@thacio/auditaria 0.28.0 → 0.30.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bundle/docs/CONTRIBUTING.md +7 -6
- package/bundle/docs/changelogs/index.md +20 -0
- package/bundle/docs/changelogs/latest.md +294 -426
- package/bundle/docs/changelogs/preview.md +343 -283
- package/bundle/docs/cli/cli-reference.md +23 -23
- package/bundle/docs/cli/commands.md +2 -0
- package/bundle/docs/cli/enterprise.md +18 -15
- package/bundle/docs/cli/keyboard-shortcuts.md +17 -8
- package/bundle/docs/cli/plan-mode.md +92 -12
- package/bundle/docs/cli/sandbox.md +3 -2
- package/bundle/docs/cli/settings.md +28 -19
- package/bundle/docs/cli/telemetry.md +18 -4
- package/bundle/docs/core/policy-engine.md +13 -3
- package/bundle/docs/extensions/reference.md +0 -3
- package/bundle/docs/get-started/configuration-v1.md +5 -3
- package/bundle/docs/get-started/configuration.md +85 -41
- package/bundle/docs/tools/ask-user.md +95 -0
- package/bundle/docs/tools/index.md +3 -0
- package/bundle/docs/tools/mcp-server.md +1 -12
- package/bundle/docs/tools/planning.md +55 -0
- package/bundle/docs/tools/shell.md +7 -6
- package/bundle/gemini.js +30500 -18105
- package/bundle/mcp-bridge.js +2 -2
- package/bundle/policies/plan.toml +3 -3
- package/bundle/policies/yolo.toml +13 -2
- package/bundle/{sandbox-macos-restrictive-closed.sb → sandbox-macos-strict-open.sb} +42 -4
- package/bundle/sandbox-macos-strict-proxied.sb +133 -0
- package/bundle/web-client/client.js +96 -3
- package/bundle/web-client/components/DiffContextMenu.js +252 -0
- package/bundle/web-client/components/DiffModal.js +85 -38
- package/bundle/web-client/components/EditorPanel.js +12 -2
- package/bundle/web-client/managers/EditorManager.js +32 -0
- package/bundle/web-client/managers/InputHistoryManager.js +139 -0
- package/bundle/web-client/managers/WebSocketManager.js +19 -4
- package/bundle/web-client/styles/editor-panel.css +32 -24
- package/bundle/web-client/styles/overhaul.css +30 -0
- package/package.json +4 -4
- package/bundle/sandbox-macos-permissive-closed.sb +0 -32
|
@@ -27,29 +27,29 @@ and parameters.
|
|
|
27
27
|
|
|
28
28
|
## CLI Options
|
|
29
29
|
|
|
30
|
-
| Option | Alias | Type | Default | Description
|
|
31
|
-
| -------------------------------- | ----- | ------- | --------- |
|
|
32
|
-
| `--debug` | `-d` | boolean | `false` | Run in debug mode with verbose logging
|
|
33
|
-
| `--version` | `-v` | - | - | Show CLI version number and exit
|
|
34
|
-
| `--help` | `-h` | - | - | Show help information
|
|
35
|
-
| `--model` | `-m` | string | `auto` | Model to use. See [Model Selection](#model-selection) for available values.
|
|
36
|
-
| `--prompt` | `-p` | string | - | Prompt text. Appended to stdin input if provided. **Deprecated:** Use positional arguments instead.
|
|
37
|
-
| `--prompt-interactive` | `-i` | string | - | Execute prompt and continue in interactive mode
|
|
38
|
-
| `--sandbox` | `-s` | boolean | `false` | Run in a sandboxed environment for safer execution
|
|
39
|
-
| `--approval-mode` | - | string | `default` | Approval mode for tool execution. Choices: `default`, `auto_edit`, `yolo`
|
|
40
|
-
| `--yolo` | `-y` | boolean | `false` | **Deprecated.** Auto-approve all actions. Use `--approval-mode=yolo` instead.
