fix(patch): cherry-pick 08e8eea to release/v0.29.0-preview.1-pr-18855 to patch version v0.29.0-preview.1 and create version 0.29.0-preview.2

[gemini-cli-robot]

This PR automatically cherry-picks commit 08e8eea to patch version v0.29.0-preview.1 in the preview release to create version 0.29.0-preview.2.

[gemini-code-assist]

Summary of Changes

Hello @gemini-cli-robot, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces significant improvements to how the CLI detects and operates in headless environments. By expanding the isHeadlessMode function to recognize additional indicators like query parameters and specific command-line arguments, the system can now more accurately determine when to bypass interactive prompts and security checks, such as workspace trust. This ensures a smoother and more predictable experience for automated scripts and CI/CD pipelines.

Highlights

• Enhanced Headless Mode Detection: The isHeadlessMode function now more robustly identifies headless environments by considering query parameters and specific command-line flags (-p, --prompt, -y, --yolo).
• Workspace Trust in Headless Contexts: The logic for determining workspace trust (isWorkspaceTrusted, isPathTrusted) has been updated to correctly bypass trust checks when operating in a detected headless mode.
• Refined Interactive Mode Logic: The interactive flag calculation in loadCliConfig was adjusted to align with the new, more comprehensive isHeadlessMode detection.
• Improved Test Coverage: New and updated test cases were added for isHeadlessMode and isPathTrusted to ensure the new headless detection logic functions as expected, including graceful handling of undefined process.stdout and process.stdin.

Changelog

• packages/cli/src/config/config.ts
  • Modified the call to isWorkspaceTrusted to pass prompt and query arguments from argv.
  • Updated the interactive variable assignment to use the enhanced isHeadlessMode function with prompt and query options.
• packages/cli/src/config/trustedFolders.test.ts
  • Added a new test case to confirm that isPathTrusted returns true when isHeadlessMode is active.
• packages/cli/src/config/trustedFolders.ts
  • Imported the HeadlessModeOptions type.
  • Implemented an early return of true in isPathTrusted if isHeadlessMode is detected.
  • Extended getWorkspaceTrustFromLocalConfig and isWorkspaceTrusted functions to accept and propagate headlessOptions.
• packages/core/src/utils/headless.test.ts
  • Updated existing tests and added new ones to verify isHeadlessMode correctly identifies headless environments based on query options and process.argv flags (-p, --prompt, -y, --yolo).
  • Improved robustness of tests for undefined process.stdout and process.stdin by using Object.defineProperty.
• packages/core/src/utils/headless.ts
  • Refactored the isHeadlessMode function to prioritize CI environment checks, incorporate options?.query, and include a fallback mechanism to check for specific headless-related flags in process.argv.

Activity

• This pull request is an automated cherry-pick of commit 08e8eea to patch version v0.29.0-preview.1, creating version 0.29.0-preview.2.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request cherry-picks a fix to correctly handle folder trust in headless mode by refactoring and enhancing the isHeadlessMode utility to be more comprehensive. However, it introduces a critical security bypass in the Folder Trust mechanism. By expanding the definition of 'headless mode' to include cases where a query is provided via command-line arguments or the YOLO flag is used, and subsequently granting automatic trust to a workspace, the security boundary intended to protect users from malicious local configurations is effectively neutralized. This could allow for the execution of untrusted hooks and the loading of unsanitized environment variables from any directory, provided a query or the YOLO flag is present in the command.

[gemini-code-assist]

The isWorkspaceTrusted function automatically returns true if isHeadlessMode() is true. Combined with the changes in packages/core/src/utils/headless.ts, this allows a user-controlled flag (like -y or a positional query) to bypass the folder trust security mechanism. This is a critical security bypass because the folder trust feature is intended to be the gatekeeper for dangerous operations like YOLO mode and loading unsanitized environment variables.

[gemini-code-assist]

The isHeadlessMode function now returns true if a query is provided or if the -y/--yolo flags are present in process.argv. Since isHeadlessMode is used by the folder trust mechanism to automatically grant trust, this allows an attacker to bypass folder trust by simply providing a query or convincing a user to use the YOLO flag. Headless mode detection for security-sensitive decisions should be strictly limited to verified environment indicators (like CI=true) and should not be influenced by user-controlled CLI flags.

[gemini-code-assist]

Passing argv.query to isWorkspaceTrusted triggers a security bypass. Because isHeadlessMode (called internally by isWorkspaceTrusted) returns true if a query is present, any command that includes a positional argument will cause the current folder to be automatically trusted. This bypasses the trust prompt and allows potentially malicious hooks or configurations in the folder to be executed.

[github-actions]

Size Change: +382 B (0%)

Total Size: 23.9 MB

ℹ️ View Unchanged

Filename	Size	Change
./bundle/gemini.js	23.9 MB	+382 B (0%)
./bundle/sandbox-macos-permissive-closed.sb	1.03 kB	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-closed.sb	3.29 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B

_{compressed-size-action}