mirror of
https://github.com/google-gemini/gemini-cli.git
synced 2026-06-26 03:07:00 -07:00
Update public workflow trust, readme, and run formatter.
This commit is contained in:
davidapierce
@@ -16,12 +16,10 @@ sends them to the model with every prompt. The CLI loads files in the following
|
||||
order:
|
||||
|
||||
1. **Global context file:**
|
||||
|
||||
- **Location:** `~/.gemini/GEMINI.md` (in your user home directory).
|
||||
- **Scope:** Provides default instructions for all your projects.
|
||||
|
||||
2. **Environment and workspace context files:**
|
||||
|
||||
- **Location:** The CLI searches for `GEMINI.md` files in your configured
|
||||
workspace directories and their parent directories.
|
||||
- **Scope:** Provides context relevant to the projects you are currently
|
||||
|
||||
@@ -64,7 +64,6 @@ Gemini CLI takes action.
|
||||
reach an informal agreement on the approach before proceeding.
|
||||
3. **Review the plan:** Once you've agreed on the strategy, Gemini CLI creates
|
||||
a detailed implementation plan as a Markdown file in your plans directory.
|
||||
|
||||
- **View:** You can open and read this file to understand the proposed
|
||||
changes.
|
||||
- **Edit:** Press `Ctrl+X` to open the plan directly in your configured
|
||||
|
||||
@@ -202,7 +202,6 @@ becoming too large and expensive.
|
||||
exchanges) allowed in a single session. Set to `-1` for unlimited (default).
|
||||
|
||||
**Behavior when limit is reached:**
|
||||
|
||||
- **Interactive mode:** The CLI shows an informational message and stops
|
||||
sending requests to the model. You must manually start a new session.
|
||||
- **Non-interactive mode:** The CLI exits with an error.
|
||||
|
||||
@@ -27,13 +27,11 @@ via a `.gemini/.env` file. See
|
||||
[Persisting Environment Variables](../get-started/authentication.mdx#persisting-environment-variables).
|
||||
|
||||
- Use the project default path (`.gemini/system.md`):
|
||||
|
||||
- `GEMINI_SYSTEM_MD=true` or `GEMINI_SYSTEM_MD=1`
|
||||
- The CLI reads `./.gemini/system.md` (relative to your current project
|
||||
directory).
|
||||
|
||||
- Use a custom file path:
|
||||
|
||||
- `GEMINI_SYSTEM_MD=/absolute/path/to/my-system.md`
|
||||
- Relative paths are supported and resolved from the current working
|
||||
directory.
|
||||
|
||||
@@ -64,7 +64,6 @@ and Cloud Logging.
|
||||
You must complete several setup steps before enabling Google Cloud telemetry.
|
||||
|
||||
1. Set your Google Cloud project ID:
|
||||
|
||||
- To send telemetry to a separate project:
|
||||
|
||||
**macOS/Linux**
|
||||
@@ -94,10 +93,8 @@ You must complete several setup steps before enabling Google Cloud telemetry.
|
||||
```
|
||||
|
||||
2. Authenticate with Google Cloud using one of these methods:
|
||||
|
||||
- **Method A: Application Default Credentials (ADC)**: Use this method for
|
||||
service accounts or standard `gcloud` authentication.
|
||||
|
||||
- For user accounts:
|
||||
```bash
|
||||
gcloud auth application-default login
|
||||
@@ -115,7 +112,6 @@ You must complete several setup steps before enabling Google Cloud telemetry.
|
||||
```powershell
|
||||
$env:GOOGLE_APPLICATION_CREDENTIALS="C:\path\to\your\service-account.json"
|
||||
```
|
||||
|
||||
* **Method B: CLI Auth** (Direct export only): Simplest method for local
|
||||
users. Gemini CLI uses the same OAuth credentials you used for login. To
|
||||
enable this, set `useCliAuth: true` in your `.gemini/settings.json`:
|
||||
@@ -137,7 +133,6 @@ You must complete several setup steps before enabling Google Cloud telemetry.
|
||||
> telemetry will be disabled.
|
||||
|
||||
3. Ensure your account or service account has these IAM roles:
|
||||
|
||||
- Cloud Trace Agent
|
||||
- Monitoring Metric Writer
|
||||
- Logs Writer
|
||||
|
||||
@@ -117,6 +117,16 @@ the following methods:
|
||||
These methods will trust the current workspace for the duration of the session
|
||||
without prompting.
|
||||
|
||||
<!-- prettier-ignore -->
|
||||
> [!WARNING]
|
||||
> **Never set `GEMINI_CLI_TRUST_WORKSPACE=true` or use `--skip-trust` in CI/CD
|
||||
> workflows that process untrusted public inputs** (such as GitHub issues, pull
|
||||
> requests, or comments). Doing so allows a malicious contributor to commit a
|
||||
> crafted `.gemini/settings.json` file in their pull request, register
|
||||
> arbitrary tools (including shell execution), and exfiltrate dynamically
|
||||
> generated runner secrets (such as GCP service account credentials or AWS keys)
|
||||
> via prompt injection.
|
||||
|
||||
For detailed instructions on managing folder trust within CI/CD workflows,
|
||||
review the
|
||||
[Gemini CLI trust guidance for GitHub Actions](https://github.com/google-github-actions/run-gemini-cli/blob/main/docs/trust-guidance.md).
|
||||
|
||||
Reference in New Issue
Block a user