|
|
41
|
-
| `--experimental-acp` | - | boolean | - | Start in ACP (Agent Code Pilot) mode. **Experimental feature.**
|
|
42
|
-
| `--experimental-zed-integration` | - | boolean | - | Run in Zed editor integration mode. **Experimental feature.**
|
|
43
|
-
| `--allowed-mcp-server-names` | - | array | - | Allowed MCP server names (comma-separated or multiple flags)
|
|
44
|
-
| `--allowed-tools` | - | array | - | Tools that are allowed to run without confirmation (comma-separated or multiple flags)
|
|
45
|
-
| `--extensions` | `-e` | array | - | List of extensions to use. If not provided, all extensions are enabled (comma-separated or multiple flags)
|
|
46
|
-
| `--list-extensions` | `-l` | boolean | - | List all available extensions and exit
|
|
47
|
-
| `--resume` | `-r` | string | - | Resume a previous session. Use `"latest"` for most recent or index number (e.g. `--resume 5`)
|
|
48
|
-
| `--list-sessions` | - | boolean | - | List available sessions for the current project and exit
|
|
49
|
-
| `--delete-session` | - | string | - | Delete a session by index number (use `--list-sessions` to see available sessions)
|
|
50
|
-
| `--include-directories` | - | array | - | Additional directories to include in the workspace (comma-separated or multiple flags)
|
|
51
|
-
| `--screen-reader` | - | boolean | - | Enable screen reader mode for accessibility
|
|
52
|
-
| `--output-format` | `-o` | string | `text` | The format of the CLI output. Choices: `text`, `json`, `stream-json`
|
|
30
|
+
| Option | Alias | Type | Default | Description |
|
|
31
|
+
| -------------------------------- | ----- | ------- | --------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
|
32
|
+
| `--debug` | `-d` | boolean | `false` | Run in debug mode with verbose logging |
|
|
33
|
+
| `--version` | `-v` | - | - | Show CLI version number and exit |
|
|
34
|
+
| `--help` | `-h` | - | - | Show help information |
|
|
35
|
+
| `--model` | `-m` | string | `auto` | Model to use. See [Model Selection](#model-selection) for available values. |
|
|
36
|
+
| `--prompt` | `-p` | string | - | Prompt text. Appended to stdin input if provided. **Deprecated:** Use positional arguments instead. |
|
|
37
|
+
| `--prompt-interactive` | `-i` | string | - | Execute prompt and continue in interactive mode |
|
|
38
|
+
| `--sandbox` | `-s` | boolean | `false` | Run in a sandboxed environment for safer execution |
|
|
39
|
+
| `--approval-mode` | - | string | `default` | Approval mode for tool execution. Choices: `default`, `auto_edit`, `yolo` |
|
|
40
|
+
| `--yolo` | `-y` | boolean | `false` | **Deprecated.** Auto-approve all actions. Use `--approval-mode=yolo` instead. |
|
|
41
|
+
| `--experimental-acp` | - | boolean | - | Start in ACP (Agent Code Pilot) mode. **Experimental feature.** |
|
|
42
|
+
| `--experimental-zed-integration` | - | boolean | - | Run in Zed editor integration mode. **Experimental feature.** |
|
|
43
|
+
| `--allowed-mcp-server-names` | - | array | - | Allowed MCP server names (comma-separated or multiple flags) |
|
|
44
|
+
| `--allowed-tools` | - | array | - | **Deprecated.** Use the [Policy Engine](../core/policy-engine.md) instead. Tools that are allowed to run without confirmation (comma-separated or multiple flags) |
|
|
45
|
+
| `--extensions` | `-e` | array | - | List of extensions to use. If not provided, all extensions are enabled (comma-separated or multiple flags) |
|
|
46
|
+
| `--list-extensions` | `-l` | boolean | - | List all available extensions and exit |
|
|
47
|
+
| `--resume` | `-r` | string | - | Resume a previous session. Use `"latest"` for most recent or index number (e.g. `--resume 5`) |
|
|
48
|
+
| `--list-sessions` | - | boolean | - | List available sessions for the current project and exit |
|
|
49
|
+
| `--delete-session` | - | string | - | Delete a session by index number (use `--list-sessions` to see available sessions) |
|
|
50
|
+
| `--include-directories` | - | array | - | Additional directories to include in the workspace (comma-separated or multiple flags) |
|
|
51
|
+
| `--screen-reader` | - | boolean | - | Enable screen reader mode for accessibility |
|
|
52
|
+
| `--output-format` | `-o` | string | `text` | The format of the CLI output. Choices: `text`, `json`, `stream-json` |
|
|
53
53
|
|
|
54
54
|
## Model selection
|
|
55
55
|
|
|
@@ -120,6 +120,8 @@ Slash commands provide meta-level control over the CLI itself.
|
|
|
120
120
|
- **`/shortcuts`**
|
|
121
121
|
- **Description:** Toggle the shortcuts panel above the input.
|
|
122
122
|
- **Shortcut:** Press `?` when the prompt is empty.
|
|
123
|
+
- **Note:** This is separate from the clean UI detail toggle on double-`Tab`,
|
|
124
|
+
which switches between minimal and full UI chrome.
|
|
123
125
|
|
|
124
126
|
- **`/hooks`**
|
|
125
127
|
- **Description:** Manage hooks, which allow you to intercept and customize
|
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
# Auditaria for the enterprise
|
|
2
2
|
|
|
3
3
|
This document outlines configuration patterns and best practices for deploying
|
|
4
|
-
and managing Auditaria in an enterprise environment. By leveraging
|
|
5
|
-
|
|
6
|
-
|
|
4
|
+
and managing Auditaria in an enterprise environment. By leveraging system-level
|
|
5
|
+
settings, administrators can enforce security policies, manage tool access, and
|
|
6
|
+
ensure a consistent experience for all users.
|
|
7
7
|
|
|
8
8
|
> **A note on security:** The patterns described in this document are intended
|
|
9
9
|
> to help administrators create a more controlled and secure environment for
|
|
10
|
-
> using Auditaria. However, they should not be considered a foolproof
|
|
11
|
-
>
|
|
12
|
-
>
|
|
13
|
-
>
|
|
10
|
+
> using Auditaria. However, they should not be considered a foolproof security
|
|
11
|
+
> boundary. A determined user with sufficient privileges on their local machine
|
|
12
|
+
> may still be able to circumvent these configurations. These measures are
|
|
13
|
+
> designed to prevent accidental misuse and enforce corporate policy in a
|
|
14
14
|
> managed environment, not to defend against a malicious actor with local
|
|
15
15
|
> administrative rights.
