clone/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-04-24 22:55:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(admin): implement admin controls polling and restart prompt (#16627)

Browse Source
This commit is contained in:
Shreya Keshive
2026-01-16 15:24:53 -05:00
committed by GitHub
parent 93224e1813
commit d8d4d87e29
20 changed files with 689 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/cli/keyboard-shortcuts.md
View File

@@ -106,6 +106,7 @@ available combinations.
| Focus the shell input from the gemini input. | `Tab (no Shift)` |
| Focus the Gemini input from the shell input. | `Tab` |
| Clear the terminal screen and redraw the UI. | `Ctrl + L` |
| Restart the application. | `R` |
<!-- KEYBINDINGS-AUTOGEN:END -->

4
packages/cli/src/config/keyBindings.ts
View File

@@ -81,6 +81,7 @@ export enum Command {
FOCUS_SHELL_INPUT = 'app.focusShellInput',
UNFOCUS_SHELL_INPUT = 'app.unfocusShellInput',
CLEAR_SCREEN = 'app.clearScreen',
RESTART_APP = 'app.restart',
}
/**
@@ -238,6 +239,7 @@ export const defaultKeyBindings: KeyBindingConfig = {
[Command.FOCUS_SHELL_INPUT]: [{ key: 'tab', shift: false }],
[Command.UNFOCUS_SHELL_INPUT]: [{ key: 'tab' }],
[Command.CLEAR_SCREEN]: [{ key: 'l', ctrl: true }],
[Command.RESTART_APP]: [{ key: 'r' }],
};
interface CommandCategory {
@@ -343,6 +345,7 @@ export const commandCategories: readonly CommandCategory[] = [
Command.FOCUS_SHELL_INPUT,
Command.UNFOCUS_SHELL_INPUT,
Command.CLEAR_SCREEN,
Command.RESTART_APP,
],
},
];
@@ -428,4 +431,5 @@ export const commandDescriptions: Readonly<Record<Command, string>> = {
[Command.FOCUS_SHELL_INPUT]: 'Focus the shell input from the gemini input.',
[Command.UNFOCUS_SHELL_INPUT]: 'Focus the Gemini input from the shell input.',
[Command.CLEAR_SCREEN]: 'Clear the terminal screen and redraw the UI.',
[Command.RESTART_APP]: 'Restart the application.',
};

4
packages/cli/src/config/settings.ts
View File

@@ -16,7 +16,7 @@ import {
Storage,
coreEvents,
homedir,
type GeminiCodeAssistSetting,
type FetchAdminControlsResponse,
} from '@google/gemini-cli-core';
import stripJsonComments from 'strip-json-comments';
import { DefaultLight } from '../ui/themes/default-light.js';
@@ -346,7 +346,7 @@ export class LoadedSettings {
coreEvents.emitSettingsChanged();
}
setRemoteAdminSettings(remoteSettings: GeminiCodeAssistSetting): void {
setRemoteAdminSettings(remoteSettings: FetchAdminControlsResponse): void {
const admin: Settings['admin'] = {};
const { secureModeEnabled, mcpSetting, cliFeatureSetting } = remoteSettings;

