feat(cli): secure .env loading and enforce workspace trust in headless mode (#25814)

Co-authored-by: galz10 <galzahavi@google.com>
Co-authored-by: davidapierce <davidapierce@google.com>

packages/cli/src/config/trustedFolders.ts

@@ -4,330 +4,29 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-import * as crypto from 'node:crypto';
-import { lock } from 'proper-lockfile';
 import {
-  FatalConfigError,
-  getErrorMessage,
-  isWithinRoot,
-  ideContextStore,
-  GEMINI_DIR,
-  homedir,
-  isHeadlessMode,
-  coreEvents,
   type HeadlessModeOptions,
+  checkPathTrust,
+  isHeadlessMode,
+  loadTrustedFolders as loadCoreTrustedFolders,
+  type LoadedTrustedFolders,
 } from '@google/gemini-cli-core';
 import type { Settings } from './settings.js';
-import stripJsonComments from 'strip-json-comments';
 
-const { promises: fsPromises } = fs;
+export {
+  TrustLevel,
+  isTrustLevel,
+  resetTrustedFoldersForTesting,
+  saveTrustedFolders,
+} from '@google/gemini-cli-core';
 
-export const TRUSTED_FOLDERS_FILENAME = 'trustedFolders.json';
-
-export function getUserSettingsDir(): string {
-  return path.join(homedir(), GEMINI_DIR);
-}
-
-export function getTrustedFoldersPath(): string {
-  if (process.env['GEMINI_CLI_TRUSTED_FOLDERS_PATH']) {
-    return process.env['GEMINI_CLI_TRUSTED_FOLDERS_PATH'];
-  }
-  return path.join(getUserSettingsDir(), TRUSTED_FOLDERS_FILENAME);
-}
-
-export enum TrustLevel {
-  TRUST_FOLDER = 'TRUST_FOLDER',
-  TRUST_PARENT = 'TRUST_PARENT',
-  DO_NOT_TRUST = 'DO_NOT_TRUST',
-}
-
-export function isTrustLevel(
-  value: string | number | boolean | object | null | undefined,
-): value is TrustLevel {
-  return (
-    typeof value === 'string' &&
-    // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
-    Object.values(TrustLevel).includes(value as TrustLevel)
-  );
-}
-
-export interface TrustRule {
-  path: string;
-  trustLevel: TrustLevel;
-}
-
-export interface TrustedFoldersError {
-  message: string;
-  path: string;
-}
-
-export interface TrustedFoldersFile {
-  config: Record<string, TrustLevel>;
-  path: string;
-}
-
-export interface TrustResult {
-  isTrusted: boolean | undefined;
-  source: 'ide' | 'file' | undefined;
-}
-
-const realPathCache = new Map<string, string>();
-
-/**
- * Parses the trusted folders JSON content, stripping comments.
- */
-function parseTrustedFoldersJson(content: string): unknown {
-  return JSON.parse(stripJsonComments(content));
-}
-
-/**
- * FOR TESTING PURPOSES ONLY.
- * Clears the real path cache.
- */
-export function clearRealPathCacheForTesting(): void {
-  realPathCache.clear();
-}
-
-function getRealPath(location: string): string {
-  let realPath = realPathCache.get(location);
-  if (realPath !== undefined) {
-    return realPath;
-  }
-
-  try {
-    realPath = fs.existsSync(location) ? fs.realpathSync(location) : location;
-  } catch {
-    realPath = location;
-  }
-
-  realPathCache.set(location, realPath);
-  return realPath;
-}
-
-export class LoadedTrustedFolders {
-  constructor(
-    readonly user: TrustedFoldersFile,
-    readonly errors: TrustedFoldersError[],
-  ) {}
-
-  get rules(): TrustRule[] {
-    return Object.entries(this.user.config).map(([path, trustLevel]) => ({
-      path,
-      trustLevel,
-    }));
-  }
-
-  /**
-   * Returns true or false if the path should be "trusted". This function
-   * should only be invoked when the folder trust setting is active.
-   *
-   * @param location path
-   * @returns
-   */
-  isPathTrusted(
-    location: string,
-    config?: Record<string, TrustLevel>,
-    headlessOptions?: HeadlessModeOptions,
-  ): boolean | undefined {
-    if (isHeadlessMode(headlessOptions)) {
-      return true;
-    }
-    const configToUse = config ?? this.user.config;
-
-    // Resolve location to its realpath for canonical comparison
-    const realLocation = getRealPath(location);
-
-    let longestMatchLen = -1;
-    let longestMatchTrust: TrustLevel | undefined = undefined;
-
-    for (const [rulePath, trustLevel] of Object.entries(configToUse)) {
-      const effectivePath =
-        trustLevel === TrustLevel.TRUST_PARENT
-          ? path.dirname(rulePath)
-          : rulePath;
-
-      // Resolve effectivePath to its realpath for canonical comparison
-      const realEffectivePath = getRealPath(effectivePath);
-
-      if (isWithinRoot(realLocation, realEffectivePath)) {
-        if (rulePath.length > longestMatchLen) {
-          longestMatchLen = rulePath.length;
-          longestMatchTrust = trustLevel;
-        }
-      }
-    }
-
-    if (longestMatchTrust === TrustLevel.DO_NOT_TRUST) return false;
-    if (
-      longestMatchTrust === TrustLevel.TRUST_FOLDER ||
-      longestMatchTrust === TrustLevel.TRUST_PARENT
-    )
-      return true;
-
-    return undefined;
-  }
-
-  async setValue(folderPath: string, trustLevel: TrustLevel): Promise<void> {
