Update public workflow trust, readme, and run formatter.

2026-06-26 11:17:04 -07:00 · 2026-06-22 17:42:11 +00:00
parent be7ba2c22a
commit d2b1009e9f
24 changed files with 31 additions and 273 deletions
@@ -68,7 +68,6 @@ jobs:
          ISSUE_NUMBER: '${{ github.event.issue.number }}'
          REPOSITORY: '${{ github.repository }}'
          FIRESTORE_PROJECT: '${{ vars.FIRESTORE_PROJECT }}'
-          GEMINI_CLI_TRUST_WORKSPACE: 'true'
        with:
          upload_artifacts: 'true'
          gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}'
@@ -131,19 +131,6 @@ jobs:
            core.info(`Found ${labelNames.length} labels: ${labelNames.join(', ')}`);
            return labelNames;

-      - name: 'Prepare Issue Data'
-        id: 'prepare_issue_data'
-        env:
-          ISSUE_TITLE: >-
-            ${{ github.event_name == 'workflow_dispatch' && steps.get_issue_data.outputs.title || github.event.issue.title }}
-          ISSUE_BODY: >-
-            ${{ github.event_name == 'workflow_dispatch' && steps.get_issue_data.outputs.body || github.event.issue.body }}
-        run: |
-          set -euo pipefail
-          echo "Title: ${ISSUE_TITLE}" > issue_context.md
-          echo "Body:" >> issue_context.md
-          echo "${ISSUE_BODY}" >> issue_context.md
-
      - name: 'Run Gemini Issue Analysis'
        uses: 'google-github-actions/run-gemini-cli@a3bf79042542528e91937b3a3a6fbc4967ee3c31' # ratchet:google-github-actions/run-gemini-cli@v0
        id: 'gemini_issue_analysis'
@@ -153,7 +140,6 @@ jobs:
            ${{ github.event_name == 'workflow_dispatch' && (github.event.inputs.issue_number || inputs.issue_number) || github.event.issue.number }}
          REPOSITORY: '${{ github.repository }}'
          AVAILABLE_LABELS: '${{ steps.get_labels.outputs.available_labels }}'
-          GEMINI_CLI_TRUST_WORKSPACE: 'true'
        with:
          upload_artifacts: 'true'
          gcp_workload_identity_provider: '${{ vars.GCP_WIF_PROVIDER }}'
@@ -171,10 +157,7 @@ jobs:
                "target": "gcp"
              },
              "tools": {
-                "core": [
-                  "run_shell_command(echo)",
-                  "read_file"
-                ]
+                "core": []
              }
            }
          prompt: |-
@@ -182,8 +165,15 @@ jobs:

            You are an issue triage assistant. Your role is to analyze a GitHub issue and determine the single most appropriate area/ label based on the definitions provided.

+            ## Issue Context
+            Title: ${{ github.event_name == 'workflow_dispatch' && steps.get_issue_data.outputs.title || github.event.issue.title }}
+            Body:
+            --- START OF ISSUE BODY ---
+            ${{ github.event_name == 'workflow_dispatch' && steps.get_issue_data.outputs.body || github.event.issue.body }}
+            --- END OF ISSUE BODY ---
+
            ## Steps
-            1. Use the read_file tool to read the file "issue_context.md" which contains the issue title and body.
+            1. Analyze the issue context above.
            2. Review the available labels: ${{ env.AVAILABLE_LABELS }}.
            3. Select exactly one area/ label that best matches the issue based on Reference 1: Area Definitions.
            4. Fallback Logic:
@@ -48,8 +48,6 @@ jobs:
      contents: 'read'
      issues: 'read'
      actions: 'read'
-    env:
-      GEMINI_CLI_TRUST_WORKSPACE: 'true'
    steps:
      - name: 'Determine Checkout Ref'
        id: 'determine_ref'
@@ -176,7 +176,6 @@ jobs:
          REPOSITORY: '${{ github.repository }}'
          AVAILABLE_LABELS: '${{ steps.get_labels.outputs.available_labels }}'
          CLI_VERSION: '${{ steps.get_version.outputs.version }}'
-          GEMINI_CLI_TRUST_WORKSPACE: 'true'
          GEMINI_EXP: 'gemini_exp.json'
          GEMINI_STRICT_TELEMETRY_LIMITS: 'true'
          GEMINI_MODEL: 'gemini-3-flash-preview'
@@ -301,7 +300,6 @@ jobs:
          REPOSITORY: '${{ github.repository }}'
          AVAILABLE_LABELS: '${{ steps.get_labels.outputs.available_labels }}'
          CLI_VERSION: '${{ steps.get_version.outputs.version }}'
-          GEMINI_CLI_TRUST_WORKSPACE: 'true'
          GEMINI_EXP: 'gemini_exp.json'
          GEMINI_STRICT_TELEMETRY_LIMITS: 'true'
          GEMINI_MODEL: 'gemini-3-flash-preview'
@@ -143,6 +143,16 @@ Integrate Gemini CLI directly into your GitHub workflows with
 - **Custom Workflows**: Build automated, scheduled and on-demand workflows
  tailored to your team's needs

