@google/gemini-cli 0.12.0-nightly.20251027.cb0947c5 → 0.12.0-preview.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -5
- package/dist/package.json +2 -2
- package/dist/src/commands/extensions/disable.d.ts +1 -1
- package/dist/src/commands/extensions/disable.js +5 -4
- package/dist/src/commands/extensions/disable.js.map +1 -1
- package/dist/src/commands/extensions/enable.d.ts +1 -1
- package/dist/src/commands/extensions/enable.js +3 -2
- package/dist/src/commands/extensions/enable.js.map +1 -1
- package/dist/src/commands/extensions/install.js +2 -1
- package/dist/src/commands/extensions/install.js.map +1 -1
- package/dist/src/commands/extensions/install.test.js +1 -0
- package/dist/src/commands/extensions/install.test.js.map +1 -1
- package/dist/src/commands/extensions/link.js +2 -1
- package/dist/src/commands/extensions/link.js.map +1 -1
- package/dist/src/commands/extensions/list.js +2 -2
- package/dist/src/commands/extensions/list.js.map +1 -1
- package/dist/src/commands/extensions/uninstall.js +2 -1
- package/dist/src/commands/extensions/uninstall.js.map +1 -1
- package/dist/src/commands/extensions/update.js +2 -2
- package/dist/src/commands/extensions/update.js.map +1 -1
- package/dist/src/commands/mcp/list.js +2 -2
- package/dist/src/commands/mcp/list.js.map +1 -1
- package/dist/src/config/config.d.ts +5 -3
- package/dist/src/config/config.js +43 -10
- package/dist/src/config/config.js.map +1 -1
- package/dist/src/config/config.test.js +192 -171
- package/dist/src/config/config.test.js.map +1 -1
- package/dist/src/config/extension-manager.d.ts +23 -10
- package/dist/src/config/extension-manager.js +89 -62
- package/dist/src/config/extension-manager.js.map +1 -1
- package/dist/src/config/extension.test.js +158 -74
- package/dist/src/config/extension.test.js.map +1 -1
- package/dist/src/config/extensions/extensionSettings.d.ts +3 -3
- package/dist/src/config/extensions/extensionSettings.js +74 -24
- package/dist/src/config/extensions/extensionSettings.js.map +1 -1
- package/dist/src/config/extensions/extensionSettings.test.js +145 -24
- package/dist/src/config/extensions/extensionSettings.test.js.map +1 -1
- package/dist/src/config/extensions/github.js +3 -3
- package/dist/src/config/extensions/github.js.map +1 -1
- package/dist/src/config/extensions/github.test.js +1 -1
- package/dist/src/config/extensions/github.test.js.map +1 -1
- package/dist/src/config/extensions/update.js +7 -6
- package/dist/src/config/extensions/update.js.map +1 -1
- package/dist/src/config/extensions/update.test.js +54 -31
- package/dist/src/config/extensions/update.test.js.map +1 -1
- package/dist/src/config/keyBindings.js +1 -1
- package/dist/src/config/keyBindings.js.map +1 -1
- package/dist/src/config/policies/read-only.toml +56 -0
- package/dist/src/config/policies/write.toml +63 -0
- package/dist/src/config/policies/yolo.toml +31 -0
- package/dist/src/config/policy-engine.integration.test.js +41 -38
- package/dist/src/config/policy-engine.integration.test.js.map +1 -1
- package/dist/src/config/policy-toml-loader.d.ts +46 -0
- package/dist/src/config/policy-toml-loader.js +314 -0
- package/dist/src/config/policy-toml-loader.js.map +1 -0
- package/dist/src/config/policy-toml-loader.test.d.ts +6 -0
- package/dist/src/config/policy-toml-loader.test.js +626 -0
- package/dist/src/config/policy-toml-loader.test.js.map +1 -0
- package/dist/src/config/policy.d.ts +9 -2
- package/dist/src/config/policy.js +139 -110
- package/dist/src/config/policy.js.map +1 -1
- package/dist/src/config/policy.test.js +780 -82
- package/dist/src/config/policy.test.js.map +1 -1
- package/dist/src/config/settings.js +1 -1
- package/dist/src/config/settings.js.map +1 -1
- package/dist/src/config/settings.test.js +17 -57
- package/dist/src/config/settings.test.js.map +1 -1
