display verbiage for auto-executing tools and make sure auto-execute only happens when tools are being sandboxed

This commit is contained in:
A.K.M. Adib
2026-03-30 17:03:02 -04:00
parent 7233000464
commit e5d3235eaf
13 changed files with 294 additions and 14 deletions
+1 -2
View File
@@ -439,8 +439,7 @@ The Gemini CLI ships with a set of default policies to provide a safe
out-of-the-box experience.
- **Read-only tools** (like `read_file`, `glob`) are generally **allowed**.
- **MCP Read-only tools**: MCP tools that explicitly declare themselves as
read-only via the `readOnlyHint` annotation are automatically allowed.
- **MCP Read-only tools**: MCP tools that explicitly declare themselves as read-only via the `readOnlyHint` annotation are automatically allowed, but **only if tool sandboxing is enabled**. If sandboxing is disabled, they default to `ask_user`.
- **Agent delegation** defaults to **`ask_user`** to ensure remote agents can
prompt for confirmation, but local sub-agent actions are executed silently and
checked individually.