docs: clarify that tools.core is an allowlist for ALL built-in tools (#18813)

Co-authored-by: Sam Roberts <158088236+g-samroberts@users.noreply.github.com> Co-authored-by: hobostay <hobostay@users.noreply.github.com>
2026-03-14 16:10:59 -07:00 · 2026-03-13 06:40:05 +08:00
parent d7d53981f3
commit 9a73aa4072
1 changed files with 8 additions and 0 deletions
--- a/docs/tools/shell.md
+++ b/docs/tools/shell.md
@@ -120,6 +120,14 @@ tools to detect if they are being run from within the Gemini CLI.

 ## Command restrictions

+<!-- prettier-ignore -->
+> [!WARNING]
+> The `tools.core` setting is an **allowlist for _all_ built-in
+> tools**, not just shell commands. When you set `tools.core` to any value,
+> _only_ the tools explicitly listed will be enabled. This includes all built-in
+> tools like `read_file`, `write_file`, `glob`, `grep_search`, `list_directory`,
+> `replace`, etc.
+
 You can restrict the commands that can be executed by the `run_shell_command`
 tool by using the `tools.core` and `tools.exclude` settings in your
 configuration file.