MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-06-06 09:03:07 -07:00
Code Issues Packages Projects Releases Wiki Activity
4,820 Commits 1,100 Branches 534 Tags
161ba76f6576448635c99a4034325970d99990f2
Commit Graph

4820 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
galz10 161ba76f65 fix(core): remove filesystem binding for secret storage stability 
Removes Inode and Birthtime from the Master Key derivation shards.
These identifiers were too volatile for atomic write operations (which change inodes) and did not survive extension re-installs or file moves.

Master Key security remains extremely high, relying on:
- OS Keychain Shard (Tier 1)
- Physical Shard (~/.gemini_id) (Tier 2)
- Deep Hardware Binding (Motherboard, Disk, MAC) (Tier 3)
- Cryptographic Pepper (Tier 4)
 2026-02-24 13:33:06 -08:00
galz10 50c7195528 feat(core): enhance FileSecretStorage with deep hardware binding and double encryption 
Implements elite security features for file-based secret storage fallback:
- Deep Hardware Binding: Cryptographically ties secrets to Baseboard, Disk, and MAC serials.
- Secret-Level Double-Encryption: Individually encrypts each secret within the vault.
- Multi-Factor Sharding: Incorporates a hidden installation ID (~/.gemini_id) as a physical shard.
- Atomic Operations: Prevents file corruption using temp-write and atomic rename.
- Stealth Obfuscation: Uses binary-like naming and random padding to hide data length.
- Graceful Degradation: Automatically handles headless environments without D-Bus.
- Full backward compatibility with automatic upgrade from v1.
- Removes noisy console.error in Keychain availability check.
 2026-02-24 13:17:43 -08:00
galz10 27b12484c7 chore: update encryption to AES-256-GCM 2026-02-24 11:55:17 -08:00
galz10 d0dc83aa64 chore: fix lint errors 2026-02-24 11:50:29 -08:00
galz10 508774fa20 fix(core): add encrypted file fallback for secret storage 
Implements FileSecretStorage and HybridSecretStorage to allow the CLI
to fall back to a secure encrypted local file when the system keychain
is unavailable (e.g. headless Linux). Updates Extension Settings to
use this hybrid approach.
 2026-02-24 11:44:50 -08:00
galz10 0cce8082cf wip 2026-02-24 11:35:07 -08:00
galz10 b83b6a2210 fix(core): resolve race conditions in KeychainTokenStorage loading 
Ensures that multiple concurrent calls to getKeytar or checkKeychainAvailability
wait for a single operation to complete using promise-based guards. This
prevents scenarios where a slow module load or availability check could result
in a permanently cached 'unavailable' state.
 2026-02-24 11:24:18 -08:00
nityam dae67983a8 fix(a2a-server): Remove unsafe type assertions in agent (#19723) 2026-02-23 22:40:55 +00:00
Zafeer Mahmood 70856d5a6e fix(scripts): Add Windows (win32/x64) support to lint.js (#16193) 
Co-authored-by: Tommaso Sciortino <sciortino@gmail.com>
 2026-02-23 22:36:23 +00:00
Abhijit Balaji cec45a1ebc fix(cli): skip workspace policy loading when in home directory (#20054) 2026-02-23 22:08:56 +00:00
Adam Weidman 767d80e768 fix(core): prevent utility calls from changing session active model (#20035) 2026-02-23 21:54:02 +00:00
Jerop Kipruto 3e5e608a22 feat(policy): Implement Tool Annotation Matching in Policy Engine (#20029) 2026-02-23 21:39:40 +00:00
Gal Zahavi 0bc2d3ab16 fix(core): allow environment variable expansion and explicit overrides for MCP servers (#18837) 2026-02-23 21:35:01 +00:00
Aviral Garg 31960c3388 fix(sandbox): harden image packaging integrity checks (#19552) 2026-02-23 21:02:42 +00:00
Sandy Tao 0cc4f09595 feat(core): replace expected_replacements with allow_multiple in replace tool (#20033) 2026-02-23 19:53:58 +00:00
Michael Bleigh 70336e73b1 feat(core): implement experimental direct web fetch (#19557) 2026-02-23 19:50:14 +00:00
Aishanee Shah 7cfbb6fb71 feat(core): optimize tool descriptions and schemas for Gemini 3 (#19643) 2026-02-23 19:27:35 +00:00
Mehmet Gok a105768de8 docs(CONTRIBUTING): update React DevTools version to 6 (#20014) 
