gemini-cli icon indicating copy to clipboard operation
gemini-cli copied to clipboard
Published 4 weeks ago verified publisher icon google-gemini

Tracker: Implement Tool Confirmation Message Bus

Open allenhutchison opened this issue 5 months ago • 5 comments

This issue tracks the implementation of the Tool Confirmation Message Bus as described in the RFC.

Summary

This project will implement a new pub/sub message bus to decouple tool confirmation logic from the core tool implementation. This will allow the agent/tools in the @google-gemini/core package to request user confirmation for actions (e.g., executing a shell command) from the TUI in the @google-gemini/cli package without a direct dependency. This architecture will also introduce a centralized Policy Service to manage tool execution rules, incorporating existing features like 'Always Allow' and non-interactive mode tool permissions from the outset.

Implementation Plan

  • [x] PR 1: Foundation & Scaffolding

    • Introduce packages/core/src/confirmation-bus/ and packages/core/src/policy/.
    • Create MessageBus, PolicyEngine, and all related types.
    • Integrate PolicyEngine into MessageBus.
    • Instantiate both in the Session object.
    • Add this updated RFC. No functional changes to tool behavior yet.

  • [x] PR 2: Core Tool Integration

    • Modify the shell tool in packages/core/src/tools/shell.ts to use the new message bus flow.
    • Include tests mocking both policy decisions and UI responses to validate the logic.

  • [x] PR 3: TUI Integration

    • Modify useReactToolScheduler to handle ToolConfirmationRequest and ToolPolicyRejection messages.
    • Wire logic to publish confirmation responses and policy updates (for 'Always Allow') back to the bus.

allenhutchison avatar Aug 27 '25 16:08 allenhutchison

Update: Added MCP Integration Phase

Created #7837 to track the integration of MCP tools with the Tool Confirmation Message Bus. This represents an additional phase of work beyond the initial 3 PRs:

Updated Implementation Plan:

  • [x] PR 1: Foundation & Scaffolding (#7835) - ✅ Complete

    • MessageBus and PolicyEngine implementation
    • Integration with Config class
    • Comprehensive unit tests

  • [x] PR 2: Core Tool Integration

    • Modify shell tool to use message bus
    • Add tests for tool integration

  • [x] PR 3: TUI Integration

    • Wire up UI to handle confirmation requests
    • Handle policy updates from UI

  • [x] PR 4: MCP Tool Integration (#7837) - NEW

    • Extend PolicyEngine for MCP-specific rules
    • Migrate MCP tool confirmation to MessageBus
    • Support server-level and tool-level policies
    • Maintain trusted folder behavior

The MCP integration will ensure all tool types use the same confirmation infrastructure while preserving MCP-specific features like server/tool-level allowlisting.

allenhutchison avatar Sep 05 '25 22:09 allenhutchison

Additional Enhancement: Shell Command Parsing

Created #7838 to track enhanced shell command parsing in the PolicyEngine. This will enable more sophisticated policies for shell commands by leveraging the existing parsing infrastructure.

Key Features:

  • Parse compound commands (&&, ||, ;, |)
  • Detect dangerous patterns (pipes, background jobs, command substitution)
  • Enable granular policies per command in compound statements
  • Support pattern-based rules (e.g., block rm -rf, allow git commands)

This enhancement will make the Tool Confirmation Message Bus more powerful for shell command security while reusing the robust parsing utilities already in the codebase (shell-utils.ts and shell-quote).

allenhutchison avatar Sep 05 '25 23:09 allenhutchison

Hello! As part of our effort to keep our backlog manageable and focus on the most active issues, we are tidying up older reports.

It looks like this issue hasn't been active for a while, so we are closing it for now. However, if you are still experiencing this bug on the latest stable build, please feel free to comment on this issue or create a new one with updated details.

Thank you for your contribution!

gemini-cli[bot] avatar Dec 03 '25 22:12 gemini-cli[bot]

THis is a tracking issue for a large feature.

allenhutchison avatar Dec 04 '25 01:12 allenhutchison

Hello! As part of our effort to keep our backlog manageable and focus on the most active issues, we are tidying up older reports.

It looks like this issue hasn't been active for a while, so we are closing it for now. However, if you are still experiencing this bug on the latest stable build, please feel free to comment on this issue or create a new one with updated details.

Thank you for your contribution!

gemini-cli[bot] avatar Dec 07 '25 00:12 gemini-cli[bot]