feat(cli): implement atomic writes and safety checks for trusted folders

[galz10]

Summary

This PR implements atomic file writing for trustedFolders.json and adds a critical safety check to prevent configuration corruption. These changes ensure that the trusted folders configuration remains consistent even in the event of a crash during a write operation or if the file was improperly loaded initially.

Details

• Atomic Writes: Updated saveTrustedFolders to write to a unique temporary file (e.g., trustedFolders.json.tmp.<random>) and then use fs.renameSync to overwrite the target file. This ensures the update is atomic at the filesystem level.
• Validation Safety Check: Modified LoadedTrustedFolders.setValue to throw a FatalConfigError if any errors were detected during the initial loading of the configuration. This prevents the CLI from accidentally wiping out a partially corrupted file with a "clean" but incomplete state.
• Cleanup Logic: Added error handling in saveTrustedFolders to attempt unlinking the temporary file if the write or rename operation fails.

Related Issues

N/A

How to Validate

1. Unit Tests:

   • Run npm test -w @google/gemini-cli -- packages/cli/src/config/trustedFolders.test.ts
   • Verify that "setValue should update the user config and save it atomically" passes.
   • Verify that "setValue should throw FatalConfigError if there were load errors" passes.

2. Manual Verification (MacOS):

   • Trust a new folder using the CLI.
   • Verify that the trustedFolders.json file is updated correctly.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello @galz10, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the robustness and reliability of the trustedFolders.json configuration management within the CLI. By implementing atomic write operations and a proactive safety check against corrupted configurations, it ensures that the trusted folders settings remain consistent and uncompromised, even in adverse conditions like system crashes or pre-existing file corruption.

Highlights

• Atomic Writes for Configuration: The trustedFolders.json file now uses atomic write operations. Changes are first written to a unique temporary file, and then fs.renameSync is used to atomically replace the original file, ensuring data integrity even if a crash occurs during the write process.
• Configuration Validation Safety Check: A critical safety check has been added to LoadedTrustedFolders.setValue. If the trustedFolders.json file was initially loaded with errors (e.g., due to corruption), any subsequent attempt to modify the configuration will now throw a FatalConfigError, preventing the CLI from overwriting a partially corrupted file with an incomplete state.
• Temporary File Cleanup: Error handling has been improved in saveTrustedFolders to include cleanup logic. If the atomic write or rename operation fails, the temporary file created during the process will be unlinked to prevent orphaned files.

Changelog

• packages/cli/src/config/trustedFolders.test.ts
  • Added mocks for fs.renameSync and fs.unlinkSync to support testing atomic file operations.
  • Introduced a new test case to verify that setValue performs atomic writes using temporary files and fs.renameSync.
  • Added a new test case to confirm that setValue throws a FatalConfigError when attempting to update a configuration that was loaded with errors.
• packages/cli/src/config/trustedFolders.ts
  • Modified saveTrustedFolders to implement atomic writes: data is written to a temporary file, then fs.renameSync is used to replace the target file.
  • Added error handling within saveTrustedFolders to attempt unlinking the temporary file if the write or rename operation fails.
  • Implemented a check in LoadedTrustedFolders.setValue that throws a FatalConfigError if the configuration was loaded with existing errors, preventing updates to a potentially corrupted state.

Activity

• The pull request introduces new features related to configuration management (feat).
• Comprehensive unit tests have been added to cover the new atomic write and safety check functionalities.
• The changes have been validated on MacOS, ensuring compatibility and correct behavior on this platform.
• Relevant documentation and README files have been updated as part of the pre-merge checklist.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces important improvements to the handling of the trustedFolders.json configuration file. The implementation of atomic writes using a temporary file and fs.renameSync is a solid approach to prevent file corruption during write operations. Additionally, the safety check in setValue that prevents updates when the configuration has loading errors is a crucial enhancement for data integrity. My feedback includes one suggestion to further improve the robustness of the temporary file generation, which also aligns with our import consistency rules.

[github-actions]

Size Change: +2.15 kB (+0.01%)

Total Size: 23.9 MB

Filename	Size	Change
./bundle/gemini.js	23.8 MB	+2.15 kB (+0.01%)

ℹ️ View Unchanged

Filename	Size
./bundle/sandbox-macos-permissive-closed.sb	1.03 kB
./bundle/sandbox-macos-permissive-open.sb	890 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB
./bundle/sandbox-macos-restrictive-closed.sb	3.29 kB
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB

_{compressed-size-action}

[jacob314]

#17901
is landing a dependency we should use to do these atomic writes robustly. lets go that route using a lock file which will avoid edge cases is there is contention for who is writing.

[jacob314]

[galz10]

/patch preview

[github-actions]

✅ Patch workflow(s) dispatched successfully!

📋 Details:

• Channels: preview
• Commit: 81ccd80c6d94a7fe315b258e1672065629ce0d50
• Workflows Created: 1

🔗 Track Progress:

• View patch workflows
• This workflow run

[github-actions]

🚀 Patch PR Created!

📋 Patch Details:

• Environment: prod
• Channel: preview → will publish to npm tag preview
• Commit: 81ccd80c6d94a7fe315b258e1672065629ce0d50
• Hotfix Branch: hotfix/v0.28.0-preview.5/0.28.0-preview.6/preview/cherry-pick-81ccd80/pr-18406
• Hotfix PR: #18651

📝 Next Steps:

1. Review and approve the hotfix PR: #18651
2. Once merged, the patch release will automatically trigger
3. You'll receive updates here when the release completes

🔗 Track Progress:

• View hotfix PR #18651

[github-actions]

🚀 Patch Release Started!

📋 Release Details:

• Environment: prod
• Channel: preview → publishing to npm tag preview
• Version: v0.28.0-preview.5
• Hotfix PR: Merged ✅
• Release Branch: release/v0.28.0-preview.5-pr-18406

⏳ Status: The patch release is now running. You'll receive another update when it completes.

🔗 Track Progress:

• View release workflow

[github-actions]

❌ Patch Release Failed!

📋 Details:

• Version: 0.28.0-preview.6
• Channel: preview
• Error: The patch release workflow encountered an error

🔍 Next Steps:

1. Check the workflow logs for detailed error information
2. The maintainers have been notified via automatic issue creation
3. You may need to retry the patch once the issue is resolved

🔗 Troubleshooting:

• View workflow run
• View workflow logs

[github-actions]

❌ Patch Release Failed!

📋 Details:

• Version: 0.28.0-preview.6
• Channel: preview
• Error: The patch release workflow encountered an error

🔍 Next Steps:

1. Check the workflow logs for detailed error information
2. The maintainers have been notified via automatic issue creation
3. You may need to retry the patch once the issue is resolved

🔗 Troubleshooting:

• View workflow run
• View workflow logs

[github-actions]

✅ Patch Release Complete!

📦 Release Details:

• Version: 0.28.0-preview.6
• NPM Tag: preview
• Channel: preview
• Dry Run: false

🎉 Status: Your patch has been successfully released and published to npm!

📝 What's Available:

• GitHub Release: View release v0.28.0-preview.6
• NPM Package: npm install @google/gemini-cli@preview

🔗 Links:

• GitHub Release
• Workflow Run