|
|
16
16
|
|
|
@@ -223,9 +223,9 @@ gemini
|
|
|
223
223
|
## Restricting tool access
|
|
224
224
|
|
|
225
225
|
You can significantly enhance security by controlling which tools the Auditaria
|
|
226
|
-
model can use. This is achieved through the `tools.core` and
|
|
227
|
-
|
|
228
|
-
[Tools documentation](../tools/index.md).
|
|
226
|
+
model can use. This is achieved through the `tools.core` setting and the
|
|
227
|
+
[Policy Engine](../core/policy-engine.md). For a list of available tools, see
|
|
228
|
+
the [Tools documentation](../tools/index.md).
|
|
229
229
|
|
|
230
230
|
### Allowlisting with `coreTools`
|
|
231
231
|
|
|
@@ -243,7 +243,10 @@ on the approved list.
|
|
|
243
243
|
}
|
|
244
244
|
```
|
|
245
245
|
|
|
246
|
-
### Blocklisting with `excludeTools`
|
|
246
|
+
### Blocklisting with `excludeTools` (Deprecated)
|
|
247
|
+
|
|
248
|
+
> **Deprecated:** Use the [Policy Engine](../core/policy-engine.md) for more
|
|
249
|
+
> robust control.
|
|
247
250
|
|
|
248
251
|
Alternatively, you can add specific tools that are considered dangerous in your
|
|
249
252
|
environment to a blocklist.
|
|
@@ -292,8 +295,8 @@ effectively.
|
|
|
292
295
|
|
|
293
296
|
### How MCP server configurations are merged
|
|
294
297
|
|
|
295
|
-
Auditaria loads `settings.json` files from three levels: System, Workspace,
|
|
296
|
-
|
|
298
|
+
Auditaria loads `settings.json` files from three levels: System, Workspace, and
|
|
299
|
+
User. When it comes to the `mcpServers` object, these configurations are
|
|
297
300
|
**merged**:
|
|
298
301
|
|
|
299
302
|
1. **Merging:** The lists of servers from all three levels are combined into a
|
|
@@ -431,8 +434,8 @@ a custom `sandbox.Dockerfile` as described in the
|
|
|
431
434
|
## Controlling network access via proxy
|
|
432
435
|
|
|
433
436
|
In corporate environments with strict network policies, you can configure
|
|
434
|
-
Auditaria to route all outbound traffic through a corporate proxy. This can
|
|
435
|
-
|
|
437
|
+
Auditaria to route all outbound traffic through a corporate proxy. This can be
|
|
438
|
+
set via an environment variable, but it can also be enforced for custom tools
|
|
436
439
|
via the `mcpServers` configuration.
|
|
437
440
|
|
|
438
441
|
**Example (for an MCP server):**
|
|
@@ -106,6 +106,7 @@ available combinations.
|
|
|
106
106
|
| Toggle YOLO (auto-approval) mode for tool calls. | `Ctrl + Y` |
|
|
107
107
|
| Cycle through approval modes: default (prompt), auto_edit (auto-approve edits), and plan (read-only). | `Shift + Tab` |
|
|
108
108
|
| Expand a height-constrained response to show additional lines when not in alternate buffer mode. | `Ctrl + O`<br />`Ctrl + S` |
|
|
109
|
+
| Expand or collapse a paste placeholder when cursor is over placeholder. | `Ctrl + O` |
|
|
109
110
|
| Toggle current background shell visibility. | `Ctrl + B` |
|
|
110
111
|
| Toggle background shell list. | `Ctrl + L` |
|
|
111
112
|
| Kill the active background shell. | `Ctrl + K` |
|
|
@@ -113,13 +114,13 @@ available combinations.
|
|
|
113
114
|
| Dismiss background shell list. | `Esc` |
|
|
114
115
|
| Move focus from background shell to Gemini. | `Shift + Tab` |
|
|
115
116
|
| Move focus from background shell list to Gemini. | `Tab (no Shift)` |
|
|
116
|
-
| Show warning when trying to
|
|
117
|
-
| Show warning when trying to
|
|
117
|
+
| Show warning when trying to move focus away from background shell. | `Tab (no Shift)` |
|
|
118
|
+
| Show warning when trying to move focus away from shell input. | `Tab (no Shift)` |
|
|
118
119
|
| Move focus from Gemini to the active shell. | `Tab (no Shift)` |
|
|
119
120
|
| Move focus from the shell back to Gemini. | `Shift + Tab` |
|
|
120
121
|
| Clear the terminal screen and redraw the UI. | `Ctrl + L` |
|
|
121
122
|
| Restart the application. | `R` |
|
|
122
|
-
| Suspend the
|
|
123
|
+
| Suspend the CLI and move it to the background. | `Ctrl + Z` |
|
|
123
124
|
|
|
124
125
|
<!-- KEYBINDINGS-AUTOGEN:END -->
|
|
125
126
|
|
|
@@ -129,8 +130,15 @@ available combinations.
|
|
|
129
130
|
terminal isn't configured to send Meta with Option.
|
|
130
131
|
- `!` on an empty prompt: Enter or exit shell mode.
|
|
131
132
|
- `?` on an empty prompt: Toggle the shortcuts panel above the input. Press
|
|
132
|
-
`Esc`, `Backspace`,
|
|
133
|
-
|
|
133
|
+
`Esc`, `Backspace`, any printable key, or a registered app hotkey to close it.
