fix(patch): cherry-pick edbe548 to release/v0.20.1-pr-15007 [CONFLICTS]

[gemini-cli-robot]

This PR automatically cherry-picks commit edbe548 to patch version v0.20.1 in the stable release to create version 0.20.2.

⚠️ Merge Conflicts Detected

This cherry-pick resulted in merge conflicts that need manual resolution.

🔧 Next Steps:

1. Review the conflicts: Check out this branch and review the conflict markers
2. Resolve conflicts: Edit the affected files to resolve the conflicts
3. Test the changes: Ensure the patch works correctly after resolution
4. Update this PR: Push your conflict resolution

📋 Files with conflicts:

The commit has been created with conflict markers for easier manual resolution.

🚨 Important:

• Do not merge this PR until conflicts are resolved
• The automated patch release will trigger once this PR is merged

[gemini-code-assist]

Summary of Changes

Hello @gemini-cli-robot, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request facilitates an automated patch release by attempting to cherry-pick a specific commit into the stable branch. However, due to detected merge conflicts, manual intervention is necessary to integrate the changes, which primarily involve adjusting a policy for subagent invocation, before the new patch version can be released.

Highlights

• Cherry-pick with Conflicts: This PR is an automated cherry-pick of commit edbe548 to the release/v0.20.1-pr-15007 branch, intended to create version 0.20.2.
• Subagent Invocation Policy: The cherry-picked commit aims to add a temporary fix by allowing SubagentInvocation in the read-only.toml policy, with a priority of 50.
• Manual Conflict Resolution Required: The automated cherry-pick resulted in merge conflicts in packages/core/src/policy/policies/read-only.toml that require manual resolution before merging.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: -2 B (0%)

Total Size: 21.5 MB

ℹ️ View Unchanged

Filename	Size	Change
./bundle/gemini.js	21.4 MB	-2 B (0%)
./bundle/sandbox-macos-permissive-closed.sb	1.03 kB	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-closed.sb	3.29 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request includes a file with unresolved merge conflict markers in packages/core/src/policy/policies/read-only.toml, which must be resolved as it will cause application failures. Additionally, a security audit identified two high-severity vulnerabilities: a Broken Access Control issue in the policy engine's wildcard tool matching, potentially allowing tool impersonation, and a Stored Cross-Site Scripting (XSS) vulnerability due to unsanitized output from a subagent. Addressing these findings is crucial before merging.

[gemini-code-assist]

This file contains unresolved merge conflict markers (<<<<<<<, =======, >>>>>>>). These markers make the TOML file invalid and will cause parsing failures at runtime. Please resolve the conflict by removing the markers and keeping the intended changes.

[[rule]]
toolName = "SubagentInvocation"
decision = "allow"
priority = 50