Fix(policy): fix commandPrefix matching by preserving spaces and hyphens in regex patterns

[Famous077]

Summary:
Policy DENY rules using commandPrefix were silently failing to match shell commands, allowing blocked commands like git branch -d to execute despite explicit deny rules. The root cause was that escapeRegex() was escaping spaces as \ and hyphens as -, but stableStringify() produces JSON with literal spaces and unescaped hyphens. This mismatch meant the generated regex pattern never matched the actual JSON string being tested.

Details:
Two changes were made in packages/core/src/policy/utils.ts:

Removed - from escapeRegex() character class — hyphens don't need escaping outside regex character classes
Added .replace(/\ /g, ' ') in buildArgsPatterns() to unescape spaces after regex escaping, since JSON strings contain literal spaces

When a prefix ends with a space (e.g. "git branch -d "), the word boundary check (?:[\s"]|\") is skipped since the trailing space already acts as a delimiter, allowing the branch name to follow naturally.
Tests in utils.test.ts and persistence.test.ts were updated to reflect the corrected pattern format.
Related Issues:
Fixes #20355

How to Validate:
Add to ~/.gemini/settings.json or policy TOML:

toml[[rule]]
toolName = "run_shell_command"
commandPrefix = "git branch -d "
decision = "deny"
priority = 999

Launch gemini and ask it to delete a git branch
The command should now be blocked with a DENY decision
Without the fix, the command would execute silently

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any) — No breaking changes
• Validated on required platforms/methods:
• MacOS
• npm run
• npx
• Docker
• Podman
• Seatbelt
• Windows
• npm run
• npx
• Docker
• Linux
• npm run
• npx
• Docker

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical bug where policy DENY rules using commandPrefix were failing to block shell commands due to a mismatch in how spaces and hyphens were escaped in regex patterns compared to their representation in JSON strings. The fix involves refining the regex escaping logic to preserve literal spaces and unescape hyphens, ensuring that generated regex patterns accurately match the command arguments and correctly enforce policy rules.

Highlights

• Regex Escaping Correction: Removed the unnecessary escaping of hyphens (-) from the escapeRegex utility function, as they do not require escaping outside of character classes in regular expressions.
• Space Preservation in Regex Patterns: Modified buildArgsPatterns to unescape spaces after the initial regex escaping, ensuring that spaces in commandPrefix values are treated as literal spaces in the generated regex, matching the JSON string representation.
• Improved Command Prefix Matching: Implemented logic to correctly handle commandPrefix values that end with a space, allowing for flexible matching of subsequent arguments without an unnecessary word boundary check.

Changelog

• packages/core/src/policy/persistence.test.ts
  • Updated the expected regex pattern for git status to reflect the corrected handling of spaces.
• packages/core/src/policy/utils.test.ts
  • Adjusted the expected output for escapeRegex to no longer include an escaped hyphen.
  • Updated the expected regex patterns for buildArgsPatterns to correctly represent spaces and hyphens as literal characters.
• packages/core/src/policy/utils.ts
  • Modified the escapeRegex function to remove the hyphen from the set of characters that are escaped.
  • Enhanced the buildArgsPatterns function to unescape spaces after regex escaping and to conditionally apply a word boundary check based on whether the command prefix ends with a space.

Activity

• The author provided a detailed summary of the problem and the solution in the pull request description.
• The author outlined specific steps to validate the fix, including adding a deny rule for git branch -d and testing its blocking behavior.
• The author confirmed that tests were added/updated to cover the changes and that there are no breaking changes.
• The author validated the changes on Windows using npm run.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly fixes a bug where policy rules with commandPrefix were failing to match due to incorrect escaping of spaces and hyphens. The changes in escapeRegex and buildArgsPatterns effectively resolve the mismatch between the generated regex and the stringified tool arguments. The accompanying test updates properly validate the fix. The suggestion to refactor the implementation in packages/core/src/policy/utils.ts to improve code clarity and maintainability is valid and has been retained.

[gemini-code-assist]

The current approach of escaping spaces in escapeRegex and then immediately un-escaping them here is functionally correct but indirect and could be confusing for future maintenance.

A cleaner implementation would be to prevent escapeRegex from escaping spaces in the first place. This would simplify the logic in buildArgsPatterns and make the overall flow more intuitive.

Here's a suggested refactoring:

1. In packages/core/src/policy/utils.ts, update escapeRegex:
   Modify escapeRegex on line 11 to not escape spaces.

   return text.replace(/[[\\\]{}()*+?.,^$|#"]/g, '\\$&');

2. In packages/core/src/policy/utils.ts, simplify buildArgsPatterns:
   With the above change, you can remove the .replace() call from this line (line 74).

   const escapedPrefix = escapeRegex(jsonPrefix);

3. In packages/core/src/policy/utils.test.ts, update the test case:
   The test for escapeRegex will need to be updated to reflect that spaces are no longer escaped (around line 15).

   expect(escaped).toBe(
     '\.-\*\+\?\^\$\{\}\(\)\|\[\]\\ ',

[Famous077]

Updated according to you review.

[Famous077]

Hi @Adib234 . Can you reivew this PR whenever you get time. Waiting for your feedback.

[Famous077]

/gemini review

[gemini-code-assist]

Code Review

This pull request addresses a bug in policy matching for commandPrefix where commands containing spaces or hyphens were not being correctly matched by DENY rules. The fix involves modifying escapeRegex to no longer escape spaces and hyphens, and updating buildArgsPatterns to correctly handle prefixes with trailing spaces by adjusting the boundary check logic. The accompanying test updates in persistence.test.ts and utils.test.ts correctly reflect these changes. The implementation appears solid and effectively resolves the described issue.

[gemini-cli]

Hi there! Thank you for your interest in contributing to Gemini CLI.

To ensure we maintain high code quality and focus on our prioritized roadmap, we have updated our contribution policy (see Discussion #17383).

We only guarantee review and consideration of pull requests for issues that are explicitly labeled as 'help wanted'. All other community pull requests are subject to closure after 14 days if they do not align with our current focus areas. For this reason, we strongly recommend that contributors only submit pull requests against issues explicitly labeled as 'help-wanted'.

This pull request is being closed as it has been open for 14 days without a 'help wanted' designation. We encourage you to find and contribute to existing 'help wanted' issues in our backlog! Thank you for your understanding and for being part of our community!