fix(a2a-server): Implement default policy loading for parity with CLI#27073
Conversation
gemini-cli
Bot
added
the
priority/p1
|
Size Change: -4 B (0%) Total Size: 33.8 MB
ℹ️ View Unchanged
|
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request aligns the A2A server's security policy handling with the core CLI implementation. By adopting the shared policy engine configuration, the server now automatically enforces standard security safeguards, including read-only policies, while maintaining support for existing YOLO mode overrides. These changes ensure consistent behavior across the application ecosystem and simplify future policy maintenance. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request refactors a2a-server to use createPolicyEngineConfig for policy management, adds policy path settings, and updates the build script to copy policy assets. Reviewers identified a critical privilege escalation vulnerability where malicious workspace settings could override admin policies. Improvements to the test mocks were also suggested to ensure correct mapping of policy settings.
|
/patch preview |
|
🚀 [Step 1/4] Patch workflow(s) waiting for approval! 📋 Details:
⏳ Status: The patch creation workflow has been triggered and is waiting for deployment approval. Please visit the specific workflow links below and approve the runs. 🔗 Track Progress: |
|
🚀 [Step 2/4] Patch PR Created! 📋 Patch Details:
📝 Next Steps:
🔗 Track Progress: |
|
🚀 [Step 3/4] Patch Release Waiting for Approval! 📋 Release Details:
⏳ Status: The patch release has been triggered and is waiting for deployment approval. Please visit the specific workflow run link below and approve the deployment. You'll receive another update when it completes. 🔗 Track Progress: |
|
✅ [Step 4/4] Patch Release Complete! 📦 Release Details:
🎉 Status: Your patch has been successfully released and published to npm! 📝 What's Available:
🔗 Links: |
3 participants
Summary
This PR updates the A2A server to automatically load the same default policies (including read-only policies) as the CLI. This ensures that the A2A server inherits standard security safeguards and remains synchronized as the core default policies evolve.
Details
@google/gemini-cli-core'screatePolicyEngineConfiginto the A2A server configuration flow.core,exclude,allowed) to thePolicySettingsstructure expected by the core engine.policyPathsandadminPolicyPathsin the A2A server'sSettingsinterface for parity with CLI configuration.Related Issues
Fixes #25182
How to Validate
npm test -w @google/gemini-cli-a2a-serverPre-Merge Checklist