From 0d27eebb4b4eab42601c72534b03c8e458c7cbe3 Mon Sep 17 00:00:00 2001 From: "Jiaxiao (mossaka) Zhou" Date: Thu, 19 Feb 2026 23:55:17 +0000 Subject: [PATCH 1/2] fix: add --yolo flag to Gemini CLI for auto-approving tool executions Without --yolo, Gemini CLI's default approval mode rejects all MCP tool calls with "Tool execution denied by policy", making the agent unable to use any tools (GitHub MCP, safe outputs, safe inputs, etc.). This is the Gemini equivalent of Codex's --dangerously-bypass-approvals-and-sandbox. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/smoke-gemini.lock.yml | 4 ++-- pkg/workflow/gemini_engine.go | 4 ++++ pkg/workflow/gemini_engine_test.go | 1 + 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/smoke-gemini.lock.yml b/.github/workflows/smoke-gemini.lock.yml index aafbc93941..022931c8ba 100644 --- a/.github/workflows/smoke-gemini.lock.yml +++ b/.github/workflows/smoke-gemini.lock.yml @@ -901,7 +901,7 @@ jobs: run: | set -o pipefail sudo -E awf --env-all --container-workdir "${GITHUB_WORKSPACE}" --allow-domains '*.githubusercontent.com,*.googleapis.com,api.snapcraft.io,archive.ubuntu.com,azure.archive.ubuntu.com,codeload.github.com,crl.geotrust.com,crl.globalsign.com,crl.identrust.com,crl.sectigo.com,crl.thawte.com,crl.usertrust.com,crl.verisign.com,crl3.digicert.com,crl4.digicert.com,crls.ssl.com,generativelanguage.googleapis.com,github-cloud.githubusercontent.com,github-cloud.s3.amazonaws.com,github.com,github.githubassets.com,host.docker.internal,json-schema.org,json.schemastore.org,keyserver.ubuntu.com,lfs.github.com,objects.githubusercontent.com,ocsp.digicert.com,ocsp.geotrust.com,ocsp.globalsign.com,ocsp.identrust.com,ocsp.sectigo.com,ocsp.ssl.com,ocsp.thawte.com,ocsp.usertrust.com,ocsp.verisign.com,packagecloud.io,packages.cloud.google.com,packages.microsoft.com,ppa.launchpad.net,raw.githubusercontent.com,registry.npmjs.org,s.symcb.com,s.symcd.com,security.ubuntu.com,ts-crl.ws.symantec.com,ts-ocsp.ws.symantec.com' --log-level info --proxy-logs-dir /tmp/gh-aw/sandbox/firewall/logs --enable-host-access --image-tag 0.20.2 --skip-pull \ - -- /bin/bash -c 'export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && gemini --output-format json --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log + -- /bin/bash -c 'export PATH="$(find /opt/hostedtoolcache -maxdepth 4 -type d -name bin 2>/dev/null | tr '\''\n'\'' '\'':'\'')$PATH"; [ -n "$GOROOT" ] && export PATH="$GOROOT/bin:$PATH" || true && gemini --yolo --output-format json --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"' 2>&1 | tee -a /tmp/gh-aw/agent-stdio.log env: GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }} GH_AW_MCP_CONFIG: ${{ github.workspace }}/.gemini/settings.json @@ -1197,7 +1197,7 @@ jobs: id: agentic_execution run: | set -o pipefail - gemini --output-format json --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" 2>&1 | tee /tmp/gh-aw/threat-detection/detection.log + gemini --yolo --output-format json --prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)" 2>&1 | tee /tmp/gh-aw/threat-detection/detection.log env: GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }} GH_AW_MODEL_DETECTION_GEMINI: ${{ vars.GH_AW_MODEL_DETECTION_GEMINI || '' }} diff --git a/pkg/workflow/gemini_engine.go b/pkg/workflow/gemini_engine.go index 347631f416..cfc20c99dc 100644 --- a/pkg/workflow/gemini_engine.go +++ b/pkg/workflow/gemini_engine.go @@ -176,6 +176,10 @@ func (e *GeminiEngine) GetExecutionSteps(workflowData *WorkflowData, logFile str // The conversion script (convert_gateway_config_gemini.sh) writes settings.json // during the MCP setup step, so no --mcp-config flag is needed here. + // Auto-approve all tool executions (equivalent to Codex's --dangerously-bypass-approvals-and-sandbox) + // Without this, Gemini CLI's default approval mode rejects tool calls with "Tool execution denied by policy" + geminiArgs = append(geminiArgs, "--yolo") + // Add headless mode with JSON output geminiArgs = append(geminiArgs, "--output-format", "json") diff --git a/pkg/workflow/gemini_engine_test.go b/pkg/workflow/gemini_engine_test.go index e2c68b51d8..bd85bf7473 100644 --- a/pkg/workflow/gemini_engine_test.go +++ b/pkg/workflow/gemini_engine_test.go @@ -151,6 +151,7 @@ func TestGeminiEngineExecution(t *testing.T) { assert.Contains(t, stepContent, "name: Run Gemini", "Should have correct step name") assert.Contains(t, stepContent, "id: agentic_execution", "Should have agentic_execution ID") assert.Contains(t, stepContent, "gemini", "Should invoke gemini command") + assert.Contains(t, stepContent, "--yolo", "Should include --yolo flag for auto-approving tool executions") assert.Contains(t, stepContent, "--output-format json", "Should use JSON output format") assert.Contains(t, stepContent, `--prompt "$(cat /tmp/gh-aw/aw-prompts/prompt.txt)"`, "Should include prompt argument with correct shell quoting") assert.Contains(t, stepContent, "/tmp/test.log", "Should include log file") From af30c6f8e748464f02b117fdd75225e0167219e2 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Fri, 20 Feb 2026 00:09:19 +0000 Subject: [PATCH 2/2] Add changeset [skip-ci] --- .changeset/patch-add-gemini-yolo-flag.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/patch-add-gemini-yolo-flag.md diff --git a/.changeset/patch-add-gemini-yolo-flag.md b/.changeset/patch-add-gemini-yolo-flag.md new file mode 100644 index 0000000000..4517dd1b34 --- /dev/null +++ b/.changeset/patch-add-gemini-yolo-flag.md @@ -0,0 +1,5 @@ +--- +"gh-aw": patch +--- + +Add `--yolo` to Gemini CLI invocations so tool executions are automatically approved.