@google/gemini-cli-core 0.32.0-preview.0 → 0.33.0-preview.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (216) hide show
  1. package/README.md +11 -9
  2. package/dist/docs/CONTRIBUTING.md +7 -4
  3. package/dist/docs/changelogs/index.md +24 -2
  4. package/dist/docs/changelogs/latest.md +389 -310
  5. package/dist/docs/changelogs/preview.md +186 -394
  6. package/dist/docs/cli/cli-reference.md +12 -12
  7. package/dist/docs/cli/custom-commands.md +9 -0
  8. package/dist/docs/cli/enterprise.md +19 -0
  9. package/dist/docs/cli/model.md +5 -14
  10. package/dist/docs/cli/plan-mode.md +38 -7
  11. package/dist/docs/cli/sandbox.md +42 -2
  12. package/dist/docs/cli/session-management.md +16 -7
  13. package/dist/docs/cli/settings.md +10 -10
  14. package/dist/docs/cli/telemetry.md +29 -0
  15. package/dist/docs/cli/tutorials/automation.md +101 -5
  16. package/dist/docs/cli/tutorials/mcp-setup.md +8 -0
  17. package/dist/docs/cli/tutorials/skills-getting-started.md +8 -0
  18. package/dist/docs/extensions/reference.md +9 -1
  19. package/dist/docs/extensions/writing-extensions.md +16 -0
  20. package/dist/docs/get-started/authentication.md +86 -5
  21. package/dist/docs/get-started/installation.md +1 -1
  22. package/dist/docs/hooks/best-practices.md +33 -1
  23. package/dist/docs/hooks/writing-hooks.md +24 -0
  24. package/dist/docs/ide-integration/index.md +8 -0
  25. package/dist/docs/reference/commands.md +3 -0
  26. package/dist/docs/reference/configuration.md +19 -15
  27. package/dist/docs/reference/keyboard-shortcuts.md +10 -0
  28. package/dist/docs/reference/policy-engine.md +10 -0
  29. package/dist/docs/resources/faq.md +8 -0
  30. package/dist/docs/resources/troubleshooting.md +4 -1
  31. package/dist/docs/sidebar.json +8 -1
  32. package/dist/src/agents/a2aUtils.d.ts +2 -0
  33. package/dist/src/agents/a2aUtils.js +12 -0
  34. package/dist/src/agents/a2aUtils.js.map +1 -1
  35. package/dist/src/agents/a2aUtils.test.js +50 -1
  36. package/dist/src/agents/a2aUtils.test.js.map +1 -1
  37. package/dist/src/agents/agentLoader.d.ts +2 -1
  38. package/dist/src/agents/agentLoader.js +17 -4
  39. package/dist/src/agents/agentLoader.js.map +1 -1
  40. package/dist/src/agents/agentLoader.test.js +46 -0
  41. package/dist/src/agents/agentLoader.test.js.map +1 -1
  42. package/dist/src/agents/auth-provider/factory.js +6 -3
  43. package/dist/src/agents/auth-provider/factory.js.map +1 -1
  44. package/dist/src/agents/auth-provider/http-provider.d.ts +28 -0
  45. package/dist/src/agents/auth-provider/http-provider.js +73 -0
  46. package/dist/src/agents/auth-provider/http-provider.js.map +1 -0
  47. package/dist/src/agents/auth-provider/http-provider.test.d.ts +6 -0
  48. package/dist/src/agents/auth-provider/http-provider.test.js +112 -0
  49. package/dist/src/agents/auth-provider/http-provider.test.js.map +1 -0
  50. package/dist/src/agents/auth-provider/types.d.ts +5 -0
  51. package/dist/src/agents/browser/browserAgentInvocation.d.ts +2 -3
  52. package/dist/src/agents/browser/browserAgentInvocation.js +1 -1
  53. package/dist/src/agents/browser/browserAgentInvocation.js.map +1 -1
  54. package/dist/src/agents/local-executor.js +36 -7
  55. package/dist/src/agents/local-executor.js.map +1 -1
  56. package/dist/src/agents/local-executor.test.js +18 -13
  57. package/dist/src/agents/local-executor.test.js.map +1 -1