- package/dist/src/config/settingsSchema.d.ts +18 -9
- package/dist/src/config/settingsSchema.js +17 -8
- package/dist/src/config/settingsSchema.js.map +1 -1
- package/dist/src/config/settingsSchema.test.js +2 -0
- package/dist/src/config/settingsSchema.test.js.map +1 -1
- package/dist/src/gemini.js +6 -17
- package/dist/src/gemini.js.map +1 -1
- package/dist/src/gemini.test.js +1 -0
- package/dist/src/gemini.test.js.map +1 -1
- package/dist/src/generated/git-commit.d.ts +2 -2
- package/dist/src/generated/git-commit.js +2 -2
- package/dist/src/generated/git-commit.js.map +1 -1
- package/dist/src/test-utils/render.d.ts +12 -0
- package/dist/src/test-utils/render.js +28 -1
- package/dist/src/test-utils/render.js.map +1 -1
- package/dist/src/test-utils/render.test.d.ts +6 -0
- package/dist/src/test-utils/render.test.js +54 -0
- package/dist/src/test-utils/render.test.js.map +1 -0
- package/dist/src/ui/AppContainer.js +33 -22
- package/dist/src/ui/AppContainer.js.map +1 -1
- package/dist/src/ui/AppContainer.test.js +30 -1
- package/dist/src/ui/AppContainer.test.js.map +1 -1
- package/dist/src/ui/commands/directoryCommand.js +1 -1
- package/dist/src/ui/commands/directoryCommand.js.map +1 -1
- package/dist/src/ui/commands/extensionsCommand.js +45 -1
- package/dist/src/ui/commands/extensionsCommand.js.map +1 -1
- package/dist/src/ui/commands/extensionsCommand.test.js +64 -1
- package/dist/src/ui/commands/extensionsCommand.test.js.map +1 -1
- package/dist/src/ui/commands/memoryCommand.js +1 -1
- package/dist/src/ui/commands/memoryCommand.js.map +1 -1
- package/dist/src/ui/commands/memoryCommand.test.js +3 -1
- package/dist/src/ui/commands/memoryCommand.test.js.map +1 -1
- package/dist/src/ui/components/ConsoleSummaryDisplay.js +1 -1
- package/dist/src/ui/components/ConsoleSummaryDisplay.js.map +1 -1
- package/dist/src/ui/components/DetailedMessagesDisplay.js +1 -1
- package/dist/src/ui/components/DetailedMessagesDisplay.js.map +1 -1
- package/dist/src/ui/components/FolderTrustDialog.test.js +4 -5
- package/dist/src/ui/components/FolderTrustDialog.test.js.map +1 -1
- package/dist/src/ui/components/Footer.js +4 -3
- package/dist/src/ui/components/Footer.js.map +1 -1
- package/dist/src/ui/components/Footer.test.js +83 -0
- package/dist/src/ui/components/Footer.test.js.map +1 -1
- package/dist/src/ui/components/Help.test.js +0 -1
- package/dist/src/ui/components/Help.test.js.map +1 -1
- package/dist/src/ui/components/ModelDialog.test.js +5 -6
- package/dist/src/ui/components/ModelDialog.test.js.map +1 -1
- package/dist/src/ui/components/Notifications.js +38 -5
- package/dist/src/ui/components/Notifications.js.map +1 -1
- package/dist/src/ui/components/PermissionsModifyTrustDialog.test.js +11 -13
- package/dist/src/ui/components/PermissionsModifyTrustDialog.test.js.map +1 -1
- package/dist/src/ui/components/SettingsDialog.test.js +12 -14
- package/dist/src/ui/components/SettingsDialog.test.js.map +1 -1
- package/dist/src/ui/components/shared/BaseSelectionList.test.js +11 -13
- package/dist/src/ui/components/shared/BaseSelectionList.test.js.map +1 -1
- package/dist/src/ui/components/shared/text-buffer.test.js +2 -2
- package/dist/src/ui/components/shared/text-buffer.test.js.map +1 -1
- package/dist/src/ui/contexts/KeypressContext.js +8 -29
- package/dist/src/ui/contexts/KeypressContext.js.map +1 -1
- package/dist/src/ui/contexts/KeypressContext.test.js +90 -73
- package/dist/src/ui/contexts/KeypressContext.test.js.map +1 -1
- package/dist/src/ui/contexts/SessionContext.test.js +27 -14
- package/dist/src/ui/contexts/SessionContext.test.js.map +1 -1
- package/dist/src/ui/hooks/atCommandProcessor.js +2 -2
- package/dist/src/ui/hooks/atCommandProcessor.js.map +1 -1
- package/dist/src/ui/hooks/useAtCompletion.test.js +32 -23
