diff --git a/modules/misc/news/2026/03/2026-03-12_22-09-51.nix b/modules/misc/news/2026/03/2026-03-12_22-09-51.nix new file mode 100644 index 00000000..60a44461 --- /dev/null +++ b/modules/misc/news/2026/03/2026-03-12_22-09-51.nix @@ -0,0 +1,13 @@ +{ config, ... }: +{ + time = "2026-03-13T03:09:51+00:00"; + condition = config.programs.gemini-cli.enable; + message = '' + The `programs.gemini-cli.policies` option has been added to support configuring + the Gemini CLI policy engine. + + This option accepts an attribute set where values can either be paths to existing + TOML files or attribute sets that will be generated into TOML format. These + policies provide fine-grained control over tool execution rules for the CLI. + ''; +} diff --git a/modules/programs/gemini-cli.nix b/modules/programs/gemini-cli.nix index ec5c8d2c..9cbc9ad6 100644 --- a/modules/programs/gemini-cli.nix +++ b/modules/programs/gemini-cli.nix @@ -85,6 +85,31 @@ in ''; }; + policies = lib.mkOption { + type = lib.types.attrsOf (lib.types.either lib.types.path tomlFormat.type); + default = { }; + description = '' + An attribute set of policy definitions to create in `~/.gemini/policies/`. + The attribute name becomes the filename with `.toml` extension automatically added. + The value can be either an attribute set representing the TOML policy or a path to a TOML file. + ''; + example = lib.literalExpression '' + { + "my-rules" = { + rule = [ + { + toolName = "run_shell_command"; + commandPrefix = "git "; + decision = "ask_user"; + priority = 100; + } + ]; + }; + "other-rules" = ./path/to/rules.toml; + } + ''; + }; + defaultModel = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; @@ -163,6 +188,18 @@ in } ) cfg.commands; } + { + home.file = lib.mapAttrs' ( + n: v: + lib.nameValuePair ".gemini/policies/${n}.toml" { + source = + if builtins.isPath v || builtins.isString v || lib.isDerivation v then + v + else + tomlFormat.generate "gemini-cli-policy-${n}.toml" v; + } + ) cfg.policies; + } ] ); }