npm - @google/gemini-cli - Versions diffs - 0.7.0-nightly.20250912.68035591 → 0.7.0-preview.0 - Mend

@google/gemini-cli 0.7.0-nightly.20250912.68035591 → 0.7.0-preview.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (375) hide show

package/dist/src/config/policy-engine.integration.test.js ADDED Viewed

@@ -0,0 +1,270 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { describe, it, expect } from 'vitest';
+import { ApprovalMode, PolicyDecision, PolicyEngine, } from '@google/gemini-cli-core';
+import { createPolicyEngineConfig } from './policy.js';
+describe('Policy Engine Integration Tests', () => {
+    describe('Policy configuration produces valid PolicyEngine config', () => {
+        it('should create a working PolicyEngine from basic settings', () => {
+            const settings = {
+                tools: {
+                    allowed: ['run_shell_command'],
+                    exclude: ['write_file'],
+                },
+            };
+            const config = createPolicyEngineConfig(settings, ApprovalMode.DEFAULT);
+            const engine = new PolicyEngine(config);
+            // Allowed tool should be allowed
+            expect(engine.check({ name: 'run_shell_command' })).toBe(PolicyDecision.ALLOW);
+            // Excluded tool should be denied
+            expect(engine.check({ name: 'write_file' })).toBe(PolicyDecision.DENY);
+            // Other write tools should ask user
+            expect(engine.check({ name: 'replace' })).toBe(PolicyDecision.ASK_USER);
+            // Unknown tools should use default
+            expect(engine.check({ name: 'unknown_tool' })).toBe(PolicyDecision.ASK_USER);
+        });
+        it('should handle MCP server wildcard patterns correctly', () => {
+            const settings = {
+                mcp: {
+                    allowed: ['allowed-server'],
+                    excluded: ['blocked-server'],
+                },
+                mcpServers: {
+                    'trusted-server': {
+                        command: 'node',
+                        args: ['server.js'],
+                        trust: true,
+                    },
+                },
+            };
+            const config = createPolicyEngineConfig(settings, ApprovalMode.DEFAULT);
+            const engine = new PolicyEngine(config);
+            // Tools from allowed server should be allowed
+            expect(engine.check({ name: 'allowed-server__tool1' })).toBe(PolicyDecision.ALLOW);
+            expect(engine.check({ name: 'allowed-server__another_tool' })).toBe(PolicyDecision.ALLOW);
+            // Tools from trusted server should be allowed
+            expect(engine.check({ name: 'trusted-server__tool1' })).toBe(PolicyDecision.ALLOW);
+            expect(engine.check({ name: 'trusted-server__special_tool' })).toBe(PolicyDecision.ALLOW);
+            // Tools from blocked server should be denied
+            expect(engine.check({ name: 'blocked-server__tool1' })).toBe(PolicyDecision.DENY);
+            expect(engine.check({ name: 'blocked-server__any_tool' })).toBe(PolicyDecision.DENY);
+            // Tools from unknown servers should use default
+            expect(engine.check({ name: 'unknown-server__tool' })).toBe(PolicyDecision.ASK_USER);
+        });
+        it('should correctly prioritize specific tool rules over MCP server wildcards', () => {
+            const settings = {
+                mcp: {
+                    allowed: ['my-server'],
+                },
+                tools: {
+                    exclude: ['my-server__dangerous-tool'],
+                },
+            };
+            const config = createPolicyEngineConfig(settings, ApprovalMode.DEFAULT);
+            const engine = new PolicyEngine(config);
+            // Server is allowed, but specific tool is excluded
+            expect(engine.check({ name: 'my-server__safe-tool' })).toBe(PolicyDecision.ALLOW);
+            expect(engine.check({ name: 'my-server__dangerous-tool' })).toBe(PolicyDecision.DENY);
+        });
+        it('should handle complex mixed configurations', () => {
+            const settings = {
+                tools: {
+                    autoAccept: true, // Allows read-only tools
+                    allowed: ['custom-tool', 'my-server__special-tool'],
+                    exclude: ['glob', 'dangerous-tool'],
+                },
+                mcp: {
+                    allowed: ['allowed-server'],
+                    excluded: ['blocked-server'],
+                },
+                mcpServers: {
+                    'trusted-server': {
+                        command: 'node',
+                        args: ['server.js'],
+                        trust: true,