+<!-- prettier-ignore -->
+> [!WARNING]
+> **Security best practice for public repositories:** Never set
+> `GEMINI_CLI_TRUST_WORKSPACE=true` or use `--skip-trust` in CI/CD workflows
+> that process untrusted public inputs (like issue titles/bodies or PR comments).
+> Doing so can expose dynamically generated runner secrets (such as GCP OIDC
+> service account credentials) to prompt injection attacks. See the
+> [Trusted Folders documentation](https://www.geminicli.com/docs/cli/trusted-folders)
+> for more information.
+
 ## 🔐 Authentication Options

 Choose the authentication method that best fits your needs:
@@ -507,7 +507,6 @@ on GitHub.
  headlessly in notebook cells or interactively in the built-in terminal
  ([pic](https://imgur.com/a/G0Tn7vi))
 - 🎉**Gemini CLI Extensions:**
-
  - **Conductor:** Planning++, Gemini works with you to build out a detailed
    plan, pull in extra details as needed, ultimately to give the LLM guardrails
    with artifacts. Measure twice, implement once!
@@ -636,7 +635,6 @@ on GitHub.
  - **Announcement:**
    [https://developers.googleblog.com/en/making-the-terminal-beautiful-one-pixel-at-a-time/](https://developers.googleblog.com/en/making-the-terminal-beautiful-one-pixel-at-a-time/)
 - **🎉 New partner extensions:**
-
  - **Arize:** Seamlessly instrument AI applications with Arize AX and grant
    direct access to Arize support:

@@ -676,7 +674,6 @@ on GitHub.
 ![Codebase investigator subagent in Gemini CLI.](https://i.imgur.com/4J1njsx.png)

 - **🎉 New partner extensions:**
-
  - **🤗 Hugging Face extension:** Access the Hugging Face hub.
    ([gif](https://drive.google.com/file/d/1LEzIuSH6_igFXq96_tWev11svBNyPJEB/view?usp=sharing&resourcekey=0-LtPTzR1woh-rxGtfPzjjfg))

@@ -16,12 +16,10 @@ sends them to the model with every prompt. The CLI loads files in the following
 order:

 1.  **Global context file:**
-
    - **Location:** `~/.gemini/GEMINI.md` (in your user home directory).
    - **Scope:** Provides default instructions for all your projects.

 2.  **Environment and workspace context files:**
-
    - **Location:** The CLI searches for `GEMINI.md` files in your configured
      workspace directories and their parent directories.
    - **Scope:** Provides context relevant to the projects you are currently
@@ -64,7 +64,6 @@ Gemini CLI takes action.
    reach an informal agreement on the approach before proceeding.
 3.  **Review the plan:** Once you've agreed on the strategy, Gemini CLI creates
    a detailed implementation plan as a Markdown file in your plans directory.
-
    - **View:** You can open and read this file to understand the proposed
      changes.
    - **Edit:** Press `Ctrl+X` to open the plan directly in your configured
@@ -202,7 +202,6 @@ becoming too large and expensive.
  exchanges) allowed in a single session. Set to `-1` for unlimited (default).