-    if (this.errors.length > 0) {
-      const errorMessages = this.errors.map(
-        (error) => `Error in ${error.path}: ${error.message}`,
-      );
-      throw new FatalConfigError(
-        `Cannot update trusted folders because the configuration file is invalid:\n${errorMessages.join('\n')}\nPlease fix the file manually before trying to update it.`,
-      );
-    }
-
-    const dirPath = path.dirname(this.user.path);
-    if (!fs.existsSync(dirPath)) {
-      await fsPromises.mkdir(dirPath, { recursive: true });
-    }
-
-    // lockfile requires the file to exist
-    if (!fs.existsSync(this.user.path)) {
-      await fsPromises.writeFile(this.user.path, JSON.stringify({}, null, 2), {
-        mode: 0o600,
-      });
-    }
-
-    const release = await lock(this.user.path, {
-      retries: {
-        retries: 10,
-        minTimeout: 100,
-      },
-    });
-
-    try {
-      // Re-read the file to handle concurrent updates
-      const content = await fsPromises.readFile(this.user.path, 'utf-8');
-      let config: Record<string, TrustLevel>;
-      try {
-        // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
-        config = parseTrustedFoldersJson(content) as Record<string, TrustLevel>;
-      } catch (error) {
-        coreEvents.emitFeedback(
-          'error',
-          `Failed to parse trusted folders file at ${this.user.path}. The file may be corrupted.`,
-          error,
-        );
-        config = {};
-      }
-
-      const originalTrustLevel = config[folderPath];
-      config[folderPath] = trustLevel;
-      this.user.config[folderPath] = trustLevel;
-
-      try {
-        saveTrustedFolders({ ...this.user, config });
-      } catch (e) {
-        // Revert the in-memory change if the save failed.
-        if (originalTrustLevel === undefined) {
-          delete this.user.config[folderPath];
-        } else {
-          this.user.config[folderPath] = originalTrustLevel;
-        }
-        throw e;
-      }
-    } finally {
-      await release();
-    }
-  }
-}
-
-let loadedTrustedFolders: LoadedTrustedFolders | undefined;
-
-/**
- * FOR TESTING PURPOSES ONLY.
- * Resets the in-memory cache of the trusted folders configuration.
- */
-export function resetTrustedFoldersForTesting(): void {
-  loadedTrustedFolders = undefined;
-  clearRealPathCacheForTesting();
-}
-
-export function loadTrustedFolders(): LoadedTrustedFolders {
-  if (loadedTrustedFolders) {
-    return loadedTrustedFolders;
-  }
-
-  const errors: TrustedFoldersError[] = [];
-  const userConfig: Record<string, TrustLevel> = {};
-
-  const userPath = getTrustedFoldersPath();
-  try {
-    if (fs.existsSync(userPath)) {
-      const content = fs.readFileSync(userPath, 'utf-8');
-      // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
-      const parsed = parseTrustedFoldersJson(content) as Record<string, string>;
-
-      if (
-        typeof parsed !== 'object' ||
-        parsed === null ||
-        Array.isArray(parsed)
-      ) {
-        errors.push({
-          message: 'Trusted folders file is not a valid JSON object.',
-          path: userPath,
-        });
-      } else {
-        for (const [path, trustLevel] of Object.entries(parsed)) {
-          if (isTrustLevel(trustLevel)) {
-            userConfig[path] = trustLevel;
-          } else {
-            const possibleValues = Object.values(TrustLevel).join(', ');
-            errors.push({
-              message: `Invalid trust level "${trustLevel}" for path "${path}". Possible values are: ${possibleValues}.`,
-              path: userPath,
-            });
-          }
-        }
-      }
-    }
-  } catch (error) {
-    errors.push({
-      message: getErrorMessage(error),
-      path: userPath,
-    });
-  }
-
-  loadedTrustedFolders = new LoadedTrustedFolders(
-    { path: userPath, config: userConfig },
-    errors,
-  );
-  return loadedTrustedFolders;
-}
-
-export function saveTrustedFolders(
-  trustedFoldersFile: TrustedFoldersFile,
-): void {
-  // Ensure the directory exists
-  const dirPath = path.dirname(trustedFoldersFile.path);
-  if (!fs.existsSync(dirPath)) {
-    fs.mkdirSync(dirPath, { recursive: true });
-  }
-
-  const content = JSON.stringify(trustedFoldersFile.config, null, 2);
-  const tempPath = `${trustedFoldersFile.path}.tmp.${crypto.randomUUID()}`;
-
-  try {
-    fs.writeFileSync(tempPath, content, {
-      encoding: 'utf-8',
-      mode: 0o600,
-    });
-    fs.renameSync(tempPath, trustedFoldersFile.path);
-  } catch (error) {
-    // Clean up temp file if it was created but rename failed
-    if (fs.existsSync(tempPath)) {
-      try {
-        fs.unlinkSync(tempPath);
-      } catch {
-        // Ignore cleanup errors
-      }
-    }
-    throw error;
-  }
-}
+export type {
+  TrustRule,
+  TrustedFoldersError,
+  TrustedFoldersFile,
+  TrustResult,
+  LoadedTrustedFolders,
+} from '@google/gemini-cli-core';
 