- package/dist/src/ui/hooks/useAtCompletion.test.js.map +1 -1
- package/dist/src/ui/hooks/useAutoAcceptIndicator.test.js +2 -2
- package/dist/src/ui/hooks/useAutoAcceptIndicator.test.js.map +1 -1
- package/dist/src/ui/hooks/useExtensionUpdates.d.ts +1 -2
- package/dist/src/ui/hooks/useExtensionUpdates.js +2 -1
- package/dist/src/ui/hooks/useExtensionUpdates.js.map +1 -1
- package/dist/src/ui/hooks/useExtensionUpdates.test.js +14 -20
- package/dist/src/ui/hooks/useExtensionUpdates.test.js.map +1 -1
- package/dist/src/ui/hooks/useFlickerDetector.test.js +9 -6
- package/dist/src/ui/hooks/useFlickerDetector.test.js.map +1 -1
- package/dist/src/ui/hooks/useFolderTrust.test.js +45 -23
- package/dist/src/ui/hooks/useFolderTrust.test.js.map +1 -1
- package/dist/src/ui/hooks/useGeminiStream.js +7 -5
- package/dist/src/ui/hooks/useGeminiStream.js.map +1 -1
- package/dist/src/ui/hooks/useGeminiStream.test.js +42 -41
- package/dist/src/ui/hooks/useGeminiStream.test.js.map +1 -1
- package/dist/src/ui/hooks/useHistoryManager.test.js +2 -2
- package/dist/src/ui/hooks/useHistoryManager.test.js.map +1 -1
- package/dist/src/ui/hooks/useInputHistory.test.js +2 -2
- package/dist/src/ui/hooks/useInputHistory.test.js.map +1 -1
- package/dist/src/ui/hooks/useInputHistoryStore.test.js +2 -2
- package/dist/src/ui/hooks/useInputHistoryStore.test.js.map +1 -1
- package/dist/src/ui/hooks/usePermissionsModifyTrust.test.js +2 -3
- package/dist/src/ui/hooks/usePermissionsModifyTrust.test.js.map +1 -1
- package/dist/src/ui/hooks/usePhraseCycler.js +1 -1
- package/dist/src/ui/hooks/usePhraseCycler.js.map +1 -1
- package/dist/src/ui/hooks/usePhraseCycler.test.js +83 -111
- package/dist/src/ui/hooks/usePhraseCycler.test.js.map +1 -1
- package/dist/src/ui/hooks/useQuotaAndFallback.test.js +2 -2
- package/dist/src/ui/hooks/useQuotaAndFallback.test.js.map +1 -1
- package/dist/src/ui/hooks/useReactToolScheduler.test.js +1 -2
- package/dist/src/ui/hooks/useReactToolScheduler.test.js.map +1 -1
- package/dist/src/ui/hooks/useReverseSearchCompletion.test.js +2 -2
- package/dist/src/ui/hooks/useReverseSearchCompletion.test.js.map +1 -1
- package/dist/src/ui/hooks/useShellHistory.test.js +40 -17
- package/dist/src/ui/hooks/useShellHistory.test.js.map +1 -1
- package/dist/src/ui/hooks/useSlashCompletion.test.js +54 -49
- package/dist/src/ui/hooks/useSlashCompletion.test.js.map +1 -1
- package/dist/src/ui/hooks/useToolScheduler.test.js +48 -42
- package/dist/src/ui/hooks/useToolScheduler.test.js.map +1 -1
- package/dist/src/ui/keyMatchers.test.js +3 -3
- package/dist/src/ui/keyMatchers.test.js.map +1 -1
- package/dist/src/zed-integration/zedIntegration.d.ts +2 -2
- package/dist/src/zed-integration/zedIntegration.js +4 -6
- package/dist/src/zed-integration/zedIntegration.js.map +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/package.json +3 -3
|
@@ -3,7 +3,14 @@
|
|
|
3
3
|
* Copyright 2025 Google LLC
|
|
4
4
|
* SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
*/
|
|
6
|
-
import { type PolicyEngineConfig, ApprovalMode, type PolicyEngine, type MessageBus } from '@google/gemini-cli-core';
|
|
6
|
+
import { type PolicyEngineConfig, type ApprovalMode, type PolicyEngine, type MessageBus } from '@google/gemini-cli-core';
|
|
7
7
|
import { type Settings } from './settings.js';
|
|
8
|
-
export declare function createPolicyEngineConfig(settings: Settings, approvalMode: ApprovalMode): PolicyEngineConfig
|
|
8
|
+
export declare function createPolicyEngineConfig(settings: Settings, approvalMode: ApprovalMode): Promise<PolicyEngineConfig>;
|
|
9
9
|
export declare function createPolicyUpdater(policyEngine: PolicyEngine, messageBus: MessageBus): void;
|
|
10
|
+
/**
|
|
11
|
+
* Gets and clears any policy errors that were stored during config loading.