|
|
134
|
+
The panel also auto-hides while the agent is running/streaming or when
|
|
135
|
+
action-required dialogs are shown. Press `?` again to close the panel and
|
|
136
|
+
insert a `?` into the prompt.
|
|
137
|
+
- `Tab` + `Tab` (while typing in the prompt): Toggle between minimal and full UI
|
|
138
|
+
details when no completion/search interaction is active. The selected mode is
|
|
139
|
+
remembered for future sessions. Full UI remains the default on first run, and
|
|
140
|
+
single `Tab` keeps its existing completion/focus behavior.
|
|
141
|
+
- `Shift + Tab` (while typing in the prompt): Cycle approval modes.
|
|
134
142
|
- `\` (at end of a line) + `Enter`: Insert a newline without leaving single-line
|
|
135
143
|
mode.
|
|
136
144
|
- `Esc` pressed twice quickly: Clear the input prompt if it is not empty,
|
|
@@ -139,6 +147,7 @@ available combinations.
|
|
|
139
147
|
single-line input, navigate backward or forward through prompt history.
|
|
140
148
|
- `Number keys (1-9, multi-digit)` inside selection dialogs: Jump directly to
|
|
141
149
|
the numbered radio option and confirm when the full number is entered.
|
|
142
|
-
- `
|
|
143
|
-
|
|
144
|
-
|
|
150
|
+
- `Ctrl + O`: Expand or collapse paste placeholders (`[Pasted Text: X lines]`)
|
|
151
|
+
inline when the cursor is over the placeholder.
|
|
152
|
+
- `Double-click` on a paste placeholder (alternate buffer mode only): Expand to
|
|
153
|
+
view full content inline. Double-click again to collapse.
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Plan Mode (experimental)
|
|
1
|
+
# Plan Mode (experimental)
|
|
2
2
|
|
|
3
3
|
Plan Mode is a safe, read-only mode for researching and designing complex
|
|
4
4
|
changes. It prevents modifications while you research, design and plan an
|
|
@@ -30,13 +30,15 @@ implementation strategy.
|
|
|
30
30
|
- [The Planning Workflow](#the-planning-workflow)
|
|
31
31
|
- [Exiting Plan Mode](#exiting-plan-mode)
|
|
32
32
|
- [Tool Restrictions](#tool-restrictions)
|
|
33
|
+
- [Customizing Planning with Skills](#customizing-planning-with-skills)
|
|
34
|
+
- [Customizing Policies](#customizing-policies)
|
|
33
35
|
|
|
34
36
|
## Starting in Plan Mode
|
|
35
37
|
|
|
36
38
|
You can configure Gemini CLI to start directly in Plan Mode by default:
|
|
37
39
|
|
|
38
40
|
1. Type `/settings` in the CLI.
|
|
39
|
-
2. Search for `Approval Mode`.
|
|
41
|
+
2. Search for `Default Approval Mode`.
|
|
40
42
|
3. Set the value to `Plan`.
|
|
41
43
|
|
|
42
44
|
Other ways to start in Plan Mode:
|
|
@@ -46,8 +48,8 @@ Other ways to start in Plan Mode:
|
|
|
46
48
|
|
|
47
49
|
```json
|
|
48
50
|
{
|
|
49
|
-
"
|
|
50
|
-
"
|
|
51
|
+
"general": {
|
|
52
|
+
"defaultApprovalMode": "plan"
|
|
51
53
|
}
|
|
52
54
|
}
|
|
53
55
|
```
|
|
@@ -61,15 +63,18 @@ You can enter Plan Mode in three ways:
|
|
|
61
63
|
1. **Keyboard Shortcut:** Press `Shift+Tab` to cycle through approval modes
|
|
62
64
|
(`Default` -> `Plan` -> `Auto-Edit`).
|
|
63
65
|
2. **Command:** Type `/plan` in the input box.
|
|
64
|
-
3. **Natural Language:** Ask the agent to "start a plan for...".
|
|
66
|
+
3. **Natural Language:** Ask the agent to "start a plan for...". The agent will
|
|
67
|
+
then call the [`enter_plan_mode`] tool to switch modes.
|
|
65
68
|
|
|
66
69
|
### The Planning Workflow
|
|
67
70
|
|
|
68
|
-
1. **Requirements:** The agent clarifies goals using `ask_user
|
|
71
|
+
1. **Requirements:** The agent clarifies goals using [`ask_user`].
|
|
69
72
|
2. **Exploration:** The agent uses read-only tools (like [`read_file`]) to map
|
|
70
73
|
the codebase and validate assumptions.
|
|
71
|
-
3. **
|
|
72
|
-
|
|
74
|
+
3. **Design:** The agent proposes alternative approaches with a recommended
|
|
75
|
+
solution for you to choose from.
|
|
76
|
+
4. **Planning:** A detailed plan is written to a temporary Markdown file.
|
|
77
|
+
5. **Review:** You review the plan.
|
|
73
78
|
- **Approve:** Exit Plan Mode and start implementation (switching to
|
|
74
79
|
Auto-Edit or Default approval mode).
|
|
75
80
|
- **Iterate:** Provide feedback to refine the plan.
|
|
@@ -79,8 +84,8 @@ You can enter Plan Mode in three ways:
|
|
|
79
84
|
To exit Plan Mode:
|
|
80
85
|
|
|
81
86
|
1. **Keyboard Shortcut:** Press `Shift+Tab` to cycle to the desired mode.