+                    },
+                },
+            };
+            const config = createPolicyEngineConfig(settings, ApprovalMode.DEFAULT);
+            const engine = new PolicyEngine(config);
+            // Read-only tools should be allowed (autoAccept)
+            expect(engine.check({ name: 'read_file' })).toBe(PolicyDecision.ALLOW);
+            expect(engine.check({ name: 'list_directory' })).toBe(PolicyDecision.ALLOW);
+            // But glob is explicitly excluded, so it should be denied
+            expect(engine.check({ name: 'glob' })).toBe(PolicyDecision.DENY);
+            // Replace should ask user (normal write tool behavior)
+            expect(engine.check({ name: 'replace' })).toBe(PolicyDecision.ASK_USER);
+            // Explicitly allowed tools
+            expect(engine.check({ name: 'custom-tool' })).toBe(PolicyDecision.ALLOW);
+            expect(engine.check({ name: 'my-server__special-tool' })).toBe(PolicyDecision.ALLOW);
+            // MCP server tools
+            expect(engine.check({ name: 'allowed-server__tool' })).toBe(PolicyDecision.ALLOW);
+            expect(engine.check({ name: 'trusted-server__tool' })).toBe(PolicyDecision.ALLOW);
+            expect(engine.check({ name: 'blocked-server__tool' })).toBe(PolicyDecision.DENY);
+            // Write tools should ask by default
+            expect(engine.check({ name: 'write_file' })).toBe(PolicyDecision.ASK_USER);
+        });
+        it('should handle YOLO mode correctly', () => {
+            const settings = {
+                tools: {
+                    exclude: ['dangerous-tool'], // Even in YOLO, excludes should be respected
+                },
+            };
+            const config = createPolicyEngineConfig(settings, ApprovalMode.YOLO);
+            const engine = new PolicyEngine(config);
+            // Most tools should be allowed in YOLO mode
+            expect(engine.check({ name: 'run_shell_command' })).toBe(PolicyDecision.ALLOW);
+            expect(engine.check({ name: 'write_file' })).toBe(PolicyDecision.ALLOW);
+            expect(engine.check({ name: 'unknown_tool' })).toBe(PolicyDecision.ALLOW);
+            // But explicitly excluded tools should still be denied
+            expect(engine.check({ name: 'dangerous-tool' })).toBe(PolicyDecision.DENY);
+        });
+        it('should handle AUTO_EDIT mode correctly', () => {
+            const settings = {};
+            const config = createPolicyEngineConfig(settings, ApprovalMode.AUTO_EDIT);
+            const engine = new PolicyEngine(config);
+            // Edit tool should be allowed (EditTool.Name = 'replace')
+            expect(engine.check({ name: 'replace' })).toBe(PolicyDecision.ALLOW);
+            // Other tools should follow normal rules
+            expect(engine.check({ name: 'run_shell_command' })).toBe(PolicyDecision.ASK_USER);
+            expect(engine.check({ name: 'write_file' })).toBe(PolicyDecision.ASK_USER);
+        });
+        it('should verify priority ordering works correctly in practice', () => {
+            const settings = {
+                tools: {
+                    autoAccept: true, // Priority 50
+                    allowed: ['specific-tool'], // Priority 100
+                    exclude: ['blocked-tool'], // Priority 200
+                },
+                mcp: {
+                    allowed: ['mcp-server'], // Priority 85
+                    excluded: ['blocked-server'], // Priority 195
+                },
+                mcpServers: {
+                    'trusted-server': {
+                        command: 'node',
+                        args: ['server.js'],
+                        trust: true, // Priority 90
+                    },
+                },
+            };
+            const config = createPolicyEngineConfig(settings, ApprovalMode.DEFAULT);
+            const engine = new PolicyEngine(config);
+            // Test that priorities are applied correctly
+            const rules = config.rules || [];
+            // Find rules and verify their priorities
+            const blockedToolRule = rules.find((r) => r.toolName === 'blocked-tool');
+            expect(blockedToolRule?.priority).toBe(200);
+            const blockedServerRule = rules.find((r) => r.toolName === 'blocked-server__*');
+            expect(blockedServerRule?.priority).toBe(195);
+            const specificToolRule = rules.find((r) => r.toolName === 'specific-tool');
+            expect(specificToolRule?.priority).toBe(100);
+            const trustedServerRule = rules.find((r) => r.toolName === 'trusted-server__*');
+            expect(trustedServerRule?.priority).toBe(90);
+            const mcpServerRule = rules.find((r) => r.toolName === 'mcp-server__*');