46
packages/cli/src/gemini.tsx
View File

@@ -61,6 +61,7 @@ import {
SessionStartSource,
SessionEndReason,
getVersion,
type FetchAdminControlsResponse,
} from '@google/gemini-cli-core';
import {
initializeApp,
@@ -283,6 +284,14 @@ export async function startInteractiveUI(
export async function main() {
const cliStartupHandle = startupProfiler.start('cli_startup');
// Listen for admin controls from parent process (IPC) in non-sandbox mode. In
// sandbox mode, we re-fetch the admin controls from the server once we enter
// the sandbox.
// TODO: Cache settings in sandbox mode as well.
const adminControlsListner = setupAdminControlsListener();
registerCleanup(adminControlsListner.cleanup);
const cleanupStdio = patchStdio();
registerSyncCleanup(() => {
// This is needed to ensure we don't lose any buffered output.
@@ -358,6 +367,7 @@ export async function main() {
const partialConfig = await loadCliConfig(settings.merged, sessionId, argv, {
projectHooks: settings.workspace.settings.hooks,
});
adminControlsListner.setConfig(partialConfig);
// Refresh auth to fetch remote admin settings from CCPA and before entering
// the sandbox because the sandbox will interfere with the Oauth2 web
@@ -451,7 +461,7 @@ export async function main() {
} else {
// Relaunch app so we always have a child process that can be internally
// restarted if needed.
await relaunchAppInChildProcess(memoryArgs, []);
await relaunchAppInChildProcess(memoryArgs, [], remoteAdminSettings);
}
}
@@ -464,6 +474,7 @@ export async function main() {
projectHooks: settings.workspace.settings.hooks,
});
loadConfigHandle?.end();
adminControlsListner.setConfig(config);
if (config.isInteractive() && config.storage && config.getDebugMode()) {
const { registerActivityLogger } = await import(
@@ -756,3 +767,36 @@ export function initializeOutputListenersAndFlush() {
}
coreEvents.drainBacklogs();
}
function setupAdminControlsListener() {
let pendingSettings: FetchAdminControlsResponse | undefined;
let config: Config | undefined;
const messageHandler = (msg: unknown) => {
const message = msg as {
type?: string;
settings?: FetchAdminControlsResponse;
};
if (message?.type === 'admin-settings' && message.settings) {
if (config) {
config.setRemoteAdminSettings(message.settings);
} else {
pendingSettings = message.settings;
}
}
};
process.on('message', messageHandler);
return {
setConfig: (newConfig: Config) => {
config = newConfig;
if (pendingSettings) {
config.setRemoteAdminSettings(pendingSettings);
}
},
cleanup: () => {
process.off('message', messageHandler);
},
};
}

1
packages/cli/src/test-utils/render.tsx
View File

@@ -173,6 +173,7 @@ const mockUIActions: UIActions = {
setBannerVisible: vi.fn(),
setEmbeddedShellFocused: vi.fn(),
setAuthContext: vi.fn(),
handleRestart: vi.fn(),
};
export const renderWithProviders = (

17
packages/cli/src/ui/AppContainer.tsx
View File

@@ -186,6 +186,7 @@ export const AppContainer = (props: AppContainerProps) => {
);
const [copyModeEnabled, setCopyModeEnabled] = useState(false);
const [pendingRestorePrompt, setPendingRestorePrompt] = useState(false);
const [adminSettingsChanged, setAdminSettingsChanged] = useState(false);
const [shellModeActive, setShellModeActive] = useState(false);
const [modelSwitchedFromQuotaError, setModelSwitchedFromQuotaError] =
@@ -364,9 +365,18 @@ export const AppContainer = (props: AppContainerProps) => {
setSettingsNonce((prev) => prev + 1);
};
const handleAdminSettingsChanged = () => {
setAdminSettingsChanged(true);
};
coreEvents.on(CoreEvent.SettingsChanged, handleSettingsChanged);
coreEvents.on(CoreEvent.AdminSettingsChanged, handleAdminSettingsChanged);
return () => {
coreEvents.off(CoreEvent.SettingsChanged, handleSettingsChanged);
coreEvents.off(
CoreEvent.AdminSettingsChanged,
handleAdminSettingsChanged,
);
};
}, []);
@@ -1452,6 +1462,7 @@ Logging in with Google... Restarting Gemini CLI to continue.
const dialogsVisible =
shouldShowIdePrompt ||
isFolderTrustDialogOpen ||
adminSettingsChanged ||
!!shellConfirmationRequest ||
!!confirmationRequest ||
!!customDialog ||
@@ -1616,6 +1627,7 @@ Logging in with Google... Restarting Gemini CLI to continue.
bannerVisible,
terminalBackgroundColor: config.getTerminalBackground(),
settingsNonce,
adminSettingsChanged,
}),
[
isThemeDialogOpen,
@@ -1710,6 +1722,7 @@ Logging in with Google... Restarting Gemini CLI to continue.
bannerVisible,
config,
settingsNonce,
adminSettingsChanged,
],
);
@@ -1754,6 +1767,10 @@ Logging in with Google... Restarting Gemini CLI to continue.
setBannerVisible,
setEmbeddedShellFocused,
setAuthContext,
handleRestart: async () => {
await runExitCleanup();
process.exit(RELAUNCH_EXIT_CODE);
},
}),
[
handleThemeSelect,

51
packages/cli/src/ui/components/AdminSettingsChangedDialog.test.tsx Normal file
View File

