MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-03-22 03:51:22 -07:00
Code Issues Packages Projects Releases Wiki Activity

feat(security): add disableAlwaysAllow setting to disable auto-approvals (#21941)

Browse Source
This commit is contained in:
Gal Zahavi
2026-03-13 16:02:09 -07:00
committed by GitHub
parent b0d151bd65
commit b49fc8122d
20 changed files with 352 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
packages/core/src/config/config.ts
View File

@@ -606,6 +606,7 @@ export interface ConfigParameters {
recordResponses?: string;
ptyInfo?: string;
disableYoloMode?: boolean;
disableAlwaysAllow?: boolean;
rawOutput?: boolean;
acceptRawOutputRisk?: boolean;
modelConfigServiceConfig?: ModelConfigServiceConfig;
@@ -805,6 +806,7 @@ export class Config implements McpContext, AgentLoopContext {
readonly fakeResponses?: string;
readonly recordResponses?: string;
private readonly disableYoloMode: boolean;
private readonly disableAlwaysAllow: boolean;
private readonly rawOutput: boolean;
private readonly acceptRawOutputRisk: boolean;
private pendingIncludeDirectories: string[];
@@ -1045,11 +1047,13 @@ export class Config implements McpContext, AgentLoopContext {
this.policyUpdateConfirmationRequest =
params.policyUpdateConfirmationRequest;
this.disableAlwaysAllow = params.disableAlwaysAllow ?? false;
this.policyEngine = new PolicyEngine(
{
...params.policyEngineConfig,
approvalMode:
params.approvalMode ?? params.policyEngineConfig?.approvalMode,
disableAlwaysAllow: this.disableAlwaysAllow,
},
checkerRunner,
);
@@ -2203,6 +2207,10 @@ export class Config implements McpContext, AgentLoopContext {
return this.disableYoloMode || !this.isTrustedFolder();
}
getDisableAlwaysAllow(): boolean {
return this.disableAlwaysAllow;
}
getRawOutput(): boolean {
return this.rawOutput;
}