 /** Is folder trust feature enabled per the current applied settings */
 export function isFolderTrustEnabled(settings: Settings): boolean {
@@ -335,57 +34,24 @@ export function isFolderTrustEnabled(settings: Settings): boolean {
   return folderTrustSetting;
 }
 
-function getWorkspaceTrustFromLocalConfig(
-  workspaceDir: string,
-  trustConfig?: Record<string, TrustLevel>,
-  headlessOptions?: HeadlessModeOptions,
-): TrustResult {
-  const folders = loadTrustedFolders();
-  const configToUse = trustConfig ?? folders.user.config;
-
-  if (folders.errors.length > 0) {
-    const errorMessages = folders.errors.map(
-      (error) => `Error in ${error.path}: ${error.message}`,
-    );
-    throw new FatalConfigError(
-      `${errorMessages.join('\n')}\nPlease fix the configuration file and try again.`,
-    );
-  }
-
-  const isTrusted = folders.isPathTrusted(
-    workspaceDir,
-    configToUse,
-    headlessOptions,
-  );
-  return {
-    isTrusted,
-    source: isTrusted !== undefined ? 'file' : undefined,
-  };
+export function loadTrustedFolders(): LoadedTrustedFolders {
+  return loadCoreTrustedFolders();
 }
 
+/**
+ * Returns true or false if the workspace is considered "trusted".
+ */
 export function isWorkspaceTrusted(
   settings: Settings,
   workspaceDir: string = process.cwd(),
-  trustConfig?: Record<string, TrustLevel>,
   headlessOptions?: HeadlessModeOptions,
-): TrustResult {
-  if (isHeadlessMode(headlessOptions)) {
-    return { isTrusted: true, source: undefined };
-  }
-
-  if (!isFolderTrustEnabled(settings)) {
-    return { isTrusted: true, source: undefined };
-  }
-
-  const ideTrust = ideContextStore.get()?.workspaceState?.isTrusted;
-  if (ideTrust !== undefined) {
-    return { isTrusted: ideTrust, source: 'ide' };
-  }
-
-  // Fall back to the local user configuration
-  return getWorkspaceTrustFromLocalConfig(
-    workspaceDir,
-    trustConfig,
-    headlessOptions,
-  );
+): {
+  isTrusted: boolean | undefined;
+  source: 'ide' | 'file' | 'env' | undefined;
+} {
+  return checkPathTrust({
+    path: workspaceDir,
+    isFolderTrustEnabled: isFolderTrustEnabled(settings),
+    isHeadless: isHeadlessMode(headlessOptions),
+  });
 }