+            expect(mcpServerRule?.priority).toBe(85);
+            const readOnlyToolRule = rules.find((r) => r.toolName === 'glob');
+            expect(readOnlyToolRule?.priority).toBe(50);
+            // Verify the engine applies these priorities correctly
+            expect(engine.check({ name: 'blocked-tool' })).toBe(PolicyDecision.DENY);
+            expect(engine.check({ name: 'blocked-server__any' })).toBe(PolicyDecision.DENY);
+            expect(engine.check({ name: 'specific-tool' })).toBe(PolicyDecision.ALLOW);
+            expect(engine.check({ name: 'trusted-server__any' })).toBe(PolicyDecision.ALLOW);
+            expect(engine.check({ name: 'mcp-server__any' })).toBe(PolicyDecision.ALLOW);
+            expect(engine.check({ name: 'glob' })).toBe(PolicyDecision.ALLOW);
+        });
+        it('should handle edge case: MCP server with both trust and exclusion', () => {
+            const settings = {
+                mcpServers: {
+                    'conflicted-server': {
+                        command: 'node',
+                        args: ['server.js'],
+                        trust: true, // Priority 90 - ALLOW
+                    },
+                },
+                mcp: {
+                    excluded: ['conflicted-server'], // Priority 195 - DENY
+                },
+            };
+            const config = createPolicyEngineConfig(settings, ApprovalMode.DEFAULT);
+            const engine = new PolicyEngine(config);
+            // Exclusion (195) should win over trust (90)
+            expect(engine.check({ name: 'conflicted-server__tool' })).toBe(PolicyDecision.DENY);
+        });
+        it('should handle edge case: specific tool allowed but server excluded', () => {
+            const settings = {
+                mcp: {
+                    excluded: ['my-server'], // Priority 195 - DENY
+                },
+                tools: {
+                    allowed: ['my-server__special-tool'], // Priority 100 - ALLOW
+                },
+            };
+            const config = createPolicyEngineConfig(settings, ApprovalMode.DEFAULT);
+            const engine = new PolicyEngine(config);
+            // Server exclusion (195) wins over specific tool allow (100)
+            // This might be counterintuitive but follows the priority system
+            expect(engine.check({ name: 'my-server__special-tool' })).toBe(PolicyDecision.DENY);
+            expect(engine.check({ name: 'my-server__other-tool' })).toBe(PolicyDecision.DENY);
+        });
+        it('should verify non-interactive mode transformation', () => {
+            const settings = {};
+            const config = createPolicyEngineConfig(settings, ApprovalMode.DEFAULT);
+            // Enable non-interactive mode
+            const engineConfig = { ...config, nonInteractive: true };
+            const engine = new PolicyEngine(engineConfig);
+            // ASK_USER should become DENY in non-interactive mode
+            expect(engine.check({ name: 'unknown_tool' })).toBe(PolicyDecision.DENY);
+            expect(engine.check({ name: 'run_shell_command' })).toBe(PolicyDecision.DENY);
+        });
+        it('should handle empty settings gracefully', () => {
+            const settings = {};
+            const config = createPolicyEngineConfig(settings, ApprovalMode.DEFAULT);
+            const engine = new PolicyEngine(config);
+            // Should have default rules for write tools
+            expect(engine.check({ name: 'write_file' })).toBe(PolicyDecision.ASK_USER);
+            expect(engine.check({ name: 'replace' })).toBe(PolicyDecision.ASK_USER);
+            // Unknown tools should use default
+            expect(engine.check({ name: 'unknown' })).toBe(PolicyDecision.ASK_USER);
+        });
+        it('should verify rules are created with correct priorities', () => {
+            const settings = {
+                tools: {
+                    autoAccept: true,
+                    allowed: ['tool1', 'tool2'],
+                    exclude: ['tool3'],
+                },
+                mcp: {
+                    allowed: ['server1'],
+                    excluded: ['server2'],
+                },
+            };
+            const config = createPolicyEngineConfig(settings, ApprovalMode.DEFAULT);
+            const rules = config.rules || [];
+            // Verify each rule has the expected priority
+            const tool3Rule = rules.find((r) => r.toolName === 'tool3');
+            expect(tool3Rule?.priority).toBe(200); // Excluded tools
+            const server2Rule = rules.find((r) => r.toolName === 'server2__*');
+            expect(server2Rule?.priority).toBe(195); // Excluded servers
