MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-05-13 05:12:55 -07:00
Code Issues Packages Projects Releases Wiki Activity

feat(admin): support admin-enforced settings for Agent Skills (#16406)

Browse Source
This commit is contained in:
N. Taylor Mullen
2026-01-13 23:40:23 -08:00
committed by GitHub
parent 66e7b479ae
commit bb6c574144
20 changed files with 350 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/cli/src/config/config.ts
+5
View File
@@ -637,6 +637,7 @@ export async function loadCliConfig(
const mcpEnabled = settings.admin?.mcp?.enabled ?? true;
const extensionsEnabled = settings.admin?.extensions?.enabled ?? true;
const adminSkillsEnabled = settings.admin?.skills?.enabled ?? true;
return new Config({
sessionId,
@@ -661,6 +662,7 @@ export async function loadCliConfig(
mcpEnabled,
extensionsEnabled,
agents: settings.agents,
adminSkillsEnabled,
allowedMcpServers: mcpEnabled
? (argv.allowedMcpServerNames ?? settings.mcp?.allowed)
: undefined,
@@ -708,6 +710,7 @@ export async function loadCliConfig(
enableAgents: settings.experimental?.enableAgents,
skillsSupport: settings.experimental?.skills,
disabledSkills: settings.skills?.disabled,
experimentalJitContext: settings.experimental?.jitContext,
noBrowser: !!process.env['NO_BROWSER'],
summarizeToolOutput: settings.model?.summarizeToolOutput,
@@ -750,6 +753,8 @@ export async function loadCliConfig(
const refreshedSettings = loadSettings(cwd);
return {
disabledSkills: refreshedSettings.merged.skills?.disabled,
adminSkillsEnabled:
refreshedSettings.merged.admin?.skills?.enabled ?? adminSkillsEnabled,
};
},
});
packages/cli/src/config/extension-manager-agents.test.ts
+4 -3
View File
@@ -26,11 +26,12 @@ vi.mock('node:os', async (importOriginal) => {
// Mock @google/gemini-cli-core
vi.mock('@google/gemini-cli-core', async (importOriginal) => {
const actual =
await importOriginal<typeof import('@google/gemini-cli-core')>();
const core = await importOriginal<typeof import('@google/gemini-cli-core')>();
return {
...actual,
...core,
homedir: mockHomedir,
loadAgentsFromDirectory: core.loadAgentsFromDirectory,
loadSkillsFromDir: core.loadSkillsFromDir,
};
});
packages/cli/src/config/extension-manager-scope.test.ts
+14
View File
@@ -10,6 +10,10 @@ import * as path from 'node:path';
import * as os from 'node:os';
import { ExtensionManager } from './extension-manager.js';
import type { Settings } from './settings.js';
import {
loadAgentsFromDirectory,
loadSkillsFromDir,
} from '@google/gemini-cli-core';
let currentTempHome = '';
@@ -24,6 +28,11 @@ vi.mock('@google/gemini-cli-core', async (importOriginal) => {
error: vi.fn(),
warn: vi.fn(),
},
loadAgentsFromDirectory: vi.fn().mockImplementation(async () => ({
agents: [],
errors: [],
})),
loadSkillsFromDir: vi.fn().mockImplementation(async () => []),
};
});
@@ -34,6 +43,11 @@ describe('ExtensionManager Settings Scope', () => {
let extensionDir: string;
beforeEach(async () => {
vi.mocked(loadAgentsFromDirectory).mockResolvedValue({
agents: [],
errors: [],
});
vi.mocked(loadSkillsFromDir).mockResolvedValue([]);
currentTempHome = fs.mkdtempSync(
path.join(os.tmpdir(), 'gemini-cli-test-home-'),
);
packages/cli/src/config/extension-manager-skills.test.ts
+6
View File
@@ -31,6 +31,12 @@ vi.mock('@google/gemini-cli-core', async (importOriginal) => {
