feat(cli): deprecate --allowed-tools and excludeTools in favor of policy engine

[Abhijit-2592]

Summary

Deprecates the --allowed-tools CLI flag, tools.allowed, and tools.exclude configuration options in favor of the Policy Engine, unifying tool exclusion logic.

Details

This PR implements a two-phase deprecation plan for legacy tool permission flags, guiding users toward the Policy Engine.

1. Deprecate --allowed-tools / tools.allowed

• CLI: Updated help description for --allowed-tools to indicate deprecation.
• Runtime: Added a warning in gemini.tsx if allowedTools is used via CLI args or settings.
• Core: Added @deprecated tags to allowedTools in Config properties.

2. Deprecate tools.exclude & Unify Exclusion Logic

• Policy Engine: Implemented PolicyEngine.getExcludedTools() to expose effectively denied tools.
• Config: Updated Config.getExcludeTools() to centrally aggregate exclusions from:
  • System defaults
  • Extensions
  • The Policy Engine
• Runtime: Added a startup warning for tools.exclude usage in settings.json.
• Core: Marked excludeTools as deprecated in Config parameters and class.
• Compatibility: Maintained legacy exclude processing in Core's createPolicyEngineConfig while refactoring CLI usage to avoid redundancy.

Related Issues

Partial solution for #11302 as this only deprecates.

How to Validate

1. Allowed Tools Warning:
   • Run gemini --allowed-tools="ShellTool".
   • Observe the warning: "The allowed-tools cli argument and tools.allowed setting are deprecated..."
2. Exclude Tools Warning:
   • Add "tools": { "exclude": ["some_tool"] } to settings.json.
   • Run gemini.
   • Observe the warning about tools.exclude deprecation.
3. Clean Run:
   • Run gemini without these flags/settings.
   • Observe no warnings.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run

[gemini-code-assist]

Summary of Changes

Hello @Abhijit-2592, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request initiates the deprecation process for the --allowed-tools CLI flag and the tools.allowed configuration setting, aiming to transition users towards the more robust Policy Engine for managing tool permissions. While the functionality of the deprecated options remains for now, users will receive warnings prompting them to migrate. Additionally, the Policy Engine has been enhanced to provide a consolidated list of excluded tools, which is now integrated into the main configuration's tool exclusion logic.

Highlights

• Deprecation of --allowed-tools: The --allowed-tools CLI flag and tools.allowed configuration option are now deprecated in favor of the Policy Engine.
• Deprecation Notices and Warnings: Deprecation notices have been added to the CLI help and JSDoc. Runtime warnings will now be displayed when deprecated options are used, guiding users to migrate to the Policy Engine.
• Policy Engine Enhancements: The Policy Engine now includes a getExcludedTools method to aggregate and identify tools that are effectively denied by policy rules, considering priorities and non-interactive mode.
• Centralized Tool Exclusion Logic: The Config.getExcludeTools() method has been updated to incorporate exclusions determined by the Policy Engine, centralizing the logic for tool exclusion.

Changelog

• packages/cli/src/config/config.test.ts
  • Updated test to reflect that exclude is no longer passed directly to createPolicyEngineConfig, as exclusions are now aggregated via Config.getExcludeTools().
• packages/cli/src/config/config.ts
  • Added a deprecation notice to the description of the --allowed-tools CLI argument, directing users to the Policy Engine documentation.
  • Modified loadCliConfig to pass an empty exclude array to the Policy Engine configuration, with a comment explaining that exclusions are now centrally aggregated.
• packages/cli/src/gemini.tsx
  • Implemented runtime warnings for both argv.allowedTools and settings.merged.tools.allowed when they are used, advising migration to the Policy Engine.
  • Added a runtime warning for settings.merged.tools.exclude usage, also recommending migration to the Policy Engine.
• packages/core/src/config/config.ts
  • Added JSDoc @deprecated tags to allowedTools and excludeTools properties in ConfigParameters and Config class, pointing to the Policy Engine.
  • Updated the getExcludeTools method to include exclusions determined by the Policy Engine, in addition to existing sources.
  • Added a comment to getExcludeTools clarifying its backward compatibility role for settings.json exclude.
• packages/core/src/policy/policy-engine.test.ts
  • Added new test suite for the getExcludedTools method, covering cases like empty rules, DENY decisions, priority handling, non-interactive mode (ASK_USER becomes DENY), and ignoring rules with argsPattern.
• packages/core/src/policy/policy-engine.ts
  • Introduced a new public method getExcludedTools() which identifies tools effectively denied by the policy rules, considering global rules, priority, and non-interactive mode.

Activity

• The author, Abhijit-2592, created this pull request.
• The pull request addresses issue Deprecate and remove --allowedTools, --excludeTools, --coreTools in favor of user defined policy #11302.
• The author has updated relevant documentation and README.
• The author has added and updated tests.
• The changes have been validated on MacOS using npm run.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request correctly introduces deprecation notices for the --allowed-tools CLI flag and tools.allowed configuration, guiding users toward the Policy Engine. It also implements a mechanism to hide denied tools from the LLM's discovery process by aggregating exclusions from the Policy Engine. However, there are two significant issues: the new getExcludedTools method in the PolicyEngine does not account for rule modes, which can lead to incorrect tool discovery filtering, and the CLI configuration now clears the exclude list before passing it to the Policy Engine, which removes the execution-level blocking for those tools. Addressing these will ensure that the deprecation phase remains secure and provides a consistent user experience.

[github-actions]

Size Change: +3.34 kB (+0.01%)

Total Size: 24.3 MB

Filename	Size	Change
./bundle/gemini.js	24.3 MB	+3.34 kB (+0.01%)

ℹ️ View Unchanged

Filename	Size
./bundle/sandbox-macos-permissive-closed.sb	1.03 kB
./bundle/sandbox-macos-permissive-open.sb	890 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB
./bundle/sandbox-macos-restrictive-closed.sb	3.29 kB
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB

_{compressed-size-action}

[allenhutchison]

This looks pretty good to me but there is this question about allowed tools.

[allenhutchison]

So in chatting with @NTaylorMullen I think he wants to keep allowed-tools have you synced with him on this?

[jacob314]

[jacob314]