Revert "feat(cli): add temporary flag to disable workspace policies (#20523)"

This reverts commit f13a306.

Author: galdawave

package-lock.json

@@ -8,13 +8,7 @@ import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
 import * as fs from 'node:fs';
 import * as path from 'node:path';
 import * as os from 'node:os';
-import {
-  resolveWorkspacePolicyState,
-  autoAcceptWorkspacePolicies,
-  setAutoAcceptWorkspacePolicies,
-  disableWorkspacePolicies,
-  setDisableWorkspacePolicies,
-} from './policy.js';
+import { resolveWorkspacePolicyState } from './policy.js';
 import { writeToStderr } from '@google/gemini-cli-core';
 
 // Mock debugLogger to avoid noise in test output
@@ -47,9 +41,6 @@ describe('resolveWorkspacePolicyState', () => {
     fs.mkdirSync(workspaceDir);
     policiesDir = path.join(workspaceDir, '.gemini', 'policies');
 
-    // Enable policies for these tests to verify loading logic
-    setDisableWorkspacePolicies(false);
-
     vi.clearAllMocks();
   });
 
@@ -72,13 +63,6 @@ describe('resolveWorkspacePolicyState', () => {
     });
   });
 
-  it('should have disableWorkspacePolicies set to true by default', () => {
-    // We explicitly set it to false in beforeEach for other tests,
-    // so here we test that setting it to true works.
-    setDisableWorkspacePolicies(true);
-    expect(disableWorkspacePolicies).toBe(true);
-  });
-
   it('should return policy directory if integrity matches', async () => {
     // Set up policies directory with a file
     fs.mkdirSync(policiesDir, { recursive: true });
@@ -123,33 +107,26 @@ describe('resolveWorkspacePolicyState', () => {
     expect(result.policyUpdateConfirmationRequest).toBeUndefined();
   });
 
-  it('should return confirmation request if changed in interactive mode when AUTO_ACCEPT is false', async () => {
-    const originalValue = autoAcceptWorkspacePolicies;
-    setAutoAcceptWorkspacePolicies(false);
-
-    try {
-      fs.mkdirSync(policiesDir, { recursive: true });
-      fs.writeFileSync(path.join(policiesDir, 'policy.toml'), 'rules = []');
+  it('should return confirmation request if changed in interactive mode', async () => {
+    fs.mkdirSync(policiesDir, { recursive: true });
+    fs.writeFileSync(path.join(policiesDir, 'policy.toml'), 'rules = []');
 
-      const result = await resolveWorkspacePolicyState({
-        cwd: workspaceDir,
-        trustedFolder: true,
-        interactive: true,
-      });
+    const result = await resolveWorkspacePolicyState({
+      cwd: workspaceDir,
+      trustedFolder: true,
+      interactive: true,
+    });
 
-      expect(result.workspacePoliciesDir).toBeUndefined();
-      expect(result.policyUpdateConfirmationRequest).toEqual({
-        scope: 'workspace',
-        identifier: workspaceDir,
-        policyDir: policiesDir,
-        newHash: expect.any(String),
-      });
-    } finally {
-      setAutoAcceptWorkspacePolicies(originalValue);
-    }
+    expect(result.workspacePoliciesDir).toBeUndefined();
+    expect(result.policyUpdateConfirmationRequest).toEqual({
+      scope: 'workspace',
+      identifier: workspaceDir,
+      policyDir: policiesDir,
+      newHash: expect.any(String),
+    });
   });
 
-  it('should warn and auto-accept if changed in non-interactive mode when AUTO_ACCEPT is true', async () => {
+  it('should warn and auto-accept if changed in non-interactive mode', async () => {
     fs.mkdirSync(policiesDir, { recursive: true });
     fs.writeFileSync(path.join(policiesDir, 'policy.toml'), 'rules = []');
 
@@ -166,30 +143,6 @@ describe('resolveWorkspacePolicyState', () => {
     );
   });
 
