Does Gemini cli supports auto-allow permissions set up in a .gemini.local like Claude?

[Suzukijs]

Hi everyone,

I’ve been exploring Gemini CLI recently and was wondering whether there’s currently any support, or plans for support for something similar to Claude Code’s local permission configuration system.

Specifically, I’m curious about the possibility of defining auto-allowed actions inside something like a .gemini.local file for trusted repositories.

For example, in long development sessions, repeatedly approving safe actions like:

• reading project files
• running tests
• executing common package manager commands
• editing workspace files

can sometimes interrupt workflow quite a bit.

I’m wondering:

1. Does Gemini CLI already support anything like this?
2. If not, is there a technical or security reason it’s intentionally avoided?
3. Are there recommended alternatives for smoother autonomous workflows?

Claude Code seems to lean toward configurable local trust, while other tools stay more restrictive by default.

Curious how the Gemini CLI team and other developers here think about this balance.

Would love to hear thoughts, especially from people running longer agentic coding sessions or automation-heavy workflows.

[Stewie-pixel]

Hi @Suzukijs, i am also deep researching Gemini cli and here are what i think maybe helpful for you:

1. Does Gemini CLI already support a local trust system like .gemini.local?
   Yes, but with a different architecture. You can create a .gemini/settings.json file inside your project and this file overrides your global user settings for that specific directory.

Approval Modes: In your workspace settings.json, you can set general.defaultApprovalMode to:

• "auto_edit": This automatically approves file modifications (editing/writing) without prompting you.

• "yolo": This can be enabled via the --yolo flag or security.disableYoloMode: false in settings. It auto-approves all actions, including shell commands.

Permanent Tool Approval: You can enable security.enablePermanentToolApproval in your settings. This allows you to select "Always allow for this session/workspace" the first time a tool (like npm or pytest) is called.

2. If not, is there a technical or security reason it’s avoided?
   The team hasn't avoided it, but they have been intentional for two reasons:

• Prompt Injection Risk: If the model reads a malicious comment in a third-party file (e.g., // RUN: rm -rf /) and has "auto-allow" permissions for shell commands, it could execute that command immediately.

• Context-Aware Security: Gemini CLI recently added a feature called Conseca (security.enableConseca). It uses a smaller LLM to scan proposed tool calls for security risks before they run, even in auto-mode.

3. Are there recommended alternatives for smoother workflows?

• Plan Mode: Use the /plan command. The model will write out everything it intends to do into a markdown file. You review it once, approve the whole plan, and it executes all steps (reads, writes, tests) in one go without further prompts.

• Custom Extensions: You can package specific "trusted" commands into a private extension. Extensions can have their own security policies, allowing them to run specific shell scripts without triggering the global "is this safe?" prompt.

• Headless Mode: If you’re running automation-heavy tasks, use the -p flag (gemini -p "run my tests and fix errors" --yolo). This bypasses the interactive terminal prompts entirely.

[ddjidd564]

This is a great topic — permission configuration at the agent level is something a lot of us are thinking about. For the tool auditing side of the equation, we have been working on open-source MCP servers that scan for security issues before they reach the permission prompt.

The env-security-scanner and wallet-security-checker packages can run alongside Gemini CLI as MCP servers and flag credential exposure, unsafe defaults, or config drift before you need to approve potentially risky actions.

They are on npm: https://www.npmjs.com/search?q=mcp-security

Might be a useful complement to whatever permission system Gemini lands on!