MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-05-16 06:43:07 -07:00
Code Issues Packages Projects Releases Wiki Activity
6,134 Commits 1,047 Branches 511 Tags
bbfc33ea24cf2ecb9f45a9ff92fa158070f855c0
Commit Graph

6134 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
gemini-cli[bot] bbfc33ea24 fix(security): address MCP security findings (MCPSafe Grade F) 
This PR addresses high and medium severity security findings related to MCP server integration, as reported by MCPSafe.

### Changes:

1. **Shell Heuristics Enforcement**: Updated `PolicyEngine` to apply shell heuristics (e.g., redirection detection) to any tool containing a `command` argument, not just those explicitly named in `SHELL_TOOL_NAMES`. This prevents security bypasses where MCP tools executing shell commands could skip safety checks.
2. **MCP Output Sanitization**: Implemented delimiters and HTML escaping for MCP tool text and resource outputs. This prevents prompt injection attacks where malicious tool output could be mistaken for system instructions by the LLM.
3. **Default Folder Trust**: Enabled folder trust by default in the CLI configuration. This ensures that the CLI verifies workspace trust before executing sensitive operations like loading local stdio MCP servers from project configuration.
4. **Type Safety**: Updated `McpResourceBlock` type to include the `uri` property, aligning with the MCP specification and fixing a TypeScript compilation error.

These changes significantly harden the gemini-cli against common attack vectors in the MCP ecosystem.