return {
...actual,
homedir: mockHomedir,
loadAgentsFromDirectory: vi
.fn()
.mockImplementation(async () => ({ agents: [], errors: [] })),
loadSkillsFromDir: (
await importOriginal<typeof import('@google/gemini-cli-core')>()
).loadSkillsFromDir,
};
});
packages/cli/src/config/extension.test.ts
+11
View File
@@ -23,6 +23,8 @@ import {
ExtensionDisableEvent,
ExtensionEnableEvent,
KeychainTokenStorage,
loadAgentsFromDirectory,
loadSkillsFromDir,
} from '@google/gemini-cli-core';
import { loadSettings, SettingScope } from './settings.js';
import {
@@ -117,6 +119,10 @@ vi.mock('@google/gemini-cli-core', async (importOriginal) => {
listSecrets: vi.fn(),
isAvailable: vi.fn().mockResolvedValue(true),
})),
loadAgentsFromDirectory: vi
.fn()
.mockImplementation(async () => ({ agents: [], errors: [] })),
loadSkillsFromDir: vi.fn().mockImplementation(async () => []),
};
});
@@ -171,6 +177,11 @@ describe('extension tests', () => {
(
KeychainTokenStorage as unknown as ReturnType<typeof vi.fn>
).mockImplementation(() => mockKeychainStorage);
vi.mocked(loadAgentsFromDirectory).mockResolvedValue({
agents: [],
errors: [],
});
vi.mocked(loadSkillsFromDir).mockResolvedValue([]);
tempHomeDir = fs.mkdtempSync(
path.join(os.tmpdir(), 'gemini-cli-test-home-'),
);
packages/cli/src/config/settings.ts
+8 -12
View File
@@ -324,23 +324,19 @@ export class LoadedSettings {
setRemoteAdminSettings(remoteSettings: GeminiCodeAssistSetting): void {
const admin: Settings['admin'] = {};
const { secureModeEnabled, mcpSetting, cliFeatureSetting } = remoteSettings;
if (remoteSettings.secureModeEnabled !== undefined) {
admin.secureModeEnabled = remoteSettings.secureModeEnabled;
if (secureModeEnabled !== undefined) {
admin.secureModeEnabled = secureModeEnabled;
}
if (remoteSettings.mcpSetting?.mcpEnabled !== undefined) {
admin.mcp = { enabled: remoteSettings.mcpSetting.mcpEnabled };
if (mcpSetting?.mcpEnabled !== undefined) {
admin.mcp = { enabled: mcpSetting.mcpEnabled };
}
if (
remoteSettings.cliFeatureSetting?.extensionsSetting?.extensionsEnabled !==
undefined
) {
admin.extensions = {
enabled:
remoteSettings.cliFeatureSetting.extensionsSetting.extensionsEnabled,
};
const extensionsSetting = cliFeatureSetting?.extensionsSetting;
if (extensionsSetting?.extensionsEnabled !== undefined) {
admin.extensions = { enabled: extensionsSetting.extensionsEnabled };
}
this._remoteAdminSettings = { admin };
packages/cli/src/config/settingsSchema.ts
+22
View File
@@ -1842,6 +1842,28 @@ const SETTINGS_SCHEMA = {
},
},
},
skills: {
type: 'object',
label: 'Skills Settings',
category: 'Admin',
requiresRestart: false,
default: {},
description: 'Agent Skills-specific admin settings.',
showInDialog: false,
mergeStrategy: MergeStrategy.REPLACE,
properties: {
enabled: {
type: 'boolean',
label: 'Skills Enabled',
category: 'Admin',
requiresRestart: false,
default: true,
description: 'If false, disallows agent skills from being used.',
showInDialog: false,
mergeStrategy: MergeStrategy.REPLACE,
},
},
},
},
},
} as const satisfies SettingsSchema;
packages/cli/src/services/BuiltinCommandLoader.ts
+20 -1
View File
@@ -139,7 +139,26 @@ export class BuiltinCommandLoader implements ICommandLoader {
statsCommand,
themeCommand,
toolsCommand,
...(this.config?.isSkillsSupportEnabled() ? [skillsCommand] : []),
