@google/gemini-cli 0.37.0-preview.0 → 0.37.0-preview.1

package/bundle/docs/cli/plan-mode.md

@@ -180,9 +180,16 @@ As described in the
 rule that does not explicitly specify `modes` is considered "always active" and
 will apply to Plan Mode as well.
 
-If you want a rule to apply to other modes but _not_ to Plan Mode, you must
-explicitly specify the target modes. For example, to allow `npm test` in default
-and Auto-Edit modes but not in Plan Mode:
+To maintain the integrity of Plan Mode as a safe research environment,
+persistent tool approvals are context-aware. Approvals granted in modes like
+Default or Auto-Edit do not apply to Plan Mode, ensuring that tools trusted for
+implementation don't automatically execute while you're researching. However,
+approvals granted while in Plan Mode are treated as intentional choices for
+global trust and apply to all modes.
+
+If you want to manually restrict a rule to other modes but _not_ to Plan Mode,
+you must explicitly specify the target modes. For example, to allow `npm test`
+in default and Auto-Edit modes but not in Plan Mode:
 
 ```toml
 [[rule]]

package/bundle/docs/reference/policy-engine.md

@@ -171,6 +171,24 @@ modes specified, it is always active.
   [Customizing Plan Mode Policies](../cli/plan-mode.md#customizing-policies).
 - `yolo`: A mode where all tools are auto-approved (use with extreme caution).
 
+To maintain the integrity of Plan Mode as a safe research environment,
+persistent tool approvals are context-aware. When you select **"Allow for all
+future sessions"**, the policy engine explicitly includes the current mode and
+all more permissive modes in the hierarchy (`plan` < `default` < `autoEdit` <
+`yolo`).
+
+- **Approvals in `plan` mode**: These represent an intentional choice to trust a
+  tool globally. The resulting rule explicitly includes all modes (`plan`,
+  `default`, `autoEdit`, and `yolo`).
+- **Approvals in other modes**: These only apply to the current mode and those
+  more permissive. For example:
+  - An approval granted in **`default`** mode applies to `default`, `autoEdit`,
+    and `yolo`.
+  - An approval granted in **`autoEdit`** mode applies to `autoEdit` and `yolo`.
+  - An approval granted in **`yolo`** mode applies only to `yolo`. This ensures
+    that trust flows correctly to more permissive environments while maintaining
+    the safety of more restricted modes like `plan`.
+
 ## Rule matching
 
 When a tool call is made, the engine checks it against all active rules,
@@ -304,7 +322,8 @@ priority = 10
 denyMessage = "Deletion is permanent"
 
 # (Optional) An array of approval modes where this rule is active.
-modes = ["autoEdit"]
+# If omitted or empty, the rule applies to all modes.
+modes = ["default", "autoEdit", "yolo"]
 
 # (Optional) A boolean to restrict the rule to interactive (true) or
 # non-interactive (false) environments.

package/bundle/gemini.js

@@ -66,7 +66,7 @@ import {
   updateAllUpdatableExtensions,
   updateExtension,
   validateAuthMethod
-} from "./chunk-ULC3DHVX.js";
+} from "./chunk-TSSVZ7RZ.js";
 import {
   AuthType,
   ChatRecordingService,
@@ -155,7 +155,7 @@ import {
   updatePolicy,
   writeToStderr,
   writeToStdout
-} from "./chunk-LEK5YYAR.js";
+} from "./chunk-ZB4UQCX5.js";
 import {
   ASK_USER_TOOL_NAME,
   ApprovalMode,
@@ -201,7 +201,7 @@ import {
   loadServerHierarchicalMemory,
   resolveToRealPath,
   setGeminiMdFilename
-} from "./chunk-7UZ4Y32N.js";
+} from "./chunk-JS5WSGB2.js";
 import "./chunk-664ZODQF.js";
 import {
   appEvents
@@ -7251,7 +7251,7 @@ async function loadSandboxConfig(settings, argv) {
   }
   const command2 = getSandboxCommand(sandboxValue);
   const packageJson = await getPackageJson(__dirname3);
-  const image = process.env["GEMINI_SANDBOX_IMAGE"] ?? "us-docker.pkg.dev/gemini-code-dev/gemini-cli/sandbox:0.37.0-preview.0" ?? customImage ?? packageJson?.config?.sandboxImageUri;
+  const image = process.env["GEMINI_SANDBOX_IMAGE"] ?? "us-docker.pkg.dev/gemini-code-dev/gemini-cli/sandbox:0.37.0-preview.1" ?? customImage ?? packageJson?.config?.sandboxImageUri;
