fix(patch): cherry-pick bce1cae to release/v0.28.0-preview.6-pr-18407 [CONFLICTS]

[gemini-cli-robot]

This PR automatically cherry-picks commit bce1cae to patch version v0.28.0-preview.6 in the preview release to create version 0.28.0-preview.7.

⚠️ Merge Conflicts Detected

This cherry-pick resulted in merge conflicts that need manual resolution.

🔧 Next Steps:

1. Review the conflicts: Check out this branch and review the conflict markers
2. Resolve conflicts: Edit the affected files to resolve the conflicts
3. Test the changes: Ensure the patch works correctly after resolution
4. Update this PR: Push your conflict resolution

📋 Files with conflicts:

The commit has been created with conflict markers for easier manual resolution.

🚨 Important:

• Do not merge this PR until conflicts are resolved
• The automated patch release will trigger once this PR is merged

[gemini-code-assist]

Summary of Changes

Hello @gemini-cli-robot, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request aims to integrate a critical commit into a preview release branch, primarily focusing on improving the CLI's handling of non-interactive (headless) environments. The changes standardize how the CLI detects if it's running without user interaction and adjusts core behaviors, such as folder trust and interactive prompts, accordingly. This ensures a more robust and predictable experience in automated or CI/CD contexts, although the current PR requires manual conflict resolution.

Highlights

• Automated Cherry-Pick with Conflicts: This pull request is an automated cherry-pick of commit bce1caefd07cafa270aa8510164eed30a70381a3 to the release/v0.28.0-preview.6-pr-18407 branch. Merge conflicts were detected during the process, requiring manual resolution.
• Headless Mode Detection Refinement: Introduced a new isHeadlessMode utility function to standardize the detection of non-interactive environments across the CLI, considering CI/GitHub Actions environment variables, TTY status of stdin/stdout, and explicit prompt flags.
• Folder Trust Behavior in Headless Mode: Modified the folder trust mechanism to automatically trust workspaces when running in headless mode, bypassing interactive prompts and configuration, while still providing an informational message if the folder was originally untrusted.
• Interactive Prompt Logic Update: Adjusted the logic for determining interactive mode and displaying startup messages, now leveraging the new isHeadlessMode function for more consistent behavior.
• Enhanced Testing for Headless Mode and Folder Trust: Added comprehensive unit tests for the new isHeadlessMode utility and updated existing tests for config.ts, trustedFolders.ts, and useFolderTrust.ts to account for headless mode scenarios and improved folder trust logic.

Changelog

• package-lock.json
  • Updated package-lock.json to include peer: true for several dependencies, reflecting changes in dependency resolution or metadata.
• packages/cli/src/config/config.test.ts
  • Added a mock for isHeadlessMode from @google/gemini-cli-core.
  • Stored and restored process.stdout.isTTY and process.stdin.isTTY in global test hooks.
  • Configured beforeEach to default to interactive mode for most tests, and headless mode for specific positional argument tests.
  • Updated test logic to use process.stdout.isTTY stubbing.
  • Introduced environment variable handling for VITEST and GEMINI_CLI_INTEGRATION_TEST in loadCliConfig folderTrust tests.
  • Added a beforeEach hook to parseArguments with positional prompt tests to enforce headless mode.
• packages/cli/src/config/config.ts
  • Imported isHeadlessMode and related utilities from @google/gemini-cli-core.
  • Replaced direct process.stdin.isTTY checks with !isHeadlessMode() for interactive prompt logic.
  • Modified folderTrust calculation to disable it if GEMINI_CLI_INTEGRATION_TEST or VITEST environment variables are true.
  • Updated the interactive flag determination to use !isHeadlessMode({ prompt: argv.prompt }).
• packages/cli/src/config/trustedFolders.test.ts
  • Mocked isHeadlessMode to return false by default for folder trust tests.
  • Added new test cases for isWorkspaceTrusted covering child folder trust, specific distrust prioritization, workspaceDir usage, and path normalization.
  • Included tests for isWorkspaceTrusted behavior with false IDE overrides and invalid config files.
  • Introduced a new test suite for isWorkspaceTrusted in headless mode, verifying forced trust.
  • Added tests for loadTrustedFolders caching mechanism and reset functionality.
  • Implemented a test for invalid trust levels to ensure proper error message generation.
• packages/cli/src/config/trustedFolders.ts
  • Imported isHeadlessMode from @google/gemini-cli-core.
  • Added an early exit in isWorkspaceTrusted to return isTrusted: true if isHeadlessMode() is detected.
• packages/cli/src/ui/hooks/useFolderTrust.test.ts
  • Mocked isHeadlessMode from @google/gemini-cli-core to return false by default.
  • Preserved and restored process.stdout.isTTY and process.stdin.isTTY in test hooks.
  • Configured beforeEach to set process.stdout.isTTY and process.stdin.isTTY to true for interactive test defaults.
  • Added a new test suite for headless mode, confirming forced trust and hidden dialogs when isHeadlessMode is true.
• packages/cli/src/ui/hooks/useFolderTrust.ts
  • Imported isHeadlessMode from @google/gemini-cli-core.
  • Modified the useEffect hook to apply headless mode logic: if isHeadlessMode() is true, it forces isTrusted to true, hides the folder trust dialog, and displays an informational message if the folder was initially untrusted.
• packages/core/src/config/config.test.ts
  • Refined the MCP client manager mock to use a controlled promise for asynchronous operations, allowing for more precise testing of non-blocking behavior.
• packages/core/src/index.ts
  • Exported the new headless.js utility module.
• packages/core/src/utils/authConsent.test.ts
  • Imported and mocked the new isHeadlessMode function.
  • Updated authentication consent tests to use the isHeadlessMode mock instead of direct process.stdin.isTTY manipulation.
• packages/core/src/utils/authConsent.ts
  • Imported isHeadlessMode.
  • Changed the condition for throwing FatalAuthenticationError from !process.stdin.isTTY to isHeadlessMode().
• packages/core/src/utils/headless.test.ts
  • Added a new file containing comprehensive unit tests for the isHeadlessMode function, covering various environment and TTY scenarios, and graceful handling of undefined process.stdout/stdin.
• packages/core/src/utils/headless.ts
  • Added a new file defining the isHeadlessMode utility function, which detects non-interactive environments based on CI/GITHUB_ACTIONS environment variables, TTY status of process.stdin/stdout, and explicit prompt options, with special handling for integration tests.
• packages/test-utils/src/test-rig.ts
  • Added GEMINI_CLI_INTEGRATION_TEST to the list of environment variables preserved during test environment cleanup.

