axconfig 3.2.0 → 3.3.0

package/dist/agents/gemini-settings.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Gemini CLI settings utilities.
+ */
+type NestedRecord = Record<string, unknown>;
+/**
+ * Read existing settings.json, returning empty object if not found.
+ * Throws if file exists but contains invalid JSON to prevent data loss.
+ */
+export declare function readExistingSettings(settingsPath: string): NestedRecord;
+/**
+ * Merge existing settings with security.environmentVariableRedaction.enabled = false.
+ */
+export declare function mergeSecuritySettings(existing: NestedRecord): NestedRecord;
+export {};

package/dist/agents/gemini-settings.js

@@ -0,0 +1,36 @@
+/**
+ * Gemini CLI settings utilities.
+ */
+import { existsSync, readFileSync } from "node:fs";
+/**
+ * Read existing settings.json, returning empty object if not found.
+ * Throws if file exists but contains invalid JSON to prevent data loss.
+ */
+export function readExistingSettings(settingsPath) {
+    if (!existsSync(settingsPath)) {
+        return {};
+    }
+    try {
+        const content = readFileSync(settingsPath, "utf8");
+        return JSON.parse(content);
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        throw new Error(`Failed to parse existing settings at ${settingsPath}: ${message}`);
+    }
+}
+/**
+ * Merge existing settings with security.environmentVariableRedaction.enabled = false.
+ */
+export function mergeSecuritySettings(existing) {
+    const security = (existing.security ?? {});
+    const redaction = (security.environmentVariableRedaction ??
+        {});
+    return {
+        ...existing,
+        security: {
+            ...security,
+            environmentVariableRedaction: { ...redaction, enabled: false },
+        },
+    };
+}

package/dist/agents/gemini.js

@@ -8,10 +8,11 @@
  * - Bash patterns via commandPrefix
  * - Does NOT support path restrictions
  */
-import { existsSync, mkdirSync, readFileSync } from "node:fs";
+import { mkdirSync } from "node:fs";
 import path from "node:path";
 import { atomicWriteFileSync } from "../atomic-write.js";
 import { registerConfigBuilder } from "../builder.js";
+import { mergeSecuritySettings, readExistingSettings, } from "./gemini-settings.js";
 // Re-export reader
 export { geminiConfigReader } from "./gemini-reader.js";
 /** Gemini CLI tool name mapping */
@@ -56,23 +57,6 @@ commandPrefix = ${prefixValue}
 decision = "${decision}"
 priority = ${priority}`;
 }
-/**
- * Read existing settings.json, returning empty object if not found.
- * Throws if file exists but contains invalid JSON to prevent data loss.
- */
-function readExistingSettings(settingsPath) {
-    if (!existsSync(settingsPath)) {
-        return {};
-    }
-    try {
-        const content = readFileSync(settingsPath, "utf8");
-        return JSON.parse(content);
-    }
-    catch (error) {
-        const message = error instanceof Error ? error.message : String(error);
-        throw new Error(`Failed to parse existing settings at ${settingsPath}: ${message}`);
-    }
-}
 /**
  * Build Gemini CLI configuration.
  *
@@ -149,10 +133,6 @@ function build(config, output) {
         if (denyBash.length > 0) {
             rules.push(generateBashRule(denyBash, "deny", 499));
         }
-        // Default deny for shell commands not explicitly allowed
-        if (allowBash.length > 0 || denyBash.length > 0) {
-            rules.push(generateToolRule(["run_shell_command"], "deny", 1));
-        }
     }
     // Write policy file
     const policyPath = path.join(policiesDirectory, "axconfig.toml");
@@ -161,7 +141,10 @@ function build(config, output) {
     // Write settings.json, preserving existing settings (e.g., model)
     const settingsPath = path.join(output, "settings.json");
     const existingSettings = readExistingSettings(settingsPath);
-    atomicWriteFileSync(settingsPath, JSON.stringify(existingSettings, undefined, 2));
+    // Disable Gemini's environment variable redaction so shell commands
+    // can access tokens like GH_TOKEN in CI environments
+    const settings = mergeSecuritySettings(existingSettings);
+    atomicWriteFileSync(settingsPath, JSON.stringify(settings, undefined, 2));
     return {
         ok: true,
         env: { GEMINI_DIR: output },

package/package.json

@@ -2,7 +2,7 @@
   "name": "axconfig",
   "author": "Łukasz Jerciński",
   "license": "MIT",
-  "version": "3.2.0",
+  "version": "3.3.0",
   "description": "Unified configuration management for AI coding agents - common API for permissions, settings, and config across Claude Code, Codex, Gemini CLI, and OpenCode",
   "repository": {
     "type": "git",
@@ -68,7 +68,7 @@
   "dependencies": {
     "@commander-js/extra-typings": "^14.0.0",
     "@iarna/toml": "^2.2.5",
-    "axshared": "^1.5.0",
+    "axshared": "^1.7.0",
     "commander": "^14.0.2"
   },
   "devDependencies": {
@@ -78,18 +78,18 @@
     "@types/iarna__toml": "^2.0.5",
     "@types/node": "^25.0.3",
     "@vitest/coverage-v8": "^4.0.16",
-    "@vitest/eslint-plugin": "^1.5.4",
+    "@vitest/eslint-plugin": "^1.6.5",
     "eslint": "^9.39.2",
     "eslint-config-prettier": "^10.1.8",
     "eslint-plugin-unicorn": "^62.0.0",
     "fta-check": "^1.5.1",
     "fta-cli": "^3.0.0",
-    "globals": "^16.5.0",
-    "knip": "^5.76.1",
+    "globals": "^17.0.0",
+    "knip": "^5.79.0",
     "prettier": "3.7.4",
     "semantic-release": "^25.0.2",
     "typescript": "^5.9.3",
-    "typescript-eslint": "^8.50.0",
+    "typescript-eslint": "^8.51.0",
     "vitest": "^4.0.16"
   }
 }