axconfig 3.6.1 → 3.6.3

package/dist/agents/gemini-rules.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Gemini TOML rule generation helpers.
+ */
+/**
+ * Generate TOML rule for tool permissions.
+ *
+ * For allow rules that include run_shell_command, adds `allow_redirection = true`
+ * to permit heredocs, pipes, and redirects.
+ */
+export declare function generateToolRule(toolNames: string[], decision: "allow" | "deny", priority: number): string;
+/**
+ * Generate TOML rule for bash command patterns.
+ *
+ * For allow rules, includes `allow_redirection = true` to permit
+ * heredocs, pipes, and redirects. Gemini CLI normally downgrades
+ * ALLOW to ASK_USER (DENY in --yolo mode) when redirections detected.
+ */
+export declare function generateBashRule(patterns: string[], decision: "allow" | "deny", priority: number): string;

package/dist/agents/gemini-rules.js

@@ -0,0 +1,40 @@
+/**
+ * Gemini TOML rule generation helpers.
+ */
+/**
+ * Generate TOML rule for tool permissions.
+ *
+ * For allow rules that include run_shell_command, adds `allow_redirection = true`
+ * to permit heredocs, pipes, and redirects.
+ */
+export function generateToolRule(toolNames, decision, priority) {
+    if (toolNames.length === 0)
+        return "";
+    const toolNameValue = toolNames.length === 1 ? `"${toolNames[0]}"` : JSON.stringify(toolNames);
+    // Allow redirections for shell commands (heredocs, pipes, >)
+    const includesShell = toolNames.includes("run_shell_command");
+    const allowRedirection = decision === "allow" && includesShell ? "\nallow_redirection = true" : "";
+    return `[[rule]]
+toolName = ${toolNameValue}
+decision = "${decision}"
+priority = ${priority}${allowRedirection}`;
+}
+/**
+ * Generate TOML rule for bash command patterns.
+ *
+ * For allow rules, includes `allow_redirection = true` to permit
+ * heredocs, pipes, and redirects. Gemini CLI normally downgrades
+ * ALLOW to ASK_USER (DENY in --yolo mode) when redirections detected.
+ */
+export function generateBashRule(patterns, decision, priority) {
+    if (patterns.length === 0)
+        return "";
+    const prefixValue = patterns.length === 1 ? `"${patterns[0]}"` : JSON.stringify(patterns);
+    // Allow redirections (heredocs, pipes, >) for allowed commands
+    const allowRedirection = decision === "allow" ? "\nallow_redirection = true" : "";
+    return `[[rule]]
+toolName = "run_shell_command"
+commandPrefix = ${prefixValue}
+decision = "${decision}"
+priority = ${priority}${allowRedirection}`;
+}

package/dist/agents/gemini-settings.d.ts

@@ -6,3 +6,10 @@
  * Throws if file exists but contains invalid JSON to prevent data loss.
  */
 export declare function readExistingSettings(settingsPath: string): Record<string, unknown>;
+/**
+ * Build settings with /tmp workspace added.
+ *
+ * Adds /tmp to workspaces array to allow temporary file writes.
+ * Safe for CI/CD environments (ephemeral containers).
+ */
+export declare function buildSettingsWithTemporaryWorkspace(existingSettings: Record<string, unknown>): Record<string, unknown>;

package/dist/agents/gemini-settings.js

@@ -19,3 +19,22 @@ export function readExistingSettings(settingsPath) {
         throw new Error(`Failed to parse existing settings at ${settingsPath}: ${message}`);
     }
 }
+/**
+ * Build settings with /tmp workspace added.
+ *
+ * Adds /tmp to workspaces array to allow temporary file writes.
+ * Safe for CI/CD environments (ephemeral containers).
+ */
+export function buildSettingsWithTemporaryWorkspace(existingSettings) {
+    const existingWorkspaces = Array.isArray(existingSettings.workspaces)
+        ? existingSettings.workspaces
+        : [];
+    // Avoid duplicate /tmp entries
+    if (existingWorkspaces.includes("/tmp")) {
+        return existingSettings;
+    }
+    return {
+        ...existingSettings,
+        workspaces: [...existingWorkspaces, "/tmp"],
+    };
+}

