@hunyed15/codecgc 0.1.9 → 0.1.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -2,21 +2,53 @@
|
|
|
2
2
|
#
|
|
3
3
|
# This file is passed explicitly by GeminiMCP through `gemini --policy`.
|
|
4
4
|
# It is intentionally project-local so each repository can review and tune it.
|
|
5
|
+
#
|
|
6
|
+
# In yolo approval mode, all tools are auto-approved by default.
|
|
7
|
+
# These DENY rules act as safety guardrails to block dangerous operations.
|
|
5
8
|
|
|
9
|
+
# --- DENY: destructive shell commands (highest priority) ---
|
|
6
10
|
[[rule]]
|
|
7
11
|
toolName = "run_shell_command"
|
|
8
12
|
commandPrefix = [
|
|
9
13
|
"rm -rf",
|
|
10
|
-
"del ",
|
|
14
|
+
"del /",
|
|
15
|
+
"del \\",
|
|
16
|
+
"rmdir /s",
|
|
11
17
|
"rmdir ",
|
|
12
18
|
"Remove-Item",
|
|
13
19
|
"git reset --hard",
|
|
14
|
-
"git clean"
|
|
20
|
+
"git clean",
|
|
21
|
+
"git push --force",
|
|
22
|
+
"git push -f",
|
|
23
|
+
"format ",
|
|
24
|
+
"shutdown",
|
|
25
|
+
"reboot",
|
|
26
|
+
"taskkill",
|
|
27
|
+
"net stop",
|
|
28
|
+
"net user",
|
|
29
|
+
"reg delete",
|
|
30
|
+
"reg add",
|
|
15
31
|
]
|
|
16
32
|
decision = "deny"
|
|
17
33
|
priority = 900
|
|
18
34
|
denyMessage = "CodeCGC blocks destructive shell commands in Gemini executor sessions."
|
|
19
35
|
|
|
36
|
+
# --- DENY: network / exfiltration commands ---
|
|
37
|
+
[[rule]]
|
|
38
|
+
toolName = "run_shell_command"
|
|
39
|
+
commandPrefix = [
|
|
40
|
+
"curl ",
|
|
41
|
+
"wget ",
|
|
42
|
+
"Invoke-WebRequest",
|
|
43
|
+
"Invoke-RestMethod",
|
|
44
|
+
"ssh ",
|
|
45
|
+
"scp ",
|
|
46
|
+
]
|
|
47
|
+
decision = "deny"
|
|
48
|
+
priority = 800
|
|
49
|
+
denyMessage = "CodeCGC blocks network commands in Gemini executor sessions."
|
|
50
|
+
|
|
51
|
+
# --- ALLOW: file editing tools ---
|
|
20
52
|
[[rule]]
|
|
21
53
|
toolName = [
|
|
22
54
|
"write_file",
|
|
@@ -24,24 +56,32 @@ toolName = [
|
|
|
24
56
|
]
|
|
25
57
|
decision = "allow"
|
|
26
58
|
priority = 500
|
|
27
|
-
modes = ["autoEdit"]
|
|
28
|
-
|
|
29
|
-
[rule.safety_checker]
|
|
30
|
-
type = "in-process"
|
|
31
|
-
name = "allowed-path"
|
|
32
|
-
required_context = ["environment"]
|
|
33
59
|
|
|
60
|
+
# --- ALLOW: common dev commands (defense-in-depth) ---
|
|
34
61
|
[[rule]]
|
|
35
62
|
toolName = "run_shell_command"
|
|
36
63
|
commandPrefix = [
|
|
37
64
|
"npm test",
|
|
38
|
-
"npm run
|
|
39
|
-
"
|
|
40
|
-
"
|
|
41
|
-
"
|
|
65
|
+
"npm run",
|
|
66
|
+
"npm install",
|
|
67
|
+
"npx ",
|
|
68
|
+
"pnpm ",
|
|
69
|
+
"yarn ",
|
|
70
|
+
"node ",
|
|
71
|
+
"tsc",
|
|
72
|
+
"eslint",
|
|
73
|
+
"prettier",
|
|
42
74
|
"git diff",
|
|
43
|
-
"git status"
|
|
75
|
+
"git status",
|
|
76
|
+
"git log",
|
|
77
|
+
"cat ",
|
|
78
|
+
"type ",
|
|
79
|
+
"ls ",
|
|
80
|
+
"dir ",
|
|
81
|
+
"head ",
|
|
82
|
+
"tail ",
|
|
83
|
