refactor(plan): simplify policy priorities and consolidate read-only rules

[ruomengz]

Summary

Consolidate Plan Mode and Read-Only policies to simplify priority management and reduce redundancy.

Details

• Lowered plan mode catch-all deny priority from 60 to 40.
• Adjusted dynamic subagent priority to 30 (1.03) to ensure it is properly blocked by Plan Mode's catch-all.
• Consolidated all read-only and tracker tools into read-only.toml at priority 50.
• Removed redundant explicit allow rules from plan.toml, relying on read-only.toml (priority 50) to naturally override the plan mode deny (priority 40).
• Deleted tracker.toml as its contents are now in read-only.toml.
• Updated toml-loader.test.ts to include read-only.toml in Plan Mode verification tests.

Related Issues

Related to #24769

How to Validate

1. Run npm test -w @google/gemini-cli-core -- src/policy/policy-engine.test.ts src/policy/toml-loader.test.ts
2. Run npm test -w @google/gemini-cli -- src/config/policy-engine.integration.test.ts
3. Verify Plan Mode still allows read-only tools and blocks subagents.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run

[gemini-cli]

Hi @ruomengz, thank you so much for your contribution to Gemini CLI! We really appreciate the time and effort you've put into this.

We're making some updates to our contribution process to improve how we track and review changes. Please take a moment to review our recent discussion post: Improving Our Contribution Process & Introducing New Guidelines.

Key Update: Starting January 26, 2026, the Gemini CLI project will require all pull requests to be associated with an existing issue. Any pull requests not linked to an issue by that date will be automatically closed.

Thank you for your understanding and for being a part of our community!

[github-actions]

Size Change: -4 B (0%)

Total Size: 34 MB

Filename	Size	Change
./bundle/chunk-2S3CO3G7.js	0 B	-14.8 MB (removed)	🏆
./bundle/chunk-PATEQ6GH.js	0 B	-3.15 MB (removed)	🏆
./bundle/chunk-UV75IQ6X.js	0 B	-1.96 MB (removed)	🏆
./bundle/core-3ARBWFX2.js	0 B	-45.2 kB (removed)	🏆
./bundle/devtoolsService-AGSJYNDI.js	0 B	-28.4 kB (removed)	🏆
./bundle/interactiveCli-OJ3DYHMQ.js	0 B	-1.64 MB (removed)	🏆
./bundle/oauth2-provider-KLVOB54A.js	0 B	-9.16 kB (removed)	🏆
./bundle/chunk-6DQTTS2Q.js	1.96 MB	+1.96 MB (new file)	🆕
./bundle/chunk-IE6ESCWX.js	14.8 MB	+14.8 MB (new file)	🆕
./bundle/chunk-WJQHL7N5.js	3.15 MB	+3.15 MB (new file)	🆕
./bundle/core-TB34QETI.js	45.2 kB	+45.2 kB (new file)	🆕
./bundle/devtoolsService-HYOIL7AX.js	28.4 kB	+28.4 kB (new file)	🆕
./bundle/interactiveCli-4P6SAKXL.js	1.64 MB	+1.64 MB (new file)	🆕
./bundle/oauth2-provider-66NXEQND.js	9.16 kB	+9.16 kB (new file)	🆕

ℹ️ View Unchanged

Filename	Size	Change
./bundle/bundled/third_party/index.js	8 MB	0 B
./bundle/chunk-34MYV7JD.js	2.45 kB	0 B
./bundle/chunk-5AUYMPVF.js	858 B	0 B
./bundle/chunk-5PS3AYFU.js	1.18 kB	0 B
./bundle/chunk-664ZODQF.js	124 kB	0 B
./bundle/chunk-DAHVX5MI.js	206 kB	0 B
./bundle/chunk-IUUIT4SU.js	56.5 kB	0 B
./bundle/chunk-RJTRUG2J.js	39.8 kB	0 B
./bundle/devtools-36NN55EP.js	696 kB	0 B
./bundle/dist-T73EYRDX.js	356 B	0 B
./bundle/events-XB7DADIJ.js	418 B	0 B
./bundle/gemini.js	552 kB	0 B
./bundle/getMachineId-bsd-TXG52NKR.js	1.55 kB	0 B
./bundle/getMachineId-darwin-7OE4DDZ6.js	1.55 kB	0 B
./bundle/getMachineId-linux-SHIFKOOX.js	1.34 kB	0 B
./bundle/getMachineId-unsupported-5U5DOEYY.js	1.06 kB	0 B
./bundle/getMachineId-win-6KLLGOI4.js	1.72 kB	0 B
./bundle/memoryDiscovery-JL5XPI6O.js	0 B	-980 B (removed)	🏆
./bundle/multipart-parser-KPBZEGQU.js	11.7 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	222 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	229 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	13.4 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B
./bundle/src-QVCVGIUX.js	47 kB	0 B
./bundle/tree-sitter-7U6MW5PS.js	274 kB	0 B
./bundle/tree-sitter-bash-34ZGLXVX.js	1.84 MB	0 B
./bundle/memoryDiscovery-HEZ4BE4C.js	980 B	+980 B (new file)	🆕

_{compressed-size-action}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refactors the policy engine's priority management, specifically for Plan Mode and read-only tools. The changes aim to simplify policy configuration and reduce redundancy by consolidating rules and adjusting priorities. This ensures that Plan Mode correctly blocks subagents while still allowing necessary read-only operations, leading to a more streamlined and maintainable policy system.

Highlights

• Policy Priority Adjustment: Lowered the plan mode catch-all deny priority from 60 to 40, and adjusted dynamic subagent priority to 30 (1.03) to ensure it is properly blocked by Plan Mode's catch-all deny.
• Policy Consolidation: Consolidated all read-only and tracker tools into a single read-only.toml file with a priority of 50, removing redundant explicit allow rules from plan.toml.
• File Removal: Deleted the tracker.toml policy file as its contents were merged into read-only.toml.
• Test Updates: Updated relevant test files (policy-engine.integration.test.ts, registry.test.ts, policy-engine.test.ts, toml-loader.test.ts) to reflect the new policy priorities and file structure.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates the policy engine configuration to refine priority levels for subagents and Plan Mode. Key changes include lowering the priority of subagent tools to 1.03 to ensure they are correctly blocked by Plan Mode (now at priority 40), and consolidating tool definitions in the read-only policy configuration. The review feedback highlights a potential security concern regarding the global allowance of the 'activate_skill' tool in non-interactive environments due to its relocation, and suggests moving it back to the Plan Mode configuration to maintain restricted behavior.

[jerop]

/gemini review

[gemini-code-assist]

Code Review

This pull request refactors the policy engine's priority system, lowering the base priorities for subagent tools, Plan Mode's catch-all deny, and read-only tools to ensure correct override behavior. It also consolidates read-only and tracker tool rules into a single configuration file for better maintainability. A review comment suggests removing the 'modes' restriction from the 'exit_plan_mode' rule to maintain its function as a global override and recommends further consolidation of rules sharing identical properties.