|
|
12
|
+
* This should be called once the UI is ready to display errors.
|
|
13
|
+
*
|
|
14
|
+
* @returns Array of formatted error messages, or empty array if no errors
|
|
15
|
+
*/
|
|
16
|
+
export declare function getPolicyErrorsForUI(): string[];
|
|
@@ -3,65 +3,135 @@
|
|
|
3
3
|
* Copyright 2025 Google LLC
|
|
4
4
|
* SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
*/
|
|
6
|
-
import { PolicyDecision,
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
//
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
const
|
|
6
|
+
import { PolicyDecision, MessageBusType, Storage, } from '@google/gemini-cli-core';
|
|
7
|
+
import { getSystemSettingsPath } from './settings.js';
|
|
8
|
+
import path from 'node:path';
|
|
9
|
+
import { fileURLToPath } from 'node:url';
|
|
10
|
+
import { loadPoliciesFromToml, } from './policy-toml-loader.js';
|
|
11
|
+
// Get the directory name of the current module
|
|
12
|
+
const __dirname = path.dirname(fileURLToPath(import.meta.url));
|
|
13
|
+
// Store policy loading errors to be displayed after UI is ready
|
|
14
|
+
let storedPolicyErrors = [];
|
|
15
|
+
function getPolicyDirectories() {
|
|
16
|
+
const DEFAULT_POLICIES_DIR = path.resolve(__dirname, 'policies');
|
|
17
|
+
const USER_POLICIES_DIR = Storage.getUserPoliciesDir();
|
|
18
|
+
const systemSettingsPath = getSystemSettingsPath();
|
|
19
|
+
const ADMIN_POLICIES_DIR = path.join(path.dirname(systemSettingsPath), 'policies');
|
|
20
|
+
return [
|
|
21
|
+
DEFAULT_POLICIES_DIR,
|
|
22
|
+
USER_POLICIES_DIR,
|
|
23
|
+
ADMIN_POLICIES_DIR,
|
|
24
|
+
].reverse();
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Determines the policy tier (1=default, 2=user, 3=admin) for a given directory.
|
|
28
|
+
* This is used by the TOML loader to assign priority bands.
|
|
29
|
+
*/
|
|
30
|
+
function getPolicyTier(dir) {
|
|
31
|
+
const DEFAULT_POLICIES_DIR = path.resolve(__dirname, 'policies');
|
|
32
|
+
const USER_POLICIES_DIR = Storage.getUserPoliciesDir();
|
|
33
|
+
const systemSettingsPath = getSystemSettingsPath();
|
|
34
|
+
const ADMIN_POLICIES_DIR = path.join(path.dirname(systemSettingsPath), 'policies');
|
|
35
|
+
// Normalize paths for comparison
|
|
36
|
+
const normalizedDir = path.resolve(dir);
|
|
37
|
+
const normalizedDefault = path.resolve(DEFAULT_POLICIES_DIR);
|
|
38
|
+
const normalizedUser = path.resolve(USER_POLICIES_DIR);
|
|
39
|
+
const normalizedAdmin = path.resolve(ADMIN_POLICIES_DIR);
|
|
40
|
+
if (normalizedDir === normalizedDefault)
|
|
41
|
+
return 1;
|
|
42
|
+
if (normalizedDir === normalizedUser)
|
|
43
|
+
return 2;
|
|
44
|
+
if (normalizedDir === normalizedAdmin)
|
|
45
|
+
return 3;
|
|
46
|
+
// Default to tier 1 if unknown
|
|
47
|
+
return 1;
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Formats a policy file error for console logging.