...(this.config?.isSkillsSupportEnabled()
? this.config?.getSkillManager()?.isAdminEnabled() === false
? [
{
name: 'skills',
description: 'Manage agent skills',
kind: CommandKind.BUILT_IN,
autoExecute: false,
subCommands: [],
action: async (
_context: CommandContext,
): Promise<MessageActionReturn> => ({
type: 'message',
messageType: 'error',
content: 'Agent skills are disabled by your admin.',
}),
},
]
: [skillsCommand]
: []),
settingsCommand,
vimCommand,
setupGithubCommand,
packages/cli/src/ui/commands/memoryCommand.test.ts
+51
View File
@@ -16,6 +16,9 @@ import {
refreshServerHierarchicalMemory,
SimpleExtensionLoader,
type FileDiscoveryService,
showMemory,
addMemory,
listMemoryFiles,
} from '@google/gemini-cli-core';
vi.mock('@google/gemini-cli-core', async (importOriginal) => {
@@ -44,6 +47,9 @@ vi.mock('@google/gemini-cli-core', async (importOriginal) => {
content: 'Memory refreshed successfully.',
};
}),
showMemory: vi.fn(),
addMemory: vi.fn(),
listMemoryFiles: vi.fn(),
refreshServerHierarchicalMemory: vi.fn(),
};
});
@@ -78,6 +84,22 @@ describe('memoryCommand', () => {
mockGetUserMemory = vi.fn();
mockGetGeminiMdFileCount = vi.fn();
vi.mocked(showMemory).mockImplementation((config) => {
const memoryContent = config.getUserMemory() || '';
const fileCount = config.getGeminiMdFileCount() || 0;
let content;
if (memoryContent.length > 0) {
content = `Current memory content from ${fileCount} file(s):\n\n---\n${memoryContent}\n---`;
} else {
content = 'Memory is currently empty.';
}
return {
type: 'message',
messageType: 'info',
content,
};
});
mockContext = createMockCommandContext({
services: {
config: {
@@ -131,6 +153,20 @@ describe('memoryCommand', () => {
beforeEach(() => {
addCommand = getSubCommand('add');
vi.mocked(addMemory).mockImplementation((args) => {
if (!args || args.trim() === '') {
return {
type: 'message',
messageType: 'error',
content: 'Usage: /memory add <text to remember>',
};
}
return {
type: 'tool',
toolName: 'save_memory',
toolArgs: { fact: args.trim() },
};
});
mockContext = createMockCommandContext();
});
@@ -360,6 +396,21 @@ describe('memoryCommand', () => {
beforeEach(() => {
listCommand = getSubCommand('list');
mockGetGeminiMdfilePaths = vi.fn();
vi.mocked(listMemoryFiles).mockImplementation((config) => {
const filePaths = config.getGeminiMdFilePaths() || [];
const fileCount = filePaths.length;
let content;
if (fileCount > 0) {
content = `There are ${fileCount} GEMINI.md file(s) in use:\n\n${filePaths.join('\n')}`;
} else {
content = 'No GEMINI.md files in use.';
}
return {
type: 'message',
messageType: 'info',
content,
};
});
mockContext = createMockCommandContext({
services: {
config: {
packages/cli/src/ui/commands/skillsCommand.test.ts
+38
View File
@@ -46,6 +46,7 @@ describe('skillsCommand', () => {
getSkillManager: vi.fn().mockReturnValue({
getAllSkills: vi.fn().mockReturnValue(skills),
getSkills: vi.fn().mockReturnValue(skills),
isAdminEnabled: vi.fn().mockReturnValue(true),
getSkill: vi
.fn()
.mockImplementation(
@@ -307,6 +308,43 @@ describe('skillsCommand', () => {
type: MessageType.ERROR,
text: 'Skill "non-existent" not found.',
}),
expect.any(Number),
);
});
it('should show error if skills are disabled by admin during disable', async () => {
const skillManager = context.services.config!.getSkillManager();
