Check folder trust before allowing add directory (#12652)

2026-04-22 02:54:31 -07:00 · 2025-11-14 19:06:30 -08:00
parent d03496b710
commit 9786c4dcff
18 changed files with 1206 additions and 66 deletions
@@ -0,0 +1,160 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { useEffect } from 'react';
+import type { Config } from '@google/gemini-cli-core';
+import { loadTrustedFolders } from '../../config/trustedFolders.js';
+import { expandHomeDir } from '../utils/directoryUtils.js';
+import { refreshServerHierarchicalMemory } from '@google/gemini-cli-core';
+import { MultiFolderTrustDialog } from '../components/MultiFolderTrustDialog.js';
+import type { UseHistoryManagerReturn } from './useHistoryManager.js';
+import { MessageType, type HistoryItem } from '../types.js';
+
+async function finishAddingDirectories(
+  config: Config,
+  addItem: (itemData: Omit<HistoryItem, 'id'>, baseTimestamp: number) => number,
+  added: string[],
+  errors: string[],
+) {
+  if (!config) {
+    addItem(
+      {
+        type: MessageType.ERROR,
+        text: 'Configuration is not available.',
+      },
+      Date.now(),
+    );
+    return;
+  }
+
+  try {
+    if (config.shouldLoadMemoryFromIncludeDirectories()) {
+      await refreshServerHierarchicalMemory(config);
+    }
+  } catch (error) {
+    errors.push(`Error refreshing memory: ${(error as Error).message}`);
+  }
+
+  if (added.length > 0) {
+    const gemini = config.getGeminiClient();
+    if (gemini) {
+      await gemini.addDirectoryContext();
+    }
+  }
+
+  if (errors.length > 0) {
+    addItem({ type: MessageType.ERROR, text: errors.join('\n') }, Date.now());
+  }
+}
+
+export function useIncludeDirsTrust(
+  config: Config,
+  isTrustedFolder: boolean | undefined,
+  historyManager: UseHistoryManagerReturn,
+  setCustomDialog: (dialog: React.ReactNode | null) => void,
+) {
+  const { addItem } = historyManager;
+
+  useEffect(() => {
+    // Don't run this until the initial trust is determined.
+    if (isTrustedFolder === undefined || !config) {
+      return;
+    }
+
+    const pendingDirs = config.getPendingIncludeDirectories();
+    if (pendingDirs.length === 0) {
+      return;
+    }
+
+    console.log('Inside useIncludeDirsTrust');
+
+    // If folder trust is disabled, isTrustedFolder will be undefined.
+    // In that case, or if the user decided not to trust the main folder,
+    // we can just add the directories without checking them.
+    if (config.getFolderTrust() === false || isTrustedFolder === false) {
+      const added: string[] = [];
+      const errors: string[] = [];
+      const workspaceContext = config.getWorkspaceContext();
+      for (const pathToAdd of pendingDirs) {
+        try {
+          workspaceContext.addDirectory(expandHomeDir(pathToAdd.trim()));
+          added.push(pathToAdd.trim());
+        } catch (e) {
+          const error = e as Error;
+          errors.push(`Error adding '${pathToAdd.trim()}': ${error.message}`);
+        }
+      }
+
+      if (added.length > 0 || errors.length > 0) {
+        finishAddingDirectories(config, addItem, added, errors);
+      }
+      config.clearPendingIncludeDirectories();
+      return;
+    }
+
+    const trustedFolders = loadTrustedFolders();
+    const untrustedDirs: string[] = [];
+    const undefinedTrustDirs: string[] = [];
+    const trustedDirs: string[] = [];
+    const added: string[] = [];
+    const errors: string[] = [];
+
+    for (const pathToAdd of pendingDirs) {
+      const expandedPath = expandHomeDir(pathToAdd.trim());
+      const isTrusted = trustedFolders.isPathTrusted(expandedPath);
+      if (isTrusted === false) {
+        untrustedDirs.push(pathToAdd.trim());
+      } else if (isTrusted === undefined) {
+        undefinedTrustDirs.push(pathToAdd.trim());
+      } else {
+        trustedDirs.push(pathToAdd.trim());
+      }
+    }
+
+    if (untrustedDirs.length > 0) {
+      errors.push(
+        `The following directories are explicitly untrusted and cannot be added to a trusted workspace:\n- ${untrustedDirs.join(
+          '\n- ',
+        )}\nPlease use the permissions command to modify their trust level.`,
+      );
+    }
+
+    const workspaceContext = config.getWorkspaceContext();
+    for (const pathToAdd of trustedDirs) {
+      try {
+        workspaceContext.addDirectory(expandHomeDir(pathToAdd));
+        added.push(pathToAdd);
+      } catch (e) {
+        const error = e as Error;
+        errors.push(`Error adding '${pathToAdd}': ${error.message}`);
+      }
+    }
+
+    if (undefinedTrustDirs.length > 0) {
+      console.log(
+        'Creating custom dialog with undecidedDirs:',
+        undefinedTrustDirs,
+      );
+      setCustomDialog(
+        <MultiFolderTrustDialog
+          folders={undefinedTrustDirs}
+          onComplete={() => {
+            setCustomDialog(null);
+            config.clearPendingIncludeDirectories();
+          }}
+          trustedDirs={added}
+          errors={errors}
+          finishAddingDirectories={finishAddingDirectories}
+          config={config}
+          addItem={addItem}
+        />,
+      );
+    } else if (added.length > 0 || errors.length > 0) {
+      finishAddingDirectories(config, addItem, added, errors);
+      config.clearPendingIncludeDirectories();
+    }
+  }, [isTrustedFolder, config, addItem, setCustomDialog]);
+}