|
|
51
|
+
*/
|
|
52
|
+
function formatPolicyError(error) {
|
|
53
|
+
const tierLabel = error.tier.toUpperCase();
|
|
54
|
+
let message = `[${tierLabel}] Policy file error in ${error.fileName}:\n`;
|
|
55
|
+
message += ` ${error.message}`;
|
|
56
|
+
if (error.details) {
|
|
57
|
+
message += `\n${error.details}`;
|
|
58
|
+
}
|
|
59
|
+
if (error.suggestion) {
|
|
60
|
+
message += `\n Suggestion: ${error.suggestion}`;
|
|
61
|
+
}
|
|
62
|
+
return message;
|
|
63
|
+
}
|
|
64
|
+
export async function createPolicyEngineConfig(settings, approvalMode) {
|
|
65
|
+
const policyDirs = getPolicyDirectories();
|
|
66
|
+
// Load policies from TOML files
|
|
67
|
+
const { rules: tomlRules, errors } = await loadPoliciesFromToml(approvalMode, policyDirs, getPolicyTier);
|
|
68
|
+
// Store any errors encountered during TOML loading
|
|
69
|
+
// These will be emitted by getPolicyErrorsForUI() after the UI is ready.
|
|
70
|
+
if (errors.length > 0) {
|
|
71
|
+
storedPolicyErrors = errors.map((error) => formatPolicyError(error));
|
|
72
|
+
}
|
|
73
|
+
const rules = [...tomlRules];
|
|
37
74
|
// Priority system for policy rules:
|
|
38
75
|
// - Higher priority numbers win over lower priority numbers
|
|
39
76
|
// - When multiple rules match, the highest priority rule is applied
|
|
40
77
|
// - Rules are evaluated in order of priority (highest first)
|
|
41
78
|
//
|
|
42
|
-
// Priority
|
|
43
|
-
//
|
|
44
|
-
//
|
|
45
|
-
//
|
|
46
|
-
//
|
|
47
|
-
//
|
|
48
|
-
//
|
|
49
|
-
//
|
|
50
|
-
//
|
|
51
|
-
//
|
|
52
|
-
//
|
|
53
|
-
//
|
|
54
|
-
|
|
55
|
-
|
|
79
|
+
// Priority bands (tiers):
|
|
80
|
+
// - Default policies (TOML): 1 + priority/1000 (e.g., priority 100 → 1.100)
|
|
81
|
+
// - User policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
|
|
82
|
+
// - Admin policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
|
|
83
|
+
//
|
|
84
|
+
// This ensures Admin > User > Default hierarchy is always preserved,
|
|
85
|
+
// while allowing user-specified priorities to work within each tier.
|
|
86
|
+
//
|
|
87
|
+
// Settings-based and dynamic rules (all in user tier 2.x):
|
|
88
|
+
// 2.95: Tools that the user has selected as "Always Allow" in the interactive UI
|
|
89
|
+
// 2.9: MCP servers excluded list (security: persistent server blocks)
|
|
90
|
+
// 2.4: Command line flag --exclude-tools (explicit temporary blocks)
|
|
91
|
+
// 2.3: Command line flag --allowed-tools (explicit temporary allows)
|
|
92
|
+
// 2.2: MCP servers with trust=true (persistent trusted servers)
|
|
93
|
+
// 2.1: MCP servers allowed list (persistent general server allows)
|
|
94
|
+
//
|
|
95
|
+
// TOML policy priorities (before transformation):
|
|
96
|
+
// 10: Write tools default to ASK_USER (becomes 1.010 in default tier)
|
|
97
|
+
// 15: Auto-edit tool override (becomes 1.015 in default tier)
|
|
98
|
+
// 50: Read-only tools (becomes 1.050 in default tier)
|
|
99
|
+
// 999: YOLO mode allow-all (becomes 1.999 in default tier)
|
|
100
|
+
// MCP servers that are explicitly excluded in settings.mcp.excluded
|
|
101
|
+
// Priority: 2.9 (highest in user tier for security - persistent server blocks)
|
|
102
|
+
if (settings.mcp?.excluded) {
|
|
103
|
+
for (const serverName of settings.mcp.excluded) {
|
|
56
104
|
rules.push({
|
|
57
105
|
toolName: `${serverName}__*`,
|
|
106
|
+
decision: PolicyDecision.DENY,
|
|
107
|
+
priority: 2.9,
|
|
108
|
+
});
|
|
109
|
+
}
|
|
110
|
+
}
|
|
111
|
+
// Tools that are explicitly excluded in the settings.
