chore(config): disable agents by default (#23546)

abhipatel12 · gemini-cli-robot · commit 913067ee803f · 2026-03-23T20:38:25.000Z
# Conflicts:
#	integration-tests/browser-policy.test.ts
#	packages/a2a-server/src/config/config.test.ts
#	packages/a2a-server/src/config/config.ts
diff --git a/docs/reference/configuration.md b/docs/reference/configuration.md
@@ -1159,7 +1159,7 @@ their corresponding top-level category object in your `settings.json` file.
 
 - **`experimental.enableAgents`** (boolean):
   - **Description:** Enable local and remote subagents.
-  - **Default:** `true`
+  - **Default:** `false`
   - **Requires restart:** Yes
 
 - **`experimental.extensionManagement`** (boolean):
diff --git a/integration-tests/browser-policy.test.ts b/integration-tests/browser-policy.test.ts
@@ -0,0 +1,216 @@
+/**
+ * @license
+ * Copyright 2026 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { TestRig, poll } from './test-helper.js';
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { execSync } from 'node:child_process';
+import { existsSync, writeFileSync, readFileSync, mkdirSync } from 'node:fs';
+import stripAnsi from 'strip-ansi';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+const chromeAvailable = (() => {
+  try {
+    if (process.platform === 'darwin') {
+      execSync(
+        'test -d "/Applications/Google Chrome.app"  || test -d "/Applications/Chromium.app"',
+        {
+          stdio: 'ignore',
+        },
+      );
+    } else if (process.platform === 'linux') {
+      execSync(
+        'which google-chrome || which chromium-browser || which chromium',
+        { stdio: 'ignore' },
+      );
+    } else if (process.platform === 'win32') {
+      const chromePaths = [
+        'C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe',
+        'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe',
+        `${process.env['LOCALAPPDATA'] ?? ''}\\Google\\Chrome\\Application\\chrome.exe`,
+      ];
+      const found = chromePaths.some((p) => existsSync(p));
+      if (!found) {
+        execSync('where chrome || where chromium', { stdio: 'ignore' });
+      }
+    } else {
+      return false;
+    }
+    return true;
+  } catch {
+    return false;
+  }
+})();
+
+describe.skipIf(!chromeAvailable)('browser-policy', () => {
+  let rig: TestRig;
+
+  beforeEach(() => {
+    rig = new TestRig();
+  });
+
+  afterEach(async () => {
+    await rig.cleanup();
+  });
+
+  it('should skip confirmation when "Allow all server tools for this session" is chosen', async () => {
+    rig.setup('browser-policy-skip-confirmation', {
+      fakeResponsesPath: join(__dirname, 'browser-policy.responses'),
+      settings: {
+        experimental: {
+          enableAgents: true,
+        },
+        agents: {
+          overrides: {
+            browser_agent: {
+              enabled: true,
+            },
+          },
+          browser: {
+            headless: true,
+            sessionMode: 'isolated',
+            allowedDomains: ['example.com'],
+          },
+        },
+      },
+    });
+
+    // Manually trust the folder to avoid the dialog and enable option 3
+    const geminiDir = join(rig.homeDir!, '.gemini');
+    mkdirSync(geminiDir, { recursive: true });
+
+    // Write to trustedFolders.json
+    const trustedFoldersPath = join(geminiDir, 'trustedFolders.json');
+    const trustedFolders = {
+      [rig.testDir!]: 'TRUST_FOLDER',
+    };
+    writeFileSync(trustedFoldersPath, JSON.stringify(trustedFolders, null, 2));
+
+    // Force confirmation for browser agent.
+    // NOTE: We don't force confirm browser tools here because "Allow all server tools"
+    // adds a rule with ALWAYS_ALLOW_PRIORITY (3.9x) which would be overshadowed by
+    // a rule in the user tier (4.x) like the one from this TOML.
+    // By removing the explicit mcp rule, the first MCP tool will still prompt
+    // due to default approvalMode = 'default', and then "Allow all" will correctly
+    // bypass subsequent tools.
+    const policyFile = join(rig.testDir!, 'force-confirm.toml');
+    writeFileSync(
+      policyFile,
+      `
+[[rule]]
+name = "Force confirm browser_agent"
+toolName = "browser_agent"
+decision = "ask_user"
+priority = 200
+`,
+    );
+
+    // Update settings.json in both project and home directories to point to the policy file
+    for (const baseDir of [rig.testDir!, rig.homeDir!]) {
+      const settingsPath = join(baseDir, '.gemini', 'settings.json');
+      if (existsSync(settingsPath)) {
+        const settings = JSON.parse(readFileSync(settingsPath, 'utf-8'));
+        settings.policyPaths = [policyFile];
+        // Ensure folder trust is enabled
+        settings.security = settings.security || {};
+        settings.security.folderTrust = settings.security.folderTrust || {};
+        settings.security.folderTrust.enabled = true;
+        writeFileSync(settingsPath, JSON.stringify(settings, null, 2));
+      }
+    }
+
+    const run = await rig.runInteractive({
+      approvalMode: 'default',
+      env: {
+        GEMINI_CLI_INTEGRATION_TEST: 'true',
+      },
+    });
+
+    await run.sendKeys(
+      'Open https://example.com and check if there is a heading\r',
+    );
+    await run.sendKeys('\r');
+
+    // Handle confirmations.
+    // 1. Initial browser_agent delegation (likely only 3 options, so use option 1: Allow once)
+    await poll(
+      () => stripAnsi(run.output).toLowerCase().includes('action required'),
+      60000,
+      1000,
+    );
+    await run.sendKeys('1\r');
+    await new Promise((r) => setTimeout(r, 2000));
+
+    // Handle privacy notice
+    await poll(
+      () => stripAnsi(run.output).toLowerCase().includes('privacy notice'),
+      5000,
+      100,
+    );
+    await run.sendKeys('1\r');
+    await new Promise((r) => setTimeout(r, 5000));
+
+    // new_page (MCP tool, should have 4 options, use option 3: Allow all server tools)
+    await poll(
+      () => {
+        const stripped = stripAnsi(run.output).toLowerCase();
+        return (
+          stripped.includes('new_page') &&
+          stripped.includes('allow all server tools for this session')
+        );
+      },
+      60000,
+      1000,
+    );
+
+    // Select "Allow all server tools for this session" (option 3)
+    await run.sendKeys('3\r');
+    await new Promise((r) => setTimeout(r, 30000));
+
+    const output = stripAnsi(run.output).toLowerCase();
+
+    expect(output).toContain('browser_agent');
+    expect(output).toContain('completed successfully');
+  });
+
+  it('should show the visible warning when browser agent starts in existing session mode', async () => {
+    rig.setup('browser-session-warning', {
+      fakeResponsesPath: join(__dirname, 'browser-agent.cleanup.responses'),
+      settings: {
+        experimental: {
+          enableAgents: true,
+        },
+        general: {
+          enableAutoUpdateNotification: false,
+        },
+        agents: {
+          overrides: {
+            browser_agent: {
+              enabled: true,
+            },
+          },
+          browser: {
+            sessionMode: 'existing',
+            headless: true,
+          },
+        },
+      },
+    });
+
+    const stdout = await rig.runCommand(['Open https://example.com'], {
+      env: {
+        GEMINI_API_KEY: 'fake-key',
+        GEMINI_TELEMETRY_DISABLED: 'true',
+        DEV: 'true',
+      },
+    });
+
+    expect(stdout).toContain('saved logins will be visible');
+  });
+});
diff --git a/packages/a2a-server/src/config/config.test.ts b/packages/a2a-server/src/config/config.test.ts
@@ -325,6 +325,32 @@ describe('loadConfig', () => {
       );
     });
 