   const isNative = command2 === "windows-native" || command2 === "sandbox-exec" || command2 === "lxc";
   return command2 && (image || isNative) ? { enabled: true, allowedPaths, networkAccess, command: command2, image } : void 0;
 }
@@ -9539,7 +9539,7 @@ async function runNonInteractive({
       }
     });
     if (process.env["GEMINI_CLI_ACTIVITY_LOG_TARGET"]) {
-      const { setupInitialActivityLogger } = await import("./devtoolsService-TVWW3DBW.js");
+      const { setupInitialActivityLogger } = await import("./devtoolsService-IWSTJYRB.js");
       await setupInitialActivityLogger(config);
     }
     const { stdout: workingStdout } = createWorkingStdio();
@@ -14263,7 +14263,7 @@ ${reason.stack}` : ""}`;
   });
 }
 async function startInteractiveUI(config, settings, startupWarnings, workspaceRoot = process.cwd(), resumedSessionData, initializationResult) {
-  const { startInteractiveUI: doStartUI } = await import("./interactiveCli-4WFWOVAQ.js");
+  const { startInteractiveUI: doStartUI } = await import("./interactiveCli-DX76MWWT.js");
   await doStartUI(
     config,
     settings,
@@ -14460,7 +14460,7 @@ ${finalArgs[promptIndex + 1]}`;
     await config.storage.initialize();
     adminControlsListner.setConfig(config);
     if (config.isInteractive() && settings.merged.general.devtools) {
-      const { setupInitialActivityLogger } = await import("./devtoolsService-TVWW3DBW.js");
+      const { setupInitialActivityLogger } = await import("./devtoolsService-IWSTJYRB.js");
       await setupInitialActivityLogger(config);
     }
     registerTelemetryConfig(config);

package/bundle/{interactiveCli-4WFWOVAQ.js → interactiveCli-24VGI5NV.js}

@@ -186,7 +186,7 @@ import {
   widestLineFromStyledChars,
   wordBreakStyledChars,
   wrapStyledChars
-} from "./chunk-ULC3DHVX.js";
+} from "./chunk-BLL44IGV.js";
 import {
   ApiKeyUpdatedEvent,
   AsyncFzf,
@@ -306,7 +306,7 @@ import {
   validatePlanContent,
   validatePlanPath,
   writeToStdout
-} from "./chunk-LEK5YYAR.js";
+} from "./chunk-VSXV53B7.js";
 import {
   ACTIVATE_SKILL_TOOL_NAME,
   ApprovalMode,
@@ -371,7 +371,7 @@ import {
   safeJsonToMarkdown,
   shortenPath,
   tildeifyPath
-} from "./chunk-7UZ4Y32N.js";
+} from "./chunk-JS5WSGB2.js";
 import "./chunk-664ZODQF.js";
 import {
   appEvents
@@ -49406,7 +49406,7 @@ ${queuedText}` : queuedText;
       if (keyMatchers["app.showErrorDetails" /* SHOW_ERROR_DETAILS */](key)) {
         if (settings.merged.general.devtools) {
           void (async () => {
-            const { toggleDevToolsPanel } = await import("./devtoolsService-TVWW3DBW.js");
+            const { toggleDevToolsPanel } = await import("./devtoolsService-2ULAA43E.js");
             await toggleDevToolsPanel(
               config,
               showErrorDetails,

package/bundle/{interactiveCli-6SIGBRWS.js → interactiveCli-D2MTTARB.js}

@@ -186,7 +186,7 @@ import {
   widestLineFromStyledChars,
   wordBreakStyledChars,
   wrapStyledChars
-} from "./chunk-A62NZYIK.js";
+} from "./chunk-WZB27TDF.js";
 import {
   ApiKeyUpdatedEvent,
   AsyncFzf,
@@ -296,7 +296,7 @@ import {
   validatePlanContent,
   validatePlanPath,
   writeToStdout
-} from "./chunk-3TN4SOLW.js";
+} from "./chunk-43UUP7VO.js";
 import {
   ACTIVATE_SKILL_TOOL_NAME,
   ChangeAuthRequestedError,
@@ -354,7 +354,7 @@ import {
   safeJsonToMarkdown,
   shortenPath,
   tildeifyPath
-} from "./chunk-R5X4CMUM.js";
+} from "./chunk-5OOT636U.js";
 import "./chunk-664ZODQF.js";
 import {
   appEvents
@@ -49389,7 +49389,7 @@ ${queuedText}` : queuedText;
       if (keyMatchers["app.showErrorDetails" /* SHOW_ERROR_DETAILS */](key)) {
         if (settings.merged.general.devtools) {
           void (async () => {
-            const { toggleDevToolsPanel } = await import("./devtoolsService-4FIYD6OW.js");
+            const { toggleDevToolsPanel } = await import("./devtoolsService-SZYXXACN.js");
             await toggleDevToolsPanel(
               config,
               showErrorDetails,