fix(config): treat system settings as read-only during migration and warn user

[spencer426]

Summary

This PR prevents the CLI from crashing when attempting to automatically migrate deprecated configuration settings in the system and system_default scopes. These scopes are now treated as
read-only, and the CLI will instead warn the user to perform manual updates for these files.

Details

• Read-Only Enforcement: Modified LoadedSettings.setValue to automatically redirect any updates to System or SystemDefaults scopes to an in-memory-only store (setValueInMemory). This
  prevents EACCES errors when the CLI doesn't have write permissions to system-wide configuration directories.
• Migration Logic Update: Enhanced the migration functions to track deprecated flags found in system scopes. While migrations are still applied in-memory for the current session, the
  changes are no longer persisted to disk for these specific scopes.
• Actionable Warnings: Implemented a notification system using coreEvents.emitFeedback that alerts the user (in yellow) if their system configuration contains deprecated settings, listing
  the specific flags that require manual intervention.

Related Issues

• Fixes [UX] Failed to save to system_default scope while migrating deprecated settings. #18123

How to Validate

1. Create Mock System Config:
   echo '{"general": {"disableUpdateNag": true}}' > /tmp/mock-system.json
2. Run Development CLI:
   GEMINI_CLI_SYSTEM_SETTINGS_PATH=/tmp/mock-system.json npm run start
3. Verify Behavior:
   • Confirm the CLI starts without crashing.
   • Look for the yellow warning message: "The system configuration contains deprecated settings: [disableUpdateNag]. These could not be migrated automatically..."
   • Verify that /tmp/mock-system.json has not been modified by the CLI.
4. Verify User Migration:
   • Add a deprecated flag to your local ~/.gemini/settings.json.
   • Run the CLI normally and verify that the local file is automatically updated.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-cli]

Hi @spencer426, thank you so much for your contribution to Gemini CLI! We really appreciate the time and effort you've put into this.

We're making some updates to our contribution process to improve how we track and review changes. Please take a moment to review our recent discussion post: Improving Our Contribution Process & Introducing New Guidelines.

Key Update: Starting January 26, 2026, the Gemini CLI project will require all pull requests to be associated with an existing issue. Any pull requests not linked to an issue by that date will be automatically closed.

Thank you for your understanding and for being a part of our community!

[gemini-code-assist]

Summary of Changes

Hello @spencer426, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly improves the robustness and user experience of the CLI's auto-update feature. By introducing both pre-flight permission checks and post-update command verification, it ensures that updates are performed reliably and that the CLI remains functional afterward. This proactive approach minimizes potential issues during the update process and provides clearer, actionable feedback to users in case of failure.

Highlights

• Pre-flight Write Permission Check: Implemented a pre-flight check to verify write permissions in the executable directory before initiating auto-updates, preventing updates from failing due to insufficient permissions.
• Post-update Command Verification: Introduced a post-update verification step to confirm that the 'gemini' command remains accessible in the system's PATH after a successful update, ensuring the CLI is still functional.
• Improved Error Messaging: Enhanced error messaging for failed auto-updates, providing specific recovery instructions to the user, such as manual reinstallation commands.
• Unit Test Coverage: Added comprehensive unit tests to cover the new pre-flight and post-update verification logic, ensuring the reliability of these new features.
• Main CLI Integration: Integrated the auto-update check and handling directly into the main CLI execution flow, making the update process a seamless part of the user experience.

Changelog

• packages/cli/src/gemini.tsx
  • Integrated the checkForUpdates and handleAutoUpdate functions into the main main function, ensuring update checks occur during CLI execution.
  • Added a catch block to silently handle and log errors from checkForUpdates in debug mode.
• packages/cli/src/utils/handleAutoUpdate.test.ts
  • Introduced mocks for node:fs and command-exists to facilitate testing of file system access and command availability.
  • Updated test descriptions for clarity, specifically for nightly updates.
  • Added new test cases to validate the behavior when pre-flight write permission checks fail and when post-update command verification fails.
  • Modified the update-failed event handling test to assert that specific error messages are passed and displayed.
• packages/cli/src/utils/handleAutoUpdate.ts
  • Imported necessary modules: fs, path, commandExists, and debugLogger.
  • Implemented a pre-flight check using fs.accessSync to ensure write permissions to the CLI's installation directory before an update attempt.
  • Added a post-update verification step using commandExists.sync to confirm the gemini command is still in PATH after a successful update.
  • Modified the handleUpdateFailed function to accept an optional message parameter, allowing for more descriptive error messages to be displayed to the user.

Activity

• The author implemented pre-flight checks for write permissions to the executable directory.
• The author added post-update verification to ensure the 'gemini' command remains in PATH.
• The author improved error messaging for update failures, including recovery instructions.
• The author added unit tests to cover the new verification logic.
• The author integrated the update check and handling into the main CLI execution flow.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: +1.7 kB (+0.01%)

Total Size: 23.8 MB

Filename	Size	Change
./bundle/gemini.js	23.8 MB	+1.7 kB (+0.01%)

ℹ️ View Unchanged

Filename	Size
./bundle/sandbox-macos-permissive-closed.sb	1.03 kB
./bundle/sandbox-macos-permissive-open.sb	890 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB
./bundle/sandbox-macos-restrictive-closed.sb	3.29 kB
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request introduces valuable pre-flight and post-update verifications for the auto-update feature, significantly enhancing its reliability. The implementation is solid, including corresponding unit tests. I've identified one area for improvement: a race condition in the non-interactive update check that could prevent it from running. My review includes specific suggestions to address this point.

[jacob314]

there is too much duplicated logic with the regular setValue. We should just instead avoid saving the file if it is a system settings file

[spencer426]

Done.

[jacob314]

having system scope specific checks here is a little scary. why is this needed?

[spencer426]

Refactored to use the SettingsFile interface to include a readOnly flag instead.

[jacob314]

refactor so we don't have to repeat strings like codeBaseInvestigatorSettings in these migrate blocks. Add a shared helper.

[spencer426]

Done. Combined setValue and setValueInMemory using a new helper that checks if a scope needs to be saved or just kept in memory. I also cleaned up the migration code to remove duplicate strings.

[jacob314]