fix(patch): cherry-pick 171103a to release/v0.20.0-preview.2-pr-14742 to patch version v0.20.0-preview.2 and create version 0.20.0-preview.5

[gemini-cli-robot]

This PR automatically cherry-picks commit 171103a to patch version v0.20.0-preview.2 in the preview release to create version 0.20.0-preview.5.

[gemini-code-assist]

Summary of Changes

Hello @gemini-cli-robot, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request implements a critical security enhancement for the ShellExecutionService by introducing environment variable sanitization. The primary goal is to prevent the unintentional exposure of sensitive information when shell commands are executed within a GitHub Actions environment. It achieves this by filtering environment variables, allowing only essential and explicitly whitelisted variables to be passed, while maintaining full environment transparency for local development to ensure seamless operation.

Highlights

• Environment Variable Sanitization: A new getSanitizedEnv function has been introduced to control and filter environment variables passed to child processes.
• GitHub Actions Security Enhancement: When running within a GitHub Actions environment, sensitive environment variables are now stripped, and only a predefined set of essential and GEMINI_CLI_TEST prefixed variables are passed to child processes, enhancing security.
• Local Development Compatibility: For local execution outside of GitHub Actions, the full process.env is preserved and passed to child processes, ensuring compatibility with existing development workflows.
• New Unit Tests: Comprehensive unit tests have been added to shellExecutionService.test.ts to verify the correct behavior of environment variable sanitization and preservation under various conditions.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces environment variable sanitization for shell commands executed within a CI environment, which is a good security practice. However, I've identified a critical issue with the implementation. The whitelist of allowed environment variables is too restrictive and will likely break many common CI workflows that depend on tools for cloud providers, proxies, or containers. My review includes a suggestion to expand the allowlist to support these common use cases while maintaining a strong security posture.

[gemini-code-assist]

The current whitelisting approach for environment variables is too restrictive and will likely break many common CI/CD use cases. Commands for interacting with cloud providers (like aws, gcloud, az), container tools (docker, kubectl), or tools behind corporate proxies rely on specific environment variables (e.g., AWS_*, GOOGLE_APPLICATION_CREDENTIALS, HTTP_PROXY) for authentication and configuration. By stripping these, the ShellExecutionService will cause such commands to fail when run in a GitHub Actions environment.

This is a critical correctness issue that severely limits the utility of executing shell commands in a CI context.

A more robust solution would be to allow certain prefixes for well-known tools and specific variables for common configurations, in addition to the essential variables. This would maintain a good security posture while enabling common workflows.

  // For CI runs (GitHub), we sanitize the environment for security.
  const env: NodeJS.ProcessEnv = {};
  const essentialVars = [
    // Cross-platform
    'PATH',
    // Windows specific
    'Path',
    'SYSTEMROOT',
    'SystemRoot',
    'COMSPEC',
    'ComSpec',
    'PATHEXT',
    'WINDIR',
    'TEMP',
    'TMP',
    'USERPROFILE',
    'SYSTEMDRIVE',
    'SystemDrive',
    // Unix/Linux/macOS specific
    'HOME',
    'LANG',
    'SHELL',
    'TMPDIR',
    'USER',
    'LOGNAME',
  ];

  // Start with essential variables.
  for (const key of essentialVars) {
    if (process.env[key] !== undefined) {
      env[key] = process.env[key];
    }
  }

  // Allow-list for common tools and configurations.
  const allowedPrefixes = [
    'AWS_',
    'GCP_',
    'GOOGLE_',
    'AZURE_',
    'DOCKER_',
    'CI_',
    'GEMINI_CLI_TEST', // For integration tests
  ];
  const allowedExact = [
    'HTTP_PROXY',
    'HTTPS_PROXY',
    'NO_PROXY',
    'http_proxy',
    'https_proxy',
    'no_proxy',
    'KUBECONFIG',
    'SSL_CERT_FILE',
    'SSL_CERT_DIR',
  ];

  // Add other allowed variables.
  for (const key in process.env) {
    if (allowedExact.includes(key) || allowedPrefixes.some(prefix => key.startsWith(prefix))) {
      env[key] = process.env[key];
    }
  }

[github-actions]

Size Change: +866 B (0%)

Total Size: 21.5 MB

ℹ️ View Unchanged

Filename	Size	Change
./bundle/gemini.js	21.4 MB	+866 B (0%)
./bundle/sandbox-macos-permissive-closed.sb	1.03 kB	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-closed.sb	3.29 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B

_{compressed-size-action}