fix(policy): allow codebase_investigator by default in read-only policy #15000
Conversation
Summary of ChangesHello @abhipatel12, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request streamlines the use of the Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with π and π on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
|
Size Change: -2 B (0%) Total Size: 21.6 MB βΉοΈ View Unchanged
|
There was a problem hiding this comment.
Code Review
This pull request adds the codebase_investigator tool to the default read-only policy. While this seems correct based on the tool's current capabilities, I have identified a potential high-severity security risk stemming from an inconsistency in the agent's definition. My review comment details this risk and recommends resolving the underlying issue before this change is merged.
| [[rule]] | ||
| toolName = "codebase_investigator" | ||
| decision = "allow" | ||
| priority = 50 |
There was a problem hiding this comment.
While codebase_investigator currently uses only read-only tools, allowing it by default introduces a potential security risk due to an inconsistency in its definition in packages/core/src/agents/codebase-investigator.ts.
Specifically:
- The agent's prompt (line 109) states it can use the
web_fetchtool. - The agent's
toolConfig(line 85) does not grant it this capability.
The web_fetch tool is not present in this read-only.toml allowlist, which implies it is not considered safe to run by default without user confirmation. If a future change "fixes" the agent by adding web_fetch to its toolConfig, this policy rule would silently permit a potentially unsafe tool to run.
This latent security vulnerability should be addressed before whitelisting the agent. I recommend resolving the inconsistency in codebase-investigator.ts (e.g., by removing the mention of web_fetch from the prompt) before merging this change.
|
/patch preview |
|
β Patch workflow(s) dispatched successfully! π Details:
π Track Progress: |
|
π Patch PR Created! π Patch Details:
π Next Steps:
π Track Progress: |
|
π Patch Release Started! π Release Details:
β³ Status: The patch release is now running. You'll receive another update when it completes. π Track Progress: |
|
β Patch Release Complete! π¦ Release Details:
π Status: Your patch has been successfully released and published to npm! π What's Available:
π Links: |
β¦ default in read-only policy (google-gemini#15000)
Summary
Allowed
codebase_investigatorby default in the read-only policy configuration.Details
The
codebase_investigatortool is a read-only analysis tool but was missing from the default allowlist inpackages/core/src/policy/policies/read-only.toml. This resulted in it requiring explicit user permission or higher privilege modes to run, despite being safe. This PR adds it to the policy with priority 50, matching other read-only tools likeglobandread_file.Related Issues
How to Validate
npm run build -w packages/corecodebase_investigatorcan be used without prompting for permission in default mode.packages/core/src/policy/policies/read-only.tomlto see the new entry.Pre-Merge Checklist