Override Gemini CLI trust with VScode workspace trust when in IDE #7433
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Summary of Changes
Hello @shrutip90, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request enhances the security and user experience of the Gemini CLI by aligning its folder trust mechanism with the workspace trust feature available in integrated development environments like VS Code. It ensures that the CLI respects the security context of the IDE, providing a more unified and secure environment for users.
Highlights
- IDE Workspace Trust Integration: The Gemini CLI now integrates with VS Code's workspace trust feature, allowing the IDE's trust status to override the CLI's local folder trust configuration.
- Dynamic Trust Updates: The CLI will now listen for changes in the IDE's workspace trust status and prompt the user to restart the CLI to apply these changes, ensuring consistency between the IDE and CLI's security posture.
- Refactored Trust Logic: The internal logic for determining workspace trust has been updated to prioritize the IDE's reported trust status, falling back to the local configuration only if the IDE does not provide a trust value.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with π and π on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. β©
There was a problem hiding this comment.
Code Review
This pull request does a great job of integrating VS Code's workspace trust with the Gemini CLI. The changes are well-structured across the different packages, with good separation of concerns, and the new functionality is supported by a solid set of tests. The use of a dedicated React hook (useIdeTrustListener) to handle trust state changes in the UI is a clean approach. I have found one high-severity security issue in the fallback logic for trust verification that should be addressed.
Comment on lines
+753
to
758
| const context = ideContext.getIdeContext(); | ||
| if (context?.workspaceState?.isTrusted !== undefined) { | ||
| return context.workspaceState.isTrusted; | ||
| } | ||
|
|
||
| return this.trustedFolder ?? true; |
There was a problem hiding this comment.
There's a potential security issue with the fallback logic. If the CLI starts with a trusted connection to the IDE, this.trustedFolder will be true. If the connection to the IDE is later lost, ideContext is cleared, and this function will fall back to this.trustedFolder, which is true. This means the workspace remains trusted even though the source of trust (the IDE) is no longer available to confirm. This could allow privileged operations in a workspace that should be considered untrusted.
When IDE integration is enabled but the connection to the IDE is lost, it's safer to default to an untrusted state.
const context = ideContext.getIdeContext();
if (context?.workspaceState?.isTrusted !== undefined) {
return context.workspaceState.isTrusted;
}
if (this.getIdeMode()) {
const status = this.getIdeClient().getConnectionStatus().status;
if (status === 'disconnected') {
// If IDE integration is enabled but we are disconnected, we cannot
// verify the trust state. Default to untrusted for security.
return false;
}
}
return this.trustedFolder ?? true;There was a problem hiding this comment.
IdeMode can be on even outside the IDE, so this doesn't work. I could look for the env variables like GEMINI_CLI_IDE_WORKSPACE_PATH that we set in the IDE mode though. This will cause a degraded experience in envs where trust is undefined or TRUSTED outside Vscode and TRUSTED in Vscode. But it will be give us better correctness in the case where it is undefined outside Vscode and UNTRUSTED in Vscode.
@jacob314 / @cornmander please let me know if i should query those and default to false when we can't determine the status.
Code Coverage Summary
CLI Package - Full Text ReportCore Package - Full Text ReportFor detailed HTML reports, please see the 'coverage-reports-22.x-ubuntu-latest' artifact from the main CI run. |
jacob314
reviewed
Sep 2, 2025
β¦ther small changes
thacio
added a commit
to thacio/auditaria
that referenced
this pull request
Sep 3, 2025
β¦ce trust when in IDE (google-gemini#7433)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
TLDR
Dive Deeper
Reviewer Test Plan
Testing Matrix
Linked issues / bugs
Related to https://github.com/google-gemini/maintainers-gemini-cli/issues/717