MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-03-11 06:31:01 -07:00
Code Issues Packages Projects Releases Wiki Activity

fix(core): prevent subagent bypass in plan mode (#18484)

Browse Source
This commit is contained in:
Jerop Kipruto
2026-02-06 17:55:00 -05:00
committed by GitHub
parent ee68a10e9c
commit e3796d137a
7 changed files with 120 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
packages/cli/src/config/policy-engine.integration.test.ts
View File

@@ -434,8 +434,8 @@ describe('Policy Engine Integration Tests', () => {
expect(mcpServerRule?.priority).toBe(2.1); // MCP allowed server
const readOnlyToolRule = rules.find((r) => r.toolName === 'glob');
// Priority 50 in default tier → 1.05
expect(readOnlyToolRule?.priority).toBeCloseTo(1.05, 5);
// Priority 70 in default tier → 1.07 (Overriding Plan Mode Deny)
expect(readOnlyToolRule?.priority).toBeCloseTo(1.07, 5);
// Verify the engine applies these priorities correctly
expect(
@@ -590,8 +590,8 @@ describe('Policy Engine Integration Tests', () => {
expect(server1Rule?.priority).toBe(2.1); // Allowed servers (user tier)
const globRule = rules.find((r) => r.toolName === 'glob');
// Priority 50 in default tier → 1.05
expect(globRule?.priority).toBeCloseTo(1.05, 5); // Auto-accept read-only
// Priority 70 in default tier → 1.07
expect(globRule?.priority).toBeCloseTo(1.07, 5); // Auto-accept read-only
// The PolicyEngine will sort these by priority when it's created
const engine = new PolicyEngine(config);