@google/gemini-cli 0.40.0-preview.2 → 0.40.0-preview.4

package/bundle/{chunk-NIVCRM5L.js → chunk-M76FWZ5L.js}

@@ -7,20 +7,20 @@ import {
   TOOL_OUTPUTS_DIR,
   ansiRegex,
   checkExhaustive,
+  checkPathTrust,
   createCache,
   deleteSessionArtifactsAsync,
   deleteSubagentSessionDirAndArtifactsAsync,
   getFsErrorMessage,
-  ideContextStore,
   import_lru_cache,
   isHeadlessMode,
-  isWithinRoot,
   loadConversationRecord,
+  loadTrustedFolders,
   partListUnionToString,
   require_strip_json_comments,
   sanitizeFilenamePart,
   stripAnsi
-} from "./chunk-NO7STVVM.js";
+} from "./chunk-KG7ZFMJL.js";
 import {
   FatalConfigError,
   GEMINI_DIR,
@@ -29,9 +29,8 @@ import {
   debugLogger,
   external_exports,
   getErrorMessage,
-  homedir,
-  require_proper_lockfile
-} from "./chunk-2RHFUIH4.js";
+  homedir
+} from "./chunk-UHHRGNIO.js";
 import {
   __commonJS,
   __require,
@@ -562,10 +561,10 @@ var require_package = __commonJS({
 // node_modules/dotenv/lib/main.js
 var require_main = __commonJS({
   "node_modules/dotenv/lib/main.js"(exports, module) {
-    var fs7 = __require("fs");
-    var path7 = __require("path");
+    var fs6 = __require("fs");
+    var path6 = __require("path");
     var os = __require("os");
-    var crypto2 = __require("crypto");
+    var crypto = __require("crypto");
     var packageJson = require_package();
     var version = packageJson.version;
     var TIPS = [
@@ -692,7 +691,7 @@ var require_main = __commonJS({
       if (options && options.path && options.path.length > 0) {
         if (Array.isArray(options.path)) {
           for (const filepath of options.path) {
-            if (fs7.existsSync(filepath)) {
+            if (fs6.existsSync(filepath)) {
               possibleVaultPath = filepath.endsWith(".vault") ? filepath : `${filepath}.vault`;
             }
           }
@@ -700,15 +699,15 @@ var require_main = __commonJS({
           possibleVaultPath = options.path.endsWith(".vault") ? options.path : `${options.path}.vault`;
         }
       } else {
-        possibleVaultPath = path7.resolve(process.cwd(), ".env.vault");
+        possibleVaultPath = path6.resolve(process.cwd(), ".env.vault");
       }
-      if (fs7.existsSync(possibleVaultPath)) {
+      if (fs6.existsSync(possibleVaultPath)) {
         return possibleVaultPath;
       }
       return null;
     }
     function _resolveHome(envPath) {
-      return envPath[0] === "~" ? path7.join(os.homedir(), envPath.slice(1)) : envPath;
+      return envPath[0] === "~" ? path6.join(os.homedir(), envPath.slice(1)) : envPath;
     }
     function _configVault(options) {
       const debug = Boolean(options && options.debug);
@@ -725,7 +724,7 @@ var require_main = __commonJS({
       return { parsed };
     }
     function configDotenv(options) {
-      const dotenvPath = path7.resolve(process.cwd(), ".env");
+      const dotenvPath = path6.resolve(process.cwd(), ".env");
       let encoding = "utf8";
       const debug = Boolean(options && options.debug);
       const quiet = Boolean(options && options.quiet);
@@ -749,13 +748,13 @@ var require_main = __commonJS({
       }
       let lastError;
       const parsedAll = {};
-      for (const path8 of optionPaths) {
+      for (const path7 of optionPaths) {
         try {
-          const parsed = DotenvModule.parse(fs7.readFileSync(path8, { encoding }));
+          const parsed = DotenvModule.parse(fs6.readFileSync(path7, { encoding }));
           DotenvModule.populate(parsedAll, parsed, options);
         } catch (e) {
           if (debug) {
-            _debug(`Failed to load ${path8} ${e.message}`);
+            _debug(`Failed to load ${path7} ${e.message}`);
           }
           lastError = e;
         }
@@ -770,7 +769,7 @@ var require_main = __commonJS({
         const shortPaths = [];
         for (const filePath of optionPaths) {
           try {
-            const relative = path7.relative(process.cwd(), filePath);
+            const relative = path6.relative(process.cwd(), filePath);
             shortPaths.push(relative);
           } catch (e) {
             if (debug) {
@@ -805,7 +804,7 @@ var require_main = __commonJS({
       const authTag = ciphertext.subarray(-16);
       ciphertext = ciphertext.subarray(12, -16);
       try {
-        const aesgcm = crypto2.createDecipheriv("aes-256-gcm", key, nonce);