vi.mocked(skillManager.isAdminEnabled).mockReturnValue(false);
const disableCmd = skillsCommand.subCommands!.find(
(s) => s.name === 'disable',
)!;
await disableCmd.action!(context, 'skill1');
expect(context.ui.addItem).toHaveBeenCalledWith(
expect.objectContaining({
type: MessageType.ERROR,
text: 'Agent skills are disabled by your admin.',
}),
expect.any(Number),
);
});
it('should show error if skills are disabled by admin during enable', async () => {
const skillManager = context.services.config!.getSkillManager();
vi.mocked(skillManager.isAdminEnabled).mockReturnValue(false);
const enableCmd = skillsCommand.subCommands!.find(
(s) => s.name === 'enable',
)!;
await enableCmd.action!(context, 'skill1');
expect(context.ui.addItem).toHaveBeenCalledWith(
expect.objectContaining({
type: MessageType.ERROR,
text: 'Agent skills are disabled by your admin.',
}),
expect.any(Number),
);
});
});
packages/cli/src/ui/commands/skillsCommand.ts
+30 -4
View File
@@ -79,12 +79,26 @@ async function disableAction(
return;
}
const skillManager = context.services.config?.getSkillManager();
if (skillManager?.isAdminEnabled() === false) {
context.ui.addItem(
{
type: MessageType.ERROR,
text: 'Agent skills are disabled by your admin.',
},
Date.now(),
);
return;
}
const skill = skillManager?.getSkill(skillName);
if (!skill) {
context.ui.addItem({
type: MessageType.ERROR,
text: `Skill "${skillName}" not found.`,
});
context.ui.addItem(
{
type: MessageType.ERROR,
text: `Skill "${skillName}" not found.`,
},
Date.now(),
);
return;
}
@@ -121,6 +135,18 @@ async function enableAction(
return;
}
const skillManager = context.services.config?.getSkillManager();
if (skillManager?.isAdminEnabled() === false) {
context.ui.addItem(
{
type: MessageType.ERROR,
text: 'Agent skills are disabled by your admin.',
},
Date.now(),
);
return;
}
const result = enableSkill(context.services.settings, skillName);
let feedback = renderSkillActionFeedback(
packages/cli/src/ui/hooks/useExtensionUpdates.test.tsx
+15 -2
View File
@@ -4,13 +4,17 @@
* SPDX-License-Identifier: Apache-2.0
*/
import { vi } from 'vitest';
import { vi, describe, it, expect, beforeEach, afterEach } from 'vitest';
import * as fs from 'node:fs';
import * as os from 'node:os';
import * as path from 'node:path';
import { createExtension } from '../../test-utils/createExtension.js';
import { useExtensionUpdates } from './useExtensionUpdates.js';
import { GEMINI_DIR } from '@google/gemini-cli-core';
import {
GEMINI_DIR,
loadAgentsFromDirectory,
loadSkillsFromDir,
} from '@google/gemini-cli-core';
import { render } from '../../test-utils/render.js';
import { waitFor } from '../../test-utils/async.js';
import { MessageType } from '../types.js';
@@ -36,6 +40,10 @@ vi.mock('@google/gemini-cli-core', async (importOriginal) => {
return {
...actual,
homedir: () => os.homedir(),
loadAgentsFromDirectory: vi
.fn()
.mockResolvedValue({ agents: [], errors: [] }),
loadSkillsFromDir: vi.fn().mockResolvedValue([]),
};
});
@@ -51,6 +59,11 @@ describe('useExtensionUpdates', () => {
let extensionManager: ExtensionManager;
beforeEach(() => {
vi.mocked(loadAgentsFromDirectory).mockResolvedValue({
agents: [],
errors: [],
});
vi.mocked(loadSkillsFromDir).mockResolvedValue([]);
tempHomeDir = fs.mkdtempSync(
path.join(os.tmpdir(), 'gemini-cli-test-home-'),
);