feat(policy): implement project-level policy support (#18682)

2026-04-08 12:20:38 -07:00 · 2026-02-19 16:16:03 -08:00
parent d25c469f77
commit d8b24e6983
32 changed files with 1895 additions and 186 deletions
--- a/packages/cli/src/ui/components/DialogManager.tsx
+++ b/packages/cli/src/ui/components/DialogManager.tsx
@@ -37,6 +37,7 @@ import { AgentConfigDialog } from './AgentConfigDialog.js';
 import { SessionRetentionWarningDialog } from './SessionRetentionWarningDialog.js';
 import { useCallback } from 'react';
 import { SettingScope } from '../../config/settings.js';
+import { PolicyUpdateDialog } from './PolicyUpdateDialog.js';

 interface DialogManagerProps {
  addItem: UseHistoryManagerReturn['addItem'];
@@ -166,6 +167,15 @@ export const DialogManager = ({
      />
    );
  }
+  if (uiState.isPolicyUpdateDialogOpen) {
+    return (
+      <PolicyUpdateDialog
+        config={config}
+        request={uiState.policyUpdateConfirmationRequest!}
+        onClose={() => uiActions.setIsPolicyUpdateDialogOpen(false)}
+      />
+    );
+  }
  if (uiState.loopDetectionConfirmationRequest) {
    return (
      <LoopDetectionConfirmation
--- a/packages/cli/src/ui/components/PolicyUpdateDialog.test.tsx
+++ b/packages/cli/src/ui/components/PolicyUpdateDialog.test.tsx
@@ -0,0 +1,141 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { describe, it, expect, vi, afterEach, beforeEach } from 'vitest';
+import { act } from 'react';
+import { renderWithProviders } from '../../test-utils/render.js';
+import { waitFor } from '../../test-utils/async.js';
+import { PolicyUpdateDialog } from './PolicyUpdateDialog.js';
+import {
+  type Config,
+  type PolicyUpdateConfirmationRequest,
+  PolicyIntegrityManager,
+} from '@google/gemini-cli-core';
+
+const { mockAcceptIntegrity } = vi.hoisted(() => ({
+  mockAcceptIntegrity: vi.fn(),
+}));
+
+// Mock PolicyIntegrityManager
+vi.mock('@google/gemini-cli-core', async (importOriginal) => {
+  const original =
+    await importOriginal<typeof import('@google/gemini-cli-core')>();
+  return {
+    ...original,
+    PolicyIntegrityManager: vi.fn().mockImplementation(() => ({
+      acceptIntegrity: mockAcceptIntegrity,
+      checkIntegrity: vi.fn(),
+    })),
+  };
+});
+
+describe('PolicyUpdateDialog', () => {
+  let mockConfig: Config;
+  let mockRequest: PolicyUpdateConfirmationRequest;
+  let onClose: () => void;
+
+  beforeEach(() => {
+    mockConfig = {
+      loadWorkspacePolicies: vi.fn().mockResolvedValue(undefined),
+    } as unknown as Config;
+
+    mockRequest = {
+      scope: 'workspace',
+      identifier: '/test/workspace/.gemini/policies',
+      policyDir: '/test/workspace/.gemini/policies',
+      newHash: 'test-hash',
+    } as PolicyUpdateConfirmationRequest;
+
+    onClose = vi.fn();
+  });
+
+  afterEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it('renders correctly and matches snapshot', async () => {
+    const { lastFrame, waitUntilReady } = renderWithProviders(
+      <PolicyUpdateDialog
+        config={mockConfig}
+        request={mockRequest}
+        onClose={onClose}
+      />,
+    );
+
+    await waitUntilReady();
+    const output = lastFrame();
+    expect(output).toMatchSnapshot();
+    expect(output).toContain('New or changed workspace policies detected');
+    expect(output).toContain('Location: /test/workspace/.gemini/policies');
+    expect(output).toContain('Accept and Load');
+    expect(output).toContain('Ignore');
+  });
+
+  it('handles ACCEPT correctly', async () => {
+    const { stdin } = renderWithProviders(
+      <PolicyUpdateDialog
+        config={mockConfig}
+        request={mockRequest}
+        onClose={onClose}
+      />,
+    );
+
+    // Accept is the first option, so pressing enter should select it
+    await act(async () => {
+      stdin.write('\r');
+    });
+
+    await waitFor(() => {
+      expect(PolicyIntegrityManager).toHaveBeenCalled();
+      expect(mockConfig.loadWorkspacePolicies).toHaveBeenCalledWith(
+        mockRequest.policyDir,
+      );
+      expect(onClose).toHaveBeenCalled();
+    });
+  });
+
+  it('handles IGNORE correctly', async () => {
+    const { stdin } = renderWithProviders(
+      <PolicyUpdateDialog
+        config={mockConfig}
+        request={mockRequest}
+        onClose={onClose}
+      />,
+    );
+
+    // Move down to Ignore option
+    await act(async () => {
+      stdin.write('\x1B[B'); // Down arrow
+    });
+    await act(async () => {
+      stdin.write('\r'); // Enter
+    });
+
+    await waitFor(() => {
+      expect(PolicyIntegrityManager).not.toHaveBeenCalled();
+      expect(mockConfig.loadWorkspacePolicies).not.toHaveBeenCalled();
+      expect(onClose).toHaveBeenCalled();
+    });
+  });
+
+  it('calls onClose when Escape key is pressed', async () => {
