feat(cli): hide workspace policy update dialog and auto-accept by default

[Abhijit-2592]

Summary

Hide the workspace policy update dialog and automatically accept policy changes by default to improve user experience and reduce startup friction in interactive mode.

Details

• Default Auto-Accept: Updated resolveWorkspacePolicyState in packages/cli/src/config/policy.ts to automatically accept and load policies by default in interactive mode. This matches existing non-interactive logic to reduce startup friction.
• Configurable Flag: Introduced autoAcceptWorkspacePolicies (let) and a corresponding setAutoAcceptWorkspacePolicies setter in policy.ts to manage workspace policy behavior while maintaining testability.
• CamelCase Naming: Refactored the flag from all-caps AUTO_ACCEPT_WORKSPACE_POLICIES to camelCase autoAcceptWorkspacePolicies to follow naming conventions for mutable variables.
• Comprehensive Testing: Refactored policy.test.ts and workspace-policy-cli.test.ts to verify the new default behavior while maintaining coverage for the manual confirmation flow by toggling the flag via the setter in tests.

Related Issues

Fixes #20336

How to Validate

1. Unit Tests: Run tests for policy logic:
   npm test -w @google/gemini-cli -- src/config/policy.test.ts
2. Integration Tests: Verify CLI integration and manual confirmation flow:
   npm test -w @google/gemini-cli -- src/config/workspace-policy-cli.test.ts
3. Full Validation: Run the workspace preflight script:
   npm run preflight

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt

[gemini-code-assist]

Summary of Changes

Hello @Abhijit-2592, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request streamlines the user experience for the CLI by automating the acceptance of workspace policy updates. It introduces a new configuration flag to control this behavior, defaulting to auto-acceptance, thereby reducing startup friction in interactive mode.

Highlights

• Default Auto-Acceptance: Workspace policy updates are now automatically accepted by default, eliminating the need for manual confirmation in most interactive scenarios.
• Configurable Behavior: A new AUTO_ACCEPT_WORKSPACE_POLICIES flag has been introduced, allowing the auto-acceptance behavior to be toggled, primarily for testing and specific use cases.
• Improved Logging: Auto-acceptance in interactive mode is now logged silently using debugLogger, while non-interactive mode continues to issue a warning to stderr for transparency.
• Enhanced Testability: A setAutoAcceptWorkspacePolicies function was added to facilitate testing of both auto-accept and manual confirmation flows.
• Updated Test Coverage: Existing and new tests have been adjusted to validate the new default auto-acceptance behavior and ensure proper handling when auto-acceptance is disabled.

Changelog

• packages/cli/src/config/policy.test.ts
  • Imported AUTO_ACCEPT_WORKSPACE_POLICIES and setAutoAcceptWorkspacePolicies for testing.
  • Modified existing test cases to reflect the new default auto-acceptance behavior.
  • Added a new test case to verify the confirmation request when AUTO_ACCEPT_WORKSPACE_POLICIES is explicitly set to false.
  • Added a new test case for non-interactive mode when AUTO_ACCEPT_WORKSPACE_POLICIES is false.
• packages/cli/src/config/policy.ts
  • Introduced AUTO_ACCEPT_WORKSPACE_POLICIES (default true) and setAutoAcceptWorkspacePolicies function.
  • Updated resolveWorkspacePolicyState to use AUTO_ACCEPT_WORKSPACE_POLICIES to determine if a confirmation request should be generated or if policies should be auto-accepted.
  • Integrated debugLogger for silent logging of auto-acceptance in interactive mode and retained writeToStderr for non-interactive warnings.
• packages/cli/src/config/workspace-policy-cli.test.ts
  • Imported the Policy module to access the new auto-accept flag and setter.
  • Updated test descriptions and assertions to reflect the new auto-acceptance default for integrity mismatches and new policies in interactive mode.
  • Added a new test case to specifically verify the manual confirmation flow when AUTO_ACCEPT_WORKSPACE_POLICIES is set to false.

Activity

• No specific review comments, approvals, or other human activities have been recorded for this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: +231 B (0%)

Total Size: 25.7 MB

ℹ️ View Unchanged

Filename	Size	Change
./bundle/gemini.js	25.2 MB	+231 B (0%)
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	221 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	227 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	11.5 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request introduces a critical security vulnerability by defaulting to automatically accepting workspace policy updates, which could lead to the silent activation of malicious policies. It is strongly recommended to disable this feature by default, requiring explicit user approval, in line with 'fail-closed' security principles. Additionally, a high-severity concurrency issue has been identified in integrityManager.acceptIntegrity that could lead to data corruption due to a lack of file locking during read-modify-write operations.

[jacob314]

[jacob314]

[jacob314]

I have reviewed this PR locally.

[Abhijit-2592]

/patch preview

[github-actions]

✅ Patch workflow(s) dispatched successfully!

📋 Details:

• Channels: preview
• Commit: d128fb0f7b86bdc8f9a942ca2ba35d130129f7c6
• Workflows Created: 1

🔗 Track Progress:

• View patch workflows
• This workflow run

[github-actions]

🚀 Patch PR Created!

📋 Patch Details:

• Environment: prod
• Channel: preview → will publish to npm tag preview
• Commit: d128fb0f7b86bdc8f9a942ca2ba35d130129f7c6
• Hotfix Branch: hotfix/v0.31.0-preview.0/0.31.0-preview.1/preview/cherry-pick-d128fb0/pr-20351
• Hotfix PR: #20512

📝 Next Steps:

1. Review and approve the hotfix PR: #20512
2. Once merged, the patch release will automatically trigger
3. You'll receive updates here when the release completes

🔗 Track Progress:

• View hotfix PR #20512