Commit Graph

3068 Commits

Author SHA1 Message Date
gemini-cli[bot] bbfc33ea24 fix(security): address MCP security findings (MCPSafe Grade F)
This PR addresses high and medium severity security findings related to MCP server integration, as reported by MCPSafe.

### Changes:

1. **Shell Heuristics Enforcement**: Updated `PolicyEngine` to apply shell heuristics (e.g., redirection detection) to any tool containing a `command` argument, not just those explicitly named in `SHELL_TOOL_NAMES`. This prevents security bypasses where MCP tools executing shell commands could skip safety checks.
2. **MCP Output Sanitization**: Implemented delimiters and HTML escaping for MCP tool text and resource outputs. This prevents prompt injection attacks where malicious tool output could be mistaken for system instructions by the LLM.
3. **Default Folder Trust**: Enabled folder trust by default in the CLI configuration. This ensures that the CLI verifies workspace trust before executing sensitive operations like loading local stdio MCP servers from project configuration.
4. **Type Safety**: Updated `McpResourceBlock` type to include the `uri` property, aligning with the MCP specification and fixing a TypeScript compilation error.

These changes significantly harden the gemini-cli against common attack vectors in the MCP ecosystem.

cc @mcpsafe-gh for visibility on the fixes.
cc @google-gemini-mcp-experts

Labels: bot-fix, area/security, kind/bug
2026-05-12 21:49:54 +00:00
Dev Randalpura c37b9113d7 fix(ui): fixed line wrap padding for selection lists (#26944) 2026-05-12 21:24:40 +00:00
Adam Weidman c987b99394 refactor(core): introduce SubagentState enum for progress (#26934) 2026-05-12 18:58:25 +00:00
Kuroda Kayn 11a9edc808 fix(cli): restore resume for legacy sessions (#26577)
Co-authored-by: Tommaso Sciortino <sciortino@gmail.com>
2026-05-12 00:28:47 +00:00
Adam Weidman 24b98ade86 fix(cli): enable adk non-interactive session (#26895) 2026-05-11 23:38:23 +00:00
Franco Pieri 9ff7304391 Allow Enter to select session while in search mode in /resume (#21523)
Co-authored-by: Tommaso Sciortino <sciortino@gmail.com>
2026-05-11 21:46:00 +00:00
Dev Randalpura c0d5ab1f1e fix(ui): added a gutter width to the input prompt width calculation (#26882) 2026-05-11 20:26:48 +00:00
Coco Sheng 36a7fa089c fix(cli): use static tool name in confirmation prompt to avoid parsing errors (#26866) 2026-05-11 17:45:58 +00:00
Sri Pasumarthi 4739495e39 fix(cli/acp): prevent infinite thought loop in ACP mode by disablig nextSpeakerCheck (#26874) 2026-05-11 17:38:20 +00:00
Aryan Singh ecfaac2dc7 fix(cli): prevent duplicate SessionStart systemMessage render (#25827)
Co-authored-by: Jacob Richman <jacob314@gmail.com>
2026-05-11 16:44:04 +00:00
Daniel Finimundi 7cd228f5af fix(cli): allow installing extensions from ssh repo (#26274)
Signed-off-by: Daniel Finimundi <danielrf@motorola.com>
Co-authored-by: Dev Randalpura <devrandalpura@google.com>
2026-05-11 15:57:52 +00:00
JAYADITYA 9d0860bd0f fix(cli): remove noisy theme registration logs from terminal (#25858)
Co-authored-by: Jack Wotherspoon <jackwoth@google.com>
2026-05-08 19:59:33 +00:00
Dev Randalpura dfec94869b fix(ui): added quotes around session id in resume tip (#26669) 2026-05-08 16:55:51 +00:00
mahadevan 2cad5db770 Feat: Add Machine Hostname to CLI interface (#25637)
Signed-off-by: M-DEV-1 <mahadevankizhakkedathu@gmail.com>
Co-authored-by: Tommaso Sciortino <sciortino@gmail.com>
2026-05-08 16:12:35 +00:00
Coco Sheng 3805640530 feat: export session to file and import via flag (#26514) 2026-05-08 15:53:52 +00:00
Br1an c52acebaa2 fix: prevent false command conflicts when launching from home directory (#23069)
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Tommaso Sciortino <sciortino@gmail.com>
2026-05-07 22:41:12 +00:00
Sandy Tao 16e345831b fix(cli): hide /memory add subcommand when memoryV2 is enabled (#26605) 2026-05-07 20:48:12 +00:00
Dev Randalpura 451bf32c82 fix(ux): fixed issue with transcribed text not showing after releasing space (#26609) 2026-05-07 19:39:03 +00:00