+            const tool1Rule = rules.find((r) => r.toolName === 'tool1');
+            expect(tool1Rule?.priority).toBe(100); // Allowed tools
+            const server1Rule = rules.find((r) => r.toolName === 'server1__*');
+            expect(server1Rule?.priority).toBe(85); // Allowed servers
+            const globRule = rules.find((r) => r.toolName === 'glob');
+            expect(globRule?.priority).toBe(50); // Auto-accept read-only
+            // The PolicyEngine will sort these by priority when it's created
+            const engine = new PolicyEngine(config);
+            const sortedRules = engine.getRules();
+            // Verify the engine sorted them correctly
+            for (let i = 1; i < sortedRules.length; i++) {
+                const prevPriority = sortedRules[i - 1].priority ?? 0;
+                const currPriority = sortedRules[i].priority ?? 0;
+                expect(prevPriority).toBeGreaterThanOrEqual(currPriority);
+            }
+        });
+    });
+});
+//# sourceMappingURL=policy-engine.integration.test.js.map

package/dist/src/config/policy-engine.integration.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"policy-engine.integration.test.js","sourceRoot":"","sources":["../../../src/config/policy-engine.integration.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EACL,YAAY,EACZ,cAAc,EACd,YAAY,GACb,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AAGvD,QAAQ,CAAC,iCAAiC,EAAE,GAAG,EAAE;IAC/C,QAAQ,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACvE,EAAE,CAAC,0DAA0D,EAAE,GAAG,EAAE;YAClE,MAAM,QAAQ,GAAa;gBACzB,KAAK,EAAE;oBACL,OAAO,EAAE,CAAC,mBAAmB,CAAC;oBAC9B,OAAO,EAAE,CAAC,YAAY,CAAC;iBACxB;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,wBAAwB,CAAC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;YACxE,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAExC,iCAAiC;YACjC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC,IAAI,CACtD,cAAc,CAAC,KAAK,CACrB,CAAC;YAEF,iCAAiC;YACjC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;YAEvE,oCAAoC;YACpC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAExE,mCAAmC;YACnC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,IAAI,CACjD,cAAc,CAAC,QAAQ,CACxB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;YAC9D,MAAM,QAAQ,GAAa;gBACzB,GAAG,EAAE;oBACH,OAAO,EAAE,CAAC,gBAAgB,CAAC;oBAC3B,QAAQ,EAAE,CAAC,gBAAgB,CAAC;iBAC7B;gBACD,UAAU,EAAE;oBACV,gBAAgB,EAAE;wBAChB,OAAO,EAAE,MAAM;wBACf,IAAI,EAAE,CAAC,WAAW,CAAC;wBACnB,KAAK,EAAE,IAAI;qBACZ;iBACF;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,wBAAwB,CAAC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;YACxE,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAExC,8CAA8C;YAC9C,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,uBAAuB,EAAE,CAAC,CAAC,CAAC,IAAI,CAC1D,cAAc,CAAC,KAAK,CACrB,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,8BAA8B,EAAE,CAAC,CAAC,CAAC,IAAI,CACjE,cAAc,CAAC,KAAK,CACrB,CAAC;YAEF,8CAA8C;YAC9C,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,uBAAuB,EAAE,CAAC,CAAC,CAAC,IAAI,CAC1D,cAAc,CAAC,KAAK,CACrB,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,8BAA8B,EAAE,CAAC,CAAC,CAAC,IAAI,CACjE,cAAc,CAAC,KAAK,CACrB,CAAC;YAEF,6CAA6C;YAC7C,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,uBAAuB,EAAE,CAAC,CAAC,CAAC,IAAI,CAC1D,cAAc,CAAC,IAAI,CACpB,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,0BAA0B,EAAE,CAAC,CAAC,CAAC,IAAI,CAC7D,cAAc,CAAC,IAAI,CACpB,CAAC;YAEF,gDAAgD;YAChD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,CAAC,CAAC,CAAC,IAAI,CACzD,cAAc,CAAC,QAAQ,CACxB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2EAA2E,EAAE,GAAG,EAAE;YACnF,MAAM,QAAQ,GAAa;gBACzB,GAAG,EAAE;oBACH,OAAO,EAAE,CAAC,WAAW,CAAC;iBACvB;gBACD,KAAK,EAAE;oBACL,OAAO,EAAE,CAAC,2BAA2B,CAAC;iBACvC;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,wBAAwB,CAAC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;YACxE,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAExC,mDAAmD;YACnD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,CAAC,CAAC,CAAC,IAAI,CACzD,cAAc,CAAC,KAAK,CACrB,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,2BAA2B,EAAE,CAAC,CAAC,CAAC,IAAI,CAC9D,cAAc,CAAC,IAAI,CACpB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,QAAQ,GAAa;gBACzB,KAAK,EAAE;oBACL,UAAU,EAAE,IAAI,EAAE,yBAAyB;oBAC3C,OAAO,EAAE,CAAC,aAAa,EAAE,yBAAyB,CAAC;oBACnD,OAAO,EAAE,CAAC,MAAM,EAAE,gBAAgB,CAAC;iBACpC;gBACD,GAAG,EAAE;oBACH,OAAO,EAAE,CAAC,gBAAgB,CAAC;oBAC3B,QAAQ,EAAE,CAAC,gBAAgB,CAAC;iBAC7B;gBACD,UAAU,EAAE;oBACV,gBAAgB,EAAE;wBAChB,OAAO,EAAE,MAAM;wBACf,IAAI,EAAE,CAAC,WAAW,CAAC;wBACnB,KAAK,EAAE,IAAI;qBACZ;iBACF;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,wBAAwB,CAAC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