  58. package/dist/src/agents/local-invocation.d.ts +3 -4
  59. package/dist/src/agents/local-invocation.js +164 -11
  60. package/dist/src/agents/local-invocation.js.map +1 -1
  61. package/dist/src/agents/local-invocation.test.js +49 -29
  62. package/dist/src/agents/local-invocation.test.js.map +1 -1
  63. package/dist/src/agents/registry.js +66 -12
  64. package/dist/src/agents/registry.js.map +1 -1
  65. package/dist/src/agents/registry.test.js +220 -0
  66. package/dist/src/agents/registry.test.js.map +1 -1
  67. package/dist/src/agents/remote-invocation.d.ts +2 -1
  68. package/dist/src/agents/remote-invocation.js +20 -2
  69. package/dist/src/agents/remote-invocation.js.map +1 -1
  70. package/dist/src/agents/remote-invocation.test.js +62 -10
  71. package/dist/src/agents/remote-invocation.test.js.map +1 -1
  72. package/dist/src/agents/subagent-tool.js.map +1 -1
  73. package/dist/src/agents/subagent-tool.test.js +7 -0
  74. package/dist/src/agents/subagent-tool.test.js.map +1 -1
  75. package/dist/src/agents/types.d.ts +18 -0
  76. package/dist/src/agents/types.js +6 -0
  77. package/dist/src/agents/types.js.map +1 -1
  78. package/dist/src/code_assist/server.js.map +1 -1
  79. package/dist/src/config/config.d.ts +11 -4
  80. package/dist/src/config/config.js +23 -47
  81. package/dist/src/config/config.js.map +1 -1
  82. package/dist/src/config/config.test.js +29 -101
  83. package/dist/src/config/config.test.js.map +1 -1
  84. package/dist/src/core/client.js +5 -3
  85. package/dist/src/core/client.js.map +1 -1
  86. package/dist/src/core/client.test.js +47 -7
  87. package/dist/src/core/client.test.js.map +1 -1
  88. package/dist/src/core/coreToolHookTriggers.d.ts +3 -3
  89. package/dist/src/core/coreToolHookTriggers.js.map +1 -1
  90. package/dist/src/core/coreToolScheduler.js +38 -22
  91. package/dist/src/core/coreToolScheduler.js.map +1 -1
  92. package/dist/src/core/geminiChat.d.ts +2 -2
  93. package/dist/src/core/geminiChat.js +3 -0
  94. package/dist/src/core/geminiChat.js.map +1 -1
  95. package/dist/src/core/loggingContentGenerator.d.ts +1 -0
  96. package/dist/src/core/loggingContentGenerator.js +31 -1
  97. package/dist/src/core/loggingContentGenerator.js.map +1 -1
  98. package/dist/src/core/loggingContentGenerator.test.js +94 -0
  99. package/dist/src/core/loggingContentGenerator.test.js.map +1 -1
  100. package/dist/src/generated/git-commit.d.ts +2 -2
  101. package/dist/src/generated/git-commit.js +2 -2
  102. package/dist/src/hooks/hookRunner.js +30 -4
  103. package/dist/src/hooks/hookRunner.js.map +1 -1
  104. package/dist/src/index.d.ts +1 -0
  105. package/dist/src/index.js +1 -0
  106. package/dist/src/index.js.map +1 -1
  107. package/dist/src/mcp/mcp-oauth-provider.d.ts +43 -0
  108. package/dist/src/mcp/mcp-oauth-provider.js +67 -0
  109. package/dist/src/mcp/mcp-oauth-provider.js.map +1 -0
  110. package/dist/src/mcp/mcp-oauth-provider.test.d.ts +6 -0
  111. package/dist/src/mcp/mcp-oauth-provider.test.js +63 -0
  112. package/dist/src/mcp/mcp-oauth-provider.test.js.map +1 -0
  113. package/dist/src/policy/config.d.ts +1 -1
  114. package/dist/src/policy/config.js +4 -3
  115. package/dist/src/policy/config.js.map +1 -1
  116. package/dist/src/policy/policies/plan.toml +50 -13
  117. package/dist/src/policy/policies/read-only.toml +12 -11
