fix(plan): clean up session directories and plans on deletion

[jerop]

Updates both automatic session retention and manual session deletion to purge the entire session-specific directory (~/.gemini/tmp/<project>/<sessionId>/). This ensures that implementation plans, tasks, and other session-specific artifacts are cleaned up along with the session file.

• Update cleanupExpiredSessions to delete session directories.
• Update ChatRecordingService.deleteSession to purge directories and logs.
• Add regression tests for directory cleanup.
• Update documentation to clarify plan/task cleanup behavior.
• Document session retention defaults (30 days) and configuration as a follow up to feat(admin): enable 30 day default retention for chat history & remove warning  #20853.
• Clarify that manual deletion also removes plans and tasks.

Fixes #17793

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly improves the cleanup process for Gemini CLI sessions. It ensures that when sessions are either automatically expired or manually deleted, all related temporary files, including implementation plans, task trackers, tool outputs, and activity logs, are completely removed. This change addresses potential accumulation of stale data and provides clearer documentation on session retention policies.

Highlights

• Enhanced Session Cleanup: Both automatic session retention and manual session deletion mechanisms have been updated to thoroughly purge entire session-specific directories, ensuring all associated artifacts like implementation plans and task trackers are removed.
• Log File Deletion: Manual session deletion now explicitly includes the removal of session-specific activity log files.
• Improved Documentation: The documentation has been updated to clearly describe the new cleanup behavior, clarify session retention defaults (30 days), and explain configuration options.
• Regression Tests Added: New regression tests were introduced to verify the correct deletion of session-specific directories during automatic cleanup and manual deletion.

Changelog

• docs/cli/plan-mode.md
  • Added a new 'Cleanup' section to the table of contents.
  • Introduced a comprehensive 'Cleanup' section detailing automatic and manual session data deletion, retention policies, and behavior for custom plan directories.
  • Added a new link definition for 'session retention'.
• docs/cli/session-management.md
  • Updated the 'Session retention' section to clarify that all associated data (plans, task trackers, tool outputs, activity logs) are removed upon session deletion.
  • Changed the default value for sessionRetention.enabled from false to true.
  • Specified default values for maxAge ('30d') and maxCount (undefined/unlimited) in the session retention configuration.
• packages/cli/src/utils/sessionCleanup.test.ts
  • Added a new test case to verify that cleanupExpiredSessions correctly deletes session-specific directories.
• packages/cli/src/utils/sessionCleanup.ts
  • Modified cleanupExpiredSessions to explicitly remove the entire session-specific directory using fs.rm when a session is cleaned up.
• packages/core/src/services/chatRecordingService.test.ts
  • Updated an existing test case for deleteSession to confirm that log files and session-specific directories are also deleted during manual session removal.
• packages/core/src/services/chatRecordingService.ts
  • Modified deleteSession to include the deletion of session activity log files.
  • Added logic to deleteSession to remove the entire session-specific directory, including a robustness check to ensure the path is within the temporary root.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: +701 B (0%)

Total Size: 25.8 MB

ℹ️ View Unchanged

Filename	Size	Change
./bundle/gemini.js	25.3 MB	+701 B (0%)
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	221 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	227 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	11.5 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request aims to improve session cleanup by deleting entire session-specific directories. It introduces a high-severity path traversal vulnerability and synchronous I/O issues in the core package's ChatRecordingService.deleteSession function, where sessionId is used without proper sanitization, potentially leading to arbitrary file deletion and performance degradation. Additionally, a path traversal vulnerability is present in the CLI package's cleanupExpiredSessions function, though it is considered low-risk due to its context within user-specific temporary directories.