+<<<<<<< HEAD
+=======
+    it('should pass enableAgents to Config constructor', async () => {
+      const settings: Settings = {
+        experimental: {
+          enableAgents: false,
+        },
+      };
+      await loadConfig(settings, mockExtensionLoader, taskId);
+      expect(Config).toHaveBeenCalledWith(
+        expect.objectContaining({
+          enableAgents: false,
+        }),
+      );
+    });
+
+    it('should default enableAgents to false when not provided', async () => {
+      await loadConfig(mockSettings, mockExtensionLoader, taskId);
+      expect(Config).toHaveBeenCalledWith(
+        expect.objectContaining({
+          enableAgents: false,
+        }),
+      );
+    });
+
+>>>>>>> b2d6dc4e3 (chore(config): disable agents by default (#23546))
     describe('interactivity', () => {
       it('should set interactive true when not headless', async () => {
         vi.mocked(isHeadlessMode).mockReturnValue(false);
diff --git a/packages/a2a-server/src/config/config.ts b/packages/a2a-server/src/config/config.ts
@@ -110,6 +110,10 @@ export async function loadConfig(
     interactive: !isHeadlessMode(),
     enableInteractiveShell: !isHeadlessMode(),
     ptyInfo: 'auto',
+<<<<<<< HEAD
+=======
+    enableAgents: settings.experimental?.enableAgents ?? false,
+>>>>>>> b2d6dc4e3 (chore(config): disable agents by default (#23546))
   };
 
   const fileService = new FileDiscoveryService(workspaceDir, {
diff --git a/packages/cli/src/config/settingsSchema.test.ts b/packages/cli/src/config/settingsSchema.test.ts
@@ -400,7 +400,7 @@ describe('SettingsSchema', () => {
       expect(setting).toBeDefined();
       expect(setting.type).toBe('boolean');
       expect(setting.category).toBe('Experimental');
-      expect(setting.default).toBe(true);
+      expect(setting.default).toBe(false);
       expect(setting.requiresRestart).toBe(true);
       expect(setting.showInDialog).toBe(false);
       expect(setting.description).toBe('Enable local and remote subagents.');
diff --git a/packages/cli/src/config/settingsSchema.ts b/packages/cli/src/config/settingsSchema.ts
@@ -1838,7 +1838,7 @@ const SETTINGS_SCHEMA = {
         label: 'Enable Agents',
         category: 'Experimental',
         requiresRestart: true,
-        default: true,
+        default: false,
         description: 'Enable local and remote subagents.',
         showInDialog: false,
       },
diff --git a/packages/core/src/config/config.ts b/packages/core/src/config/config.ts
@@ -951,7 +951,7 @@ export class Config implements McpContext, AgentLoopContext {
     this.model = params.model;
     this.disableLoopDetection = params.disableLoopDetection ?? false;
     this._activeModel = params.model;
-    this.enableAgents = params.enableAgents ?? true;
+    this.enableAgents = params.enableAgents ?? false;
     this.agents = params.agents ?? {};
     this.disableLLMCorrection = params.disableLLMCorrection ?? true;
     this.planEnabled = params.plan ?? true;
diff --git a/schemas/settings.schema.json b/schemas/settings.schema.json
@@ -1971,8 +1971,8 @@
         "enableAgents": {
           "title": "Enable Agents",
           "description": "Enable local and remote subagents.",
-          "markdownDescription": "Enable local and remote subagents.\n\n- Category: `Experimental`\n- Requires restart: `yes`\n- Default: `true`",
-          "default": true,
+          "markdownDescription": "Enable local and remote subagents.\n\n- Category: `Experimental`\n- Requires restart: `yes`\n- Default: `false`",
+          "default": false,
           "type": "boolean"
         },
         "extensionManagement": {
