fix(policy): relax write_file argsPattern in plan mode to allow paths without session ID

[Adib234]

Summary

Relax the file path validation for write_file and replace tools in Plan Mode to allow paths that do not include a session ID segment.

Details

The previous policy regex for Plan Mode required exactly two subdirectories under .gemini/tmp/ (typically [user-hash]/[session-id]) before reaching the plans/ directory. This caused issues in environments or test cases where the session ID was missing from the path.

This PR:

• Updates the argsPattern in plan.toml to make the second subdirectory segment optional.
• Simplifies integration-tests/plan-mode.test.ts by replacing runInteractive with the more direct run method.
• Adds a regression test to ensure write_file is allowed in Plan Mode even when a session ID is not present in the path.

Related Issues

fixes #23696

How to Validate

Run the Plan Mode integration tests:

npm test -w @google/gemini-cli-core -- integration-tests/plan-mode.test.ts

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on MacOS (via npm run test)

[gemini-cli]

Hi @Adib234, thank you so much for your contribution to Gemini CLI! We really appreciate the time and effort you've put into this.

We're making some updates to our contribution process to improve how we track and review changes. Please take a moment to review our recent discussion post: Improving Our Contribution Process & Introducing New Guidelines.

Key Update: Starting January 26, 2026, the Gemini CLI project will require all pull requests to be associated with an existing issue. Any pull requests not linked to an issue by that date will be automatically closed.

Thank you for your understanding and for being a part of our community!

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses an issue where the Plan Mode policy regex strictly required a session ID in file paths, causing failures in environments or tests lacking this ID. By relaxing the validation, the system now correctly handles file operations in Plan Mode for paths both with and without a session ID, improving flexibility and robustness. The changes include a policy update and corresponding test adjustments and additions.

Highlights

• Policy Relaxation: Relaxed the file path validation for write_file and replace tools when operating in Plan Mode, specifically to accommodate paths that do not include a session ID segment.
• Configuration Update: Updated the argsPattern in plan.toml to make the second subdirectory segment (which typically represents the session ID) optional in the policy regex.
• Test Simplification: Simplified the integration-tests/plan-mode.test.ts by replacing the runInteractive method with the more direct run method for test execution.
• New Regression Test: Added a new regression test to ensure that write_file is correctly allowed in Plan Mode even when a session ID is absent from the file path.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: -4 B (0%)

Total Size: 26.3 MB

Filename	Size	Change
./bundle/chunk-BRYRRU6B.js	0 B	-14.6 MB (removed)	🏆
./bundle/chunk-I46ZVBDR.js	0 B	-3.4 kB (removed)	🏆
./bundle/chunk-ZQMOOBZU.js	0 B	-3.64 MB (removed)	🏆
./bundle/core-HI6QUYCV.js	0 B	-43.5 kB (removed)	🏆
./bundle/devtoolsService-6BNQL55C.js	0 B	-27.7 kB (removed)	🏆
./bundle/gemini-U5NO5G2Y.js	0 B	-521 kB (removed)	🏆
./bundle/interactiveCli-EFZERDWX.js	0 B	-1.62 MB (removed)	🏆
./bundle/oauth2-provider-74GPLK7S.js	0 B	-9.16 kB (removed)	🏆
./bundle/chunk-5JBETGQF.js	3.64 MB	+3.64 MB (new file)	🆕
./bundle/chunk-RIFXMUYA.js	14.6 MB	+14.6 MB (new file)	🆕
./bundle/chunk-WV655V5L.js	3.4 kB	+3.4 kB (new file)	🆕
./bundle/core-ZRLHSHCN.js	43.5 kB	+43.5 kB (new file)	🆕
./bundle/devtoolsService-5LXTNZGJ.js	27.7 kB	+27.7 kB (new file)	🆕
./bundle/gemini-RTW3WGSL.js	521 kB	+521 kB (new file)	🆕
./bundle/interactiveCli-GE5CHSVL.js	1.62 MB	+1.62 MB (new file)	🆕
./bundle/oauth2-provider-LJNF7Y43.js	9.16 kB	+9.16 kB (new file)	🆕

ℹ️ View Unchanged

Filename	Size	Change
./bundle/chunk-34MYV7JD.js	2.45 kB	0 B
./bundle/chunk-5AUYMPVF.js	858 B	0 B
./bundle/chunk-664ZODQF.js	124 kB	0 B
./bundle/chunk-DAHVX5MI.js	206 kB	0 B
./bundle/chunk-GWQRIYMB.js	1.96 MB	0 B
./bundle/chunk-IUUIT4SU.js	56.5 kB	0 B
./bundle/chunk-RJTRUG2J.js	39.8 kB	0 B
./bundle/cleanup-JENSLWKI.js	0 B	-856 B (removed)	🏆
./bundle/devtools-36NN55EP.js	696 kB	0 B
./bundle/dist-T73EYRDX.js	356 B	0 B
./bundle/gemini.js	2.06 kB	0 B
./bundle/getMachineId-bsd-TXG52NKR.js	1.55 kB	0 B
./bundle/getMachineId-darwin-7OE4DDZ6.js	1.55 kB	0 B
./bundle/getMachineId-linux-SHIFKOOX.js	1.34 kB	0 B
./bundle/getMachineId-unsupported-5U5DOEYY.js	1.06 kB	0 B
./bundle/getMachineId-win-6KLLGOI4.js	1.72 kB	0 B
./bundle/memoryDiscovery-GX6HE5X5.js	922 B	0 B
./bundle/multipart-parser-KPBZEGQU.js	11.7 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	221 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	227 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	11.5 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B
./bundle/src-QVCVGIUX.js	47 kB	0 B
./bundle/tree-sitter-7U6MW5PS.js	274 kB	0 B
./bundle/tree-sitter-bash-34ZGLXVX.js	1.84 MB	0 B
./bundle/cleanup-DV64U54Q.js	856 B	+856 B (new file)	🆕

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request refactors the plan-mode.test.ts integration tests to simplify their execution. It transitions from using rig.runInteractive with stdin and run.type for prompts to using rig.run with direct args, removing the need for interactive input simulation and the associated setup prompt disabling. The tests also adopt more direct assertions by checking toolLogs for tool call presence and success. Additionally, a new test case is introduced to verify that write_file operations to the plans directory are permitted in plan mode even without an explicit session ID in the path. To accommodate this, the plan.toml policy is updated to make the argsPattern for write_file more flexible, allowing an optional session ID segment in the target file path.

[Adib234]

/patch preview

[github-actions]

🚀 [Step 1/4] Patch workflow(s) waiting for approval!

📋 Details:

• Channels: preview
• Commit: 028d0368d5122f1403ba11884b5fc5a6d2fafec7
• Workflows Created: 1

⏳ Status: The patch creation workflow has been triggered and is waiting for deployment approval. Please visit the specific workflow links below and approve the runs.

🔗 Track Progress:

• View dispatched workflow run
• View patch workflow history
• This trigger workflow run

[Adib234]

/patch stable

[github-actions]

🚀 [Step 1/4] Patch workflow(s) waiting for approval!

📋 Details:

• Channels: stable
• Commit: 028d0368d5122f1403ba11884b5fc5a6d2fafec7
• Workflows Created: 1

⏳ Status: The patch creation workflow has been triggered and is waiting for deployment approval. Please visit the specific workflow links below and approve the runs.

🔗 Track Progress:

• View dispatched workflow run
• View patch workflow history
• This trigger workflow run