@@ -0,0 +1,51 @@
/**
* @license
* Copyright 2025 Google LLC
* SPDX-License-Identifier: Apache-2.0
*/
import { renderWithProviders } from '../../test-utils/render.js';
import { describe, it, expect, vi, afterEach } from 'vitest';
import { act } from 'react';
import { AdminSettingsChangedDialog } from './AdminSettingsChangedDialog.js';
const handleRestartMock = vi.fn();
describe('AdminSettingsChangedDialog', () => {
afterEach(() => {
vi.restoreAllMocks();
});
it('renders correctly', () => {
const { lastFrame } = renderWithProviders(<AdminSettingsChangedDialog />);
expect(lastFrame()).toMatchSnapshot();
});
it('restarts on "r" key press', async () => {
const { stdin } = renderWithProviders(<AdminSettingsChangedDialog />, {
uiActions: {
handleRestart: handleRestartMock,
},
});
act(() => {
stdin.write('r');
});
expect(handleRestartMock).toHaveBeenCalled();
});
it.each(['r', 'R'])('restarts on "%s" key press', async (key) => {
const { stdin } = renderWithProviders(<AdminSettingsChangedDialog />, {
uiActions: {
handleRestart: handleRestartMock,
},
});
act(() => {
stdin.write(key);
});
expect(handleRestartMock).toHaveBeenCalled();
});
});

36
packages/cli/src/ui/components/AdminSettingsChangedDialog.tsx Normal file
View File

@@ -0,0 +1,36 @@
/**
* @license
* Copyright 2025 Google LLC
* SPDX-License-Identifier: Apache-2.0
*/
import { Box, Text } from 'ink';
import { theme } from '../semantic-colors.js';
import { useKeypress } from '../hooks/useKeypress.js';
import { useUIActions } from '../contexts/UIActionsContext.js';
import { Command, keyMatchers } from '../keyMatchers.js';
export const AdminSettingsChangedDialog = () => {
const { handleRestart } = useUIActions();
useKeypress(
(key) => {
if (keyMatchers[Command.RESTART_APP](key)) {
handleRestart();
}
},
{ isActive: true },
);
const message =
'Admin settings have changed. Please restart the session to apply new settings.';
return (
<Box borderStyle="round" borderColor={theme.status.warning} paddingX={1}>
<Text color={theme.status.warning}>
{message} Press &apos;r&apos; to restart, or &apos;Ctrl+C&apos; twice to
exit.
</Text>
</Box>
);
};

4
packages/cli/src/ui/components/DialogManager.tsx
View File

@@ -30,6 +30,7 @@ import { useConfig } from '../contexts/ConfigContext.js';
import { useSettings } from '../contexts/SettingsContext.js';
import process from 'node:process';
import { type UseHistoryManagerReturn } from '../hooks/useHistoryManager.js';
import { AdminSettingsChangedDialog } from './AdminSettingsChangedDialog.js';
import { IdeTrustChangeDialog } from './IdeTrustChangeDialog.js';
interface DialogManagerProps {
@@ -50,6 +51,9 @@ export const DialogManager = ({
const { constrainHeight, terminalHeight, staticExtraHeight, mainAreaWidth } =
uiState;
if (uiState.adminSettingsChanged) {
return <AdminSettingsChangedDialog />;
}
if (uiState.showIdeRestartPrompt) {
return <IdeTrustChangeDialog reason={uiState.ideTrustRestartReason} />;
}

8
packages/cli/src/ui/components/__snapshots__/AdminSettingsChangedDialog.test.tsx.snap Normal file
View File

@@ -0,0 +1,8 @@
// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
exports[`AdminSettingsChangedDialog > renders correctly 1`] = `
"╭──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Admin settings have changed. Please restart the session to apply new settings. Press 'r' to restart, or 'Ctrl+C' │
│ twice to exit. │
╰──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯"
`;

1
packages/cli/src/ui/contexts/UIActionsContext.tsx
View File

@@ -57,6 +57,7 @@ export interface UIActions {
setBannerVisible: (visible: boolean) => void;
setEmbeddedShellFocused: (value: boolean) => void;
setAuthContext: (context: { requiresRestart?: boolean }) => void;
handleRestart: () => void;
}
export const UIActionsContext = createContext<UIActions | null>(null);

