fix(plan): isolate plan files per session

[Adib234]

Summary

This PR implements session-based isolation for plan storage. By including the sessionId in the plans directory path, it prevents plan file collisions between different sessions in the same project and ensures that the Plan Mode policy correctly restricts file operations to the session-specific plans folder.

Details

• Storage Class Update: Modified the Storage class in packages/core to accept and store an optional sessionId.
• Session-Isolated Plan Paths: Updated getProjectTempPlansDir() to return .../plans/ when a session ID is present, falling back to the base plans directory otherwise.
• Config Integration: Updated the main Config class to pass the current sessionId when initializing the Storage service.
• Policy Enforcement: Updated the plan.toml policy file to adjust the argsPattern regex. The new pattern accounts for the additional directory level (/plans/<sessionId>/<file>.md), ensuring write_file and replace tools remain functional and secure within Plan Mode.

Related Issues

Fixes #18723

How to Validate

Start a new session and create a plan. End it and try re-running the same prompt to create the plan. Gemini CLI should have no memory of the plan that was created in the past and act as if it's creating the plan for the first time.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello @Adib234, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a significant improvement to how temporary plan files are managed by implementing session-based isolation. By ensuring that each session has its own dedicated directory for plan storage, it effectively eliminates potential conflicts and data corruption that could arise from multiple concurrent sessions. This change also includes necessary updates to the file system policy to maintain security and proper operation within the new directory structure.

Highlights

• Session-based Plan Isolation: Implemented session-based isolation for plan storage by incorporating the sessionId into the plans directory path, preventing file collisions between different sessions.
• Storage Class Update: The Storage class in packages/core was modified to accept and store an optional sessionId.
• Dynamic Plan Paths: The getProjectTempPlansDir() method now returns a session-specific path (.../plans/<sessionId>) when a sessionId is present, otherwise it defaults to the base plans directory.
• Config Integration: The main Config class was updated to pass the current sessionId during the initialization of the Storage service.
• Policy Enforcement Adjustment: The plan.toml policy file's argsPattern regex was updated to correctly account for the new sessionId directory level, ensuring write_file and replace tools function securely within Plan Mode.

Changelog

• packages/core/src/config/config.ts
  • Modified the Storage constructor call to include this.sessionId.
• packages/core/src/config/storage.test.ts
  • Updated the description of an existing test case for getProjectTempPlansDir to clarify its behavior without a sessionId.
  • Added a new test case to verify that getProjectTempPlansDir correctly returns a session-specific path when a sessionId is provided.
• packages/core/src/config/storage.ts
  • Added a sessionId property to the Storage class.
  • Updated the Storage constructor to accept an optional sessionId parameter and assign it to the new property.
  • Modified getProjectTempPlansDir to conditionally append the sessionId to the plans directory path.
• packages/core/src/policy/policies/plan.toml
  • Updated the argsPattern regex to include an additional directory segment for the sessionId in file paths.

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: +423 B (0%)

Total Size: 24.3 MB

ℹ️ View Unchanged

Filename	Size	Change
./bundle/gemini.js	24.3 MB	+423 B (0%)
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request successfully implements session-based isolation for plan storage by incorporating the sessionId into the plans directory path. This change prevents plan file collisions between different sessions and ensures that the Plan Mode policy correctly restricts file operations to the session-specific plans folder. The modifications to the Storage class, the Config class integration, and the updated plan.toml policy file are all well-aligned with the stated goal, and a new test case for getProjectTempPlansDir ensures proper coverage. However, it is important to note that a full security analysis could not be performed as the model was unable to read the content of the specified files, therefore no vulnerabilities were found or assessed by the security agent.

[jerop]

we should flip the order of plans and session id

~/.gemini/tmp/<project>/plans/<session-id>/ --> ~/.gemini/tmp/<project>/<session-id>/plans/

this way, we can add easily tasks and other planning items within the session subdirectory:

• ~/.gemini/tmp/<project>/<session-id>/plans/
• ~/.gemini/tmp/<project>/<session-id>/tasks/

this would be much better than:

• ~/.gemini/tmp/<project>/plans/<session-id>/
• ~/.gemini/tmp/<project>/tasks/<session-id>/

then down the road, we can move the other artifacts like chat history within this subdirectory e.g. ~/.gemini/tmp/<project>/chats --> ~/.gemini/tmp/<project>/<session-id>/chats (out of scope for now though)