mirror of
https://github.com/google-gemini/gemini-cli.git
synced 2026-05-15 14:23:02 -07:00
Mahima Shanware
79cc27439d
This commit addresses several critical findings from the review bot: - **Security:** Implemented defense-in-depth symlink resolution. Removed insecure string-based fallbacks in `Storage.getPlansDir` and added a mandatory `isSubpath` validation AFTER directory creation in `Config.getPlansDir` to prevent TOCTOU traversal attacks. - **Architecture:** Fixed a race condition where active extension context was mutated synchronously in `AppContainer`, potentially corrupting concurrent background tasks. Mutation now occurs within the command execution pipeline. - **Robustness:** Switched to canonical path checking for `plan` command detection to support aliases and subcommands. - **Regressions:** Added a `planEnabled` guard to prevent unwanted directory creation when the planning feature is disabled. - **Validation:** Added exhaustive unit tests covering sequential context switching, shared directory deduplication, and symlink security edge cases.