cc @mcpsafe-gh for visibility on the fixes.
cc @google-gemini-mcp-experts

Labels: bot-fix, area/security, kind/bug
 2026-05-12 21:49:54 +00:00
Dev Randalpura c37b9113d7 fix(ui): fixed line wrap padding for selection lists (#26944) 2026-05-12 21:24:40 +00:00
Christian Gunderman 2334e9b1c4 Incremental refactor repo agent towards skills-based composition (#26717) 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
 2026-05-12 20:37:09 +00:00
Tommaso Sciortino f901a4e6b7 fix(ci): replace brittle --no-tag with explicit staging-tmp tag (#26940) 2026-05-12 13:39:54 -07:00
Adam Weidman c987b99394 refactor(core): introduce SubagentState enum for progress (#26934) 2026-05-12 18:58:25 +00:00
Coco Sheng c4973d01da ci: actively triage missing priority labels and intelligently clean up conflicting labels (#26865) 2026-05-12 18:33:55 +00:00
kevinjwang1 27a39b04b0 Enable NumericalRouter when using dynamic model configs (#26929) 2026-05-12 18:06:21 +00:00
Sandy Tao ebe15553a9 Exclude extension context from skill extraction agent (#26879) 2026-05-12 10:45:19 -07:00
Yulong Wu bc730b2c0f fix (telemetry): inject quota_project_id to prevent fallback to default oauth client (#26698) 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Tommaso Sciortino <sciortino@gmail.com>
 2026-05-12 17:02:15 +00:00
Gal Zahavi 9fe8643552 chore: update checkout action configuration in workflows (#26897) 2026-05-12 16:58:37 +00:00
joshualitt 07792f98cd feat(context): Introduce adaptive token calculator to more accurately calculate content sizes. (#26888) 2026-05-12 15:51:20 +00:00
Coco Sheng 7a9ed4c20a fix: respect explicit model selection after Flash quota exhaustion (#26759) (#26872) 2026-05-12 14:26:50 +00:00
Kuroda Kayn 11a9edc808 fix(cli): restore resume for legacy sessions (#26577) 
Co-authored-by: Tommaso Sciortino <sciortino@gmail.com>
 2026-05-12 00:28:47 +00:00
Adam Weidman 24b98ade86 fix(cli): enable adk non-interactive session (#26895) 2026-05-11 23:38:23 +00:00
Eswar809 9f759f97a2 fix(core): ignore .pak and .rpa game archive formats by default (#26884) 
Co-authored-by: Tommaso Sciortino <sciortino@gmail.com>
 2026-05-11 21:58:08 +00:00
Franco Pieri 9ff7304391 Allow Enter to select session while in search mode in /resume (#21523) 
Co-authored-by: Tommaso Sciortino <sciortino@gmail.com>
 2026-05-11 21:46:00 +00:00
Neil Nair 84fc5cd533 Fix/vscode run current file ts (#22894) 
Co-authored-by: Spencer <spencertang@google.com>
 2026-05-11 21:21:42 +00:00
Daniel Weis e1b3ce5b36 revert 6b9b778d82 (#26893) 2026-05-11 21:07:54 +00:00
Suhaan Raqeeb Khavas 8e58df72c6 fix: prevent EISDIR crash when customIgnoreFilePaths contains directories (#19868) (#19898) 
Co-authored-by: Tommaso Sciortino <sciortino@gmail.com>
 2026-05-11 20:46:08 +00:00
Dev Randalpura c0d5ab1f1e fix(ui): added a gutter width to the input prompt width calculation (#26882) 2026-05-11 20:26:48 +00:00
Coco Sheng 1340c96071 fix(core): handle malformed projects.json in ProjectRegistry (#26885) 2026-05-11 20:19:01 +00:00
Daniel Weis f8198a25d8 fix(routing): Refactor tool turn handling for the conversation history in NumericalClassifierStrategy to prevent 400 Bad Request (#26761) 2026-05-11 20:09:38 +00:00
Coco Sheng 36a7fa089c fix(cli): use static tool name in confirmation prompt to avoid parsing errors (#26866) 2026-05-11 17:45:58 +00:00
Sri Pasumarthi 4739495e39 fix(cli/acp): prevent infinite thought loop in ACP mode by disablig nextSpeakerCheck (#26874) 2026-05-11 17:38:20 +00:00
Aryan Singh ecfaac2dc7 fix(cli): prevent duplicate SessionStart systemMessage render (#25827) 
Co-authored-by: Jacob Richman <jacob314@gmail.com>
 2026-05-11 16:44:04 +00:00
Daniel Finimundi 7cd228f5af fix(cli): allow installing extensions from ssh repo (#26274) 
Signed-off-by: Daniel Finimundi <danielrf@motorola.com>
Co-authored-by: Dev Randalpura <devrandalpura@google.com>
 2026-05-11 15:57:52 +00:00
joshualitt 8a3fde4c33 fix(context): Change snapshotter model config. (#26745) 2026-05-11 15:06:55 +00:00
joshualitt 1a894c18ea feat(context): Improvements to the snapshotter. (#26655) 2026-05-08 23:54:44 +00:00
Adam Weidman 54f1e8c6d7 feat(core): add RemoteSubagentProtocol behind AgentProtocol (#25303) 2026-05-08 22:48:17 +00:00
krishdef7 f51391a0f2 fix(mcp): treat GET 404 as 405 in StreamableHTTPClientTransport (#24847) 
Co-authored-by: Coco Sheng <cocosheng@google.com>
Co-authored-by: Spencer <spencertang@google.com>
Co-authored-by: Tommaso Sciortino <sciortino@gmail.com>
 2026-05-08 22:16:08 +00:00
Sri Pasumarthi 1238dcfe91 feat(acp/core): prefix tool call IDs with tool names to support tool rendering in ACP compliant IDEs. (#26676) 2026-05-08 21:21:54 +00:00
Coco Sheng 90e7155971 ci: implement codebase-aware effort level triage (#26666) 2026-05-08 20:48:54 +00:00
JAYADITYA 9d0860bd0f fix(cli): remove noisy theme registration logs from terminal (#25858) 
Co-authored-by: Jack Wotherspoon <jackwoth@google.com>
 2026-05-08 19:59:33 +00:00
Adam Weidman 014bfeb89b feat(core): add LocalSubagentProtocol behind AgentProtocol (#25302) 2026-05-08 19:28:16 +00:00
Aishanee Shah 5890f50496 fix(core): resolve parallel tool call streaming ID collision (#26646) 2026-05-08 19:14:23 +00:00
Daniel Weis 6b9b778d82 fix: resolve "function response turn must come immediately after function call" error (#26691) 
Co-authored-by: Tommaso Sciortino <sciortino@gmail.com>
 2026-05-08 19:01:24 +00:00
Aishanee Shah f86e0ee418 fix(core): throw explicit error on dropped tool responses (#26668) 2026-05-08 18:36:39 +00:00
joshualitt 01635ddb83 fix(context): implement loose boundary policy for gc backstop. (#26594) 2026-05-08 17:36:57 +00:00
Adam Weidman 12c8469b34 refactor(core): agent session protocol changes (#26661) 2026-05-08 17:12:54 +00:00
gemini-cli-robot 43dda31549 Changelog for v0.41.0 (#26670) 
Co-authored-by: g-samroberts <158088236+g-samroberts@users.noreply.github.com>
 2026-05-08 17:00:48 +00:00
Dev Randalpura dfec94869b fix(ui): added quotes around session id in resume tip (#26669) 2026-05-08 16:55:51 +00:00
Christian Gunderman f42d4e3c16 fix(ci): fix maintainer identification in lifecycle manager (#26706) 2026-05-08 16:48:31 +00:00
ruomeng 838f6f8c18 docs(extensions): refactor releasing guide and add update mechanisms (#26595) 2026-05-08 16:20:22 +00:00
mahadevan 2cad5db770 Feat: Add Machine Hostname to CLI interface (#25637) 
Signed-off-by: M-DEV-1 <mahadevankizhakkedathu@gmail.com>
Co-authored-by: Tommaso Sciortino <sciortino@gmail.com>
 2026-05-08 16:12:35 +00:00
Coco Sheng 3805640530 feat: export session to file and import via flag (#26514) 2026-05-08 15:53:52 +00:00
Tommaso Sciortino 2d10691acb skip broken test (#26705) 2026-05-08 15:47:08 +00:00
gemini-cli-robot 38a9dd18d3 Changelog for v0.42.0-preview.2 (#26597) 
Co-authored-by: gemini-cli-robot <224641728+gemini-cli-robot@users.noreply.github.com>
Co-authored-by: Sam Roberts <158088236+g-samroberts@users.noreply.github.com>
 2026-05-08 00:53:59 +00:00
AK ebeea7570d fix(core): cache model routing decision in LocalAgentExecutor (#26548) 2026-05-08 00:18:22 +00:00
Br1an c52acebaa2 fix: prevent false command conflicts when launching from home directory (#23069) 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Tommaso Sciortino <sciortino@gmail.com>
 2026-05-07 22:41:12 +00:00
Sandy Tao 16e345831b fix(cli): hide /memory add subcommand when memoryV2 is enabled (#26605) 2026-05-07 20:48:12 +00:00