  118. package/dist/src/policy/policies/write.toml +12 -11
  119. package/dist/src/policy/policies/yolo.toml +21 -11
  120. package/dist/src/policy/policy-engine.test.js +62 -2
  121. package/dist/src/policy/policy-engine.test.js.map +1 -1
  122. package/dist/src/policy/toml-loader.d.ts +19 -1
  123. package/dist/src/policy/toml-loader.js +127 -0
  124. package/dist/src/policy/toml-loader.js.map +1 -1
  125. package/dist/src/policy/toml-loader.test.js +218 -14
  126. package/dist/src/policy/toml-loader.test.js.map +1 -1
  127. package/dist/src/prompts/snippets.js +7 -7
  128. package/dist/src/prompts/snippets.js.map +1 -1
  129. package/dist/src/scheduler/scheduler.js +1 -1
  130. package/dist/src/scheduler/scheduler.js.map +1 -1
  131. package/dist/src/scheduler/scheduler.test.js +1 -1
  132. package/dist/src/scheduler/scheduler.test.js.map +1 -1
  133. package/dist/src/scheduler/state-manager.d.ts +1 -2
  134. package/dist/src/scheduler/state-manager.js +19 -10
  135. package/dist/src/scheduler/state-manager.js.map +1 -1
  136. package/dist/src/scheduler/tool-executor.d.ts +3 -2
  137. package/dist/src/scheduler/tool-executor.js +89 -32
  138. package/dist/src/scheduler/tool-executor.js.map +1 -1
  139. package/dist/src/scheduler/tool-executor.test.js +191 -0
  140. package/dist/src/scheduler/tool-executor.test.js.map +1 -1
  141. package/dist/src/scheduler/types.d.ts +3 -4
  142. package/dist/src/services/chatRecordingService.js +12 -0
  143. package/dist/src/services/chatRecordingService.js.map +1 -1
  144. package/dist/src/services/chatRecordingService.test.js +15 -4
  145. package/dist/src/services/chatRecordingService.test.js.map +1 -1
  146. package/dist/src/services/loopDetectionService.d.ts +2 -1
  147. package/dist/src/services/loopDetectionService.js +49 -11
  148. package/dist/src/services/loopDetectionService.js.map +1 -1
  149. package/dist/src/services/loopDetectionService.test.js +63 -22
  150. package/dist/src/services/loopDetectionService.test.js.map +1 -1
  151. package/dist/src/skills/builtin/skill-creator/scripts/package_skill.cjs +35 -10
  152. package/dist/src/tools/ask-user.d.ts +1 -0
  153. package/dist/src/tools/ask-user.js +2 -1
  154. package/dist/src/tools/ask-user.js.map +1 -1
  155. package/dist/src/tools/definitions/base-declarations.d.ts +51 -0
  156. package/dist/src/tools/definitions/base-declarations.js +75 -1
  157. package/dist/src/tools/definitions/base-declarations.js.map +1 -1
  158. package/dist/src/tools/definitions/coreTools.d.ts +1 -1
  159. package/dist/src/tools/definitions/coreTools.js +5 -1
  160. package/dist/src/tools/definitions/coreTools.js.map +1 -1
  161. package/dist/src/tools/definitions/dynamic-declaration-helpers.js +14 -12
  162. package/dist/src/tools/definitions/dynamic-declaration-helpers.js.map +1 -1
  163. package/dist/src/tools/definitions/model-family-sets/default-legacy.js +97 -81
  164. package/dist/src/tools/definitions/model-family-sets/default-legacy.js.map +1 -1
  165. package/dist/src/tools/definitions/model-family-sets/gemini-3.js +99 -82
  166. package/dist/src/tools/definitions/model-family-sets/gemini-3.js.map +1 -1
  167. package/dist/src/tools/enter-plan-mode.d.ts +1 -0
  168. package/dist/src/tools/enter-plan-mode.js +2 -1
  169. package/dist/src/tools/enter-plan-mode.js.map +1 -1