+    const { stdin } = renderWithProviders(
+      <PolicyUpdateDialog
+        config={mockConfig}
+        request={mockRequest}
+        onClose={onClose}
+      />,
+    );
+
+    await act(async () => {
+      stdin.write('\x1B'); // Escape key (matches Command.ESCAPE default)
+    });
+
+    await waitFor(() => {
+      expect(onClose).toHaveBeenCalled();
+    });
+  });
+});
--- a/packages/cli/src/ui/components/PolicyUpdateDialog.tsx
+++ b/packages/cli/src/ui/components/PolicyUpdateDialog.tsx
@@ -0,0 +1,116 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { Box, Text } from 'ink';
+import { useCallback, useRef } from 'react';
+import type React from 'react';
+import {
+  type Config,
+  type PolicyUpdateConfirmationRequest,
+  PolicyIntegrityManager,
+} from '@google/gemini-cli-core';
+import { theme } from '../semantic-colors.js';
+import type { RadioSelectItem } from './shared/RadioButtonSelect.js';
+import { RadioButtonSelect } from './shared/RadioButtonSelect.js';
+import { useKeypress } from '../hooks/useKeypress.js';
+import { keyMatchers, Command } from '../keyMatchers.js';
+
+export enum PolicyUpdateChoice {
+  ACCEPT = 'accept',
+  IGNORE = 'ignore',
+}
+
+interface PolicyUpdateDialogProps {
+  config: Config;
+  request: PolicyUpdateConfirmationRequest;
+  onClose: () => void;
+}
+
+export const PolicyUpdateDialog: React.FC<PolicyUpdateDialogProps> = ({
+  config,
+  request,
+  onClose,
+}) => {
+  const isProcessing = useRef(false);
+
+  const handleSelect = useCallback(
+    async (choice: PolicyUpdateChoice) => {
+      if (isProcessing.current) {
+        return;
+      }
+
+      isProcessing.current = true;
+      try {
+        if (choice === PolicyUpdateChoice.ACCEPT) {
+          const integrityManager = new PolicyIntegrityManager();
+          await integrityManager.acceptIntegrity(
+            request.scope,
+            request.identifier,
+            request.newHash,
+          );
+          await config.loadWorkspacePolicies(request.policyDir);
+        }
+        onClose();
+      } finally {
+        isProcessing.current = false;
+      }
+    },
+    [config, request, onClose],
+  );
+
+  useKeypress(
+    (key) => {
+      if (keyMatchers[Command.ESCAPE](key)) {
+        onClose();
+        return true;
+      }
+      return false;
+    },
+    { isActive: true },
+  );
+
+  const options: Array<RadioSelectItem<PolicyUpdateChoice>> = [
+    {
+      label: 'Accept and Load',
+      value: PolicyUpdateChoice.ACCEPT,
+      key: 'accept',
+    },
+    {
+      label: 'Ignore (Use Default Policies)',
+      value: PolicyUpdateChoice.IGNORE,
+      key: 'ignore',
+    },
+  ];
+
+  return (
+    <Box flexDirection="column" width="100%">
+      <Box
+        flexDirection="column"
+        borderStyle="round"
+        borderColor={theme.status.warning}
+        padding={1}
+        marginLeft={1}
+        marginRight={1}
+      >
+        <Box flexDirection="column" marginBottom={1}>
+          <Text bold color={theme.text.primary}>
+            New or changed {request.scope} policies detected
+          </Text>
+          <Text color={theme.text.primary}>Location: {request.identifier}</Text>
+          <Text color={theme.text.primary}>
+            Do you want to accept and load these policies?
+          </Text>
+        </Box>
+
+        <RadioButtonSelect
+          items={options}
+          onSelect={handleSelect}
+          isFocused={true}
+        />
+      </Box>
+    </Box>
+  );
+};
--- a/packages/cli/src/ui/components/snapshots/PolicyUpdateDialog.test.tsx.snap
+++ b/packages/cli/src/ui/components/snapshots/PolicyUpdateDialog.test.tsx.snap
@@ -0,0 +1,15 @@
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
+
+exports[`PolicyUpdateDialog > renders correctly and matches snapshot 1`] = `
+" ╭────────────────────────────────────────────────────────────────────────────────────────────────╮
+ │                                                                                                │
+ │ New or changed workspace policies detected                                                     │
+ │ Location: /test/workspace/.gemini/policies                                                     │
+ │ Do you want to accept and load these policies?                                                 │
+ │                                                                                                │
+ │ ● 1. Accept and Load                                                                           │
+ │   2. Ignore (Use Default Policies)                                                             │
+ │                                                                                                │
+ ╰────────────────────────────────────────────────────────────────────────────────────────────────╯
+"
+`;