npm - @hunyed15/codecgc - Versions diffs - 0.1.9 → 0.1.11 - Mend

@hunyed15/codecgc 0.1.9 → 0.1.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/codecgc/templates/gemini/codecgc-policy.toml +54 -14
package/geminimcp/src/geminimcp/server.py +11 -9
package/package.json +1 -1

package/codecgc/templates/gemini/codecgc-policy.toml CHANGED Viewed

@@ -2,21 +2,53 @@
 #
 # This file is passed explicitly by GeminiMCP through `gemini --policy`.
 # It is intentionally project-local so each repository can review and tune it.
+#
+# In yolo approval mode, all tools are auto-approved by default.
+# These DENY rules act as safety guardrails to block dangerous operations.
+# --- DENY: destructive shell commands (highest priority) ---
 [[rule]]
 toolName = "run_shell_command"
 commandPrefix = [
   "rm -rf",
-  "del ",
+  "del /",
+  "del \\",
+  "rmdir /s",
   "rmdir ",
   "Remove-Item",
   "git reset --hard",
-  "git clean"
+  "git clean",
+  "git push --force",
+  "git push -f",
+  "format ",
+  "shutdown",
+  "reboot",
+  "taskkill",
+  "net stop",
+  "net user",
+  "reg delete",
+  "reg add",
 ]
 decision = "deny"
 priority = 900
 denyMessage = "CodeCGC blocks destructive shell commands in Gemini executor sessions."
+# --- DENY: network / exfiltration commands ---
+[[rule]]
+toolName = "run_shell_command"
+commandPrefix = [
+  "curl ",
+  "wget ",
+  "Invoke-WebRequest",
+  "Invoke-RestMethod",
+  "ssh ",
+  "scp ",
+]
+decision = "deny"
+priority = 800
+denyMessage = "CodeCGC blocks network commands in Gemini executor sessions."
+# --- ALLOW: file editing tools ---
 [[rule]]
 toolName = [
   "write_file",
@@ -24,24 +56,32 @@ toolName = [
 ]
 decision = "allow"
 priority = 500
-modes = ["autoEdit"]
-[rule.safety_checker]
-type = "in-process"
-name = "allowed-path"
-required_context = ["environment"]
+# --- ALLOW: common dev commands (defense-in-depth) ---
 [[rule]]
 toolName = "run_shell_command"
 commandPrefix = [
   "npm test",
-  "npm run test",
-  "pnpm test",
-  "pnpm run test",
-  "yarn test",
+  "npm run",
+  "npm install",
+  "npx ",
+  "pnpm ",
+  "yarn ",
+  "node ",
+  "tsc",
+  "eslint",
+  "prettier",
   "git diff",
-  "git status"
+  "git status",
+  "git log",
+  "cat ",
+  "type ",
+  "ls ",
+  "dir ",
+  "head ",
+  "tail ",
+  "find ",
+  "grep ",
 ]
 decision = "allow"
 priority = 300
-modes = ["autoEdit"]

package/geminimcp/src/geminimcp/server.py CHANGED Viewed

@@ -18,7 +18,7 @@ from mcp.server.fastmcp import FastMCP
 from pydantic import BeforeValidator, Field
 import shutil
-DEFAULT_GEMINI_APPROVAL_MODE = "auto_edit"
+DEFAULT_GEMINI_APPROVAL_MODE = "yolo"
 DEFAULT_GEMINI_TIMEOUT_SECONDS = 600
 PROJECT_GEMINI_POLICY_RELATIVE_PATH = Path(".gemini") / "policies" / "codecgc-policy.toml"
@@ -160,6 +160,7 @@ def run_shell_command(
     cmd: list[str],
     cwd: str | None = None,
     timeout_seconds: int = DEFAULT_GEMINI_TIMEOUT_SECONDS,
+    env: dict[str, str] | None = None,
 ) -> Generator[str, None, None]:
     """Execute a command and stream its output line-by-line.
@@ -175,9 +176,9 @@ def run_shell_command(
     gemini_path = shutil.which("gemini") or cmd[0]
     popen_cmd[0] = gemini_path
-    # if os.name == "nt" and gemini_path.lower().endswith((".cmd", ".bat")):
-    #     from subprocess import list2cmdline
-    #     popen_cmd = ["cmd.exe", "/s", "/c", list2cmdline(cmd)]
+    if os.name == "nt" and gemini_path.lower().endswith((".cmd", ".bat")):
+        from subprocess import list2cmdline
+        popen_cmd = ["cmd.exe", "/s", "/c", list2cmdline(cmd)]
     process = subprocess.Popen(
         popen_cmd,
@@ -188,6 +189,7 @@ def run_shell_command(
         universal_newlines=True,
         encoding='utf-8',
         cwd=cwd,
+        env=env,
     )
     output_queue: queue.Queue[str | None] = queue.Queue()
@@ -288,6 +290,8 @@ def _execute_gemini_session(
         prompt,
         "-o",
         "stream-json",
+        "--allowed-mcp-server-names",
+        "__codecgc_none__",
     ]
     project_policy = _resolve_project_gemini_policy(cd)
@@ -303,6 +307,8 @@ def _execute_gemini_session(
     if session_id:
         cmd.extend(["--resume", session_id])
+    gemini_env = {**os.environ, "GEMINI_CLI_TRUST_WORKSPACE": "true"}
     all_messages = []
     agent_messages = ""
     success = True
@@ -314,6 +320,7 @@ def _execute_gemini_session(
             cmd,
             cwd=cd.absolute().as_posix(),
             timeout_seconds=effective_timeout_seconds,
+            env=gemini_env,
         ):
             try:
                 line_dict = json.loads(line.strip())
@@ -321,11 +328,6 @@ def _execute_gemini_session(
                 item_type = line_dict.get("type", "")
                 item_role = line_dict.get("role", "")
                 if item_type == "message" and item_role == "assistant":
-                    if (
-                        "The --prompt (-p) flag has been deprecated and will be removed in a future version. Please use a positional argument for your prompt. See gemini --help for more information.\n"
-                        in line_dict.get("content", "")
-                    ):
-                        continue
                     agent_messages = agent_messages + line_dict.get("content", "")
                 if line_dict.get("session_id") is not None:
                     thread_id = line_dict.get("session_id")

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@hunyed15/codecgc",
-  "version": "0.1.9",
+  "version": "0.1.11",
   "description": "Claude-hosted multi-model workflow product shell for CodeCGC.",
   "license": "MIT",
   "type": "commonjs",