  170. package/dist/src/tools/exit-plan-mode.d.ts +1 -0
  171. package/dist/src/tools/exit-plan-mode.js +2 -1
  172. package/dist/src/tools/exit-plan-mode.js.map +1 -1
  173. package/dist/src/tools/mcp-client.d.ts +6 -0
  174. package/dist/src/tools/mcp-client.js +14 -0
  175. package/dist/src/tools/mcp-client.js.map +1 -1
  176. package/dist/src/tools/mcp-tool.js +20 -9
  177. package/dist/src/tools/mcp-tool.js.map +1 -1
  178. package/dist/src/tools/mcp-tool.test.js +48 -1
  179. package/dist/src/tools/mcp-tool.test.js.map +1 -1
  180. package/dist/src/tools/read-file.test.js +7 -0
  181. package/dist/src/tools/read-file.test.js.map +1 -1
  182. package/dist/src/tools/shell.d.ts +2 -3
  183. package/dist/src/tools/shell.js +10 -9
  184. package/dist/src/tools/shell.js.map +1 -1
  185. package/dist/src/tools/tool-names.d.ts +2 -2
  186. package/dist/src/tools/tool-names.js +14 -4
  187. package/dist/src/tools/tool-names.js.map +1 -1
  188. package/dist/src/tools/tool-names.test.js +2 -0
  189. package/dist/src/tools/tool-names.test.js.map +1 -1
  190. package/dist/src/tools/tool-registry.d.ts +3 -2
  191. package/dist/src/tools/tool-registry.js +41 -5
  192. package/dist/src/tools/tool-registry.js.map +1 -1
  193. package/dist/src/tools/tool-registry.test.js +42 -7
  194. package/dist/src/tools/tool-registry.test.js.map +1 -1
  195. package/dist/src/tools/tools.d.ts +6 -4
  196. package/dist/src/tools/tools.js.map +1 -1
  197. package/dist/src/utils/constants.d.ts +3 -0
  198. package/dist/src/utils/constants.js +3 -0
  199. package/dist/src/utils/constants.js.map +1 -1
  200. package/dist/src/utils/errors.d.ts +4 -0
  201. package/dist/src/utils/errors.js +6 -0
  202. package/dist/src/utils/errors.js.map +1 -1
  203. package/dist/src/utils/errors.test.js +20 -1
  204. package/dist/src/utils/errors.test.js.map +1 -1
  205. package/dist/src/utils/fetch.js +1 -1
  206. package/dist/src/utils/fetch.js.map +1 -1
  207. package/dist/src/utils/fileUtils.d.ts +0 -1
  208. package/dist/src/utils/fileUtils.js +5 -7
  209. package/dist/src/utils/fileUtils.js.map +1 -1
  210. package/dist/src/utils/tool-utils.d.ts +11 -4
  211. package/dist/src/utils/tool-utils.js +18 -5
  212. package/dist/src/utils/tool-utils.js.map +1 -1
  213. package/dist/src/utils/tool-utils.test.js +8 -0
  214. package/dist/src/utils/tool-utils.test.js.map +1 -1
  215. package/dist/tsconfig.tsbuildinfo +1 -1
  216. package/package.json +1 -1
package/dist/src/policy/policies/plan.toml CHANGED
@@ -5,20 +5,21 @@
5
5
  #
6
6
  # Priority bands (tiers):
7
7
  # - Default policies (TOML): 1 + priority/1000 (e.g., priority 100 → 1.100)
8
- # - Workspace policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
9
- # - User policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
10
- # - Admin policies (TOML): 4 + priority/1000 (e.g., priority 100 → 4.100)
8
+ # - Extension policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
9
+ # - Workspace policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
10
+ # - User policies (TOML): 4 + priority/1000 (e.g., priority 100 → 4.100)
11
+ # - Admin policies (TOML): 5 + priority/1000 (e.g., priority 100 → 5.100)
11
12
  #
12
- # This ensures Admin > User > Workspace > Default hierarchy is always preserved,
13
+ # This ensures Admin > User > Workspace > Extension > Default hierarchy is always preserved,