  **Behavior when limit is reached:**
-
  - **Interactive mode:** The CLI shows an informational message and stops
    sending requests to the model. You must manually start a new session.
  - **Non-interactive mode:** The CLI exits with an error.
@@ -27,13 +27,11 @@ via a `.gemini/.env` file. See
 [Persisting Environment Variables](../get-started/authentication.mdx#persisting-environment-variables).

 - Use the project default path (`.gemini/system.md`):
-
  - `GEMINI_SYSTEM_MD=true` or `GEMINI_SYSTEM_MD=1`
  - The CLI reads `./.gemini/system.md` (relative to your current project
    directory).

 - Use a custom file path:
-
  - `GEMINI_SYSTEM_MD=/absolute/path/to/my-system.md`
  - Relative paths are supported and resolved from the current working
    directory.
@@ -64,7 +64,6 @@ and Cloud Logging.
 You must complete several setup steps before enabling Google Cloud telemetry.

 1.  Set your Google Cloud project ID:
-
    - To send telemetry to a separate project:

      **macOS/Linux**
@@ -94,10 +93,8 @@ You must complete several setup steps before enabling Google Cloud telemetry.
      ```

 2.  Authenticate with Google Cloud using one of these methods:
-
    - **Method A: Application Default Credentials (ADC)**: Use this method for
      service accounts or standard `gcloud` authentication.
-
      - For user accounts:
        ```bash
        gcloud auth application-default login
@@ -115,7 +112,6 @@ You must complete several setup steps before enabling Google Cloud telemetry.
        ```powershell
        $env:GOOGLE_APPLICATION_CREDENTIALS="C:\path\to\your\service-account.json"
        ```
-
    * **Method B: CLI Auth** (Direct export only): Simplest method for local
      users. Gemini CLI uses the same OAuth credentials you used for login. To
      enable this, set `useCliAuth: true` in your `.gemini/settings.json`:
@@ -137,7 +133,6 @@ You must complete several setup steps before enabling Google Cloud telemetry.
 > telemetry will be disabled.

 3.  Ensure your account or service account has these IAM roles:
-
    - Cloud Trace Agent
    - Monitoring Metric Writer
    - Logs Writer
@@ -117,6 +117,16 @@ the following methods:
 These methods will trust the current workspace for the duration of the session
 without prompting.