;YACxE,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAExC,iDAAiD;YACjD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YACvE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAAC,IAAI,CACnD,cAAc,CAAC,KAAK,CACrB,CAAC;YAEF,0DAA0D;YAC1D,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;YAEjE,uDAAuD;YACvD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAExE,2BAA2B;YAC3B,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YACzE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,yBAAyB,EAAE,CAAC,CAAC,CAAC,IAAI,CAC5D,cAAc,CAAC,KAAK,CACrB,CAAC;YAEF,mBAAmB;YACnB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,CAAC,CAAC,CAAC,IAAI,CACzD,cAAc,CAAC,KAAK,CACrB,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,CAAC,CAAC,CAAC,IAAI,CACzD,cAAc,CAAC,KAAK,CACrB,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,CAAC,CAAC,CAAC,IAAI,CACzD,cAAc,CAAC,IAAI,CACpB,CAAC;YAEF,oCAAoC;YACpC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,IAAI,CAC/C,cAAc,CAAC,QAAQ,CACxB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,MAAM,QAAQ,GAAa;gBACzB,KAAK,EAAE;oBACL,OAAO,EAAE,CAAC,gBAAgB,CAAC,EAAE,6CAA6C;iBAC3E;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,wBAAwB,CAAC,QAAQ,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC;YACrE,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAExC,4CAA4C;YAC5C,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC,IAAI,CACtD,cAAc,CAAC,KAAK,CACrB,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YACxE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YAE1E,uDAAuD;YACvD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAAC,IAAI,CACnD,cAAc,CAAC,IAAI,CACpB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,QAAQ,GAAa,EAAE,CAAC;YAE9B,MAAM,MAAM,GAAG,wBAAwB,CAAC,QAAQ,EAAE,YAAY,CAAC,SAAS,CAAC,CAAC;YAC1E,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAExC,0DAA0D;YAC1D,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YAErE,yCAAyC;YACzC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC,IAAI,CACtD,cAAc,CAAC,QAAQ,CACxB,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,IAAI,CAC/C,cAAc,CAAC,QAAQ,CACxB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;YACrE,MAAM,QAAQ,GAAa;gBACzB,KAAK,EAAE;oBACL,UAAU,EAAE,IAAI,EAAE,cAAc;oBAChC,OAAO,EAAE,CAAC,eAAe,CAAC,EAAE,eAAe;oBAC3C,OAAO,EAAE,CAAC,cAAc,CAAC,EAAE,eAAe;iBAC3C;gBACD,GAAG,EAAE;oBACH,OAAO,EAAE,CAAC,YAAY,CAAC,EAAE,cAAc;oBACvC,QAAQ,EAAE,CAAC,gBAAgB,CAAC,EAAE,eAAe;iBAC9C;gBACD,UAAU,EAAE;oBACV,gBAAgB,EAAE;wBAChB,OAAO,EAAE,MAAM;wBACf,IAAI,EAAE,CAAC,WAAW,CAAC;wBACnB,KAAK,EAAE,IAAI,EAAE,cAAc;qBAC5B;iBACF;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,wBAAwB,CAAC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;YACxE,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAExC,6CAA6C;YAC7C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;YAEjC,yCAAyC;YACzC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,CAAC;YACzE,MAAM,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAE5C,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAClC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,mBAAmB,CAC1C,CAAC;YACF,MAAM,CAAC,iBAAiB,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAE9C,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CACjC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,eAAe,CACtC,CAAC;YACF,MAAM,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAE7C,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAClC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,mBAAmB,CAC1C,CAAC;YACF,MAAM,CAAC,iBAAiB,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAE7C,MAAM,aAAa,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,eAAe,CAAC,CAAC;YACxE,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAEzC,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;YAClE,MAAM,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAE5C,uDAAuD;YACvD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;YACzE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,qBAAqB,EAAE,CAAC,CAAC,CAAC,IAAI,CACxD,cAAc,CAAC,IAAI,CACpB,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,IAAI,CAClD,cAAc,CAAC,KAAK,CACrB,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,qBAAqB,EAAE,CAAC,CAAC,CAAC,IAAI,CACxD,cAAc,CAAC,KAAK,CACrB,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,IAAI,CACpD,cAAc,CAAC,KAAK,CACrB,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mEAAmE,EAAE,GAAG,EAAE;YAC3E,MAAM,QAAQ,GAAa;gBACzB,UAAU,EAAE;oBACV,mBAAmB,EAAE;wBACnB,OAAO,EAAE,MAAM;wBACf,IAAI,EAAE,CAAC,WAAW,CAAC;wBACnB,KAAK,EAAE,IAAI,EAAE,sBAAsB;qBACpC;iBACF;gBACD,GAAG,EAAE;oBACH,QAAQ,EAAE,CAAC,mBAAmB,CAAC,EAAE,sBAAsB;iBACxD;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,wBAAwB,CAAC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