(`Error refreshing memory: ${(error as Error).message}`);
|
||||
}
|
||||
|
||||
if (added.length > 0) {
|
||||
const gemini = config.getGeminiClient();
|
||||
if (gemini) {
|
||||
await gemini.addDirectoryContext();
|
||||
}
|
||||
addItem(
|
||||
{
|
||||
type: MessageType.INFO,
|
||||
text: `Successfully added directories:\n- ${added.join('\n- ')}`,
|
||||
text: `The following directories are already in the workspace:\n- ${alreadyAdded.join(
|
||||
'\n- ',
|
||||
)}`,
|
||||
},
|
||||
Date.now(),
|
||||
);
|
||||
}
|
||||
|
||||
if (errors.length > 0) {
|
||||
addItem(
|
||||
{ type: MessageType.ERROR, text: errors.join('\n') },
|
||||
Date.now(),
|
||||
);
|
||||
if (pathsToProcess.length === 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (
|
||||
isFolderTrustEnabled(settings.merged) &&
|
||||
isWorkspaceTrusted(settings.merged).isTrusted
|
||||
) {
|
||||
const trustedFolders = loadTrustedFolders();
|
||||
const untrustedDirs: string[] = [];
|
||||
const undefinedTrustDirs: string[] = [];
|
||||
const trustedDirs: string[] = [];
|
||||
|
||||
for (const pathToAdd of pathsToProcess) {
|
||||
const expandedPath = expandHomeDir(pathToAdd.trim());
|
||||
const isTrusted = trustedFolders.isPathTrusted(expandedPath);
|
||||
if (isTrusted === false) {
|
||||
untrustedDirs.push(pathToAdd.trim());
|
||||
} else if (isTrusted === undefined) {
|
||||
undefinedTrustDirs.push(pathToAdd.trim());
|
||||
} else {
|
||||
trustedDirs.push(pathToAdd.trim());
|
||||
}
|
||||
}
|
||||
|
||||
if (untrustedDirs.length > 0) {
|
||||
errors.push(
|
||||
`The following directories are explicitly untrusted and cannot be added to a trusted workspace:\n- ${untrustedDirs.join(
|
||||
'\n- ',
|
||||
)}\nPlease use the permissions command to modify their trust level.`,
|
||||
);
|
||||
}
|
||||
|
||||
for (const pathToAdd of trustedDirs) {
|
||||
try {
|
||||
workspaceContext.addDirectory(expandHomeDir(pathToAdd));
|
||||
added.push(pathToAdd);
|
||||
} catch (e) {
|
||||
const error = e as Error;
|
||||
errors.push(`Error adding '${pathToAdd}': ${error.message}`);
|
||||
}
|
||||
}
|
||||
|
||||
if (undefinedTrustDirs.length > 0) {
|
||||
return {
|
||||
type: 'custom_dialog',
|
||||
component: (
|
||||
<MultiFolderTrustDialog
|
||||
folders={undefinedTrustDirs}
|
||||
onComplete={context.ui.removeComponent}
|
||||
trustedDirs={added}
|
||||
errors={errors}
|
||||
finishAddingDirectories={finishAddingDirectories}
|
||||
config={config}
|
||||
addItem={addItem}
|
||||
/>
|
||||
),
|
||||
};
|
||||
}
|
||||
} else {
|
||||
for (const pathToAdd of pathsToProcess) {
|
||||
try {
|
||||
workspaceContext.addDirectory(expandHomeDir(pathToAdd.trim()));
|
||||
added.push(pathToAdd.trim());
|
||||
} catch (e) {
|
||||
const error = e as Error;
|
||||
errors.push(
|
||||
`Error adding '${pathToAdd.trim()}': ${error.message}`,
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
await finishAddingDirectories(config, addItem, added, errors);
|
||||
return;
|
||||
},
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user