package/dist/agents/gemini.js

@@ -14,7 +14,8 @@ import { atomicWriteFileSync } from "../atomic-write.js";
 import { registerConfigBuilder } from "../builder.js";
 // Re-export reader
 export { geminiConfigReader } from "./gemini-reader.js";
-import { readExistingSettings } from "./gemini-settings.js";
+import { generateBashRule, generateToolRule } from "./gemini-rules.js";
+import { buildSettingsWithTemporaryWorkspace, readExistingSettings, } from "./gemini-settings.js";
 /** Gemini CLI tool name mapping */
 const TOOL_MAP = {
     read: "read_file",
@@ -31,31 +32,6 @@ const CAPABILITIES = {
     pathRestrictions: false, // Gemini doesn't support path patterns
     canDenyRead: true,
 };
-/**
- * Generate TOML rule for tool permissions.
- */
-function generateToolRule(toolNames, decision, priority) {
-    if (toolNames.length === 0)
-        return "";
-    const toolNameValue = toolNames.length === 1 ? `"${toolNames[0]}"` : JSON.stringify(toolNames);
-    return `[[rule]]
-toolName = ${toolNameValue}
-decision = "${decision}"
-priority = ${priority}`;
-}
-/**
- * Generate TOML rule for bash command patterns.
- */
-function generateBashRule(patterns, decision, priority) {
-    if (patterns.length === 0)
-        return "";
-    const prefixValue = patterns.length === 1 ? `"${patterns[0]}"` : JSON.stringify(patterns);
-    return `[[rule]]
-toolName = "run_shell_command"
-commandPrefix = ${prefixValue}
-decision = "${decision}"
-priority = ${priority}`;
-}
 /**
  * Build Gemini CLI configuration.
  *
@@ -162,7 +138,8 @@ function build(config, output) {
     // Write settings.json, preserving existing settings (e.g., model)
     const settingsPath = path.join(output, "settings.json");
     const existingSettings = readExistingSettings(settingsPath);
-    atomicWriteFileSync(settingsPath, JSON.stringify(existingSettings, undefined, 2));
+    const settings = buildSettingsWithTemporaryWorkspace(existingSettings);
+    atomicWriteFileSync(settingsPath, JSON.stringify(settings, undefined, 2));
     return {
         ok: true,
         env: { GEMINI_DIR: output },

package/package.json

@@ -2,7 +2,7 @@
   "name": "axconfig",
   "author": "Łukasz Jerciński",
   "license": "MIT",
-  "version": "3.6.1",
+  "version": "3.6.3",
   "description": "Unified configuration management for AI coding agents - common API for permissions, settings, and config across Claude Code, Codex, Gemini CLI, GitHub Copilot CLI, and OpenCode",
   "repository": {
     "type": "git",
@@ -62,27 +62,27 @@
     "automation",
     "coding-assistant"
   ],
-  "packageManager": "pnpm@10.26.1",
+  "packageManager": "pnpm@10.28.0",
   "engines": {
     "node": ">=22.14.0"
   },
   "dependencies": {
     "@commander-js/extra-typings": "^14.0.0",
     "@iarna/toml": "^2.2.5",
-    "axshared": "^1.9.0",
+    "axshared": "^4.0.0",
     "commander": "^14.0.2"
   },
   "devDependencies": {
     "@total-typescript/ts-reset": "^0.6.1",
     "@types/iarna__toml": "^2.0.5",
-    "@types/node": "^25.0.6",
+    "@types/node": "^25.0.9",
     "@vitest/coverage-v8": "^4.0.17",
     "eslint": "^9.39.2",
     "eslint-config-axkit": "^1.1.0",
     "fta-check": "^1.5.1",
     "fta-cli": "^3.0.0",
-    "knip": "^5.80.2",
-    "prettier": "3.7.4",
+    "knip": "^5.82.0",
+    "prettier": "3.8.0",
     "semantic-release": "^25.0.2",
     "typescript": "^5.9.3",
     "vitest": "^4.0.17"