;YACxE,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAExC,6CAA6C;YAC7C,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,yBAAyB,EAAE,CAAC,CAAC,CAAC,IAAI,CAC5D,cAAc,CAAC,IAAI,CACpB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oEAAoE,EAAE,GAAG,EAAE;YAC5E,MAAM,QAAQ,GAAa;gBACzB,GAAG,EAAE;oBACH,QAAQ,EAAE,CAAC,WAAW,CAAC,EAAE,sBAAsB;iBAChD;gBACD,KAAK,EAAE;oBACL,OAAO,EAAE,CAAC,yBAAyB,CAAC,EAAE,uBAAuB;iBAC9D;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,wBAAwB,CAAC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;YACxE,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAExC,6DAA6D;YAC7D,iEAAiE;YACjE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,yBAAyB,EAAE,CAAC,CAAC,CAAC,IAAI,CAC5D,cAAc,CAAC,IAAI,CACpB,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,uBAAuB,EAAE,CAAC,CAAC,CAAC,IAAI,CAC1D,cAAc,CAAC,IAAI,CACpB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;YAC3D,MAAM,QAAQ,GAAa,EAAE,CAAC;YAE9B,MAAM,MAAM,GAAG,wBAAwB,CAAC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;YACxE,8BAA8B;YAC9B,MAAM,YAAY,GAAG,EAAE,GAAG,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;YACzD,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,YAAY,CAAC,CAAC;YAE9C,sDAAsD;YACtD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;YACzE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC,IAAI,CACtD,cAAc,CAAC,IAAI,CACpB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,QAAQ,GAAa,EAAE,CAAC;YAE9B,MAAM,MAAM,GAAG,wBAAwB,CAAC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;YACxE,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAExC,4CAA4C;YAC5C,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,IAAI,CAC/C,cAAc,CAAC,QAAQ,CACxB,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAExE,mCAAmC;YACnC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;YACjE,MAAM,QAAQ,GAAa;gBACzB,KAAK,EAAE;oBACL,UAAU,EAAE,IAAI;oBAChB,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;oBAC3B,OAAO,EAAE,CAAC,OAAO,CAAC;iBACnB;gBACD,GAAG,EAAE;oBACH,OAAO,EAAE,CAAC,SAAS,CAAC;oBACpB,QAAQ,EAAE,CAAC,SAAS,CAAC;iBACtB;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,wBAAwB,CAAC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;YACxE,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;YAEjC,6CAA6C;YAC7C,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;YAC5D,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,iBAAiB;YAExD,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,YAAY,CAAC,CAAC;YACnE,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,mBAAmB;YAE5D,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;YAC5D,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,gBAAgB;YAEvD,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,YAAY,CAAC,CAAC;YACnE,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,kBAAkB;YAE1D,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;YAC1D,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,wBAAwB;YAE7D,iEAAiE;YACjE,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;YAEtC,0CAA0C;YAC1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC5C,MAAM,YAAY,GAAG,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC;gBACtD,MAAM,YAAY,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC;gBAClD,MAAM,CAAC,YAAY,CAAC,CAAC,sBAAsB,CAAC,YAAY,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/config/policy.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { type PolicyEngineConfig, ApprovalMode } from '@google/gemini-cli-core';
+import type { Settings } from './settings.js';
+export declare function createPolicyEngineConfig(settings: Settings, approvalMode: ApprovalMode): PolicyEngineConfig;

package/dist/src/config/policy.js ADDED Viewed

@@ -0,0 +1,150 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { PolicyDecision, ApprovalMode,
+// Read-only tools
+GlobTool, GrepTool, LSTool, ReadFileTool, ReadManyFilesTool, RipGrepTool,
+// Write tools
+EditTool, MemoryTool, ShellTool, WriteFileTool, WebFetchTool, WebSearchTool, } from '@google/gemini-cli-core';
+// READ_ONLY_TOOLS is a list of built-in tools that do not modify the user's
+// files or system state.
+const READ_ONLY_TOOLS = new Set([
+    GlobTool.Name,
+    GrepTool.Name,
+    RipGrepTool.Name,
+    LSTool.Name,
+    ReadFileTool.Name,
+    ReadManyFilesTool.Name,
+    WebSearchTool.Name,
+]);
+// WRITE_TOOLS is a list of built-in tools that can modify the user's files or
+// system state. These tools have a shouldConfirmExecute method.
+// We are keeping this here for visibility and to maintain backwards compatibility
+// with the existing tool permissions system. Eventually we'll remove this and
+// any tool that isn't read only will require a confirmation unless altered by
+// config and policy.
