fix(core): enable granular shell command allowlisting in policy engine

[abhipatel12]

Enables extracting and persisting granular root commands for shell allowlisting when using the Policy Engine. This complements pending enforcement logic fixes.

[gemini-code-assist]

Summary of Changes

Hello @abhipatel12, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the policy engine's capability for managing shell command allowlists. By allowing the commandPrefix to be an array, the system can now define and apply policies based on multiple distinct root commands within a single configuration. This change provides greater flexibility and precision in how shell commands are evaluated and permitted, laying the groundwork for more sophisticated enforcement logic.

Highlights

• Granular Shell Command Allowlisting: The policy engine now supports more granular allowlisting of shell commands by enabling the extraction and persistence of multiple root commands.
• Flexible commandPrefix Type: The commandPrefix property in policy update options and rules can now accept either a single string or an array of strings, allowing for more complex policy definitions.
• Multiple Rule Creation: When an array of commandPrefix values is provided, the policy updater will now create a separate policy rule for each command prefix in the array.
• Robust Regex for Command Matching: The regular expressions used to match commands in policy rules have been updated to be more robust, ensuring they match whole words (e.g., 'git' but not 'github').
• Enhanced Shell Tool Invocation: The ShellToolInvocation now extracts multiple root commands from a given shell command string (e.g., 'git status && npm test' would yield ['git', 'npm']) for policy updates when 'Proceed Always' or 'Proceed Always and Save' outcomes are selected.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: +914 B (0%)

Total Size: 22 MB

ℹ️ View Unchanged

Filename	Size	Change
./bundle/gemini.js	22 MB	+914 B (0%)
./bundle/sandbox-macos-permissive-closed.sb	1.03 kB	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-closed.sb	3.29 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request introduces granular shell command allowlisting in the policy engine, a valuable security enhancement. The changes correctly update type definitions and the policy updater to handle multiple command prefixes. However, I've identified a significant security concern in the fallback logic within ShellToolInvocation. When command parsing fails, it insecurely reverts to allowlisting the entire raw command string, undermining the new granular control. My review includes a critical fix to address this by ensuring no policy is created on parsing failure, which is a safer default behavior.

[galz10]

/patch both

[github-actions]

✅ Patch workflow(s) dispatched successfully!

📋 Details:

• Channels: stable,preview
• Commit: 37be162435574d2a9c56d7f8c0932d278b56edf2
• Workflows Created: 2

🔗 Track Progress:

• View patch workflows
• This workflow run

[github-actions]

🚀 Patch PR Created!

📋 Patch Details:

• Environment: prod
• Channel: preview → will publish to npm tag preview
• Commit: 37be162435574d2a9c56d7f8c0932d278b56edf2
• Hotfix Branch: hotfix/v0.23.0-preview.2/0.23.0-preview.3/preview/cherry-pick-37be162/pr-15601
• Hotfix PR: #15603

📝 Next Steps:

1. Review and approve the hotfix PR: #15603
2. Once merged, the patch release will automatically trigger
3. You'll receive updates here when the release completes

🔗 Track Progress:

• View hotfix PR #15603

[github-actions]

🚀 Patch PR Created!

📋 Patch Details:

• Environment: prod
• Channel: stable → will publish to npm tag latest
• Commit: 37be162435574d2a9c56d7f8c0932d278b56edf2
• Hotfix Branch: hotfix/v0.22.3/0.22.4/stable/cherry-pick-37be162/pr-15601
• Hotfix PR: #15602

📝 Next Steps:

1. Review and approve the hotfix PR: #15602
2. Once merged, the patch release will automatically trigger
3. You'll receive updates here when the release completes

🔗 Track Progress:

• View hotfix PR #15602

[github-actions]

🚀 Patch Release Started!

📋 Release Details:

• Environment: prod
• Channel: preview → publishing to npm tag preview
• Version: v0.23.0-preview.2
• Hotfix PR: Merged ✅
• Release Branch: release/v0.23.0-preview.2-pr-15601

⏳ Status: The patch release is now running. You'll receive another update when it completes.

🔗 Track Progress:

• View release workflow

[github-actions]

🚀 Patch Release Started!

📋 Release Details:

• Environment: prod
• Channel: stable → publishing to npm tag latest
• Version: v0.22.3
• Hotfix PR: Merged ✅
• Release Branch: release/v0.22.3-pr-15601

⏳ Status: The patch release is now running. You'll receive another update when it completes.

🔗 Track Progress:

• View release workflow

[github-actions]

✅ Patch Release Complete!

📦 Release Details:

• Version: 0.22.4
• NPM Tag: latest
• Channel: stable
• Dry Run: false

🎉 Status: Your patch has been successfully released and published to npm!

📝 What's Available:

• GitHub Release: View release v0.22.4
• NPM Package: npm install @google/gemini-cli@latest

🔗 Links:

• GitHub Release
• Workflow Run

[github-actions]

✅ Patch Release Complete!

📦 Release Details:

• Version: 0.23.0-preview.3
• NPM Tag: preview
• Channel: preview
• Dry Run: false

🎉 Status: Your patch has been successfully released and published to npm!

📝 What's Available:

• GitHub Release: View release v0.23.0-preview.3
• NPM Package: npm install @google/gemini-cli@preview

🔗 Links:

• GitHub Release
• Workflow Run