1
packages/cli/src/ui/contexts/UIStateContext.tsx
View File

@@ -141,6 +141,7 @@ export interface UIState {
customDialog: React.ReactNode | null;
terminalBackgroundColor: TerminalBackgroundColor;
settingsNonce: number;
adminSettingsChanged: boolean;
}
export const UIStateContext = createContext<UIState | null>(null);

12
packages/cli/src/utils/relaunch.ts
View File

@@ -6,7 +6,10 @@
import { spawn } from 'node:child_process';
import { RELAUNCH_EXIT_CODE } from './processUtils.js';
import { writeToStderr } from '@google/gemini-cli-core';
import {
writeToStderr,
type FetchAdminControlsResponse,
} from '@google/gemini-cli-core';
export async function relaunchOnExitCode(runner: () => Promise<number>) {
while (true) {
@@ -31,6 +34,7 @@ export async function relaunchOnExitCode(runner: () => Promise<number>) {
export async function relaunchAppInChildProcess(
additionalNodeArgs: string[],
additionalScriptArgs: string[],
remoteAdminSettings?: FetchAdminControlsResponse,
) {
if (process.env['GEMINI_CLI_NO_RELAUNCH']) {
return;
@@ -55,10 +59,14 @@ export async function relaunchAppInChildProcess(
process.stdin.pause();
const child = spawn(process.execPath, nodeArgs, {
stdio: 'inherit',
stdio: ['inherit', 'inherit', 'inherit', 'ipc'],
env: newEnv,
});
if (remoteAdminSettings) {
child.send({ type: 'admin-settings', settings: remoteAdminSettings });
}
return new Promise<number>((resolve, reject) => {
child.on('error', reject);
child.on('close', (code) => {

330
packages/core/src/code_assist/admin/admin_controls.test.ts Normal file
View File

