feat(cli): automatically accept workspace policy changes#20337
feat(cli): automatically accept workspace policy changes#20337Abhijit-2592 wants to merge 1 commit into
Conversation
Summary of ChangesHello @Abhijit-2592, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the user experience of the CLI by automating the acceptance of workspace policy changes. By removing the interactive dialog and automatically loading updated policies, it reduces user friction and streamlines workflows in both interactive and non-interactive environments. The change also refines how policy update notifications are handled, making them less intrusive. Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request implements automatic acceptance of workspace policy changes to reduce user friction. However, it introduces a significant security risk by automatically accepting and loading workspace policy changes without user confirmation, even in interactive mode. This bypasses a critical security control designed to prevent malicious policy injection in trusted workspaces. The notification mechanism using debugLogger.warn may not be visible to the user, increasing the risk. It is recommended to restore the interactive confirmation dialog for policy changes to ensure users remain in control of the security rules applied to their environment.
| } else { | ||
| // Non-interactive mode: warn and automatically accept/load | ||
| // Policies changed or are new. | ||
| // Automatically accept and load for now to reduce friction. | ||
| // We keep the infrastructure (PolicyUpdateConfirmationRequest etc.) | ||
| // but bypass the interactive dialog. | ||
| await integrityManager.acceptIntegrity( | ||
| 'workspace', | ||
| cwd, | ||
| integrityResult.hash, | ||
| ); | ||
| workspacePoliciesDir = potentialWorkspacePoliciesDir; |
There was a problem hiding this comment.
The PR modifies resolveWorkspacePolicyState to automatically accept and load workspace policies when they are new or have changed, bypassing the previous interactive user confirmation. While this only occurs in "trusted" folders, "trusting a folder" should not imply trusting all future, potentially malicious, changes to security policies within that folder.
An attacker who can write to the .gemini/policies/ directory of a trusted workspace (e.g., via a malicious pull request in a shared project) can now automatically inject policies that escalate their privileges, such as allowing dangerous tools (like ShellTool) to run without user confirmation.
Furthermore, the notification for this automatic acceptance has been moved from writeToStderr to debugLogger.warn, which according to the project's documentation is intercepted and routed to a debug UI, making this security-sensitive change less visible to the user in the main terminal.
References
- Security-sensitive settings, such as workspace policies, should not be easily overridden or automatically accepted from potentially less-trusted scopes (like a workspace) without explicit user confirmation, as this can lead to privilege escalation.
- Tool availability and security restrictions are managed by the policy engine. Bypassing user confirmation for policy changes undermines the policy engine's role in managing these restrictions, allowing dangerous tools to run without proper oversight.
|
Size Change: -276 B (0%) Total Size: 25.7 MB ℹ️ View Unchanged
|
|
Closing in favor of #20351 |
2 participants
Summary
Hides the PolicyUpdateDialog and automatically accepts workspace policy updates to reduce user friction. Workspace policies are now automatically accepted and loaded in both interactive and non-interactive modes.
Details
resolveWorkspacePolicyStateinpackages/cli/src/config/policy.tsto automatically accept and load policies, bypassing the interactive dialog.writeToStderrtodebugLogger.warnfor notifying about policy updates to reduce terminal noise.interactiveparameter fromresolveWorkspacePolicyStateand its call sites.policyUpdateConfirmationRequestinfrastructure.Related Issues
Fixes #20336
How to Validate
.gemini/policies/.npm run start).debugLogger.warnlogs the update in debug mode.npm test -w @google/gemini-cli -- src/config/policy.test.ts src/config/workspace-policy-cli.test.tsPre-Merge Checklist