-  it('should warn and auto-accept if changed in non-interactive mode when AUTO_ACCEPT is false', async () => {
-    const originalValue = autoAcceptWorkspacePolicies;
-    setAutoAcceptWorkspacePolicies(false);
-
-    try {
-      fs.mkdirSync(policiesDir, { recursive: true });
-      fs.writeFileSync(path.join(policiesDir, 'policy.toml'), 'rules = []');
-
-      const result = await resolveWorkspacePolicyState({
-        cwd: workspaceDir,
-        trustedFolder: true,
-        interactive: false,
-      });
-
-      expect(result.workspacePoliciesDir).toBe(policiesDir);
-      expect(result.policyUpdateConfirmationRequest).toBeUndefined();
-      expect(writeToStderr).toHaveBeenCalledWith(
-        expect.stringContaining('Automatically accepting and loading'),
-      );
-    } finally {
-      setAutoAcceptWorkspacePolicies(originalValue);
-    }
-  });
-
   it('should not return workspace policies if cwd is the home directory', async () => {
     const policiesDir = path.join(tempDir, '.gemini', 'policies');
     fs.mkdirSync(policiesDir, { recursive: true });
@@ -206,26 +159,7 @@ describe('resolveWorkspacePolicyState', () => {
     expect(result.policyUpdateConfirmationRequest).toBeUndefined();
   });
 
-  it('should return empty state if disableWorkspacePolicies is true even if folder is trusted', async () => {
-    setDisableWorkspacePolicies(true);
-
-    // Set up policies directory with a file
-    fs.mkdirSync(policiesDir, { recursive: true });
-    fs.writeFileSync(path.join(policiesDir, 'policy.toml'), 'rules = []');
-
-    const result = await resolveWorkspacePolicyState({
-      cwd: workspaceDir,
-      trustedFolder: true,
-      interactive: true,
-    });
-
-    expect(result).toEqual({
-      workspacePoliciesDir: undefined,
-      policyUpdateConfirmationRequest: undefined,
-    });
-  });
-
-  it('should return empty state if cwd is a symlink to the home directory', async () => {
+  it('should not return workspace policies if cwd is a symlink to the home directory', async () => {
     const policiesDir = path.join(tempDir, '.gemini', 'policies');
     fs.mkdirSync(policiesDir, { recursive: true });
     fs.writeFileSync(path.join(policiesDir, 'policy.toml'), 'rules = []');

packages/cli/src/config/policy.test.ts

@@ -20,34 +20,6 @@ import {
 } from '@google/gemini-cli-core';
 import { type Settings } from './settings.js';
 
-/**
- * Temporary flag to automatically accept workspace policies to reduce friction.
- * Exported as 'let' to allow monkey patching in tests via the setter.
- */
-export let autoAcceptWorkspacePolicies = true;
-
-/**
- * Sets the autoAcceptWorkspacePolicies flag.
- * Used primarily for testing purposes.
- */
-export function setAutoAcceptWorkspacePolicies(value: boolean) {
-  autoAcceptWorkspacePolicies = value;
-}
-
-/**
- * Temporary flag to disable workspace level policies altogether.
- * Exported as 'let' to allow monkey patching in tests via the setter.
- */
-export let disableWorkspacePolicies = true;
-
-/**
- * Sets the disableWorkspacePolicies flag.
- * Used primarily for testing purposes.
- */
-export function setDisableWorkspacePolicies(value: boolean) {
-  disableWorkspacePolicies = value;
-}
-
 export async function createPolicyEngineConfig(
   settings: Settings,
   approvalMode: ApprovalMode,
@@ -94,7 +66,7 @@ export async function resolveWorkspacePolicyState(options: {
     | PolicyUpdateConfirmationRequest
     | undefined;
 
-  if (trustedFolder && !disableWorkspacePolicies) {
+  if (trustedFolder) {
     const storage = new Storage(cwd);
 
     // If we are in the home directory (or rather, our target Gemini dir is the global one),