13
14
  # while allowing user-specified priorities to work within each tier.
14
15
  #
15
- # Settings-based and dynamic rules (all in user tier 3.x):
16
- # 3.95: Tools that the user has selected as "Always Allow" in the interactive UI
17
- # 3.9: MCP servers excluded list (security: persistent server blocks)
18
- # 3.4: Command line flag --exclude-tools (explicit temporary blocks)
19
- # 3.3: Command line flag --allowed-tools (explicit temporary allows)
20
- # 3.2: MCP servers with trust=true (persistent trusted servers)
21
- # 3.1: MCP servers allowed list (persistent general server allows)
16
+ # Settings-based and dynamic rules (all in user tier 4.x):
17
+ # 4.95: Tools that the user has selected as "Always Allow" in the interactive UI
18
+ # 4.9: MCP servers excluded list (security: persistent server blocks)
19
+ # 4.4: Command line flag --exclude-tools (explicit temporary blocks)
20
+ # 4.3: Command line flag --allowed-tools (explicit temporary allows)
21
+ # 4.2: MCP servers with trust=true (persistent trusted servers)
22
+ # 4.1: MCP servers allowed list (persistent general server allows)
22
23
  #
23
24
  # TOML policy priorities (before transformation):
24
25
  # 10: Write tools default to ASK_USER (becomes 1.010 in default tier)
@@ -26,6 +27,33 @@
26
27
  # 70: Plan mode explicit ALLOW override (becomes 1.070 in default tier)
27
28
  # 999: YOLO mode allow-all (becomes 1.999 in default tier)
28
29
 
30
+ # Mode Transitions (into/out of Plan Mode)
31
+
32
+ [[rule]]
33
+ toolName = "enter_plan_mode"
34
+ decision = "ask_user"
35
+ priority = 50
36
+
37
+ [[rule]]
38
+ toolName = "enter_plan_mode"
39
+ decision = "deny"
40
+ priority = 70
41
+ modes = ["plan"]
42
+ deny_message = "You are already in Plan Mode."
43
+
44
+ [[rule]]
45
+ toolName = "exit_plan_mode"
46
+ decision = "ask_user"
47
+ priority = 70
48
+ modes = ["plan"]
49
+
50
+ [[rule]]
51
+ toolName = "exit_plan_mode"
52
+ decision = "deny"
53
+ priority = 50
54
+ deny_message = "You are not currently in Plan Mode. Use enter_plan_mode first to design a plan."