@@ -0,0 +1,330 @@
/**
* @license
* Copyright 2025 Google LLC
* SPDX-License-Identifier: Apache-2.0
*/
import {
describe,
it,
expect,
vi,
beforeEach,
afterEach,
type Mock,
} from 'vitest';
import {
fetchAdminControls,
sanitizeAdminSettings,
stopAdminControlsPolling,
} from './admin_controls.js';
import type { CodeAssistServer } from '../server.js';
describe('Admin Controls', () => {
let mockServer: CodeAssistServer;
let mockOnSettingsChanged: Mock;
beforeEach(() => {
vi.resetAllMocks();
vi.useFakeTimers();
mockServer = {
projectId: 'test-project',
fetchAdminControls: vi.fn(),
} as unknown as CodeAssistServer;
mockOnSettingsChanged = vi.fn();
});
afterEach(() => {
stopAdminControlsPolling();
vi.useRealTimers();
});
describe('sanitizeAdminSettings', () => {
it('should strip unknown fields', () => {
const input = {
secureModeEnabled: true,
extraField: 'should be removed',
mcpSetting: {
mcpEnabled: false,
unknownMcpField: 'remove me',
},
};
const result = sanitizeAdminSettings(input);
expect(result).toEqual({
secureModeEnabled: true,
mcpSetting: {
mcpEnabled: false,
},
});
// Explicitly check that unknown fields are gone
expect((result as Record<string, unknown>)['extraField']).toBeUndefined();
});
it('should preserve valid nested fields', () => {
const input = {
cliFeatureSetting: {
extensionsSetting: {
extensionsEnabled: true,
},
},
};
expect(sanitizeAdminSettings(input)).toEqual(input);
});
});
describe('fetchAdminControls', () => {
it('should return empty object and not poll if server is missing', async () => {
const result = await fetchAdminControls(
undefined,
undefined,
true,
mockOnSettingsChanged,
);
expect(result).toEqual({});
expect(mockServer.fetchAdminControls).not.toHaveBeenCalled();
});
it('should return empty object if project ID is missing', async () => {
mockServer = {
fetchAdminControls: vi.fn(),
} as unknown as CodeAssistServer;
const result = await fetchAdminControls(
mockServer,
undefined,
true,
mockOnSettingsChanged,
);
expect(result).toEqual({});
expect(mockServer.fetchAdminControls).not.toHaveBeenCalled();
});
it('should use cachedSettings and start polling if provided', async () => {
const cachedSettings = { secureModeEnabled: true };
const result = await fetchAdminControls(
mockServer,
cachedSettings,
true,
mockOnSettingsChanged,
);
expect(result).toEqual(cachedSettings);
expect(mockServer.fetchAdminControls).not.toHaveBeenCalled();
// Should still start polling
(mockServer.fetchAdminControls as Mock).mockResolvedValue({
secureModeEnabled: false,
});
await vi.advanceTimersByTimeAsync(5 * 60 * 1000);
expect(mockServer.fetchAdminControls).toHaveBeenCalledTimes(1);
});
it('should return empty object if admin controls are disabled', async () => {
const result = await fetchAdminControls(
mockServer,
undefined,
false,
mockOnSettingsChanged,
);
expect(result).toEqual({});
expect(mockServer.fetchAdminControls).not.toHaveBeenCalled();
});
it('should fetch from server if no cachedSettings provided', async () => {
const serverResponse = { secureModeEnabled: true };
(mockServer.fetchAdminControls as Mock).mockResolvedValue(serverResponse);
const result = await fetchAdminControls(
mockServer,
undefined,
true,
mockOnSettingsChanged,
);
expect(result).toEqual(serverResponse);
expect(mockServer.fetchAdminControls).toHaveBeenCalledTimes(1);
});
it('should return empty object on fetch error and still start polling', async () => {
(mockServer.fetchAdminControls as Mock).mockRejectedValue(
new Error('Network error'),
);
const result = await fetchAdminControls(
mockServer,
undefined,
true,
mockOnSettingsChanged,
);
expect(result).toEqual({});
// Polling should have been started and should retry
(mockServer.fetchAdminControls as Mock).mockResolvedValue({
secureModeEnabled: true,
});
await vi.advanceTimersByTimeAsync(5 * 60 * 1000);
expect(mockServer.fetchAdminControls).toHaveBeenCalledTimes(2); // Initial + poll
});
it('should sanitize server response', async () => {
(mockServer.fetchAdminControls as Mock).mockResolvedValue({
secureModeEnabled: true,
unknownField: 'bad',
});
const result = await fetchAdminControls(
mockServer,
undefined,
true,
mockOnSettingsChanged,
);
expect(result).toEqual({ secureModeEnabled: true });
expect(
(result as Record<string, unknown>)['unknownField'],
).toBeUndefined();
});
it('should reset polling interval if called again', async () => {
(mockServer.fetchAdminControls as Mock).mockResolvedValue({});
// First call
await fetchAdminControls(
mockServer,
undefined,
true,
mockOnSettingsChanged,
);
expect(mockServer.fetchAdminControls).toHaveBeenCalledTimes(1);
// Advance time, but not enough to trigger the poll
await vi.advanceTimersByTimeAsync(2 * 60 * 1000);
// Second call, should reset the timer
await fetchAdminControls(
mockServer,
undefined,
true,
mockOnSettingsChanged,
);
expect(mockServer.fetchAdminControls).toHaveBeenCalledTimes(2);
// Advance time by 3 mins. If timer wasn't reset, it would have fired (2+3=5)
await vi.advanceTimersByTimeAsync(3 * 60 * 1000);
expect(mockServer.fetchAdminControls).toHaveBeenCalledTimes(2); // No new poll
// Advance time by another 2 mins. Now it should fire.
await vi.advanceTimersByTimeAsync(2 * 60 * 1000);
expect(mockServer.fetchAdminControls).toHaveBeenCalledTimes(3); // Poll fires
});
});
describe('polling', () => {
it('should poll and emit changes', async () => {
// Initial fetch
(mockServer.fetchAdminControls as Mock).mockResolvedValue({
secureModeEnabled: false,
});
await fetchAdminControls(
mockServer,
undefined,
true,
mockOnSettingsChanged,
);
// Update for next poll
(mockServer.fetchAdminControls as Mock).mockResolvedValue({
secureModeEnabled: true,
});
// Fast forward
await vi.advanceTimersByTimeAsync(5 * 60 * 1000);
expect(mockOnSettingsChanged).toHaveBeenCalledWith({
secureModeEnabled: true,
});
});
it('should NOT emit if settings are deeply equal but not the same instance', async () => {
const settings = { secureModeEnabled: true };
(mockServer.fetchAdminControls as Mock).mockResolvedValue(settings);
await fetchAdminControls(
mockServer,
undefined,
true,
mockOnSettingsChanged,
);
expect(mockServer.fetchAdminControls).toHaveBeenCalledTimes(1);
mockOnSettingsChanged.mockClear();
// Next poll returns a different object with the same values
(mockServer.fetchAdminControls as Mock).mockResolvedValue({
secureModeEnabled: true,
});
await vi.advanceTimersByTimeAsync(5 * 60 * 1000);
expect(mockOnSettingsChanged).not.toHaveBeenCalled();
expect(mockServer.fetchAdminControls).toHaveBeenCalledTimes(2);
});
it('should continue polling after a fetch error', async () => {
// Initial fetch is successful
(mockServer.fetchAdminControls as Mock).mockResolvedValue({
secureModeEnabled: false,
});
await fetchAdminControls(
mockServer,
undefined,
true,
mockOnSettingsChanged,
);
expect(mockServer.fetchAdminControls).toHaveBeenCalledTimes(1);
// Next poll fails
(mockServer.fetchAdminControls as Mock).mockRejectedValue(
new Error('Poll failed'),
);
await vi.advanceTimersByTimeAsync(5 * 60 * 1000);
expect(mockServer.fetchAdminControls).toHaveBeenCalledTimes(2);
expect(mockOnSettingsChanged).not.toHaveBeenCalled(); // No changes on error
// Subsequent poll succeeds with new data
(mockServer.fetchAdminControls as Mock).mockResolvedValue({
secureModeEnabled: true,
});
await vi.advanceTimersByTimeAsync(5 * 60 * 1000);
expect(mockServer.fetchAdminControls).toHaveBeenCalledTimes(3);
expect(mockOnSettingsChanged).toHaveBeenCalledWith({
secureModeEnabled: true,
});
});
});
describe('stopAdminControlsPolling', () => {
it('should stop polling after it has started', async () => {
(mockServer.fetchAdminControls as Mock).mockResolvedValue({});
// Start polling
await fetchAdminControls(
mockServer,
undefined,
true,
mockOnSettingsChanged,
);
expect(mockServer.fetchAdminControls).toHaveBeenCalledTimes(1);
// Stop polling
stopAdminControlsPolling();
// Advance timer well beyond the polling interval
await vi.advanceTimersByTimeAsync(10 * 60 * 1000);
// The poll should not have fired again
expect(mockServer.fetchAdminControls).toHaveBeenCalledTimes(1);
});
});
});

