feat(plan): fix invalid tool calls in plan mode

[Adib234]

Summary

The changes prevent the Gemini model from attempting to use enter_plan_mode while already in Plan Mode and exit_plan_mode while in Default Mode. This is achieved syncing plan mode tools correctly when we change approval modes.

Details

We now register and unregister tools so that the model cannot have access to running that tool and then we refresh the chat so the model doesn't think it can call the tool

Related Issues

Closes #18334

How to Validate

If you are in plan mode, try to trigger the enter plan mode tool by creating another plan. It should not trigger enter plan mode tool call.

If you are not in plan mode, try triggering the exit plan mode tool but telling it to exit the plan or "I've finished creating a plan now exit". It should not call exit plan mode tool.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello @Adib234, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the robustness of the system by addressing instances where the Gemini model would incorrectly attempt to call mode-switching tools ('enter_plan_mode' or 'exit_plan_mode') in inappropriate contexts. By integrating explicit warnings directly into the system prompts and refining the dynamic tool exclusion logic, the changes proactively guide the model's behavior, preventing 'hallucinated' tool calls and ensuring smoother state transitions within the application.

Highlights

• Prompt Guidance for Tool Calls: Explicit warnings have been added to the system prompts to prevent the Gemini model from attempting invalid tool calls. In Plan Mode, the model is now warned not to call 'enter_plan_mode', and in Default Mode, it is warned not to call 'exit_plan_mode'.
• Dynamic Tool Exclusion Logic: The configuration now dynamically excludes 'enter_plan_mode' when in Plan Mode and 'exit_plan_mode' when in Default or Auto-Edit Mode, complementing the new prompt-based guidance.
• Enhanced Test Coverage: New test cases have been added to verify the correct dynamic exclusion of 'enter_plan_mode' and 'exit_plan_mode' based on the current approval mode, ensuring robust behavior.
• Snapshot Updates: System prompt snapshots have been updated to reflect the inclusion of the new warning messages, ensuring consistency in prompt generation.

Changelog

• packages/core/src/config/config.test.ts
  • Imported ENTER_PLAN_MODE_TOOL_NAME and EXIT_PLAN_MODE_TOOL_NAME for testing purposes.
  • Added a new test suite 'Config Dynamic Tool Exclusion' to verify that enter_plan_mode is correctly excluded when in Plan Mode and exit_plan_mode is excluded in Default and Auto-Edit Modes.
• packages/core/src/config/config.ts
  • Imported ENTER_PLAN_MODE_TOOL_NAME and EXIT_PLAN_MODE_TOOL_NAME.
  • Modified the getExcludeTools method to dynamically add ENTER_PLAN_MODE_TOOL_NAME to the exclusion set when the system is in ApprovalMode.PLAN.
  • Modified the getExcludeTools method to dynamically add EXIT_PLAN_MODE_TOOL_NAME to the exclusion set when the system is not in ApprovalMode.PLAN (i.e., DEFAULT or AUTO_EDIT).
• packages/core/src/core/snapshots/prompts.test.ts.snap
  • Updated snapshot tests to reflect the new warning messages included in the system prompts for both Plan Mode and Default Mode.
• packages/core/src/core/prompts.test.ts
  • Imported ENTER_PLAN_MODE_TOOL_NAME and EXIT_PLAN_MODE_TOOL_NAME.
  • Updated test cases to assert the presence of the new warning message in the Plan Mode prompt, specifically advising against calling enter_plan_mode.
  • Updated test cases to assert the presence of the new warning message in the Default Mode prompt, specifically advising against calling exit_plan_mode.
• packages/core/src/prompts/snippets.ts
  • Imported ENTER_PLAN_MODE_TOOL_NAME.
  • Added a specific warning to the renderPlanningWorkflow function (used for Plan Mode prompts) to explicitly instruct the model not to call enter_plan_mode.
  • Added a specific warning to the renderPrimaryWorkflows function (used for Default Mode prompts) to explicitly instruct the model not to call exit_plan_mode.

Activity

• Adib234 created this pull request to fix invalid tool calls in plan mode.
• The pull request addresses and closes issue Exclude EnterPlanMode in plan mode and ExitPlanMode in all modes except plan mode #18334.
• The author provided a detailed summary and specific validation steps for reviewers to test the changes.
• Changes include modifications to prompt snippets, configuration logic for tool exclusion, and corresponding test updates.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: +1.18 kB (0%)

Total Size: 23.7 MB

Filename	Size	Change
./bundle/gemini.js	23.7 MB	+1.18 kB (0%)

ℹ️ View Unchanged

Filename	Size
./bundle/sandbox-macos-permissive-closed.sb	1.03 kB
./bundle/sandbox-macos-permissive-open.sb	890 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB
./bundle/sandbox-macos-restrictive-closed.sb	3.29 kB
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB

_{compressed-size-action}

[Adib234]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a robust mechanism to prevent invalid tool calls by dynamically synchronizing the available tools (enter_plan_mode and exit_plan_mode) with the current approval mode. This is a good improvement over relying solely on prompt instructions. The changes in packages/core/src/config/config.ts correctly handle this synchronization during initialization and mode transitions. New tests have also been added to verify this behavior.

I've identified a potential race condition in how the tool synchronization and system instruction updates are handled during mode transitions. My review comment provides a suggestion to resolve this to ensure the application state remains consistent.

[jerop]

/gemini review

[gemini-code-assist]

Code Review

This pull request aims to prevent invalid tool calls for enter_plan_mode and exit_plan_mode by synchronizing their availability based on the current approval mode. However, a critical security vulnerability exists: the current implementation fails to restrict other dangerous, write-capable tools during the read-only Plan Mode, creating an incomplete security boundary. This could allow unauthorized file modifications or command executions if the LLM is manipulated. Additionally, plan-related tools could be registered even if the planning feature is disabled.