|
|
112
|
+
// Priority: 2.4 (user tier - explicit temporary blocks)
|
|
113
|
+
if (settings.tools?.exclude) {
|
|
114
|
+
for (const tool of settings.tools.exclude) {
|
|
115
|
+
rules.push({
|
|
116
|
+
toolName: tool,
|
|
117
|
+
decision: PolicyDecision.DENY,
|
|
118
|
+
priority: 2.4,
|
|
119
|
+
});
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
// Tools that are explicitly allowed in the settings.
|
|
123
|
+
// Priority: 2.3 (user tier - explicit temporary allows)
|
|
124
|
+
if (settings.tools?.allowed) {
|
|
125
|
+
for (const tool of settings.tools.allowed) {
|
|
126
|
+
rules.push({
|
|
127
|
+
toolName: tool,
|
|
58
128
|
decision: PolicyDecision.ALLOW,
|
|
59
|
-
priority:
|
|
129
|
+
priority: 2.3,
|
|
60
130
|
});
|
|
61
131
|
}
|
|
62
132
|
}
|
|
63
133
|
// MCP servers that are trusted in the settings.
|
|
64
|
-
// Priority:
|
|
134
|
+
// Priority: 2.2 (user tier - persistent trusted servers)
|
|
65
135
|
if (settings.mcpServers) {
|
|
66
136
|
for (const [serverName, serverConfig] of Object.entries(settings.mcpServers)) {
|
|
67
137
|
if (serverConfig.trust) {
|
|
@@ -70,77 +140,22 @@ export function createPolicyEngineConfig(settings, approvalMode) {
|
|
|
70
140
|
rules.push({
|
|
71
141
|
toolName: `${serverName}__*`,
|
|
72
142
|
decision: PolicyDecision.ALLOW,
|
|
73
|
-
priority:
|
|
143
|
+
priority: 2.2,
|
|
74
144
|
});
|
|
75
145
|
}
|
|
76
146
|
}
|
|
77
147
|
}
|
|
78
|
-
//
|
|
79
|
-
// Priority:
|
|
80
|
-
if (settings.
|
|
81
|
-
for (const
|
|
82
|
-
rules.push({
|
|
83
|
-
toolName: tool,
|
|
84
|
-
decision: PolicyDecision.ALLOW,
|
|
85
|
-
priority: 100,
|
|
86
|
-
});
|
|
87
|
-
}
|
|
88
|
-
}
|
|
89
|
-
// Tools that are explicitly excluded in the settings.
|
|
90
|
-
// Priority: 200
|
|
91
|
-
if (settings.tools?.exclude) {
|
|
92
|
-
for (const tool of settings.tools.exclude) {
|
|
93
|
-
rules.push({
|
|
94
|
-
toolName: tool,
|
|
95
|
-
decision: PolicyDecision.DENY,
|
|
96
|
-
priority: 200,
|
|
97
|
-
});
|
|
98
|
-
}
|
|
99
|
-
}
|
|
100
|
-
// MCP servers that are explicitly excluded in settings.mcp.excluded
|
|
101
|
-
// Priority: 195 (high priority to block servers)
|
|
102
|
-
if (settings.mcp?.excluded) {
|
|
103
|
-
for (const serverName of settings.mcp.excluded) {
|
|
148
|
+
// MCP servers that are explicitly allowed in settings.mcp.allowed
|
|
149
|
+
// Priority: 2.1 (user tier - persistent general server allows)
|
|
150
|
+
if (settings.mcp?.allowed) {
|
|
151
|
+
for (const serverName of settings.mcp.allowed) {
|
|
104
152
|
rules.push({
|
|
105
153
|
toolName: `${serverName}__*`,
|
|
106
|
-
decision: PolicyDecision.
|
|
107
|
-
priority:
|
|
108
|
-
});
|
|
109
|
-
}
|
|
110
|
-
}
|
|
111
|
-
// Allow all read-only tools.