113
packages/core/src/code_assist/admin/admin_controls.ts Normal file
View File

@@ -0,0 +1,113 @@
/**
* @license
* Copyright 2025 Google LLC
* SPDX-License-Identifier: Apache-2.0
*/
import type { CodeAssistServer } from '../server.js';
import { debugLogger } from '../../utils/debugLogger.js';
import { isDeepStrictEqual } from 'node:util';
import {
type FetchAdminControlsResponse,
FetchAdminControlsResponseSchema,
} from '../types.js';
let pollingInterval: NodeJS.Timeout | undefined;
let currentSettings: FetchAdminControlsResponse | undefined;
export function sanitizeAdminSettings(
settings: FetchAdminControlsResponse,
): FetchAdminControlsResponse {
const result = FetchAdminControlsResponseSchema.safeParse(settings);
if (!result.success) {
return {};
}
return result.data;
}
/**
* Fetches the admin controls from the server if enabled by experiment flag.
* Safely handles polling start/stop based on the flag and server availability.
*
* @param server The CodeAssistServer instance.
* @param cachedSettings The cached settings to use if available.
* @param adminControlsEnabled Whether admin controls are enabled.
* @param onSettingsChanged Callback to invoke when settings change during polling.
* @returns The fetched settings if enabled and successful, otherwise undefined.
*/
export async function fetchAdminControls(
server: CodeAssistServer | undefined,
cachedSettings: FetchAdminControlsResponse | undefined,
adminControlsEnabled: boolean,
onSettingsChanged: (settings: FetchAdminControlsResponse) => void,
): Promise<FetchAdminControlsResponse> {
if (!server || !server.projectId || !adminControlsEnabled) {
stopAdminControlsPolling();
currentSettings = undefined;
return {};
}
// If we already have settings (e.g. from IPC during relaunch), use them
// to avoid blocking startup with another fetch. We'll still start polling.
if (cachedSettings) {
currentSettings = cachedSettings;
startAdminControlsPolling(server, server.projectId, onSettingsChanged);
return cachedSettings;
}
try {
const rawSettings = await server.fetchAdminControls({
project: server.projectId,
});
const sanitizedSettings = sanitizeAdminSettings(rawSettings);
currentSettings = sanitizedSettings;
startAdminControlsPolling(server, server.projectId, onSettingsChanged);
return sanitizedSettings;
} catch (e) {
debugLogger.error('Failed to fetch admin controls: ', e);
// If initial fetch fails, start polling to retry.
currentSettings = {};
startAdminControlsPolling(server, server.projectId, onSettingsChanged);
return {};
}
}
/**
* Starts polling for admin controls.
*/
function startAdminControlsPolling(
server: CodeAssistServer,
project: string,
onSettingsChanged: (settings: FetchAdminControlsResponse) => void,
) {
stopAdminControlsPolling();
pollingInterval = setInterval(
async () => {
try {
const rawSettings = await server.fetchAdminControls({
project,
});
const newSettings = sanitizeAdminSettings(rawSettings);
if (!isDeepStrictEqual(newSettings, currentSettings)) {
currentSettings = newSettings;
onSettingsChanged(newSettings);
}
} catch (e) {
debugLogger.error('Failed to poll admin controls: ', e);
}
},
5 * 60 * 1000,
); // 5 minutes
}
/**
* Stops polling for admin controls.
*/
export function stopAdminControlsPolling() {
if (pollingInterval) {
clearInterval(pollingInterval);
pollingInterval = undefined;
}
}