Co-authored-by: Jacob Richman <jacob314@gmail.com>
 2026-02-23 19:17:04 +00:00
Jerop Kipruto 347f3fe7e4 feat(policy): Support MCP Server Wildcards in Policy Engine (#20024) 2026-02-23 19:07:06 +00:00
Sandy Tao 25803e05fd fix(bundling): copy devtools package to bundle for runtime resolution (#19766) 2026-02-23 18:40:41 +00:00
Himanshu Soni 774ae220be fix(core): prevent state corruption in McpClientManager during collis (#19782) 2026-02-23 18:35:31 +00:00
Tommaso Sciortino 813e0c18ac Allow ask headers longer than 16 chars (#20041) 2026-02-23 18:26:59 +00:00
Gal Zahavi 3f6cec22e6 chore: restrict gemini-automted-issue-triage to only allow echo (#20047) 2026-02-23 18:24:34 +00:00
Sri Pasumarthi 3966f3c053 feat: Map tool kinds to explicit ACP.ToolKind values and update test … (#19547) 2026-02-23 18:22:05 +00:00
sinisterchill 2e3cbd6363 fix(core): prevent OAuth server crash on unexpected requests (#19668) 2026-02-23 18:03:31 +00:00
Adib234 8b1dc15182 fix(plan): allow plan mode writes on Windows and fix prompt paths (#19658) 2026-02-23 17:48:50 +00:00
owenofbrien fa9aee2bf0 Fix for silent failures in non-interactive mode (#19905) 2026-02-23 17:35:13 +00:00
Sam Roberts 6628cbb39d Updates command reference and /stats command. (#19794) 2026-02-23 17:13:24 +00:00
Sehoon Shon aa9163da60 feat(core): add policy chain support for Gemini 3.1 (#19991) 2026-02-23 15:13:48 +00:00
Sehoon Shon ec0f23ae03 fix(core): increase default retry attempts and add quota error backoff (#19949) 2026-02-23 15:13:34 +00:00
nityam ac04c388e0 Fix: Persist manual model selection on restart #19864 (#19891) 2026-02-23 03:44:00 +00:00
Abhi 621ddbe744 refactor(core): move session conversion logic to core (#19972) 2026-02-23 01:18:07 +00:00
Sehoon Shon c537fd5aec refactor(config): remove enablePromptCompletion from settings (#19974) 2026-02-22 19:10:20 -05:00
Shivangi Sharma a91bc60e18 fix(core): add uniqueness guard to edit tool (#19890) 
Co-authored-by: Bryan Morgan <bryanmorgan@google.com>
 2026-02-22 20:24:58 +00:00
Nick Salerni faa1ec3044 fix(core): prevent omission placeholder deletions in replace/write_file (#19870) 
Co-authored-by: Bryan Morgan <bryanmorgan@google.com>
 2026-02-22 19:58:31 +00:00
Bryan Morgan d96bd05d36 fix(core): allow any preview model in quota access check (#19867) 2026-02-22 12:53:24 +00:00
Adib234 84666e1bbc fix(plan): time share by approval mode dashboard reporting negative time shares (#19847) 2026-02-22 00:32:57 +00:00
N. Taylor Mullen a7d851146a feat(core): remove unnecessary login verbiage from Code Assist auth (#19861) 2026-02-21 21:55:11 +00:00
Abhi acb7f577de chore(lint): fix lint errors seen when running npm run lint (#19844) 2026-02-21 18:33:25 +00:00
Abhi d2d345f41a fix(cli): filter subagent sessions from resume history (#19698) 2026-02-21 17:41:27 +00:00
Christian Gunderman dfd7721e69 Disallow unsafe returns. (#19767) 2026-02-21 01:12:56 +00:00
matt korwel 09218572d0 refactor(core): remove unsafe type assertions in error utils (Phase 1.1) (#19750) 2026-02-21 01:00:57 +00:00
Christian Gunderman 5d98ed5820 Utilize pipelining of grep_search -> read_file to eliminate turns (#19574) 2026-02-21 00:36:10 +00:00
Jarrod Whelan 727f9b67b1 feat(cli): improve CTRL+O experience for both standard and alternate screen buffer (ASB) modes (#19010) 
Co-authored-by: jacob314 <jacob314@gmail.com>
 2026-02-21 00:26:11 +00:00
Adam Weidman 547f5d45f5 feat(core): migrate read_file to 1-based start_line/end_line parameters (#19526) 2026-02-20 22:59:18 +00:00
Christian Gunderman 58d637f919 Disallow and suppress unsafe assignment (#19736) 2026-02-20 22:28:55 +00:00
Sehoon Shon b746524a1b fix(cli): re-enable CLI banner (#19741) 2026-02-20 22:21:26 +00:00
Abhijit Balaji c5baf39dbd feat(policy): repurpose "Always Allow" persistence to workspace level (#19707) 2026-02-20 22:07:20 +00:00
Sehoon Shon b48970da15 fix(cli): use getDisplayString for manual model selection in dialog (#19726) 2026-02-20 22:03:32 +00:00
Jacob Richman 9a8e5d3940 fix(cli): extensions dialog UX polish (#19685) 2026-02-20 21:08:24 +00:00