+const WRITE_TOOLS = new Set([
+    EditTool.Name,
+    MemoryTool.Name,
+    ShellTool.Name,
+    WriteFileTool.Name,
+    WebFetchTool.Name,
+]);
+export function createPolicyEngineConfig(settings, approvalMode) {
+    const rules = [];
+    // Priority system for policy rules:
+    // - Higher priority numbers win over lower priority numbers
+    // - When multiple rules match, the highest priority rule is applied
+    // - Rules are evaluated in order of priority (highest first)
+    //
+    // Priority levels used in this configuration:
+    //   0: Default allow-all (YOLO mode only)
+    //   10: Write tools default to ASK_USER
+    //   50: Auto-accept read-only tools
+    //   85: MCP servers allowed list
+    //   90: MCP servers with trust=true
+    //   100: Explicitly allowed individual tools
+    //   195: Explicitly excluded MCP servers
+    //   200: Explicitly excluded individual tools (highest priority)
+    // MCP servers that are explicitly allowed in settings.mcp.allowed
+    // Priority: 85 (lower than trusted servers)
+    if (settings.mcp?.allowed) {
+        for (const serverName of settings.mcp.allowed) {
+            rules.push({
+                toolName: `${serverName}__*`,
+                decision: PolicyDecision.ALLOW,
+                priority: 85,
+            });
+        }
+    }
+    // MCP servers that are trusted in the settings.
+    // Priority: 90 (higher than general allowed servers but lower than explicit tool allows)
+    if (settings.mcpServers) {
+        for (const [serverName, serverConfig] of Object.entries(settings.mcpServers)) {
+            if (serverConfig.trust) {
+                // Trust all tools from this MCP server
+                // Using pattern matching for MCP tool names which are formatted as "serverName__toolName"
+                rules.push({
+                    toolName: `${serverName}__*`,
+                    decision: PolicyDecision.ALLOW,
+                    priority: 90,
+                });
+            }
+        }
+    }
+    // Tools that are explicitly allowed in the settings.
+    // Priority: 100
+    if (settings.tools?.allowed) {
+        for (const tool of settings.tools.allowed) {
+            rules.push({
+                toolName: tool,
+                decision: PolicyDecision.ALLOW,
+                priority: 100,
+            });
+        }
+    }
+    // Tools that are explicitly excluded in the settings.
+    // Priority: 200
+    if (settings.tools?.exclude) {
+        for (const tool of settings.tools.exclude) {
+            rules.push({
+                toolName: tool,
+                decision: PolicyDecision.DENY,
+                priority: 200,
+            });
+        }
+    }
+    // MCP servers that are explicitly excluded in settings.mcp.excluded
+    // Priority: 195 (high priority to block servers)
+    if (settings.mcp?.excluded) {
+        for (const serverName of settings.mcp.excluded) {
+            rules.push({
+                toolName: `${serverName}__*`,
+                decision: PolicyDecision.DENY,
+                priority: 195,
+            });
+        }
+    }
+    // If auto-accept is enabled, allow all read-only tools.
+    // Priority: 50
+    if (settings.tools?.autoAccept) {
+        for (const tool of READ_ONLY_TOOLS) {
+            rules.push({
+                toolName: tool,
+                decision: PolicyDecision.ALLOW,
+                priority: 50,
+            });
+        }
+    }
+    // Only add write tool rules if not in YOLO mode
+    // In YOLO mode, the wildcard ALLOW rule handles everything
+    if (approvalMode !== ApprovalMode.YOLO) {
+        for (const tool of WRITE_TOOLS) {
+            rules.push({
+                toolName: tool,
+                decision: PolicyDecision.ASK_USER,
+                priority: 10,
+            });
+        }
+    }
+    if (approvalMode === ApprovalMode.YOLO) {
+        rules.push({
+            decision: PolicyDecision.ALLOW,
+            priority: 0, // Lowest priority - catches everything not explicitly configured
+        });
+    }