|
|
112
|
-
// Priority: 50
|
|
113
|
-
for (const tool of READ_ONLY_TOOLS) {
|
|
114
|
-
rules.push({
|
|
115
|
-
toolName: tool,
|
|
116
|
-
decision: PolicyDecision.ALLOW,
|
|
117
|
-
priority: 50,
|
|
118
|
-
});
|
|
119
|
-
}
|
|
120
|
-
// Only add write tool rules if not in YOLO mode
|
|
121
|
-
// In YOLO mode, the wildcard ALLOW rule handles everything
|
|
122
|
-
if (approvalMode !== ApprovalMode.YOLO) {
|
|
123
|
-
for (const tool of WRITE_TOOLS) {
|
|
124
|
-
rules.push({
|
|
125
|
-
toolName: tool,
|
|
126
|
-
decision: PolicyDecision.ASK_USER,
|
|
127
|
-
priority: 10,
|
|
154
|
+
decision: PolicyDecision.ALLOW,
|
|
155
|
+
priority: 2.1,
|
|
128
156
|
});
|
|
129
157
|
}
|
|
130
158
|
}
|
|
131
|
-
if (approvalMode === ApprovalMode.YOLO) {
|
|
132
|
-
rules.push({
|
|
133
|
-
decision: PolicyDecision.ALLOW,
|
|
134
|
-
priority: 0, // Lowest priority - catches everything not explicitly configured
|
|
135
|
-
});
|
|
136
|
-
}
|
|
137
|
-
else if (approvalMode === ApprovalMode.AUTO_EDIT) {
|
|
138
|
-
rules.push({
|
|
139
|
-
toolName: EDIT_TOOL_NAME,
|
|
140
|
-
decision: PolicyDecision.ALLOW,
|
|
141
|
-
priority: 15, // Higher than write tools (10) to override ASK_USER
|
|
142
|
-
});
|
|
143
|
-
}
|
|
144
159
|
return {
|
|
145
160
|
rules,
|
|
146
161
|
defaultDecision: PolicyDecision.ASK_USER,
|
|
@@ -152,8 +167,22 @@ export function createPolicyUpdater(policyEngine, messageBus) {
|
|
|
152
167
|
policyEngine.addRule({
|
|
153
168
|
toolName,
|
|
154
169
|
decision: PolicyDecision.ALLOW,
|
|
155
|
-
|
|
170
|
+
// User tier (2) + high priority (950/1000) = 2.95
|
|
171
|
+
// This ensures user "always allow" selections are high priority
|
|
172
|
+
// but still lose to admin policies (3.xxx) and settings excludes (200)
|
|
173
|
+
priority: 2.95,
|
|
156
174
|
});
|
|
157
175
|
});
|
|
158
176
|
}
|
|
177
|
+
/**
|
|
178
|
+
* Gets and clears any policy errors that were stored during config loading.
|
|
179
|
+
* This should be called once the UI is ready to display errors.
|
|
180
|
+
*
|
|
181
|
+
* @returns Array of formatted error messages, or empty array if no errors
|
|
182
|
+
*/
|
|
183
|
+
export function getPolicyErrorsForUI() {
|
|
184
|
+
const errors = [...storedPolicyErrors];
|
|
185
|
+
storedPolicyErrors = []; // Clear after retrieving
|
|
186
|
+
return errors;
|
|
187
|
+
}
|
|
159
188
|
//# sourceMappingURL=policy.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../src/config/policy.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAEL,cAAc,
|
|
1
|
+
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../src/config/policy.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAEL,cAAc,EAKd,cAAc,EAEd,OAAO,GACR,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAiB,qBAAqB,EAAE,MAAM,eAAe,CAAC;AACrE,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EACL,oBAAoB,GAErB,MAAM,yBAAyB,CAAC;AAEjC,+CAA+C;AAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAE/D,gEAAgE;AAChE,IAAI,kBAAkB,GAAa,EAAE,CAAC;AAEtC,SAAS,oBAAoB;IAC3B,MAAM,oBAAoB,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IACjE,MAAM,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC;IACvD,MAAM,kBAAkB,GAAG,qBAAqB,EAAE,CAAC;IACnD,MAAM,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAClC,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAChC,UAAU,CACX,CAAC;IAEF,OAAO;QACL,oBAAoB;QACpB,iBAAiB;QACjB,kBAAkB;KACnB,CAAC,OAAO,EAAE,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,GAAW;IAChC,MAAM,oBAAoB,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IACjE,MAAM,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC;IACvD,MAAM,kBAAkB,GAAG,qBAAqB,EAAE,CAAC;IACnD,MAAM,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAClC,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAChC,UAAU,CACX,CAAC;IAEF,iCAAiC;IACjC,