From 9a73aa40724577e49e4391406bcb53810a4ed7c3 Mon Sep 17 00:00:00 2001
From: Qiaochu Hu <110hqc@gmail.com>
Date: Fri, 13 Mar 2026 06:40:05 +0800
Subject: [PATCH] docs: clarify that tools.core is an allowlist for ALL
 built-in tools (#18813)

Co-authored-by: Sam Roberts <158088236+g-samroberts@users.noreply.github.com>
Co-authored-by: hobostay <hobostay@users.noreply.github.com>
---
 docs/tools/shell.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/tools/shell.md b/docs/tools/shell.md
index 34fd7c8490..f31f571eca 100644
--- a/docs/tools/shell.md
+++ b/docs/tools/shell.md
@@ -120,6 +120,14 @@ tools to detect if they are being run from within the Gemini CLI.
 
 ## Command restrictions
 
+<!-- prettier-ignore -->
+> [!WARNING]
+> The `tools.core` setting is an **allowlist for _all_ built-in
+> tools**, not just shell commands. When you set `tools.core` to any value,
+> _only_ the tools explicitly listed will be enabled. This includes all built-in
+> tools like `read_file`, `write_file`, `glob`, `grep_search`, `list_directory`,
+> `replace`, etc.
+
 You can restrict the commands that can be executed by the `run_shell_command`
 tool by using the `tools.core` and `tools.exclude` settings in your
 configuration file.