+        const aesgcm = crypto.createDecipheriv("aes-256-gcm", key, nonce);
         aesgcm.setAuthTag(authTag);
         return `${aesgcm.update(ciphertext)}${aesgcm.final()}`;
       } catch (error) {
@@ -9907,10 +9906,10 @@ var require_stringify = __commonJS({
       replacer = null;
       indent = EMPTY;
     };
-    var join4 = (one, two, gap) => one ? two ? one + two.trim() + LF + gap : one.trimRight() + LF + gap : two ? two.trimRight() + LF + gap : EMPTY;
+    var join3 = (one, two, gap) => one ? two ? one + two.trim() + LF + gap : one.trimRight() + LF + gap : two ? two.trimRight() + LF + gap : EMPTY;
     var join_content = (inside, value, gap) => {
       const comment = process_comments(value, PREFIX_BEFORE, gap + indent, true);
-      return join4(comment, inside, gap);
+      return join3(comment, inside, gap);
     };
     var array_stringify = (value, gap) => {
       const deeper_gap = gap + indent;
@@ -9921,7 +9920,7 @@ var require_stringify = __commonJS({
         if (i !== 0) {
           inside += COMMA;
         }
-        const before = join4(
+        const before = join3(
           after_comma,
           process_comments(value, BEFORE(i), deeper_gap),
           deeper_gap
@@ -9931,7 +9930,7 @@ var require_stringify = __commonJS({
         inside += process_comments(value, AFTER_VALUE(i), deeper_gap);
         after_comma = process_comments(value, AFTER(i), deeper_gap);
       }
-      inside += join4(
+      inside += join3(
         after_comma,
         process_comments(value, PREFIX_AFTER, deeper_gap),
         deeper_gap
@@ -9956,7 +9955,7 @@ var require_stringify = __commonJS({
           inside += COMMA;
         }
         first = false;
-        const before = join4(
+        const before = join3(
           after_comma,
           process_comments(value, BEFORE(key), deeper_gap),
           deeper_gap
@@ -9966,7 +9965,7 @@ var require_stringify = __commonJS({
         after_comma = process_comments(value, AFTER(key), deeper_gap);
       };
       keys.forEach(iteratee);
-      inside += join4(
+      inside += join3(
         after_comma,
         process_comments(value, PREFIX_AFTER, deeper_gap),
         deeper_gap
@@ -10046,255 +10045,19 @@ var require_src2 = __commonJS({
 });
 
 // packages/cli/src/config/trustedFolders.ts
-var import_proper_lockfile = __toESM(require_proper_lockfile(), 1);
-import * as fs from "node:fs";
-import * as path from "node:path";
-import * as crypto from "node:crypto";
-var import_strip_json_comments = __toESM(require_strip_json_comments(), 1);
-var { promises: fsPromises } = fs;
-var TRUSTED_FOLDERS_FILENAME = "trustedFolders.json";
-function getUserSettingsDir() {
-  return path.join(homedir(), GEMINI_DIR);
-}
-function getTrustedFoldersPath() {
-  if (process.env["GEMINI_CLI_TRUSTED_FOLDERS_PATH"]) {
-    return process.env["GEMINI_CLI_TRUSTED_FOLDERS_PATH"];
-  }
-  return path.join(getUserSettingsDir(), TRUSTED_FOLDERS_FILENAME);
-}
-var TrustLevel = /* @__PURE__ */ ((TrustLevel2) => {
-  TrustLevel2["TRUST_FOLDER"] = "TRUST_FOLDER";
-  TrustLevel2["TRUST_PARENT"] = "TRUST_PARENT";
-  TrustLevel2["DO_NOT_TRUST"] = "DO_NOT_TRUST";
-  return TrustLevel2;
-})(TrustLevel || {});
-function isTrustLevel(value) {
-  return typeof value === "string" && // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
-  Object.values(TrustLevel).includes(value);
-}
-var realPathCache = /* @__PURE__ */ new Map();
-function parseTrustedFoldersJson(content) {
-  return JSON.parse((0, import_strip_json_comments.default)(content));
-}
-function getRealPath(location) {
-  let realPath = realPathCache.get(location);
-  if (realPath !== void 0) {
-    return realPath;
-  }
-  try {
-    realPath = fs.existsSync(location) ? fs.realpathSync(location) : location;
-  } catch {
-    realPath = location;
-  }
-  realPathCache.set(location, realPath);
-  return realPath;
-}
-var LoadedTrustedFolders = class {
-  constructor(user, errors) {
-    this.user = user;
-    this.errors = errors;
-  }
-  get rules() {
-    return Object.entries(this.user.config).map(([path7, trustLevel]) => ({
-      path: path7,
-      trustLevel
-    }));
-  }
-  /**
-   * Returns true or false if the path should be "trusted". This function
-   * should only be invoked when the folder trust setting is active.