+
"find ",
|
|
84
|
+
"grep ",
|
|
44
85
|
]
|
|
45
86
|
decision = "allow"
|
|
46
87
|
priority = 300
|
|
47
|
-
modes = ["autoEdit"]
|
|
@@ -18,7 +18,7 @@ from mcp.server.fastmcp import FastMCP
|
|
|
18
18
|
from pydantic import BeforeValidator, Field
|
|
19
19
|
import shutil
|
|
20
20
|
|
|
21
|
-
DEFAULT_GEMINI_APPROVAL_MODE = "
|
|
21
|
+
DEFAULT_GEMINI_APPROVAL_MODE = "yolo"
|
|
22
22
|
DEFAULT_GEMINI_TIMEOUT_SECONDS = 600
|
|
23
23
|
PROJECT_GEMINI_POLICY_RELATIVE_PATH = Path(".gemini") / "policies" / "codecgc-policy.toml"
|
|
24
24
|
|
|
@@ -160,6 +160,7 @@ def run_shell_command(
|
|
|
160
160
|
cmd: list[str],
|
|
161
161
|
cwd: str | None = None,
|
|
162
162
|
timeout_seconds: int = DEFAULT_GEMINI_TIMEOUT_SECONDS,
|
|
163
|
+
env: dict[str, str] | None = None,
|
|
163
164
|
) -> Generator[str, None, None]:
|
|
164
165
|
"""Execute a command and stream its output line-by-line.
|
|
165
166
|
|
|
@@ -188,6 +189,7 @@ def run_shell_command(
|
|
|
188
189
|
universal_newlines=True,
|
|
189
190
|
encoding='utf-8',
|
|
190
191
|
cwd=cwd,
|
|
192
|
+
env=env,
|
|
191
193
|
)
|
|
192
194
|
|
|
193
195
|
output_queue: queue.Queue[str | None] = queue.Queue()
|
|
@@ -284,8 +286,6 @@ def _execute_gemini_session(
|
|
|
284
286
|
"--skip-trust",
|
|
285
287
|
"--approval-mode",
|
|
286
288
|
DEFAULT_GEMINI_APPROVAL_MODE,
|
|
287
|
-
"--prompt",
|
|
288
|
-
prompt,
|
|
289
289
|
"-o",
|
|
290
290
|
"stream-json",
|
|
291
291
|
]
|
|
@@ -303,6 +303,10 @@ def _execute_gemini_session(
|
|
|
303
303
|
if session_id:
|
|
304
304
|
cmd.extend(["--resume", session_id])
|
|
305
305
|
|
|
306
|
+
cmd.append(prompt)
|
|
307
|
+
|
|
308
|
+
gemini_env = {**os.environ, "GEMINI_CLI_TRUST_WORKSPACE": "true"}
|
|
309
|
+
|
|
306
310
|
all_messages = []
|
|
307
311
|
agent_messages = ""
|
|
308
312
|
success = True
|
|
@@ -314,6 +318,7 @@ def _execute_gemini_session(
|
|
|
314
318
|
cmd,
|
|
315
319
|
cwd=cd.absolute().as_posix(),
|
|
316
320
|
timeout_seconds=effective_timeout_seconds,
|
|
321
|
+
env=gemini_env,
|
|
317
322
|
):
|
|
318
323
|
try:
|
|
319
324
|
line_dict = json.loads(line.strip())
|
|
@@ -321,11 +326,6 @@ def _execute_gemini_session(
|
|
|
321
326
|
item_type = line_dict.get("type", "")
|
|
322
327
|
item_role = line_dict.get("role", "")
|
|
323
328
|
if item_type == "message" and item_role == "assistant":
|
|
324
|
-
if (
|
|
325
|
-
"The --prompt (-p) flag has been deprecated and will be removed in a future version. Please use a positional argument for your prompt. See gemini --help for more information.\n"
|
|
326
|
-
in line_dict.get("content", "")
|
|
327
|
-
):
|
|
328
|
-
continue
|
|
329
329
|
agent_messages = agent_messages + line_dict.get("content", "")
|
|
330
330
|
if line_dict.get("session_id") is not None:
|
|
331
331
|
thread_id = line_dict.get("session_id")
|