Tommaso Sciortino a809bc7c51 don't wrap args unnecessarily (#26599) 2026-05-06 23:20:47 +00:00
Michael Bleigh 90304b279c refactor(cli): migrate core tools to native ToolDisplay property and fix UI rendering (#25186) 2026-05-06 21:23:26 +00:00
Adib234 a38f393af7 fix(cli): improve mcp list UX in untrusted folders (#26457)
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-05-06 19:35:35 +00:00
Christian Van e4242edf61 fix(cli): hide read-only settings scopes (#26249) 2026-05-06 19:03:48 +00:00
Kartik 5155221bbe fix(cli): randomize sandbox container names (#26014) 2026-05-06 16:33:24 +00:00
Sri Pasumarthi 97a2bd7507 fix(acp): move tool explanation from thought stream to tool call content (#26554) 2026-05-06 15:42:01 +00:00
cynthialong0-0 469092a72c fix(cli): provide JSON output for AgentExecutionStopped in non-interactive mode (#26504)
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-05-06 00:33:31 +00:00
Coco Sheng e80d7cc083 feat: allow queuing messages during compression (#24071) (#26506) 2026-05-05 17:52:08 +00:00
Jack Wotherspoon 7cc19c2a1b fix(cli): prevent settings dialog border clipping using maxHeight (#26507) 2026-05-05 16:22:58 +00:00
Tirth Naik 8f0edcd64f fix(cli): use os.homedir() for home directory warning check (#25890) 2026-05-04 23:24:49 +00:00
Sandy Tao 56809d7069 fix(cli): make SkillInboxDialog fit and scroll in alternate buffer (#26455) 2026-05-04 21:54:13 +00:00
Anjaligarhwal 5dfbb739e5 feat(cli): add /bug-memory command and auto-capture heap snapshot in /bug (#25639) 2026-05-04 21:17:36 +00:00
Coco Sheng 0d6bd29752 feat(cli): improve /agents refresh logging (#26442) 2026-05-04 19:40:48 +00:00
Coco Sheng 493b555646 feat: add ignoreLocalEnv setting and --ignore-env flag (#2493) (#26445) 2026-05-04 19:14:33 +00:00
Adib234 75a8de83fc test(cleanup): fix temporary directory leaks in test suites (#26217) 2026-05-04 19:08:02 +00:00
Sandy Tao a7beb890d0 feat(memory): add Auto Memory inbox flow with canonical-patch contract (#26338) 2026-05-04 19:07:13 +00:00
Coco Sheng 60a6a47d56 feat(voice): add privacy and compliance UX warning for Gemini Live backend (#26454) 2026-05-04 18:32:15 +00:00
Aryan Singh 77f4be1f3d fix(cli): render LaTeX-style output as Unicode in the TUI (#25802)
Co-authored-by: cynthialong0-0 <82900738+cynthialong0-0@users.noreply.github.com>
2026-05-04 18:05:06 +00:00
Manav Sharma 0da1a2026a fix(cli)#21297: clear skills consent dialog before reload (#26431)
Co-authored-by: Tommaso Sciortino <sciortino@gmail.com>
2026-05-04 17:53:03 +00:00
Coco Sheng 37edd1d4df fix(cli): allow early stdout when config is undefined (#26453) 2026-05-04 17:48:24 +00:00
Adib234 704be5a418 fix(cli): ensure branch indicator updates in sub-directories and worktrees (#26330) 2026-05-04 17:35:13 +00:00
Dev Randalpura 0657d315fb refactor(UI): created constants file for ThemeDialog (#26446) 2026-05-04 17:28:33 +00:00
Coco Sheng ab48aad213 perf: skip redundant GEMINI.md loading in partialConfig (#26443) 2026-05-04 16:05:24 +00:00
Sri Pasumarthi 4e175527a2 fix(acp): resolve agent mode disconnect and improve mode awareness (#26332) 2026-05-01 23:00:10 +00:00
AK 40b384de2c fix(core): make subagents aware of active approval modes (#23608) 2026-05-01 22:21:38 +00:00
Sandy Tao 9380e13f6d fix(core): remove "System: Please continue." injection on InvalidStream events (#26340) 2026-05-01 19:45:31 +00:00
Coco Sheng 997f461cad fix(cli): prevent Escape from clearing input buffer (#17083) (#26339) 2026-05-01 18:58:55 +00:00
Dev Randalpura b14a29efa2 feat(ui): added wave animation for voice mode (#26284) 2026-05-01 17:56:05 +00:00
ruomeng 76d1a73606 fix(cli): enable daemon relaunch in binary and bundle keytar (#26333) 2026-05-01 17:53:56 +00:00
David Pierce 9cb48020e1 fix(cli): respect .env override for GOOGLE_CLOUD_PROJECT (#26288) 2026-05-01 16:49:45 +00:00
Christian Gunderman 8943640a71 fix(ui): fix issue with box edges (#26148) 2026-05-01 16:46:16 +00:00
Zheyuan Lin 7213822e84 fix(cli): insert voice transcription at cursor position instead of ap… (#26287)
Co-authored-by: Zheyuan <zlin252@emory.edu>
2026-05-01 16:41:17 +00:00