|
|
82
|
-
|
|
83
|
-
plan for your approval.
|
|
87
|
+
2. **Tool:** The agent calls the [`exit_plan_mode`] tool to present the
|
|
88
|
+
finalized plan for your approval.
|
|
84
89
|
|
|
85
90
|
## Tool Restrictions
|
|
86
91
|
|
|
@@ -90,11 +95,80 @@ These are the only allowed tools:
|
|
|
90
95
|
|
|
91
96
|
- **FileSystem (Read):** [`read_file`], [`list_directory`], [`glob`]
|
|
92
97
|
- **Search:** [`grep_search`], [`google_web_search`]
|
|
93
|
-
- **Interaction:** `ask_user`
|
|
98
|
+
- **Interaction:** [`ask_user`]
|
|
94
99
|
- **MCP Tools (Read):** Read-only [MCP tools] (e.g., `github_read_issue`,
|
|
95
100
|
`postgres_read_schema`) are allowed.
|
|
96
101
|
- **Planning (Write):** [`write_file`] and [`replace`] ONLY allowed for `.md`
|
|
97
|
-
files in the `~/.gemini/tmp/<project>/plans/` directory.
|
|
102
|
+
files in the `~/.gemini/tmp/<project>/<session-id>/plans/` directory.
|
|
103
|
+
- **Skills:** [`activate_skill`] (allows loading specialized instructions and
|
|
104
|
+
resources in a read-only manner)
|
|
105
|
+
|
|
106
|
+
### Customizing Planning with Skills
|
|
107
|
+
|
|
108
|
+
You can leverage [Agent Skills](./skills.md) to customize how Gemini CLI
|
|
109
|
+
approaches planning for specific types of tasks. When a skill is activated
|
|
110
|
+
during Plan Mode, its specialized instructions and procedural workflows will
|
|
111
|
+
guide the research and design phases.
|
|
112
|
+
|
|
113
|
+
For example:
|
|
114
|
+
|
|
115
|
+
- A **"Database Migration"** skill could ensure the plan includes data safety
|
|
116
|
+
checks and rollback strategies.
|
|
117
|
+
- A **"Security Audit"** skill could prompt the agent to look for specific
|
|
118
|
+
vulnerabilities during codebase exploration.
|
|
119
|
+
- A **"Frontend Design"** skill could guide the agent to use specific UI
|
|
120
|
+
components and accessibility standards in its proposal.
|
|
121
|
+
|
|
122
|
+
To use a skill in Plan Mode, you can explicitly ask the agent to "use the
|
|
123
|
+
[skill-name] skill to plan..." or the agent may autonomously activate it based
|
|
124
|
+
on the task description.
|
|
125
|
+
|
|
126
|
+
### Customizing Policies
|
|
127
|
+
|
|
128
|
+
Plan Mode is designed to be read-only by default to ensure safety during the
|
|
129
|
+
research phase. However, you may occasionally need to allow specific tools to
|
|
130
|
+
assist in your planning.
|
|
131
|
+
|
|
132
|
+
Because user policies (Tier 2) have a higher base priority than built-in
|
|
133
|
+
policies (Tier 1), you can override Plan Mode's default restrictions by creating
|
|
134
|
+
a rule in your `~/.gemini/policies/` directory.
|
|
135
|
+
|
|
136
|
+
#### Example: Allow `git status` and `git diff` in Plan Mode
|
|
137
|
+
|
|
138
|
+
This rule allows you to check the repository status and see changes while in
|
|
139
|
+
Plan Mode.
|
|
140
|
+
|
|
141
|
+
`~/.gemini/policies/git-research.toml`
|
|
142
|
+
|
|
143
|
+
```toml
|
|
144
|
+
[[rule]]
|
|
145
|
+
toolName = "run_shell_command"
|
|
146
|
+
commandPrefix = ["git status", "git diff"]
|
|
147
|
+
decision = "allow"
|
|
148
|
+
priority = 100
|
|
149
|
+
modes = ["plan"]
|
|
150
|
+
```
|
|
151
|
+
|
|
152
|
+
#### Example: Enable research sub-agents in Plan Mode
|
|
153
|
+
|
|
154
|
+
You can enable [experimental research sub-agents] like `codebase_investigator`
|
|
155
|
+
to help gather architecture details during the planning phase.
|
|
156
|
+
|
|
157
|
+
`~/.gemini/policies/research-subagents.toml`
|
|
158
|
+
|
|
159
|
+
```toml
|
|
160
|
+
[[rule]]
|
|
161
|
+
toolName = "codebase_investigator"
|
|
162
|
+
decision = "allow"
|
|
163
|
+
priority = 100
|
|
164
|
+
modes = ["plan"]
|
|
165
|
+
```
|
|
166
|
+
|
|
167
|
+
Tell the agent it can use these tools in your prompt, for example: _"You can
|
|
168
|
+
check ongoing changes in git."_
|
|
169
|
+
|
|
170
|
+
For more information on how the policy engine works, see the [Policy Engine
|
|
171
|
+
Guide].