-   *
-   * @param location path
-   * @returns
-   */
-  isPathTrusted(location, config, headlessOptions) {
-    if (isHeadlessMode(headlessOptions)) {
-      return true;
-    }
-    const configToUse = config ?? this.user.config;
-    const realLocation = getRealPath(location);
-    let longestMatchLen = -1;
-    let longestMatchTrust = void 0;
-    for (const [rulePath, trustLevel] of Object.entries(configToUse)) {
-      const effectivePath = trustLevel === "TRUST_PARENT" /* TRUST_PARENT */ ? path.dirname(rulePath) : rulePath;
-      const realEffectivePath = getRealPath(effectivePath);
-      if (isWithinRoot(realLocation, realEffectivePath)) {
-        if (rulePath.length > longestMatchLen) {
-          longestMatchLen = rulePath.length;
-          longestMatchTrust = trustLevel;
-        }
-      }
-    }
-    if (longestMatchTrust === "DO_NOT_TRUST" /* DO_NOT_TRUST */) return false;
-    if (longestMatchTrust === "TRUST_FOLDER" /* TRUST_FOLDER */ || longestMatchTrust === "TRUST_PARENT" /* TRUST_PARENT */)
-      return true;
-    return void 0;
-  }
-  async setValue(folderPath, trustLevel) {
-    if (this.errors.length > 0) {
-      const errorMessages = this.errors.map(
-        (error) => `Error in ${error.path}: ${error.message}`
-      );
-      throw new FatalConfigError(
-        `Cannot update trusted folders because the configuration file is invalid:
-${errorMessages.join("\n")}
-Please fix the file manually before trying to update it.`
-      );
-    }
-    const dirPath = path.dirname(this.user.path);
-    if (!fs.existsSync(dirPath)) {
-      await fsPromises.mkdir(dirPath, { recursive: true });
-    }
-    if (!fs.existsSync(this.user.path)) {
-      await fsPromises.writeFile(this.user.path, JSON.stringify({}, null, 2), {
-        mode: 384
-      });
-    }
-    const release = await (0, import_proper_lockfile.lock)(this.user.path, {
-      retries: {
-        retries: 10,
-        minTimeout: 100
-      }
-    });
-    try {
-      const content = await fsPromises.readFile(this.user.path, "utf-8");
-      let config;
-      try {
-        config = parseTrustedFoldersJson(content);
-      } catch (error) {
-        coreEvents.emitFeedback(
-          "error",
-          `Failed to parse trusted folders file at ${this.user.path}. The file may be corrupted.`,
-          error
-        );
-        config = {};
-      }
-      const originalTrustLevel = config[folderPath];
-      config[folderPath] = trustLevel;
-      this.user.config[folderPath] = trustLevel;
-      try {
-        saveTrustedFolders({ ...this.user, config });
-      } catch (e) {
-        if (originalTrustLevel === void 0) {
-          delete this.user.config[folderPath];
-        } else {
-          this.user.config[folderPath] = originalTrustLevel;
-        }
-        throw e;
-      }
-    } finally {
-      await release();
-    }
-  }
-};
-var loadedTrustedFolders;
-function loadTrustedFolders() {
-  if (loadedTrustedFolders) {
-    return loadedTrustedFolders;
-  }
-  const errors = [];
-  const userConfig = {};
-  const userPath = getTrustedFoldersPath();
-  try {
-    if (fs.existsSync(userPath)) {
-      const content = fs.readFileSync(userPath, "utf-8");
-      const parsed = parseTrustedFoldersJson(content);
-      if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
-        errors.push({
-          message: "Trusted folders file is not a valid JSON object.",
-          path: userPath
-        });
-      } else {
-        for (const [path7, trustLevel] of Object.entries(parsed)) {
-          if (isTrustLevel(trustLevel)) {
-            userConfig[path7] = trustLevel;
-          } else {
-            const possibleValues = Object.values(TrustLevel).join(", ");
-            errors.push({
-              message: `Invalid trust level "${trustLevel}" for path "${path7}". Possible values are: ${possibleValues}.`,
-              path: userPath
-            });
-          }
-        }
-      }
-    }
-  } catch (error) {
-    errors.push({
-      message: getErrorMessage(error),
-      path: userPath
-    });
-  }
-  loadedTrustedFolders = new LoadedTrustedFolders(
-    { path: userPath, config: userConfig },
-    errors
-  );
-  return loadedTrustedFolders;
-}
-function saveTrustedFolders(trustedFoldersFile) {
-  const dirPath = path.dirname(trustedFoldersFile.path);
-  if (!fs.existsSync(dirPath)) {
-    fs.mkdirSync(dirPath, { recursive: true });
-  }
-  const content = JSON.stringify(trustedFoldersFile.config, null, 2);
-  const tempPath = `${trustedFoldersFile.path}.tmp.${crypto.randomUUID()}`;
-  try {
-    fs.writeFileSync(tempPath, content, {
-      encoding: "utf-8",
-      mode: 384
-    });
-    fs.renameSync(tempPath, trustedFoldersFile.path);
-  } catch (error) {
-    if (fs.existsSync(tempPath)) {
-      try {
-        fs.unlinkSync(tempPath);
-      } catch {
-      }
-    }
-    throw error;
-  }
-}
 function isFolderTrustEnabled(settings) {
   const folderTrustSetting = settings.security?.folderTrust?.enabled ?? true;
   return folderTrustSetting;
 }
-function getWorkspaceTrustFromLocalConfig(workspaceDir, trustConfig, headlessOptions) {
-  const folders = loadTrustedFolders();
-  const configToUse = trustConfig ?? folders.user.config;
-  if (folders.errors.length > 0) {
