fix(core): resolve Plan Mode deadlock during plan file creation#24047
fix(core): resolve Plan Mode deadlock during plan file creation#24047DavidAPierce wants to merge 14 commits intomainfrom
Conversation
This PR resolves a deadlock in Plan Mode where the agent could not create its plan file if the parent directory (e.g., .gemini/plans) did not exist on the host machine. This was caused by sandbox restrictions preventing both directory creation and binding of non-existent paths. Key changes: - updated EnterPlanModeTool to pre-create the plans directory on the host. - Implemented virtual command translation (__read/__write) for Linux and macOS sandboxes. - Enhanced SandboxedFileSystemService to recognize platform-specific ENOENT error strings (Linux/Windows). - Updated LinuxSandboxManager to allow binding the parent directory of explicitly allowed but non-existent paths. - Ensured operation-specific policies are passed to the sandbox during file operations. Fixes #23958
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request addresses a deadlock in Plan Mode where the agent was unable to create plan files due to sandbox restrictions when the target directory did not exist. By implementing proactive host-side directory creation and translating virtual file system commands into native shell operations, the changes ensure that the sandbox environment is correctly prepared for file operations. Additionally, the update improves error propagation to handle missing file scenarios gracefully across different platforms. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
gemini-cli
bot
added
area/platform
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces virtual commands (__read and __write) to the Linux and macOS sandbox managers to standardize file system access and updates the SandboxedFileSystemService to utilize these commands with appropriate policies. It also ensures that the plans directory exists on the host before entering plan mode and improves error handling by mapping file-not-found errors to the ENOENT code. The review feedback identifies critical security vulnerabilities regarding path traversal in the SandboxedFileSystemService due to a lack of path sanitization. Additionally, the reviewer pointed out a logic error in the Linux sandbox manager where parent directories for non-existent files must be mounted as read-write to allow for file creation, necessitating changes to both the implementation and the associated tests.
🧠 Model Steering GuidanceThis PR modifies files that affect the model's behavior (prompts, tools, or instructions).
This is an automated guidance message triggered by steering logic signatures. |
|
Size Change: +3.05 kB (+0.01%) Total Size: 26.5 MB
ℹ️ View Unchanged
|
- Ensure paths passed to SandboxedFileSystemService are sanitized and validated to be inside the workspace. - Bind missing parent directories as writable when the command is '__write' in LinuxSandboxManager. - Add a behavioral evaluation for entering plan mode and creating a plan file from scratch.
…across platforms - Added support for virtual commands (__read, __write) in WindowsSandboxManager using cmd.exe and PowerShell. - Integrated includeDirectories into Windows, Linux, and macOS sandbox managers to grant read access. - Improved directory pre-creation logic in Windows and Linux managers for sandboxed writes. - Fixed initialization order in Config constructor to prevent TypeScript errors.
# Conflicts: # packages/core/src/sandbox/windows/WindowsSandboxManager.ts
… into plan_mode_loop_fix
1 participant
Summary
This PR resolves a deadlock in Plan Mode where the agent could not create its plan file if the parent directory (e.g.,
.gemini/plans) did not exist on the host machine. This was caused by sandbox restrictions preventing both directory creation and the binding of non-existent paths.Details
The fix implements a proactive, path-specific permission strategy and host-side initialization:
EnterPlanModeTool: Now pre-creates the plans directory on the host before entering the sandbox.__readand__writein Linux (Bubblewrap) and macOS (Seatbelt) sandbox managers. This allowsSandboxedFileSystemServiceto perform these operations using standard system tools (cat,sh) even whenrun_shell_commandis blocked.LinuxSandboxManagerto allow binding the parent directory of an explicitly allowed but non-existent path.SandboxedFileSystemServiceto correctly identify and propagate platform-specificENOENTerror strings (e.g., Windows "Could not find a part of the path"), allowingwrite_fileto handle "new file" scenarios correctly.Related Issues
Fixes #23958
How to Validate
npm test -w @google/gemini-cli-core -- src/services/sandboxedFileSystemService.test.ts src/sandbox/linux/LinuxSandboxManager.test.ts src/sandbox/macos/MacOsSandboxManager.test.ts src/tools/enter-plan-mode.test.ts.gemini/plansdirectory does not exist.Pre-Merge Checklist