1
packages/core/src/code_assist/experiments/flagNames.ts
View File

@@ -10,6 +10,7 @@ export const ExperimentFlags = {
BANNER_TEXT_NO_CAPACITY_ISSUES: 45740199,
BANNER_TEXT_CAPACITY_ISSUES: 45740200,
ENABLE_PREVIEW: 45740196,
ENABLE_ADMIN_CONTROLS: 45752213,
} as const;
export type ExperimentFlagName =

11
packages/core/src/code_assist/server.ts
View File

@@ -16,6 +16,8 @@ import type {
ClientMetadata,
RetrieveUserQuotaRequest,
RetrieveUserQuotaResponse,
FetchAdminControlsRequest,
FetchAdminControlsResponse,
ConversationOffered,
ConversationInteraction,
StreamingLatency,
@@ -182,6 +184,15 @@ export class CodeAssistServer implements ContentGenerator {
}
}
async fetchAdminControls(
req: FetchAdminControlsRequest,
): Promise<FetchAdminControlsResponse> {
return this.requestPost<FetchAdminControlsResponse>(
'fetchAdminControls',
req,
);
}
async getCodeAssistGlobalUserSetting(): Promise<CodeAssistGlobalUserSettingResponse> {
return this.requestGet<CodeAssistGlobalUserSettingResponse>(
'getCodeAssistGlobalUserSetting',

40
packages/core/src/code_assist/types.ts
View File

@@ -4,6 +4,8 @@
* SPDX-License-Identifier: Apache-2.0
*/
import { z } from 'zod';
export interface ClientMetadata {
ideType?: ClientMetadataIdeType;
ideVersion?: string;
@@ -286,25 +288,29 @@ export interface ConversationInteraction {
isAgentic?: boolean;
}
export interface GeminiCodeAssistSetting {
secureModeEnabled?: boolean;
mcpSetting?: McpSetting;
cliFeatureSetting?: CliFeatureSetting;
export interface FetchAdminControlsRequest {
project: string;
}
export interface McpSetting {
mcpEnabled?: boolean;
allowedMcpConfigs?: McpConfig[];
}
export type FetchAdminControlsResponse = z.infer<
typeof FetchAdminControlsResponseSchema
>;
export interface McpConfig {
mcpServer?: string;
}
const ExtensionsSettingSchema = z.object({
extensionsEnabled: z.boolean().optional(),
});
export interface CliFeatureSetting {
extensionsSetting?: ExtensionsSetting;
}
const CliFeatureSettingSchema = z.object({
extensionsSetting: ExtensionsSettingSchema.optional(),
});
export interface ExtensionsSetting {
extensionsEnabled?: boolean;
}
const McpSettingSchema = z.object({
mcpEnabled: z.boolean().optional(),
overrideMcpConfigJson: z.string().optional(),
});
export const FetchAdminControlsResponseSchema = z.object({
secureModeEnabled: z.boolean().optional(),
mcpSetting: McpSettingSchema.optional(),
cliFeatureSetting: CliFeatureSettingSchema.optional(),
});