-    const errorMessages = folders.errors.map(
-      (error) => `Error in ${error.path}: ${error.message}`
-    );
-    throw new FatalConfigError(
-      `${errorMessages.join("\n")}
-Please fix the configuration file and try again.`
-    );
-  }
-  const isTrusted = folders.isPathTrusted(
-    workspaceDir,
-    configToUse,
-    headlessOptions
-  );
-  return {
-    isTrusted,
-    source: isTrusted !== void 0 ? "file" : void 0
-  };
+function loadTrustedFolders2() {
+  return loadTrustedFolders();
 }
-function isWorkspaceTrusted(settings, workspaceDir = process.cwd(), trustConfig, headlessOptions) {
-  if (isHeadlessMode(headlessOptions)) {
-    return { isTrusted: true, source: void 0 };
-  }
-  if (!isFolderTrustEnabled(settings)) {
-    return { isTrusted: true, source: void 0 };
-  }
-  const ideTrust = ideContextStore.get()?.workspaceState?.isTrusted;
-  if (ideTrust !== void 0) {
-    return { isTrusted: ideTrust, source: "ide" };
-  }
-  return getWorkspaceTrustFromLocalConfig(
-    workspaceDir,
-    trustConfig,
-    headlessOptions
-  );
+function isWorkspaceTrusted(settings, workspaceDir = process.cwd(), headlessOptions) {
+  return checkPathTrust({
+    path: workspaceDir,
+    isFolderTrustEnabled: isFolderTrustEnabled(settings),
+    isHeadless: isHeadlessMode(headlessOptions)
+  });
 }
 
 // packages/cli/src/ui/types.ts
@@ -10323,8 +10086,8 @@ var isTodoList = (res) => typeof res === "object" && res !== null && "todos" in
 var emptyIcon = "  ";
 
 // packages/cli/src/utils/sessionUtils.ts
-import * as fs2 from "node:fs/promises";
-import path2 from "node:path";
+import * as fs from "node:fs/promises";
+import path from "node:path";
 
 // packages/cli/src/ui/utils/textUtils.ts
 import { stripVTControlCharacters } from "node:util";
@@ -10660,13 +10423,13 @@ var formatRelativeTime = (timestamp, style = "long") => {
 };
 var getAllSessionFiles = async (chatsDir, currentSessionId, options = {}) => {
   try {
-    const files = await fs2.readdir(chatsDir);
+    const files = await fs.readdir(chatsDir);
     const sessionFiles = files.filter(
       (f) => f.startsWith(SESSION_FILE_PREFIX) && (f.endsWith(".json") || f.endsWith(".jsonl"))
     ).sort();
     const sessionPromises = sessionFiles.map(
       async (file) => {
-        const filePath = path2.join(chatsDir, file);
+        const filePath = path.join(chatsDir, file);
         try {
           const content = await loadConversationRecord(filePath, {
             metadataOnly: !options.includeFullContent
@@ -10756,7 +10519,7 @@ var SessionSelector = class {
    * Lists all available sessions for the current project.
    */
   async listSessions() {
-    const chatsDir = path2.join(this.storage.getProjectTempDir(), "chats");
+    const chatsDir = path.join(this.storage.getProjectTempDir(), "chats");
     return getSessionFiles(chatsDir);
   }
   /**
@@ -10785,7 +10548,7 @@ var SessionSelector = class {
     if (!isNaN(index) && index.toString() === trimmedIdentifier && index > 0 && index <= sortedSessions.length) {
       return sortedSessions[index - 1];
     }
-    const chatsDir = path2.join(this.storage.getProjectTempDir(), "chats");
+    const chatsDir = path.join(this.storage.getProjectTempDir(), "chats");
     throw SessionError.invalidSessionIdentifier(trimmedIdentifier, chatsDir);
   }
   /**
@@ -10824,8 +10587,8 @@ var SessionSelector = class {
    * Loads session data for a selected session.
    */
   async selectSession(sessionInfo) {
-    const chatsDir = path2.join(this.storage.getProjectTempDir(), "chats");
-    const sessionPath = path2.join(chatsDir, sessionInfo.fileName);
+    const chatsDir = path.join(this.storage.getProjectTempDir(), "chats");
+    const sessionPath = path.join(chatsDir, sessionInfo.fileName);
     try {
       const sessionData = await loadConversationRecord(sessionPath);
       if (!sessionData) {
@@ -10911,8 +10674,8 @@ function convertSessionToHistoryFormats(messages) {
 }
 
 // packages/cli/src/utils/sessionCleanup.ts
-import * as fs3 from "node:fs/promises";
-import * as path3 from "node:path";
+import * as fs2 from "node:fs/promises";
+import * as path2 from "node:path";
 var DEFAULT_MIN_RETENTION = "1d";
 var MIN_MAX_COUNT = 1;
 var MULTIPLIERS = {
@@ -10935,7 +10698,7 @@ function deriveShortIdFromFileName(fileName) {
 }
 async function cleanupSessionAndSubagentsAsync(sessionId, config) {
   const tempDir = config.storage.getProjectTempDir();
-  const chatsDir = path3.join(tempDir, "chats");
+  const chatsDir = path2.join(tempDir, "chats");
   await deleteSessionArtifactsAsync(sessionId, tempDir);
   await deleteSubagentSessionDirAndArtifactsAsync(sessionId, chatsDir, tempDir);
 }
@@ -10952,7 +10715,7 @@ async function cleanupExpiredSessions(config, settings) {
       return { ...result, disabled: true };
     }
     const retentionConfig = settings.general.sessionRetention;
-    const chatsDir = path3.join(config.storage.getProjectTempDir(), "chats");
+    const chatsDir = path2.join(config.storage.getProjectTempDir(), "chats");
     const validationErrorMessage = validateRetentionConfig(
       config,
       retentionConfig
@@ -10983,11 +10746,11 @@ async function cleanupExpiredSessions(config, settings) {
             (f) => f.startsWith(SESSION_FILE_PREFIX) && f.endsWith(`-${shortId}.json`)
           );
