feat(policy): implement auto-add feature with safeguards

2026-03-13 15:40:57 -07:00 · 2026-02-27 20:34:15 +00:00
parent c6ff82944f
commit d5a8cf9620
11 changed files with 866 additions and 27 deletions
--- a/packages/cli/src/config/config.ts
+++ b/packages/cli/src/config/config.ts
@@ -818,9 +818,10 @@ export async function loadCliConfig(
    model: resolvedModel,
    maxSessionTurns: settings.model?.maxSessionTurns,
    experimentalZedIntegration: argv.experimentalAcp || false,
-    listExtensions: argv.listExtensions || false,
    listSessions: argv.listSessions || false,
    deleteSession: argv.deleteSession,
+    autoAddPolicy:
+      settings.security?.autoAddPolicy && !settings.admin?.secureModeEnabled,
    enabledExtensions: argv.extensions,
    extensionLoader: extensionManager,
    enableExtensionReloading: settings.experimental?.extensionReloading,
@@ -843,7 +844,6 @@ export async function loadCliConfig(
    interactive,
    trustedFolder,
    useBackgroundColor: settings.ui?.useBackgroundColor,
-    useAlternateBuffer: settings.ui?.useAlternateBuffer,
    useRipgrep: settings.tools?.useRipgrep,
    enableInteractiveShell: settings.tools?.shell?.enableInteractiveShell,
    shellToolInactivityTimeout: settings.tools?.shell?.inactivityTimeout,
--- a/packages/cli/src/config/settingsSchema.ts
+++ b/packages/cli/src/config/settingsSchema.ts
@@ -1436,6 +1436,16 @@ const SETTINGS_SCHEMA = {
          'Enable the "Allow for all future sessions" option in tool confirmation dialogs.',
        showInDialog: true,
      },
+      autoAddPolicy: {
+        type: 'boolean',
+        label: 'Auto-add to Policy',
+        category: 'Security',
+        requiresRestart: false,
+        default: true,
+        description:
+          'Automatically add "Proceed always" approvals to your persistent policy.',
+        showInDialog: true,
+      },
      blockGitExtensions: {
        type: 'boolean',
        label: 'Blocks extensions from Git',
--- a/packages/cli/src/gemini.tsx
+++ b/packages/cli/src/gemini.tsx
@@ -594,6 +594,13 @@ export async function main() {
    const messageBus = config.getMessageBus();
    createPolicyUpdater(policyEngine, messageBus, config.storage);

+    // Listen for settings changes to update reactive config properties
+    coreEvents.on(CoreEvent.SettingsChanged, () => {
+      if (settings.merged.security.autoAddPolicy !== undefined) {
+        config.setAutoAddPolicy(settings.merged.security.autoAddPolicy);
+      }
+    });
+
    // Register SessionEnd hook to fire on graceful exit
    // This runs before telemetry shutdown in runExitCleanup()
    registerCleanup(async () => {