+<!-- prettier-ignore -->
+> [!WARNING]
+> **Never set `GEMINI_CLI_TRUST_WORKSPACE=true` or use `--skip-trust` in CI/CD
+> workflows that process untrusted public inputs** (such as GitHub issues, pull
+> requests, or comments). Doing so allows a malicious contributor to commit a
+> crafted `.gemini/settings.json` file in their pull request, register
+> arbitrary tools (including shell execution), and exfiltrate dynamically
+> generated runner secrets (such as GCP service account credentials or AWS keys)
+> via prompt injection.
+
 For detailed instructions on managing folder trust within CI/CD workflows,
 review the
 [Gemini CLI trust guidance for GitHub Actions](https://github.com/google-github-actions/run-gemini-cli/blob/main/docs/trust-guidance.md).
@@ -56,7 +56,6 @@ creating a "discovery file."
    }
  }
  ```
-
  - `port` (number, required): The port of the MCP server.
  - `workspacePath` (string, required): A list of all open workspace root paths,
    delimited by the OS-specific path separator (`:` for Linux/macOS, `;` for
@@ -188,7 +187,6 @@ The plugin **MUST** register an `openDiff` tool on its MCP server.
 - **Response (`CallToolResult`):** The tool **MUST** immediately return a
  `CallToolResult` to acknowledge the request and report whether the diff view
  was successfully opened.
-
  - On Success: If the diff view was opened successfully, the response **MUST**
    contain empty content (that is, `content: []`).
  - On Failure: If an error prevented the diff view from opening, the response
@@ -27,7 +27,6 @@ AI-generated code changes directly within your editor.

 - **Workspace context:** The CLI automatically gains awareness of your workspace
  to provide more relevant and accurate responses. This context includes:
-
  - The **10 most recently accessed files** in your workspace.
  - Your active cursor position.
  - Any text you have selected (up to a 16KB limit; longer selections will be
@@ -229,7 +228,6 @@ If you are using Gemini CLI within a sandbox, be aware of the following:

 - **Message:**
  `🔴 Disconnected: Failed to connect to IDE companion extension in [IDE Name]. Please ensure the extension is running. To install the extension, run /ide install.`
-
  - **Cause:** Gemini CLI could not find the necessary environment variables
    (`GEMINI_CLI_IDE_WORKSPACE_PATH` or `GEMINI_CLI_IDE_SERVER_PORT`) to connect
    to the IDE. This usually means the IDE companion extension is not running or
@@ -272,7 +270,6 @@ to connect using the provided PID.

 - **Message:**
  `🔴 Disconnected: Directory mismatch. Gemini CLI is running in a different location than the open workspace in [IDE Name]. Please run the CLI from one of the following directories: [List of directories]`
-
  - **Cause:** The CLI's current working directory is outside the workspace you
    have open in your IDE.
  - **Solution:** `cd` into the same directory that is open in your IDE and
@@ -287,7 +284,6 @@ to connect using the provided PID.

 - **Message:**
  `IDE integration is not supported in your current environment. To use this feature, run Gemini CLI in one of these supported IDEs: [List of IDEs]`
-
  - **Cause:** You are running Gemini CLI in a terminal or environment that is
    not a supported IDE.
  - **Solution:** Run Gemini CLI from the integrated terminal of a supported
@@ -59,7 +59,6 @@ You can view traces in the Jaeger UI for local development.

    This command configures your workspace for local telemetry and provides a
    link to the Jaeger UI (usually `http://localhost:16686`).
-
    - **Collector logs:** `~/.gemini/tmp/<projectHash>/otel/collector.log`

 2.  **Run Gemini CLI:**
@@ -109,7 +108,6 @@ Trace for custom processing or routing.

    The script outputs links to view traces, metrics, and logs in the Google
    Cloud Console.
-
    - **Collector logs:** `~/.gemini/tmp/<projectHash>/otel/collector-gcp.log`

 3.  **Run Gemini CLI:**
@@ -506,7 +506,6 @@ the dedicated [Custom Commands documentation](../cli/custom-commands.md).
 These shortcuts apply directly to the input prompt for text manipulation.

 - **Undo:**
-
  - **Keyboard shortcut:** Press **Ctrl+z** (Windows), **Cmd+z** (macOS), or
    **Alt+z** (Linux/WSL) to undo the last action in the input prompt.

@@ -520,7 +519,6 @@ At commands are used to include the content of files or directories as part of
 your prompt to Gemini. These commands include git-aware filtering.

 - **`@<path_to_file_or_directory>`**
-
  - **Description:** Inject the content of the specified file or files into your
    current prompt. This is useful for asking questions about specific code,