+    else if (approvalMode === ApprovalMode.AUTO_EDIT) {
+        rules.push({
+            toolName: EditTool.Name,
+            decision: PolicyDecision.ALLOW,
+            priority: 15, // Higher than write tools (10) to override ASK_USER
+        });
+    }
+    return {
+        rules,
+        defaultDecision: PolicyDecision.ASK_USER,
+    };
+}
+//# sourceMappingURL=policy.js.map

package/dist/src/config/policy.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../src/config/policy.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAEL,cAAc,EAEd,YAAY;AACZ,kBAAkB;AAClB,QAAQ,EACR,QAAQ,EACR,MAAM,EACN,YAAY,EACZ,iBAAiB,EACjB,WAAW;AACX,cAAc;AACd,QAAQ,EACR,UAAU,EACV,SAAS,EACT,aAAa,EACb,YAAY,EACZ,aAAa,GACd,MAAM,yBAAyB,CAAC;AAGjC,4EAA4E;AAC5E,yBAAyB;AACzB,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,QAAQ,CAAC,IAAI;IACb,QAAQ,CAAC,IAAI;IACb,WAAW,CAAC,IAAI;IAChB,MAAM,CAAC,IAAI;IACX,YAAY,CAAC,IAAI;IACjB,iBAAiB,CAAC,IAAI;IACtB,aAAa,CAAC,IAAI;CACnB,CAAC,CAAC;AAEH,8EAA8E;AAC9E,gEAAgE;AAChE,kFAAkF;AAClF,8EAA8E;AAC9E,8EAA8E;AAC9E,qBAAqB;AACrB,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC;IAC1B,QAAQ,CAAC,IAAI;IACb,UAAU,CAAC,IAAI;IACf,SAAS,CAAC,IAAI;IACd,aAAa,CAAC,IAAI;IAClB,YAAY,CAAC,IAAI;CAClB,CAAC,CAAC;AAEH,MAAM,UAAU,wBAAwB,CACtC,QAAkB,EAClB,YAA0B;IAE1B,MAAM,KAAK,GAAiB,EAAE,CAAC;IAE/B,oCAAoC;IACpC,4DAA4D;IAC5D,oEAAoE;IACpE,6DAA6D;IAC7D,EAAE;IACF,8CAA8C;IAC9C,0CAA0C;IAC1C,wCAAwC;IACxC,oCAAoC;IACpC,iCAAiC;IACjC,oCAAoC;IACpC,6CAA6C;IAC7C,yCAAyC;IACzC,iEAAiE;IAEjE,kEAAkE;IAClE,4CAA4C;IAC5C,IAAI,QAAQ,CAAC,GAAG,EAAE,OAAO,EAAE,CAAC;QAC1B,KAAK,MAAM,UAAU,IAAI,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YAC9C,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,GAAG,UAAU,KAAK;gBAC5B,QAAQ,EAAE,cAAc,CAAC,KAAK;gBAC9B,QAAQ,EAAE,EAAE;aACb,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,yFAAyF;IACzF,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;QACxB,KAAK,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CACrD,QAAQ,CAAC,UAAU,CACpB,EAAE,CAAC;YACF,IAAI,YAAY,CAAC,KAAK,EAAE,CAAC;gBACvB,uCAAuC;gBACvC,0FAA0F;gBAC1F,KAAK,CAAC,IAAI,CAAC;oBACT,QAAQ,EAAE,GAAG,UAAU,KAAK;oBAC5B,QAAQ,EAAE,cAAc,CAAC,KAAK;oBAC9B,QAAQ,EAAE,EAAE;iBACb,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,gBAAgB;IAChB,IAAI,QAAQ,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC;QAC5B,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YAC1C,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,cAAc,CAAC,KAAK;gBAC9B,QAAQ,EAAE,GAAG;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sDAAsD;IACtD,gBAAgB;IAChB,IAAI,QAAQ,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC;QAC5B,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YAC1C,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,cAAc,CAAC,IAAI;gBAC7B,QAAQ,EAAE,GAAG;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,oEAAoE;IACpE,iDAAiD;IACjD,IAAI,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,CAAC;QAC3B,KAAK,MAAM,UAAU,IAAI,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC/C,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,GAAG,UAAU,KAAK;gBAC5B,QAAQ,EAAE,cAAc,CAAC,IAAI;gBAC7B,QAAQ,EAAE,GAAG;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,eAAe;IACf,IAAI,QAAQ,CAAC,KAAK,EAAE,UAAU,EAAE,CAAC;QAC/B,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,cAAc,CAAC,KAAK;gBAC9B,QAAQ,EAAE,EAAE;aACb,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,2DAA2D;IAC3D,IAAI,YAAY,KAAK,YAAY,CAAC,IAAI,EAAE,CAAC;QACvC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,cAAc,CAAC,QAAQ;gBACjC,QAAQ,EAAE,EAAE;aACb,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,YAAY,KAAK,YAAY,CAAC,IAAI,EAAE,CAAC;QACvC,KAAK,CAAC,IAAI,CAAC;YACT,QAAQ,EAAE,cAAc,CAAC,KAAK;YAC9B,QAAQ,EAAE,CAAC,EAAE,iEAAiE;SAC/E,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,YAAY,KAAK,YAAY,CAAC,SAAS,EAAE,CAAC;QACnD,KAAK,CAAC,IAAI,CAAC;YACT,QAAQ,EAAE,QAAQ,CAAC,IAAI;YACvB,QAAQ,EAAE,cAAc,CAAC,KAAK;YAC9B,QAAQ,EAAE,EAAE,EAAE,oDAAoD;SACnE,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,KAAK;QACL,eAAe,EAAE,cAAc,CAAC,QAAQ;KACzC,CAAC;AACJ,CAAC"}

package/dist/src/config/policy.test.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export {};