Skip to content

fix(core): propagate subagent context to policy engine#22086

Merged
NTaylorMullen merged 1 commit intomainfrom
ntm/fix-subagent-policy-context
Mar 11, 2026
Merged

fix(core): propagate subagent context to policy engine#22086
NTaylorMullen merged 1 commit intomainfrom
ntm/fix-subagent-policy-context

Conversation

@NTaylorMullen
Copy link
Copy Markdown
Collaborator

@NTaylorMullen NTaylorMullen commented Mar 11, 2026

Summary

This PR fixes a regression where subagent-specific tool approvals (including "Allow for this session") were not correctly remembered.

Details

The event-driven Scheduler was not passing the subagent name to the PolicyEngine during the initial checkPolicy call. This caused subagent-specific rules (including those created dynamically during a session) to be ignored during the first check, leading to redundant confirmation prompts.

Changes:

  • Updated Scheduler to accept and store subagent name.
  • Updated checkPolicy and PolicyEngine.check calls to propagate this name.
  • Corrected AgentSchedulingOptions and LocalAgentExecutor to provide the subagent's name.
  • Updated unit tests to verify subagent name propagation.

Related Issues

Part of the "Allow for session" regression fix.

How to Validate

  1. Run unit tests: npm test -w @google/gemini-cli-core -- src/scheduler/scheduler.test.ts src/scheduler/policy.test.ts
  2. Manual validation: Use a subagent that requires tool confirmation, select "Allow for this session", and verify that subsequent calls by that subagent are auto-approved.

Pre-Merge Checklist

  • Updated relevant documentation and README (if needed)
  • Added/updated tests (if needed)
  • Noted breaking changes (if any)
  • Validated on required platforms/methods:
    • MacOS
      • npm run

@NTaylorMullen
fix(core): propagate subagent context to policy engine
fc79dc6 
- Pass subagent name from Scheduler to checkPolicy and then to PolicyEngine.
- Ensure subagent-specific session approvals are correctly matched.
- Update agent scheduling to correctly populate subagent identity.
@NTaylorMullen NTaylorMullen requested a review from a team as a code owner March 11, 2026 22:49
@gemini-code-assist
Copy link
Copy Markdown
Contributor

gemini-code-assist bot commented Mar 11, 2026

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a regression in the core logic where subagent-specific tool approvals were not being correctly remembered. The changes ensure that the subagent context is properly propagated to the policy engine, resolving issues with tool confirmation prompts and dynamic rule creation during sessions. The PR includes updates to the Scheduler, LocalAgentExecutor, and relevant tests to verify the fix.

Highlights

  • Subagent Context Propagation: This PR ensures that the subagent name is correctly passed to the PolicyEngine during policy checks, fixing a regression where subagent-specific tool approvals were not being remembered.
  • Scheduler Updates: The Scheduler is updated to accept and store the subagent name, which is then propagated to the checkPolicy calls.
  • Test Coverage: Unit tests were added to verify the correct propagation of the subagent name.
Changelog
  • packages/core/src/agents/agent-scheduler.ts
    • Added the subagent option to the AgentSchedulingOptions interface.
    • Modified the scheduleAgentTools function to accept and pass the subagent name.
  • packages/core/src/agents/local-executor.ts
    • Updated LocalAgentExecutor to provide the subagent's name when scheduling agent tools.
  • packages/core/src/scheduler/policy.test.ts
    • Added undefined to the arguments of the checkPolicy mock calls.
  • packages/core/src/scheduler/policy.ts
    • Modified the checkPolicy function to accept a subagent parameter.
    • Updated the checkPolicy function to pass the subagent name to the PolicyEngine.check method.
  • packages/core/src/scheduler/scheduler.test.ts
    • Added a unit test to verify that the subagent name is propagated to checkPolicy.
  • packages/core/src/scheduler/scheduler.ts
    • Added the subagent option to the SchedulerOptions interface.
    • Modified the Scheduler class to store the subagent name.
    • Updated the Scheduler class to pass the subagent name to the checkPolicy function.
Activity
  • The PR addresses a regression related to subagent-specific tool approvals.
  • Unit tests have been added to validate the fix.
  • Manual validation steps are provided to verify the fix in a real-world scenario.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Mar 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request addresses a regression by correctly propagating the subagent name to the policy engine. The changes are implemented by passing the subagent context through AgentSchedulingOptions and the Scheduler to the checkPolicy function. The logic appears sound, and a new unit test has been added to verify the fix. The implementation is clean and directly solves the described issue.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 11, 2026

Size Change: +207 B (0%)

Total Size: 26.5 MB

ℹ️ View Unchanged
Filename Size Change
./bundle/gemini.js 26 MB +207 B (0%)
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js 221 kB 0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js 227 kB 0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js 11.5 kB 0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js 132 B 0 B
./bundle/sandbox-macos-permissive-open.sb 890 B 0 B
./bundle/sandbox-macos-permissive-proxied.sb 1.31 kB 0 B
./bundle/sandbox-macos-restrictive-open.sb 3.36 kB 0 B
./bundle/sandbox-macos-restrictive-proxied.sb 3.56 kB 0 B
./bundle/sandbox-macos-strict-open.sb 4.82 kB 0 B
./bundle/sandbox-macos-strict-proxied.sb 5.02 kB 0 B

compressed-size-action

abhipatel12
abhipatel12 approved these changes Mar 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@abhipatel12 abhipatel12 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@NTaylorMullen NTaylorMullen enabled auto-merge March 11, 2026 22:54
@gemini-cli gemini-cli bot added the status/need-issue Pull requests that need to have an associated issue. label Mar 11, 2026
@NTaylorMullen NTaylorMullen added this pull request to the merge queue Mar 11, 2026
Merged via the queue into main with commit 4a6d1fa Mar 11, 2026
30 checks passed
@NTaylorMullen NTaylorMullen deleted the ntm/fix-subagent-policy-context branch March 11, 2026 23:13
This was referenced Mar 12, 2026
Closed
Open
liamhelmer pushed a commit to badal-io/gemini-cli that referenced this pull request Mar 12, 2026
@NTaylorMullen @liamhelmer
fix(core): propagate subagent context to policy engine (google-gemini…
db41c3e 
…#22086)
ruomengz pushed a commit that referenced this pull request Mar 13, 2026
@NTaylorMullen @ruomengz
fix(core): propagate subagent context to policy engine (#22086)
9612cda
SUNDRAM07 pushed a commit to SUNDRAM07/gemini-cli that referenced this pull request Mar 30, 2026
@NTaylorMullen
fix(core): propagate subagent context to policy engine (google-gemini…
523bb7f 
…#22086)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abhipatel12 abhipatel12 abhipatel12 approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

status/need-issue Pull requests that need to have an associated issue.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@NTaylorMullen @abhipatel12