    text, or collections of files.
@@ -567,7 +565,6 @@ The `!` prefix lets you interact with your system's shell directly from within
 Gemini CLI.

 - **`!<shell_command>`**
-
  - **Description:** Execute the given `<shell_command>` using `bash` on
    Linux/macOS or `powershell.exe -NoProfile -Command` on Windows (unless you
    override `ComSpec`). Any output or errors from the command are displayed in
@@ -577,7 +574,6 @@ Gemini CLI.
    - `!git status` (executes `git status` and returns to Gemini CLI)

 - **`!` (Toggle shell mode)**
-
  - **Description:** Typing `!` on its own toggles shell mode.
    - **Entering shell mode:**
      - When active, shell mode uses a different coloring and a "Shell Mode
@@ -70,7 +70,6 @@ Before promoting a `preview` release to `stable`, a release manager must
 manually run through this checklist.

 - **Setup:**
-
  - [ ] Uninstall any existing global version:
        `npm uninstall -g @google/gemini-cli`
  - [ ] Clear npx cache (optional but recommended): `npm cache clean --force`
@@ -78,29 +77,24 @@ manually run through this checklist.
  - [ ] Verify version: `gemini --version`

 - **Authentication:**
-
  - [ ] In interactive mode run `/auth` and verify all sign in flows work:
    - [ ] Sign in with Google
    - [ ] API Key
    - [ ] Vertex AI

 - **Basic prompting:**
-
  - [ ] Run `gemini "Tell me a joke"` and verify a sensible response.
  - [ ] Run in interactive mode: `gemini`. Ask a follow-up question to test
        context.

 - **Piped input:**
-
  - [ ] Run `echo "Summarize this" | gemini` and verify it processes stdin.

 - **Context management:**
-
  - [ ] In interactive mode, use `@file` to add a local file to context. Ask a
        question about it.

 - **Settings:**
-
  - [ ] In interactive mode run `/settings` and make modifications
  - [ ] Validate that setting is changed

@@ -475,7 +475,6 @@ This stage happens _after_ the NPM publish and creates the single-file
 executable that enables `npx` usage directly from the GitHub repository.

 1.  **The JavaScript bundle is created:**
-
    - **What happens:** The built JavaScript from both `packages/core/dist` and
      `packages/cli/dist`, along with all third-party JavaScript dependencies,
      are bundled by `esbuild` into a single, executable JavaScript file (for
@@ -487,7 +486,6 @@ executable that enables `npx` usage directly from the GitHub repository.
      the `core` package) are included directly.

 2.  **The `bundle` directory is assembled:**
-
    - **What happens:** A temporary `bundle` folder is created at the project
      root. The single `gemini.js` executable is placed inside it, along with
      other essential files.
@@ -127,7 +127,6 @@ Standard/Plus and AI Expanded, are not supported._
  license seats. For predictable costs, you can sign in with Google.

  This includes the following request limits:
-
  - Gemini Code Assist Standard edition:
    - 1500 maximum model requests / user / day
  - Gemini Code Assist Enterprise edition:
@@ -12,7 +12,6 @@ topics on:

 - **Error:
  `You must be a named user on your organization's Gemini Code Assist Standard edition subscription to use this service. Please contact your administrator to request an entitlement to Gemini Code Assist Standard edition.`**
-
  - **Cause:** This error might occur if Gemini CLI detects the
    `GOOGLE_CLOUD_PROJECT` or `GOOGLE_CLOUD_PROJECT_ID` environment variable is
    defined. Setting these variables forces an organization subscription check.
@@ -20,7 +19,6 @@ topics on:
    linked to an organizational subscription.

  - **Solution:**
-
    - **Individual Users:** Unset the `GOOGLE_CLOUD_PROJECT` and
      `GOOGLE_CLOUD_PROJECT_ID` environment variables. Check and remove these
      variables from your shell configuration files (for example, `.bashrc`,
@@ -32,14 +30,12 @@ topics on:

 - **Error:
  `Failed to sign in. Message: Your current account is not eligible... because it is not currently available in your location.`**
-
  - **Cause:** Gemini CLI does not currently support your location. For a full
    list of supported locations, see the following pages:
    - Gemini Code Assist for individuals:
      [Available locations](https://developers.google.com/gemini-code-assist/resources/available-locations#americas)

 - **Error: `Failed to sign in. Message: Request contains an invalid argument`**
-
  - **Cause:** Users with Google Workspace accounts or Google Cloud accounts
    associated with their Gmail accounts may not be able to activate the free
    tier of the Google Code Assist plan.
@@ -70,7 +66,6 @@ topics on:
 ## Common error messages and solutions

 - **Error: `EADDRINUSE` (Address already in use) when starting an MCP server.**
-
  - **Cause:** Another process is already using the port that the MCP server is
    trying to bind to.
  - **Solution:** Either stop the other process that is using the port or
@@ -78,7 +73,6 @@ topics on:

 - **Error: Command not found (when attempting to run Gemini CLI with
  `gemini`).**
-
  - **Cause:** Gemini CLI is not correctly installed or it is not in your
    system's `PATH`.
  - **Solution:** The update depends on how you installed Gemini CLI:
@@ -91,7 +85,6 @@ topics on:
      then rebuild using the command `npm run build`.

 - **Error: `MODULE_NOT_FOUND` or import errors.**
-
  - **Cause:** Dependencies are not installed correctly, or the project hasn't
    been built.
  - **Solution:**
@@ -100,7 +93,6 @@ topics on:
    3.  Verify that the build completed successfully with `npm run start`.

 - **Error: "Operation not permitted", "Permission denied", or similar.**
-
  - **Cause:** When sandboxing is enabled, Gemini CLI may attempt operations
    that are restricted by your sandbox configuration, such as writing outside
    the project directory or system temp directory.
@@ -109,7 +101,6 @@ topics on:
    configuration.

 - **Gemini CLI is not running in interactive mode in "CI" environments**
-
  - **Issue:** Gemini CLI does not enter interactive mode (no prompt appears) if
    an environment variable starting with `CI_` (for example, `CI_TOKEN`) is
    set. This is because the `is-in-ci` package, used by the underlying UI
@@ -125,7 +116,6 @@ topics on:
    `env -u CI_TOKEN gemini`

 - **DEBUG mode not working from project .env file**
-
  - **Issue:** Setting `DEBUG=true` in a project's `.env` file doesn't enable
    debug mode for gemini-cli.
  - **Cause:** The `DEBUG` and `DEBUG_MODE` variables are automatically excluded
@@ -165,14 +155,12 @@ is especially useful for scripting and automation.
 ## Debugging tips

 - **CLI debugging:**
-
  - Use the `--debug` flag for more detailed output. In interactive mode, press
    F12 to view the debug console.
  - Check the CLI logs, often found in a user-specific configuration or cache
    directory.

 - **Core debugging:**
-
  - Check the server console output for error messages or stack traces.
  - Increase log verbosity if configurable. For example, set the `DEBUG_MODE`
    environment variable to `true` or `1`.
@@ -180,7 +168,6 @@ is especially useful for scripting and automation.
    step through server-side code.

 - **Tool issues:**
-
  - If a specific tool is failing, try to isolate the issue by running the
    simplest possible version of the command or operation the tool performs.
  - For `run_shell_command`, check that the command works directly in your shell
@@ -11,7 +11,6 @@ confirmation.
 - **Display name:** Ask User
 - **File:** `ask-user.ts`
 - **Parameters:**
-
  - `questions` (array of objects, required): A list of 1 to 4 questions to ask.
    Each question object has the following properties:
    - `question` (string, required): The complete question text.
@@ -31,7 +30,6 @@ confirmation.
    - `placeholder` (string, optional): Hint text for input fields.

 - **Behavior:**
-
  - Presents an interactive dialog to the user with the specified questions.
  - Pauses execution until the user provides answers or dismisses the dialog.
  - Returns the user's answers to the model.
@@ -768,7 +768,6 @@ defaults:

 - **Tool lists:** Tool lists are merged securely to ensure the most restrictive
  policy wins:
-
  - **Exclusions (`excludeTools`):** Arrays are combined (unioned). If either
    source blocks a tool, it remains disabled.
  - **Inclusions (`includeTools`):** Arrays are intersected. If both sources
@@ -439,8 +439,7 @@ describe('extensionsCommand', () => {
    }

    it('should return ExtensionRegistryView custom dialog when experimental.extensionRegistry is true', async () => {
-      mockContext.services.settings.merged.experimental.extensionRegistry =
-        true;
+      mockContext.services.settings.merged.experimental.extensionRegistry = true;

      const result = await exploreAction(mockContext, '');

@@ -456,8 +455,7 @@ describe('extensionsCommand', () => {
    });

    it('should handle onSelect and onClose in ExtensionRegistryView', async () => {
-      mockContext.services.settings.merged.experimental.extensionRegistry =
-        true;
+      mockContext.services.settings.merged.experimental.extensionRegistry = true;

      const result = await exploreAction(mockContext, '');
      if (result?.type !== 'custom_dialog') {