gemini-cli: add policy engine support

Gemin now supports policy configuration through policy files in toml. Signed-off-by: Austin Horstman <khaneliman12@gmail.com>
2026-03-12 22:06:26 -05:00 · 2026-03-12 22:06:26 -05:00 · 9fc7535efc
commit 9fc7535efc
parent 57d5560ee9
2 changed files with 50 additions and 0 deletions
--- a/modules/programs/gemini-cli.nix
+++ b/modules/programs/gemini-cli.nix
@ -85,6 +85,31 @@ in
        '';
      };

+    policies = lib.mkOption {
+      type = lib.types.attrsOf (lib.types.either lib.types.path tomlFormat.type);
+      default = { };
+      description = ''
+        An attribute set of policy definitions to create in `~/.gemini/policies/`.
+        The attribute name becomes the filename with `.toml` extension automatically added.
+        The value can be either an attribute set representing the TOML policy or a path to a TOML file.
+      '';
+      example = lib.literalExpression ''
+        {
+          "my-rules" = {
+            rule = [
+              {
+                toolName = "run_shell_command";
+                commandPrefix = "git ";
+                decision = "ask_user";
+                priority = 100;
+              }
+            ];
+          };
+          "other-rules" = ./path/to/rules.toml;
+        }
+      '';
+    };
+
    defaultModel = lib.mkOption {
      type = lib.types.nullOr lib.types.str;
      default = null;
@ -163,6 +188,18 @@ in
          }
        ) cfg.commands;
      }
+      {
+        home.file = lib.mapAttrs' (
+          n: v:
+          lib.nameValuePair ".gemini/policies/${n}.toml" {
+            source =
+              if builtins.isPath v || builtins.isString v || lib.isDerivation v then
+                v
+              else
+                tomlFormat.generate "gemini-cli-policy-${n}.toml" v;
+          }
+        ) cfg.policies;
+      }
    ]
  );
 }