55
+
56
+
29
57
  # Catch-All: Deny everything by default in Plan mode.
30
58
 
31
59
  [[rule]]
@@ -44,13 +72,22 @@ priority = 70
44
72
  modes = ["plan"]
45
73
 
46
74
  [[rule]]
47
- toolName = ["glob", "grep_search", "list_directory", "read_file", "google_web_search", "activate_skill"]
75
+ toolName = [
76
+ "glob",
77
+ "grep_search",
78
+ "list_directory",
79
+ "read_file",
80
+ "google_web_search",
81
+ "activate_skill",
82
+ "codebase_investigator",
83
+ "cli_help"
84
+ ]
48
85
  decision = "allow"
49
86
  priority = 70
50
87
  modes = ["plan"]
51
88
 
52
89
  [[rule]]
53
- toolName = ["ask_user", "exit_plan_mode", "save_memory"]
90
+ toolName = ["ask_user", "save_memory"]
54
91
  decision = "ask_user"
55
92
  priority = 70
56
93
  modes = ["plan"]
package/dist/src/policy/policies/read-only.toml CHANGED
@@ -5,20 +5,21 @@
5
5
  #
6
6
  # Priority bands (tiers):
7
7
  # - Default policies (TOML): 1 + priority/1000 (e.g., priority 100 → 1.100)
8
- # - Workspace policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
9
- # - User policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
10
- # - Admin policies (TOML): 4 + priority/1000 (e.g., priority 100 → 4.100)
8
+ # - Extension policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
9
+ # - Workspace policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
10
+ # - User policies (TOML): 4 + priority/1000 (e.g., priority 100 → 4.100)
11
+ # - Admin policies (TOML): 5 + priority/1000 (e.g., priority 100 → 5.100)
11
12
  #
12
- # This ensures Admin > User > Workspace > Default hierarchy is always preserved,
13
+ # This ensures Admin > User > Workspace > Extension > Default hierarchy is always preserved,
13
14
  # while allowing user-specified priorities to work within each tier.
14
15
  #
15
- # Settings-based and dynamic rules (all in user tier 3.x):
16
- # 3.95: Tools that the user has selected as "Always Allow" in the interactive UI
17
- # 3.9: MCP servers excluded list (security: persistent server blocks)
18
- # 3.4: Command line flag --exclude-tools (explicit temporary blocks)
19
- # 3.3: Command line flag --allowed-tools (explicit temporary allows)
20
- # 3.2: MCP servers with trust=true (persistent trusted servers)
21
- # 3.1: MCP servers allowed list (persistent general server allows)
16
+ # Settings-based and dynamic rules (all in user tier 4.x):
17
+ # 4.95: Tools that the user has selected as "Always Allow" in the interactive UI
18
+ # 4.9: MCP servers excluded list (security: persistent server blocks)
19
+ # 4.4: Command line flag --exclude-tools (explicit temporary blocks)
20
+ # 4.3: Command line flag --allowed-tools (explicit temporary allows)
21
+ # 4.2: MCP servers with trust=true (persistent trusted servers)
22
+ # 4.1: MCP servers allowed list (persistent general server allows)
22
23
  #
23
24
  # TOML policy priorities (before transformation):
24
25
  # 10: Write tools default to ASK_USER (becomes 1.010 in default tier)
package/dist/src/policy/policies/write.toml CHANGED
@@ -5,20 +5,21 @@
5
5
  #
6
6
  # Priority bands (tiers):
7
7
  # - Default policies (TOML): 1 + priority/1000 (e.g., priority 100 → 1.100)
8
- # - Workspace policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
9
- # - User policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
10
- # - Admin policies (TOML): 4 + priority/1000 (e.g., priority 100 → 4.100)
8
+ # - Extension policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
9
+ # - Workspace policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
10
+ # - User policies (TOML): 4 + priority/1000 (e.g., priority 100 → 4.100)
11
+ # - Admin policies (TOML): 5 + priority/1000 (e.g., priority 100 → 5.100)
11
12
  #
12
- # This ensures Admin > User > Workspace > Default hierarchy is always preserved,
13
+ # This ensures Admin > User > Workspace > Extension > Default hierarchy is always preserved,