           for (const file of matchingFiles) {
-            const filePath = path3.join(chatsDir, file);
+            const filePath = path2.join(chatsDir, file);
             let fullSessionId;
             try {
               try {
-                const fileContent = await fs3.readFile(filePath, "utf8");
+                const fileContent = await fs2.readFile(filePath, "utf8");
                 const content = JSON.parse(fileContent);
                 if (content && typeof content === "object" && "sessionId" in content) {
                   const record = content;
@@ -10999,7 +10762,7 @@ async function cleanupExpiredSessions(config, settings) {
               } catch {
               }
               if (!fullSessionId || fullSessionId !== config.getSessionId()) {
-                await fs3.unlink(filePath);
+                await fs2.unlink(filePath);
                 if (fullSessionId) {
                   await cleanupSessionAndSubagentsAsync(fullSessionId, config);
                 }
@@ -11018,8 +10781,8 @@ async function cleanupExpiredSessions(config, settings) {
             }
           }
         } else {
-          const sessionPath = path3.join(chatsDir, sessionToDelete.fileName);
-          await fs3.unlink(sessionPath);
+          const sessionPath = path2.join(chatsDir, sessionToDelete.fileName);
+          await fs2.unlink(sessionPath);
           const sessionId = sessionToDelete.sessionInfo?.id;
           if (sessionId) {
             await cleanupSessionAndSubagentsAsync(sessionId, config);
@@ -11175,13 +10938,13 @@ async function cleanupToolOutputFiles(settings, debugMode = false, projectTempDi
       await storage.initialize();
       tempDir = storage.getProjectTempDir();
     }
-    const toolOutputDir = path3.join(tempDir, TOOL_OUTPUTS_DIR);
+    const toolOutputDir = path2.join(tempDir, TOOL_OUTPUTS_DIR);
     try {
-      await fs3.access(toolOutputDir);
+      await fs2.access(toolOutputDir);
     } catch {
       return result;
     }
-    const entries = await fs3.readdir(toolOutputDir, { withFileTypes: true });
+    const entries = await fs2.readdir(toolOutputDir, { withFileTypes: true });
     result.scanned = entries.length;
     if (entries.length === 0) {
       return result;
@@ -11190,8 +10953,8 @@ async function cleanupToolOutputFiles(settings, debugMode = false, projectTempDi
     const fileStatsResults = await Promise.all(
       files.map(async (file) => {
         try {
-          const filePath = path3.join(toolOutputDir, file.name);
-          const stat2 = await fs3.stat(filePath);
+          const filePath = path2.join(toolOutputDir, file.name);
+          const stat2 = await fs2.stat(filePath);
           return { name: file.name, mtime: stat2.mtime };
         } catch (error) {
           debugLogger.debug(
@@ -11244,8 +11007,8 @@ async function cleanupToolOutputFiles(settings, debugMode = false, projectTempDi
           );
           continue;
         }
-        const subdirPath = path3.join(toolOutputDir, subdir.name);
-        const stat2 = await fs3.stat(subdirPath);
+        const subdirPath = path2.join(toolOutputDir, subdir.name);
+        const stat2 = await fs2.stat(subdirPath);
         let shouldDelete = false;
         if (retentionConfig.maxAge) {
           const maxAgeMs = parseRetentionPeriod(retentionConfig.maxAge);
@@ -11255,7 +11018,7 @@ async function cleanupToolOutputFiles(settings, debugMode = false, projectTempDi
           }
         }
         if (shouldDelete) {
-          await fs3.rm(subdirPath, { recursive: true, force: true });
+          await fs2.rm(subdirPath, { recursive: true, force: true });
           result.deleted++;
         }
       } catch (error) {
@@ -11264,8 +11027,8 @@ async function cleanupToolOutputFiles(settings, debugMode = false, projectTempDi
     }
     for (const fileName of filesToDelete) {
       try {
-        const filePath = path3.join(toolOutputDir, fileName);
-        await fs3.unlink(filePath);
+        const filePath = path2.join(toolOutputDir, fileName);
+        await fs2.unlink(filePath);
         result.deleted++;
       } catch (error) {
         debugLogger.debug(
@@ -11289,11 +11052,11 @@ async function cleanupToolOutputFiles(settings, debugMode = false, projectTempDi
 
 // packages/cli/src/config/settings.ts
 var dotenv = __toESM(require_main(), 1);
-import * as fs5 from "node:fs";
-import * as path4 from "node:path";
+import * as fs4 from "node:fs";
+import * as path3 from "node:path";
 import { platform } from "node:os";
 import process2 from "node:process";
-var import_strip_json_comments2 = __toESM(require_strip_json_comments(), 1);
+var import_strip_json_comments = __toESM(require_strip_json_comments(), 1);
 
 // packages/cli/src/ui/themes/theme.ts
 var import_tinygradient = __toESM(require_tinygradient(), 1);
@@ -14463,6 +14226,19 @@ var SETTINGS_SCHEMA = {
         showInDialog: false,
         items: { type: "string" }
       },
+      confirmationRequired: {
+        type: "array",
+        label: "Confirmation Required",
+        category: "Advanced",
+        requiresRestart: true,
+        default: void 0,
+        description: oneLine`
+          Tool names that always require user confirmation.
+          Takes precedence over allowed tools and core tool allowlists.