|
|
98
172
|
|
|
99
173
|
[`list_directory`]: /docs/tools/file-system.md#1-list_directory-readfolder
|
|
100
174
|
[`read_file`]: /docs/tools/file-system.md#2-read_file-readfile
|
|
@@ -104,3 +178,9 @@ These are the only allowed tools:
|
|
|
104
178
|
[`google_web_search`]: /docs/tools/web-search.md
|
|
105
179
|
[`replace`]: /docs/tools/file-system.md#6-replace-edit
|
|
106
180
|
[MCP tools]: /docs/tools/mcp-server.md
|
|
181
|
+
[`activate_skill`]: /docs/cli/skills.md
|
|
182
|
+
[experimental research sub-agents]: /docs/core/subagents.md
|
|
183
|
+
[Policy Engine Guide]: /docs/core/policy-engine.md
|
|
184
|
+
[`enter_plan_mode`]: /docs/tools/planning.md#1-enter_plan_mode-enterplanmode
|
|
185
|
+
[`exit_plan_mode`]: /docs/tools/planning.md#2-exit_plan_mode-exitplanmode
|
|
186
|
+
[`ask_user`]: /docs/tools/ask-user.md
|
|
@@ -82,10 +82,11 @@ gemini -p "run the test suite"
|
|
|
82
82
|
Built-in profiles (set via `SEATBELT_PROFILE` env var):
|
|
83
83
|
|
|
84
84
|
- `permissive-open` (default): Write restrictions, network allowed
|
|
85
|
-
- `permissive-closed`: Write restrictions, no network
|
|
86
85
|
- `permissive-proxied`: Write restrictions, network via proxy
|
|
87
86
|
- `restrictive-open`: Strict restrictions, network allowed
|
|
88
|
-
- `restrictive-
|
|
87
|
+
- `restrictive-proxied`: Strict restrictions, network via proxy
|
|
88
|
+
- `strict-open`: Read and write restrictions, network allowed
|
|
89
|
+
- `strict-proxied`: Read and write restrictions, network via proxy
|
|
89
90
|
|
|
90
91
|
### Custom sandbox flags
|
|
91
92
|
|
|
@@ -22,13 +22,14 @@ they appear in the UI.
|
|
|
22
22
|
|
|
23
23
|
### General
|
|
24
24
|
|
|
25
|
-
| UI Label | Setting | Description
|
|
26
|
-
| ------------------------ | ---------------------------------- |
|
|
27
|
-
| Vim Mode | `general.vimMode` | Enable Vim keybindings
|
|
28
|
-
|
|
|
29
|
-
| Enable
|
|
30
|
-
|
|
|
31
|
-
|
|
|
25
|
+
| UI Label | Setting | Description | Default |
|
|
26
|
+
| ------------------------ | ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------- |
|
|
27
|
+
| Vim Mode | `general.vimMode` | Enable Vim keybindings | `false` |
|
|
28
|
+
| Default Approval Mode | `general.defaultApprovalMode` | The default approval mode for tool execution. 'default' prompts for approval, 'auto_edit' auto-approves edit tools, and 'plan' is read-only mode. 'yolo' is not supported yet. | `"default"` |
|
|
29
|
+
| Enable Auto Update | `general.enableAutoUpdate` | Enable automatic updates. | `true` |
|
|
30
|
+
| Enable Prompt Completion | `general.enablePromptCompletion` | Enable AI-powered prompt completion suggestions while typing. | `false` |
|
|
31
|
+
| Debug Keystroke Logging | `general.debugKeystrokeLogging` | Enable debug logging of keystrokes to the console. | `false` |
|
|
32
|
+
| Enable Session Cleanup | `general.sessionRetention.enabled` | Enable automatic session cleanup | `false` |
|
|
32
33
|
|
|
33
34
|
### Output
|
|
34
35
|
|
|
@@ -43,10 +44,12 @@ they appear in the UI.
|
|
|
43
44
|
| Auto Theme Switching | `ui.autoThemeSwitching` | Automatically switch between default light and dark themes based on terminal background color. | `true` |
|
|
44
45
|
| Terminal Background Polling Interval | `ui.terminalBackgroundPollingInterval` | Interval in seconds to poll the terminal background color. | `60` |
|
|
45
46
|
| Hide Window Title | `ui.hideWindowTitle` | Hide the window title bar | `false` |
|
|
47
|
+
| Inline Thinking | `ui.inlineThinkingMode` | Display model thinking inline: off or full. | `"off"` |
|
|
46
48
|
| Show Thoughts in Title | `ui.showStatusInTitle` | Show Gemini CLI model thoughts in the terminal window title during the working phase | `false` |
|
|
47
49
|
| Dynamic Window Title | `ui.dynamicWindowTitle` | Update the terminal window title with current status icons (Ready: ◇, Action Required: ✋, Working: ✦) | `true` |
|
|
48
50
|
| Show Home Directory Warning | `ui.showHomeDirectoryWarning` | Show a warning when running Gemini CLI in the home directory. | `true` |
|
|
49
51
|
| Hide Tips | `ui.hideTips` | Hide helpful tips in the UI | `false` |
|
|
52
|
+
| Show Shortcuts Hint | `ui.showShortcutsHint` | Show the "? for shortcuts" hint above the input. | `true` |
|
|
50
53
|
| Hide Banner | `ui.hideBanner` | Hide the application banner | `false` |
|
|
51
54
|
| Hide Context Summary | `ui.hideContextSummary` | Hide the context summary (GEMINI.md, MCP servers) above the input. | `false` |
|
|
52
55
|
| Hide CWD | `ui.footer.hideCWD` | Hide the current working directory path in the footer. | `false` |
|
|
@@ -95,14 +98,13 @@ they appear in the UI.