25
packages/core/src/config/config.ts
View File

@@ -92,7 +92,7 @@ import { ApprovalMode, type PolicyEngineConfig } from '../policy/types.js';
import { HookSystem } from '../hooks/index.js';
import type { UserTierId } from '../code_assist/types.js';
import type { RetrieveUserQuotaResponse } from '../code_assist/types.js';
import type { GeminiCodeAssistSetting } from '../code_assist/types.js';
import type { FetchAdminControlsResponse } from '../code_assist/types.js';
import { getCodeAssistServer } from '../code_assist/codeAssist.js';
import type { Experiments } from '../code_assist/experiments/experiments.js';
import { AgentRegistry } from '../agents/registry.js';
@@ -105,6 +105,7 @@ import { debugLogger } from '../utils/debugLogger.js';
import { SkillManager, type SkillDefinition } from '../skills/skillManager.js';
import { startupProfiler } from '../telemetry/startupProfiler.js';
import type { AgentDefinition } from '../agents/types.js';
import { fetchAdminControls } from '../code_assist/admin/admin_controls.js';
export interface AccessibilitySettings {
disableLoadingPhrases?: boolean;
@@ -540,7 +541,7 @@ export class Config {
private readonly planEnabled: boolean;
private contextManager?: ContextManager;
private terminalBackground: string | undefined = undefined;
private remoteAdminSettings: GeminiCodeAssistSetting | undefined;
private remoteAdminSettings: FetchAdminControlsResponse | undefined;
private latestApiRequest: GenerateContentParameters | undefined;
constructor(params: ConfigParameters) {
@@ -909,6 +910,22 @@ export class Config {
if (!this.hasAccessToPreviewModel && isPreviewModel(this.model)) {
this.setModel(DEFAULT_GEMINI_MODEL_AUTO);
}
// Fetch admin controls
await this.ensureExperimentsLoaded();
const adminControlsEnabled =
this.experiments?.flags[ExperimentFlags.ENABLE_ADMIN_CONTROLS]
?.boolValue ?? false;
const adminControls = await fetchAdminControls(
codeAssistServer,
this.getRemoteAdminSettings(),
adminControlsEnabled,
(newSettings: FetchAdminControlsResponse) => {
this.setRemoteAdminSettings(newSettings);
coreEvents.emitAdminSettingsChanged();
},
);
this.setRemoteAdminSettings(adminControls);
}
async getExperimentsAsync(): Promise<Experiments | undefined> {
@@ -967,11 +984,11 @@ export class Config {
this.latestApiRequest = req;
}
getRemoteAdminSettings(): GeminiCodeAssistSetting | undefined {
getRemoteAdminSettings(): FetchAdminControlsResponse | undefined {
return this.remoteAdminSettings;
}
setRemoteAdminSettings(settings: GeminiCodeAssistSetting): void {
setRemoteAdminSettings(settings: FetchAdminControlsResponse): void {
this.remoteAdminSettings = settings;
}

9
packages/core/src/utils/events.ts
View File

@@ -119,6 +119,7 @@ export enum CoreEvent {
HookStart = 'hook-start',
HookEnd = 'hook-end',
AgentsRefreshed = 'agents-refreshed',
AdminSettingsChanged = 'admin-settings-changed',
RetryAttempt = 'retry-attempt',
}
@@ -133,6 +134,7 @@ export interface CoreEvents {
[CoreEvent.HookStart]: [HookStartPayload];
[CoreEvent.HookEnd]: [HookEndPayload];
[CoreEvent.AgentsRefreshed]: never[];
[CoreEvent.AdminSettingsChanged]: never[];
[CoreEvent.RetryAttempt]: [RetryAttemptPayload];
}
@@ -242,6 +244,13 @@ export class CoreEventEmitter extends EventEmitter<CoreEvents> {
this.emit(CoreEvent.AgentsRefreshed);
}
/**
* Notifies subscribers that admin settings have changed.
*/
emitAdminSettingsChanged(): void {
this.emit(CoreEvent.AdminSettingsChanged);
}
/**
* Notifies subscribers that a retry attempt is happening.
*/