+        `,
+        showInDialog: false,
+        items: { type: "string" }
+      },
       exclude: {
         type: "array",
         label: "Exclude Tools",
@@ -16187,7 +15963,7 @@ function resolveEnvVarsInObjectInternal(obj, visited, customEnv) {
 function isPlainObject(item) {
   return !!item && typeof item === "object" && !Array.isArray(item);
 }
-function mergeRecursively(target, source, getMergeStrategyForPath2, path7 = []) {
+function mergeRecursively(target, source, getMergeStrategyForPath2, path6 = []) {
   for (const key of Object.keys(source)) {
     if (key === "__proto__" || key === "constructor" || key === "prototype") {
       continue;
@@ -16196,7 +15972,7 @@ function mergeRecursively(target, source, getMergeStrategyForPath2, path7 = [])
     if (srcValue === void 0) {
       continue;
     }
-    const newPath = [...path7, key];
+    const newPath = [...path6, key];
     const objValue = target[key];
     const mergeStrategy = getMergeStrategyForPath2(newPath);
     if (mergeStrategy === "shallow_merge" /* SHALLOW_MERGE */ && objValue && srcValue) {
@@ -16245,13 +16021,13 @@ function customDeepMerge(getMergeStrategyForPath2, ...sources) {
 
 // packages/cli/src/utils/commentJson.ts
 var import_comment_json = __toESM(require_src2(), 1);
-import * as fs4 from "node:fs";
+import * as fs3 from "node:fs";
 function updateSettingsFilePreservingFormat(filePath, updates) {
-  if (!fs4.existsSync(filePath)) {
-    fs4.writeFileSync(filePath, JSON.stringify(updates, null, 2), "utf-8");
+  if (!fs3.existsSync(filePath)) {
+    fs3.writeFileSync(filePath, JSON.stringify(updates, null, 2), "utf-8");
     return;
   }
-  const originalContent = fs4.readFileSync(filePath, "utf-8");
+  const originalContent = fs3.readFileSync(filePath, "utf-8");
   let parsed;
   try {
     parsed = (0, import_comment_json.parse)(originalContent);
@@ -16265,7 +16041,7 @@ function updateSettingsFilePreservingFormat(filePath, updates) {
   }
   const updatedStructure = applyUpdates(parsed, updates);
   const updatedContent = (0, import_comment_json.stringify)(updatedStructure, null, 2);
-  fs4.writeFileSync(filePath, updatedContent, "utf-8");
+  fs3.writeFileSync(filePath, updatedContent, "utf-8");
 }
 function preserveCommentsOnPropertyDeletion(container, propName) {
   const target = container;
@@ -16534,11 +16310,11 @@ function formatValidationError(error, filePath) {
   const MAX_ERRORS_TO_DISPLAY = 5;
   const displayedIssues = error.issues.slice(0, MAX_ERRORS_TO_DISPLAY);
   for (const issue of displayedIssues) {
-    const path7 = issue.path.reduce(
+    const path6 = issue.path.reduce(
       (acc, curr) => typeof curr === "number" ? `${acc}[${curr}]` : `${acc ? acc + "." : ""}${curr}`,
       ""
     );
-    lines.push(`Error in: ${path7 || "(root)"}`);
+    lines.push(`Error in: ${path6 || "(root)"}`);
     lines.push(`    ${issue.message}`);
     if (issue.code === "invalid_type") {
       const expected = issue.expected;
@@ -16559,11 +16335,11 @@ function formatValidationError(error, filePath) {
 }
 
 // packages/cli/src/config/settings.ts
-function getMergeStrategyForPath(path7) {
+function getMergeStrategyForPath(path6) {
   let current = void 0;
   let currentSchema = getSettingsSchema();
   let parent = void 0;
-  for (const key of path7) {
+  for (const key of path6) {
     if (!currentSchema || !currentSchema[key]) {
       if (parent?.additionalProperties?.mergeStrategy) {
         return parent.additionalProperties.mergeStrategy;
@@ -16577,7 +16353,7 @@ function getMergeStrategyForPath(path7) {
   return current?.mergeStrategy;
 }
 var USER_SETTINGS_PATH = Storage.getGlobalSettingsPath();
-var USER_SETTINGS_DIR = path4.dirname(USER_SETTINGS_PATH);
+var USER_SETTINGS_DIR = path3.dirname(USER_SETTINGS_PATH);
 var DEFAULT_EXCLUDED_ENV_VARS = [
   "DEBUG",
   "DEBUG_MODE",
@@ -16609,8 +16385,8 @@ function getSystemDefaultsPath() {
   if (process2.env["GEMINI_CLI_SYSTEM_DEFAULTS_PATH"]) {
     return process2.env["GEMINI_CLI_SYSTEM_DEFAULTS_PATH"];
   }
-  return path4.join(
-    path4.dirname(getSystemSettingsPath()),
+  return path3.join(
+    path3.dirname(getSystemSettingsPath()),
     "system-defaults.json"
   );
 }
@@ -16631,8 +16407,8 @@ var _loadableSettingScopes = [
 function isLoadableSettingScope(scope) {
   return _loadableSettingScopes.includes(scope);
 }
-function setNestedProperty(obj, path7, value) {
-  const keys = path7.split(".");
+function setNestedProperty(obj, path6, value) {
+  const keys = path6.split(".");
   const lastKey = keys.pop();
   if (!lastKey) return;
   let current = obj;
@@ -16727,7 +16503,7 @@ var LoadedSettings = class {
       const adminSchema = adminSettingSchema.properties;