|
|
|
95
98
|
|
|
96
99
|
### Tools
|
|
97
100
|
|
|
98
|
-
| UI Label | Setting | Description
|
|
99
|
-
| -------------------------------- | ------------------------------------ |
|
|
100
|
-
| Enable Interactive Shell | `tools.shell.enableInteractiveShell` | Use node-pty for an interactive shell experience. Fallback to child_process still applies.
|
|
101
|
-
| Show Color | `tools.shell.showColor` | Show color in shell output.
|
|
102
|
-
|
|
|
103
|
-
|
|
|
104
|
-
|
|
|
105
|
-
| Disable LLM Correction | `tools.disableLLMCorrection` | Disable LLM-based error correction for edit tools. When enabled, tools will fail immediately if exact string matches are not found, instead of attempting to self-correct. | `true` |
|
|
101
|
+
| UI Label | Setting | Description | Default |
|
|
102
|
+
| -------------------------------- | ------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
|
|
103
|
+
| Enable Interactive Shell | `tools.shell.enableInteractiveShell` | Use node-pty for an interactive shell experience. Fallback to child_process still applies. | `true` |
|
|
104
|
+
| Show Color | `tools.shell.showColor` | Show color in shell output. | `false` |
|
|
105
|
+
| Use Ripgrep | `tools.useRipgrep` | Use ripgrep for file content search instead of the fallback implementation. Provides faster search performance. | `true` |
|
|
106
|
+
| Tool Output Truncation Threshold | `tools.truncateToolOutputThreshold` | Maximum characters to show when truncating large tool outputs. Set to 0 or negative to disable truncation. | `40000` |
|
|
107
|
+
| Disable LLM Correction | `tools.disableLLMCorrection` | Disable LLM-based error correction for edit tools. When enabled, tools will fail immediately if exact string matches are not found, instead of attempting to self-correct. | `true` |
|
|
106
108
|
|
|
107
109
|
### Security
|
|
108
110
|
|
|
@@ -115,12 +117,19 @@ they appear in the UI.
|
|
|
115
117
|
| Folder Trust | `security.folderTrust.enabled` | Setting to track whether Folder trust is enabled. | `true` |
|
|
116
118
|
| Enable Environment Variable Redaction | `security.environmentVariableRedaction.enabled` | Enable redaction of environment variables that may contain secrets. | `false` |
|
|
117
119
|
|
|
120
|
+
### Advanced
|
|
121
|
+
|
|
122
|
+
| UI Label | Setting | Description | Default |
|
|
123
|
+
| --------------------------------- | ------------------------------ | --------------------------------------------- | ------- |
|
|
124
|
+
| Auto Configure Max Old Space Size | `advanced.autoConfigureMemory` | Automatically configure Node.js memory limits | `false` |
|
|
125
|
+
|
|
118
126
|
### Experimental
|
|
119
127
|
|
|
120
|
-
| UI Label
|
|
121
|
-
|
|
|
122
|
-
|
|
|
123
|
-
|
|
|
128
|
+
| UI Label | Setting | Description | Default |
|
|
129
|
+
| -------------------------- | ---------------------------------------- | ----------------------------------------------------------------------------------- | ------- |
|
|
130
|
+
| Enable Tool Output Masking | `experimental.toolOutputMasking.enabled` | Enables tool output masking to save tokens. | `true` |
|
|
131
|
+
| Use OSC 52 Paste | `experimental.useOSC52Paste` | Use OSC 52 sequence for pasting instead of clipboardy (useful for remote sessions). | `false` |
|
|
132
|
+
| Plan | `experimental.plan` | Enable planning features (Plan Mode and tools). | `false` |
|
|
124
133
|
|
|
125
134
|
### Skills
|
|
126
135
|
|
|
@@ -275,9 +275,9 @@ For local development and debugging, you can capture telemetry data locally:
|
|
|
275
275
|
The following section describes the structure of logs and metrics generated for
|
|
276
276
|
Gemini CLI.
|
|
277
277
|
|
|
278
|
-
The `session.id`, `installation.id`, and `user.email`
|
|
279
|
-
authenticated with a Google account) are included as common
|
|
280
|
-
logs and metrics.
|
|
278
|
+
The `session.id`, `installation.id`, `active_approval_mode`, and `user.email`
|
|
279
|
+
(available only when authenticated with a Google account) are included as common
|
|
280
|
+
attributes on all logs and metrics.
|
|
281
281
|
|
|
282
282
|
### Logs
|
|
283
283
|
|
|
@@ -360,7 +360,21 @@ Captures tool executions, output truncation, and Edit behavior.
