feat(cli): secure .env loading and enforce workspace trust in headless mode (#25814)

Co-authored-by: galz10 <galzahavi@google.com> Co-authored-by: davidapierce <davidapierce@google.com>
2026-04-24 20:14:44 -07:00 · 2026-04-23 09:09:14 -07:00
parent a007f64d20
commit dba9b9a0ff
27 changed files with 881 additions and 489 deletions
@@ -52,6 +52,7 @@ These commands are available within the interactive REPL.
 | `--prompt-interactive`           | `-i`  | string  | -         | Execute prompt and continue in interactive mode                                                                                                                        |
 | `--worktree`                     | `-w`  | string  | -         | Start Gemini in a new git worktree. If no name is provided, one is generated automatically. Requires `experimental.worktrees: true` in settings.                       |
 | `--sandbox`                      | `-s`  | boolean | `false`   | Run in a sandboxed environment for safer execution                                                                                                                     |
+| `--skip-trust`                   | -     | boolean | `false`   | Trust the current workspace for this session, skipping the folder trust check.                                                                                         |
 | `--approval-mode`                | -     | string  | `default` | Approval mode for tool execution. Choices: `default`, `auto_edit`, `yolo`, `plan`                                                                                      |
 | `--yolo`                         | `-y`  | boolean | `false`   | **Deprecated.** Auto-approve all actions. Use `--approval-mode=yolo` instead.                                                                                          |
 | `--experimental-acp`             | -     | boolean | -         | Start in ACP (Agent Code Pilot) mode. **Experimental feature.**                                                                                                        |
@@ -100,6 +100,30 @@ protect you. In this mode, the following features are disabled:
 Granting trust to a folder unlocks the full functionality of Gemini CLI for that
 workspace.

+## Headless and automated environments
+
+When running Gemini CLI in a headless environment (for example, a CI/CD
+pipeline) where interactive prompts are not possible, the trust dialog cannot be
+displayed. If the folder is untrusted and the Folder Trust feature is enabled,
+the CLI will throw a `FatalUntrustedWorkspaceError` and exit.
+
+To proceed in these environments, you can bypass the trust check using one of
+the following methods:
+
+- **Command-line flag:** Run the CLI with the `--skip-trust` flag.
+- **Environment variable:** Set the `GEMINI_CLI_TRUST_WORKSPACE=true`
+  environment variable.
+
+These methods will trust the current workspace for the duration of the session
+without prompting.
+
+## Overriding the trust file location
+
+By default, trust settings are saved to `~/.gemini/trustedFolders.json`. If you
+need to store this file in a different location, you can set the
+`GEMINI_CLI_TRUSTED_FOLDERS_PATH` environment variable to the desired absolute
+file path.
+
 ## Managing your trust settings

 If you need to change a decision or see all your settings, you have a couple of