       const adminDefaults = getDefaultsFromSchema(adminSchema);
       merged.admin = customDeepMerge(
-        (path7) => getMergeStrategyForPath(["admin", ...path7]),
+        (path6) => getMergeStrategyForPath(["admin", ...path6]),
         adminDefaults,
         this._remoteAdminSettings?.admin ?? {}
       );
@@ -16818,25 +16594,29 @@ var LoadedSettings = class {
     this._merged = this.computeMergedSettings();
   }
 };
-function findEnvFile(startDir) {
-  let currentDir = path4.resolve(startDir);
+function findEnvFile(startDir, isTrusted) {
+  let currentDir = path3.resolve(startDir);
   while (true) {
-    const geminiEnvPath = path4.join(currentDir, GEMINI_DIR, ".env");
-    if (fs5.existsSync(geminiEnvPath)) {
-      return geminiEnvPath;
+    if (isTrusted) {
+      const geminiEnvPath = path3.join(currentDir, GEMINI_DIR, ".env");
+      if (fs4.existsSync(geminiEnvPath)) {
+        return geminiEnvPath;
+      }
     }
-    const envPath = path4.join(currentDir, ".env");
-    if (fs5.existsSync(envPath)) {
+    const envPath = path3.join(currentDir, ".env");
+    if (fs4.existsSync(envPath)) {
       return envPath;
     }
-    const parentDir = path4.dirname(currentDir);
+    const parentDir = path3.dirname(currentDir);
     if (parentDir === currentDir || !parentDir) {
-      const homeGeminiEnvPath = path4.join(homedir(), GEMINI_DIR, ".env");
-      if (fs5.existsSync(homeGeminiEnvPath)) {
-        return homeGeminiEnvPath;
+      if (isTrusted) {
+        const homeGeminiEnvPath = path3.join(homedir(), GEMINI_DIR, ".env");
+        if (fs4.existsSync(homeGeminiEnvPath)) {
+          return homeGeminiEnvPath;
+        }
       }
-      const homeEnvPath = path4.join(homedir(), ".env");
-      if (fs5.existsSync(homeEnvPath)) {
+      const homeEnvPath = path3.join(homedir(), ".env");
+      if (fs4.existsSync(homeEnvPath)) {
         return homeEnvPath;
       }
       return null;
@@ -16846,8 +16626,8 @@ function findEnvFile(startDir) {
 }
 function setUpCloudShellEnvironment(envFilePath, isTrusted, isSandboxed) {
   let value = "cloudshell-gca";
-  if (envFilePath && fs5.existsSync(envFilePath)) {
-    const envFileContent = fs5.readFileSync(envFilePath);
+  if (envFilePath && fs4.existsSync(envFilePath)) {
+    const envFileContent = fs4.readFileSync(envFilePath);
     const parsedEnv = dotenv.parse(envFileContent);
     if (parsedEnv["GOOGLE_CLOUD_PROJECT"]) {
       value = parsedEnv["GOOGLE_CLOUD_PROJECT"];
@@ -16859,9 +16639,9 @@ function setUpCloudShellEnvironment(envFilePath, isTrusted, isSandboxed) {
   process2.env["GOOGLE_CLOUD_PROJECT"] = value;
 }
 function loadEnvironment(settings, workspaceDir, isWorkspaceTrustedFn = isWorkspaceTrusted) {
-  const envFilePath = findEnvFile(workspaceDir);
   const trustResult = isWorkspaceTrustedFn(settings, workspaceDir);
   const isTrusted = trustResult.isTrusted ?? false;
+  const envFilePath = findEnvFile(workspaceDir, isTrusted);
   const args = process2.argv.slice(2);
   const doubleDashIndex = args.indexOf("--");
   const relevantArgs = doubleDashIndex === -1 ? args : args.slice(0, doubleDashIndex);
@@ -16871,14 +16651,14 @@ function loadEnvironment(settings, workspaceDir, isWorkspaceTrustedFn = isWorksp
   }
   if (envFilePath) {
     try {
-      const envFileContent = fs5.readFileSync(envFilePath, "utf-8");
+      const envFileContent = fs4.readFileSync(envFilePath, "utf-8");
       const parsedEnv = dotenv.parse(envFileContent);
       const excludedVars = settings?.advanced?.excludedEnvVars || DEFAULT_EXCLUDED_ENV_VARS;
       const isProjectEnvFile = !envFilePath.includes(GEMINI_DIR);
       for (const key in parsedEnv) {
         if (Object.hasOwn(parsedEnv, key)) {
           let value = parsedEnv[key];
-          if (!isTrusted && isSandboxed) {
+          if (!isTrusted) {
             if (!AUTH_ENV_VAR_WHITELIST.includes(key)) {
               continue;
             }
@@ -16905,7 +16685,7 @@ function isWorktreeEnabled(settings) {
   return settings.merged.experimental.worktrees;
 }
 function loadSettings(workspaceDir = process2.cwd()) {
-  const normalizedWorkspaceDir = path4.resolve(workspaceDir);
+  const normalizedWorkspaceDir = path3.resolve(workspaceDir);
   return settingsCache.getOrCreate(
     normalizedWorkspaceDir,
     () => _doLoadSettings(normalizedWorkspaceDir)
@@ -16923,9 +16703,9 @@ function _doLoadSettings(workspaceDir) {
   const workspaceSettingsPath = storage.getWorkspaceSettingsPath();
   const load = (filePath) => {
     try {
-      if (fs5.existsSync(filePath)) {
-        const content = fs5.readFileSync(filePath, "utf-8");
-        const rawSettings = JSON.parse((0, import_strip_json_comments2.default)(content));