13
14
  # while allowing user-specified priorities to work within each tier.
14
15
  #
15
- # Settings-based and dynamic rules (all in user tier 3.x):
16
- # 3.95: Tools that the user has selected as "Always Allow" in the interactive UI
17
- # 3.9: MCP servers excluded list (security: persistent server blocks)
18
- # 3.4: Command line flag --exclude-tools (explicit temporary blocks)
19
- # 3.3: Command line flag --allowed-tools (explicit temporary allows)
20
- # 3.2: MCP servers with trust=true (persistent trusted servers)
21
- # 3.1: MCP servers allowed list (persistent general server allows)
16
+ # Settings-based and dynamic rules (all in user tier 4.x):
17
+ # 4.95: Tools that the user has selected as "Always Allow" in the interactive UI
18
+ # 4.9: MCP servers excluded list (security: persistent server blocks)
19
+ # 4.4: Command line flag --exclude-tools (explicit temporary blocks)
20
+ # 4.3: Command line flag --allowed-tools (explicit temporary allows)
21
+ # 4.2: MCP servers with trust=true (persistent trusted servers)
22
+ # 4.1: MCP servers allowed list (persistent general server allows)
22
23
  #
23
24
  # TOML policy priorities (before transformation):
24
25
  # 10: Write tools default to ASK_USER (becomes 1.010 in default tier)
package/dist/src/policy/policies/yolo.toml CHANGED
@@ -5,20 +5,21 @@
5
5
  #
6
6
  # Priority bands (tiers):
7
7
  # - Default policies (TOML): 1 + priority/1000 (e.g., priority 100 → 1.100)
8
- # - Workspace policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
9
- # - User policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
10
- # - Admin policies (TOML): 4 + priority/1000 (e.g., priority 100 → 4.100)
8
+ # - Extension policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
9
+ # - Workspace policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
10
+ # - User policies (TOML): 4 + priority/1000 (e.g., priority 100 → 4.100)
11
+ # - Admin policies (TOML): 5 + priority/1000 (e.g., priority 100 → 5.100)
11
12
  #
12
- # This ensures Admin > User > Workspace > Default hierarchy is always preserved,
13
+ # This ensures Admin > User > Workspace > Extension > Default hierarchy is always preserved,
13
14
  # while allowing user-specified priorities to work within each tier.
14
15
  #
15
- # Settings-based and dynamic rules (all in user tier 3.x):
16
- # 3.95: Tools that the user has selected as "Always Allow" in the interactive UI
17
- # 3.9: MCP servers excluded list (security: persistent server blocks)
18
- # 3.4: Command line flag --exclude-tools (explicit temporary blocks)
19
- # 3.3: Command line flag --allowed-tools (explicit temporary allows)
20
- # 3.2: MCP servers with trust=true (persistent trusted servers)
21
- # 3.1: MCP servers allowed list (persistent general server allows)
16
+ # Settings-based and dynamic rules (all in user tier 4.x):
17
+ # 4.95: Tools that the user has selected as "Always Allow" in the interactive UI
18
+ # 4.9: MCP servers excluded list (security: persistent server blocks)
19
+ # 4.4: Command line flag --exclude-tools (explicit temporary blocks)
20
+ # 4.3: Command line flag --allowed-tools (explicit temporary allows)
21
+ # 4.2: MCP servers with trust=true (persistent trusted servers)
22
+ # 4.1: MCP servers allowed list (persistent general server allows)
22
23
  #
23
24
  # TOML policy priorities (before transformation):
24
25
  # 10: Write tools default to ASK_USER (becomes 1.010 in default tier)
@@ -36,6 +37,15 @@ decision = "ask_user"
36
37
  priority = 999
37
38
  modes = ["yolo"]
38
39
 
40
+ # Plan mode transitions are blocked in YOLO mode to maintain state consistency
41
+ # and because planning currently requires human interaction (plan approval),
42
+ # which conflicts with YOLO's autonomous nature.