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC7D,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACvD,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAEzD,IAAI,aAAa,KAAK,iBAAiB;QAAE,OAAO,CAAC,CAAC;IAClD,IAAI,aAAa,KAAK,cAAc;QAAE,OAAO,CAAC,CAAC;IAC/C,IAAI,aAAa,KAAK,eAAe;QAAE,OAAO,CAAC,CAAC;IAEhD,+BAA+B;IAC/B,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,KAAsB;IAC/C,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;IAC3C,IAAI,OAAO,GAAG,IAAI,SAAS,0BAA0B,KAAK,CAAC,QAAQ,KAAK,CAAC;IACzE,OAAO,IAAI,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC;IAChC,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;QAClB,OAAO,IAAI,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC;IAClC,CAAC;IACD,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;QACrB,OAAO,IAAI,mBAAmB,KAAK,CAAC,UAAU,EAAE,CAAC;IACnD,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,QAAkB,EAClB,YAA0B;IAE1B,MAAM,UAAU,GAAG,oBAAoB,EAAE,CAAC;IAE1C,gCAAgC;IAChC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,MAAM,oBAAoB,CAC7D,YAAY,EACZ,UAAU,EACV,aAAa,CACd,CAAC;IAEF,mDAAmD;IACnD,yEAAyE;IACzE,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,kBAAkB,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,KAAK,GAAiB,CAAC,GAAG,SAAS,CAAC,CAAC;IAE3C,oCAAoC;IACpC,4DAA4D;IAC5D,oEAAoE;IACpE,6DAA6D;IAC7D,EAAE;IACF,0BAA0B;IAC1B,4EAA4E;IAC5E,yEAAyE;IACzE,0EAA0E;IAC1E,EAAE;IACF,qEAAqE;IACrE,qEAAqE;IACrE,EAAE;IACF,2DAA2D;IAC3D,mFAAmF;IACnF,yEAAyE;IACzE,wEAAwE;IACxE,wEAAwE;IACxE,mEAAmE;IACnE,sEAAsE;IACtE,EAAE;IACF,kDAAkD;IAClD,wEAAwE;IACxE,gEAAgE;IAChE,wDAAwD;IACxD,6DAA6D;IAE7D,oEAAoE;IACpE,+EAA+E;IAC/E,IAAI,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,CAAC;QAC3B,KAAK,MAAM,UAAU,IAAI,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC/C,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,GAAG,UAAU,KAAK;gBAC5B,QAAQ,EAAE,cAAc,CAAC,IAAI;gBAC7B,QAAQ,EAAE,GAAG;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sDAAsD;IACtD,wDAAwD;IACxD,IAAI,QAAQ,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC;QAC5B,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YAC1C,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,cAAc,CAAC,IAAI;gBAC7B,QAAQ,EAAE,GAAG;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,wDAAwD;IACxD,IAAI,QAAQ,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC;QAC5B,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YAC1C,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,cAAc,CAAC,KAAK;gBAC9B,QAAQ,EAAE,GAAG;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,yDAAyD;IACzD,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;QACxB,KAAK,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CACrD,QAAQ,CAAC,UAAU,CACpB,EAAE,CAAC;YACF,IAAI,YAAY,CAAC,KAAK,EAAE,CAAC;gBACvB,uCAAuC;gBACvC,0FAA0F;gBAC1F,KAAK,CAAC,IAAI,CAAC;oBACT,QAAQ,EAAE,GAAG,UAAU,KAAK;oBAC5B,QAAQ,EAAE,cAAc,CAAC,KAAK;oBAC9B,QAAQ,EAAE,GAAG;iBACd,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,+DAA+D;IAC/D,IAAI,QAAQ,CAAC,GAAG,EAAE,OAAO,EAAE,CAAC;QAC1B,KAAK,MAAM,UAAU,IAAI,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YAC9C,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,GAAG,UAAU,KAAK;gBAC5B,QAAQ,EAAE,cAAc,CAAC,KAAK;gBAC9B,QAAQ,EAAE,GAAG;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK;QACL,eAAe,EAAE,cAAc,CAAC,QAAQ;KACzC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,YAA0B,EAC1B,UAAsB;IAEtB,UAAU,CAAC,SAAS,CAClB,cAAc,CAAC,aAAa,EAC5B,CAAC,OAAqB,EAAE,EAAE;QACxB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAElC,YAAY,CAAC,OAAO,CAAC;YACnB,QAAQ;YACR,QAAQ,EAAE,cAAc,CAAC,KAAK;YAC9B,kDAAkD;YAClD,gEAAgE;YAChE,uEAAuE;YACvE,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;IACL,CAAC,CACF,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB;IAClC,MAAM,MAAM,GAAG,CAAC,GAAG,kBAAkB,CAAC,CAAC;IACvC,kBAAkB,GAAG,EAAE,CAAC,CAAC,yBAAyB;IAClD,OAAO,MAAM,CAAC;AAChB,CAAC"}
|