+      if (fs4.existsSync(filePath)) {
+        const content = fs4.readFileSync(filePath, "utf-8");
+        const rawSettings = JSON.parse((0, import_strip_json_comments.default)(content));
         if (typeof rawSettings !== "object" || rawSettings === null || Array.isArray(rawSettings)) {
           settingsErrors.push({
             message: "Settings file is not a valid JSON object.",
@@ -17214,9 +16994,9 @@ function migrateDeprecatedSettings(loadedSettings, removeDeprecated = true) {
 function saveSettings(settingsFile) {
   settingsCache.clear();
   try {
-    const dirPath = path4.dirname(settingsFile.path);
-    if (!fs5.existsSync(dirPath)) {
-      fs5.mkdirSync(dirPath, { recursive: true });
+    const dirPath = path3.dirname(settingsFile.path);
+    if (!fs4.existsSync(dirPath)) {
+      fs4.mkdirSync(dirPath, { recursive: true });
     }
     const settingsToSave = settingsFile.originalSettings;
     updateSettingsFilePreservingFormat(
@@ -17341,7 +17121,7 @@ function migrateExperimentalSettings(settings, loadedSettings, scope, removeDepr
 }
 
 // packages/cli/src/commands/gemma/constants.ts
-import path5 from "node:path";
+import path4 from "node:path";
 var LITERT_RELEASE_VERSION = "v0.9.0-alpha03";
 var LITERT_RELEASE_BASE_URL = "https://github.com/google-ai-edge/LiteRT-LM/releases/download";
 var GEMMA_MODEL_NAME = "gemma3-1b-gpu-custom";
@@ -17360,18 +17140,18 @@ var PLATFORM_BINARY_SHA256 = {
   "lit.windows_x86_64.exe": "de82d2829d2fb1cbdb318e2d8a78dc2f9659ff14cb11b2894d1f30e0bfde2bf6"
 };
 function getLiteRtBinDir() {
-  return path5.join(Storage.getGlobalGeminiDir(), "bin", "litert");
+  return path4.join(Storage.getGlobalGeminiDir(), "bin", "litert");
 }
 function getPidFilePath() {
-  return path5.join(Storage.getGlobalTempDir(), "litert-server.pid");
+  return path4.join(Storage.getGlobalTempDir(), "litert-server.pid");
 }
 function getLogFilePath() {
-  return path5.join(Storage.getGlobalTempDir(), "litert-server.log");
+  return path4.join(Storage.getGlobalTempDir(), "litert-server.log");
 }
 
 // packages/cli/src/commands/gemma/platform.ts
-import fs6 from "node:fs";
-import path6 from "node:path";
+import fs5 from "node:fs";
+import path5 from "node:path";
 import { execFileSync } from "node:child_process";
 function getUserConfiguredBinaryPath(workspaceDir = process.cwd()) {
   try {
@@ -17431,14 +17211,14 @@ function getBinaryPath(binaryName) {
   }
   const name = binaryName ?? detectPlatform()?.binaryName;
   if (!name) return null;
-  return path6.join(getLiteRtBinDir(), name);
+  return path5.join(getLiteRtBinDir(), name);
 }
 function getBinaryDownloadUrl(binaryName) {
   return `${LITERT_RELEASE_BASE_URL}/${LITERT_RELEASE_VERSION}/${binaryName}`;
 }
 function isBinaryInstalled(binaryPath = getBinaryPath()) {
   if (!binaryPath) return false;
-  return fs6.existsSync(binaryPath);
+  return fs5.existsSync(binaryPath);
 }
 function isModelDownloaded(binaryPath) {
   try {
@@ -17494,7 +17274,7 @@ function isLiteRtServerProcessInfo(value) {
 function readServerProcessInfo() {
   const pidPath = getPidFilePath();
   try {
-    const content = fs6.readFileSync(pidPath, "utf-8").trim();
+    const content = fs5.readFileSync(pidPath, "utf-8").trim();
     if (!content) {
       return null;
     }
@@ -17508,7 +17288,7 @@ function readServerProcessInfo() {
   }
 }
 function writeServerProcessInfo(processInfo) {
-  fs6.writeFileSync(getPidFilePath(), JSON.stringify(processInfo), "utf-8");
+  fs5.writeFileSync(getPidFilePath(), JSON.stringify(processInfo), "utf-8");
 }
 function readServerPid() {
   return readServerProcessInfo()?.pid ?? null;
@@ -17523,7 +17303,7 @@ function normalizeProcessValue(value) {
 function readProcessCommandLine(pid) {
   try {
     if (process.platform === "linux") {
-      const output2 = fs6.readFileSync(`/proc/${pid}/cmdline`, "utf-8");
+      const output2 = fs5.readFileSync(`/proc/${pid}/cmdline`, "utf-8");
       return output2.trim() ? output2 : null;
     }
     if (process.platform === "win32") {
@@ -17566,7 +17346,7 @@ function isExpectedLiteRtServerCommand(commandLine, options) {
   }
   const normalizedBinaryPath = normalizeProcessValue(options.binaryPath);
   const normalizedBinaryName = normalizeProcessValue(
-    path6.basename(options.binaryPath)
+    path5.basename(options.binaryPath)
   );
   return normalizedCommandLine.includes(normalizedBinaryPath) || normalizedCommandLine.includes(normalizedBinaryName);
 }
@@ -17629,8 +17409,8 @@ export {
   pickDefaultThemeName,
   DefaultLight,
   DefaultDark,
-  loadTrustedFolders,
   isFolderTrustEnabled,
+  loadTrustedFolders2 as loadTrustedFolders,
   isWorkspaceTrusted,
   isFullWidth,
   isWide,