Activity

• The pull request was automatically generated by gemini-cli-robot to cherry-pick a specific commit.
• Merge conflicts were encountered during the automated cherry-pick, requiring manual resolution.
• Instructions have been provided to the author for resolving conflicts, testing changes, and updating the PR.
• The PR is currently in a state where it cannot be merged until the detected conflicts are manually addressed.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new isHeadlessMode utility function to detect non-interactive environments based on CI/CD environment variables, TTY status, or explicit prompt flags. This utility is integrated across the CLI to modify behavior related to interactive prompts, OAuth consent, and crucially, folder trust. Specifically, the isWorkspaceTrusted function and the useFolderTrust hook are updated to automatically grant trust to workspaces when in headless mode, bypassing security checks. Additionally, the folderTrust security feature is explicitly disabled if GEMINI_CLI_INTEGRATION_TEST or VITEST environment variables are set. The package-lock.json file also includes changes adding peer: true to several dependencies. Review comments highlight critical security concerns regarding the automatic trust in headless mode, which could allow malicious files to be executed in automated environments, and the use of test-specific environment variables to bypass security features in production code. Unresolved merge conflicts are also present in packages/cli/src/config/config.ts and packages/cli/src/ui/hooks/useFolderTrust.ts.

[gemini-code-assist]

Unresolved merge conflict markers (<<<<<<< HEAD, =======, >>>>>>> bce1caefd (...)) are detected in the source code. These must be resolved as they will cause syntax errors and prevent the application from running correctly, impacting both functionality and security integrity.

[gemini-code-assist]

In headless mode, the useFolderTrust hook forces the trust state to true, bypassing workspace trust protections and allowing untrusted folders to be treated as trusted. This is a critical security vulnerability. Additionally, there are unresolved merge conflicts in this section. Recommendation: Do not force trust in headless mode; ensure secure failure or explicit configuration. Please also resolve the merge conflicts.

References

1. Security checks, such as an extension allowlist, should be implemented in a 'fail-closed' manner. If an item's validity cannot be verified (e.g., due to missing metadata), it should be rejected by default.

[gemini-code-assist]

The isWorkspaceTrusted function is modified to automatically return true when isHeadlessMode() is detected. Headless mode is triggered by common environment variables (e.g., CI=true, GITHUB_ACTIONS=true) or by simply piping stdout/stdin. This effectively bypasses the 'Workspace Trust' security feature in automated environments or when using pipes. An attacker could exploit this by committing a malicious .gemini/settings.json or GEMINI.md file to a repository; when the CLI is run in a CI environment or via a pipe, it will trust the folder and potentially execute malicious hooks or MCP servers without user consent.

Recommendation: Do not automatically grant trust in headless mode. Instead, require an explicit opt-in flag (e.g., --trust-workspace) or default to untrusted if interaction is not possible.

References

1. Security checks, such as an extension allowlist, should be implemented in a 'fail-closed' manner. If an item's validity cannot be verified (e.g., due to missing metadata), it should be rejected by default.

[gemini-code-assist]

The folderTrust security feature is explicitly disabled if the GEMINI_CLI_INTEGRATION_TEST or VITEST environment variables are set to true. Including test-specific bypasses in production code is a security risk, as it allows anyone with control over the environment to completely disable critical security protections. This is particularly dangerous as disabling folderTrust causes the application to treat all workspaces as trusted.

Recommendation: Remove test-specific environment variable checks from production code. Use a more secure configuration mechanism for testing that does not leak into production logic.

References

1. Security checks should be implemented in a 'fail-closed' manner. Bypassing security checks, even for testing, can lead to a 'fail-open' state in production environments.

[gemini-code-assist]

The isHeadlessMode function uses the GEMINI_CLI_INTEGRATION_TEST environment variable to alter its detection logic. Using test-specific environment variables in production code to change core logic is a security risk and can lead to unexpected behavior or security bypasses when these variables are present in the environment.

Recommendation: Remove test-specific environment variable checks from production code.

References

1. Security checks should be implemented in a 'fail-closed' manner. Using test-specific environment variables to alter core logic can lead to security bypasses and a 'fail-open' state.

[github-actions]

Size Change: +1.34 kB (+0.01%)

Total Size: 23.7 MB

Filename	Size	Change
./bundle/gemini.js	23.7 MB	+1.34 kB (+0.01%)

ℹ️ View Unchanged

Filename	Size
./bundle/sandbox-macos-permissive-closed.sb	1.03 kB
./bundle/sandbox-macos-permissive-open.sb	890 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB
./bundle/sandbox-macos-restrictive-closed.sb	3.29 kB
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB

_{compressed-size-action}