43
+ [[rule]]
44
+ toolName = ["enter_plan_mode", "exit_plan_mode"]
45
+ decision = "deny"
46
+ priority = 999
47
+ modes = ["yolo"]
48
+
39
49
  # Allow everything else in YOLO mode
40
50
  [[rule]]
41
51
  decision = "allow"
package/dist/src/policy/policy-engine.test.js CHANGED
@@ -1095,7 +1095,7 @@ describe('PolicyEngine', () => {
1095
1095
  modes: [ApprovalMode.PLAN],
1096
1096
  },
1097
1097
  {
1098
- toolName: 'codebase_investigator',
1098
+ toolName: 'unknown_subagent',
1099
1099
  decision: PolicyDecision.ALLOW,
1100
1100
  priority: PRIORITY_SUBAGENT_TOOL,
1101
1101
  },
@@ -1104,7 +1104,7 @@ describe('PolicyEngine', () => {
1104
1104
  rules: fixedRules,
1105
1105
  approvalMode: ApprovalMode.PLAN,
1106
1106
  });
1107
- const fixedResult = await fixedEngine.check({ name: 'codebase_investigator' }, undefined);
1107
+ const fixedResult = await fixedEngine.check({ name: 'unknown_subagent' }, undefined);
1108
1108
  expect(fixedResult.decision).toBe(PolicyDecision.DENY);
1109
1109
  });
1110
1110
  });
@@ -2136,6 +2136,66 @@ describe('PolicyEngine', () => {
2136
2136
  expect(shellResult.decision).toBe(PolicyDecision.DENY);
2137
2137
  expect(shellResult.rule?.denyMessage).toContain('Execution of scripts (including those from skills) is blocked');
2138
2138
  });
2139
+ it('should deny enter_plan_mode when already in PLAN mode', async () => {
2140
+ const rules = [
2141
+ {
2142
+ toolName: 'enter_plan_mode',
2143
+ decision: PolicyDecision.DENY,
2144
+ priority: 70,
2145
+ modes: [ApprovalMode.PLAN],
2146
+ denyMessage: 'You are already in Plan Mode.',
2147
+ },
2148
+ ];
2149
+ engine = new PolicyEngine({
2150
+ rules,
2151
+ approvalMode: ApprovalMode.PLAN,
2152
+ });
2153
+ const result = await engine.check({ name: 'enter_plan_mode' }, undefined);
2154
+ expect(result.decision).toBe(PolicyDecision.DENY);
2155
+ expect(result.rule?.denyMessage).toBe('You are already in Plan Mode.');
2156
+ });
2157
+ it('should deny exit_plan_mode when in DEFAULT mode', async () => {
2158
+ const rules = [
2159
+ {
2160
+ toolName: 'exit_plan_mode',
2161
+ decision: PolicyDecision.DENY,
2162
+ priority: 10,
2163
+ modes: [ApprovalMode.DEFAULT],
2164
+ denyMessage: 'You are not in Plan Mode.',
2165
+ },
2166
+ ];
2167
+ engine = new PolicyEngine({
2168
+ rules,
2169
+ approvalMode: ApprovalMode.DEFAULT,
2170
+ });
2171
+ const result = await engine.check({ name: 'exit_plan_mode' }, undefined);
2172
+ expect(result.decision).toBe(PolicyDecision.DENY);
2173
+ expect(result.rule?.denyMessage).toBe('You are not in Plan Mode.');
2174
+ });
2175
+ it('should deny both plan tools in YOLO mode', async () => {
2176
+ const rules = [
2177
+ {
2178
+ toolName: 'enter_plan_mode',
2179
+ decision: PolicyDecision.DENY,
2180
+ priority: 999,
2181
+ modes: [ApprovalMode.YOLO],
2182
+ },
2183
+ {
2184
+ toolName: 'exit_plan_mode',
2185
+ decision: PolicyDecision.DENY,
2186
+ priority: 999,
2187
+ modes: [ApprovalMode.YOLO],
2188
+ },
2189
+ ];
2190
+ engine = new PolicyEngine({
2191
+ rules,
2192
+ approvalMode: ApprovalMode.YOLO,
2193
+ });
2194
+ const resultEnter = await engine.check({ name: 'enter_plan_mode' }, undefined);
2195
+ expect(resultEnter.decision).toBe(PolicyDecision.DENY);
2196
+ const resultExit = await engine.check({ name: 'exit_plan_mode' }, undefined);
2197
+ expect(resultExit.decision).toBe(PolicyDecision.DENY);
2198
+ });
2139
2199
  });
2140
2200
  describe('removeRulesByTier', () => {
2141
2201
  it('should remove rules matching a specific tier', () => {