|
|
|
360
360
|
- `extension_name` (string, if applicable)
|
|
361
361
|
- `extension_id` (string, if applicable)
|
|
362
362
|
- `content_length` (int, if applicable)
|
|
363
|
-
- `metadata` (if applicable)
|
|
363
|
+
- `metadata` (if applicable), which includes for the `AskUser` tool:
|
|
364
|
+
- `ask_user` (object):
|
|
365
|
+
- `question_types` (array of strings)
|
|
366
|
+
- `ask_user_dismissed` (boolean)
|
|
367
|
+
- `ask_user_empty_submission` (boolean)
|
|
368
|
+
- `ask_user_answer_count` (number)
|
|
369
|
+
- `diffStat` (if applicable), which includes:
|
|
370
|
+
- `model_added_lines` (number)
|
|
371
|
+
- `model_removed_lines` (number)
|
|
372
|
+
- `model_added_chars` (number)
|
|
373
|
+
- `model_removed_chars` (number)
|
|
374
|
+
- `user_added_lines` (number)
|
|
375
|
+
- `user_removed_lines` (number)
|
|
376
|
+
- `user_added_chars` (number)
|
|
377
|
+
- `user_removed_chars` (number)
|
|
364
378
|
|
|
365
379
|
- `gemini_cli.tool_output_truncated`: Output of a tool call was truncated.
|
|
366
380
|
- **Attributes**:
|
|
@@ -119,9 +119,17 @@ For example:
|
|
|
119
119
|
|
|
120
120
|
Approval modes allow the policy engine to apply different sets of rules based on
|
|
121
121
|
the CLI's operational mode. A rule can be associated with one or more modes
|
|
122
|
-
(e.g., `yolo`, `autoEdit`). The rule will only be active if the CLI is
|
|
123
|
-
in one of its specified modes. If a rule has no modes specified, it is
|
|
124
|
-
active.
|
|
122
|
+
(e.g., `yolo`, `autoEdit`, `plan`). The rule will only be active if the CLI is
|
|
123
|
+
running in one of its specified modes. If a rule has no modes specified, it is
|
|
124
|
+
always active.
|
|
125
|
+
|
|
126
|
+
- `default`: The standard interactive mode where most write tools require
|
|
127
|
+
confirmation.
|
|
128
|
+
- `autoEdit`: Optimized for automated code editing; some write tools may be
|
|
129
|
+
auto-approved.
|
|
130
|
+
- `plan`: A strict, read-only mode for research and design. See [Customizing
|
|
131
|
+
Plan Mode Policies].
|
|
132
|
+
- `yolo`: A mode where all tools are auto-approved (use with extreme caution).
|
|
125
133
|
|
|
126
134
|
## Rule matching
|
|
127
135
|
|
|
@@ -303,3 +311,5 @@ out-of-the-box experience.
|
|
|
303
311
|
- In **`yolo`** mode, a high-priority rule allows all tools.
|
|
304
312
|
- In **`autoEdit`** mode, rules allow certain write operations to happen without
|
|
305
313
|
prompting.
|
|
314
|
+
|
|
315
|
+
[Customizing Plan Mode Policies]: /docs/cli/plan-mode.md#customizing-policies
|
|
@@ -179,9 +179,6 @@ precedence.
|
|
|
179
179
|
|
|
180
180
|
### Settings
|
|
181
181
|
|
|
182
|
-
_Note: This is an experimental feature. We do not yet recommend extension
|
|
183
|
-
authors introduce settings as part of their core flows._
|
|
184
|
-
|
|
185
182
|
Extensions can define settings that the user will be prompted to provide upon
|
|
186
183
|
installation. This is useful for things like API keys, URLs, or other
|
|
187
184
|
configuration that the extension needs to function.
|
|
@@ -166,19 +166,21 @@ a few things you can try in order of recommendation:
|
|
|
166
166
|
- **Default:** All tools available for use by the Gemini model.
|
|
167
167
|
- **Example:** `"coreTools": ["ReadFileTool", "GlobTool", "ShellTool(ls)"]`.
|
|
168
168
|
|
|
169
|
-
- **`allowedTools`** (array of strings):
|
|
169
|
+
- **`allowedTools`** (array of strings) [DEPRECATED]:
|
|
170
170
|
- **Default:** `undefined`
|
|
171
171
|
- **Description:** A list of tool names that will bypass the confirmation
|
|
172
172
|
dialog. This is useful for tools that you trust and use frequently. The
|
|
173
|
-
match semantics are the same as `coreTools`.
|
|
173
|
+
match semantics are the same as `coreTools`. **Deprecated**: Use the
|
|
174
|
+
[Policy Engine](../core/policy-engine.md) instead.
|
|
174
175
|
- **Example:** `"allowedTools": ["ShellTool(git status)"]`.
|
|
175
176
|
|
|
176
|
-
- **`excludeTools`** (array of strings):
|
|
177
|
+
- **`excludeTools`** (array of strings) [DEPRECATED]:
|
|
177
178
|
- **Description:** Allows you to specify a list of core tool names that should
|
|
178
179
|
be excluded from the model. A tool listed in both `excludeTools` and
|
|
179
180
|
`coreTools` is excluded. You can also specify command-specific restrictions
|
|
180
181
|
for tools that support it, like the `ShellTool`. For example,
|
|
181
182
|
`"excludeTools": ["ShellTool(rm -rf)"]` will block the `rm -rf` command.
|
|
183
|
+
**Deprecated**: Use the [Policy Engine](../core/policy-engine.md) instead.
|
|
182
184
|
- **Default**: No tools excluded.
|
|
183
185
|
- **Example:** `"excludeTools": ["run_shell_command", "findFiles"]`.
|
|
184
186
|
- **Security Note:** Command-specific restrictions in `excludeTools` for
|