fix(core): enable global session and persistent approval for web_fetch

[NTaylorMullen]

Summary

Fixes the regression where "Allow for this session" for the web_fetch tool was not being respected. This was caused by web_fetch being included in the SENSITIVE_TOOLS list, which strictly requires argument-narrowing patterns (like a URL) for any session-wide or persistent approval.

Details

• Renamed SENSITIVE_TOOLS to TOOLS_REQUIRING_NARROWING: This more accurately reflects the list's function in the policy engine—enforcing mandatory argument narrowing for powerful tools.
• Removed web_fetch from the narrowing list: This allows web_fetch to be approved globally for a session or persistently without being blocked by the mandatory narrowing check, similar to activate_skill.
• Updated web_fetch: Explicitly opted into the global approval model for both ProceedAlways (session) and ProceedAlwaysAndSave (persistent).
• Auto-edit Support: Added web_fetch to the auto_edit allow-list in write.toml for consistency with other modification tools.

Related Issues

Related to PR #22217 (which introduced the regression).

How to Validate

1. Run the CLI.
2. Trigger a web_fetch call (e.g., "fetch google.com").
3. Select "Allow for this session" when prompted.
4. Trigger another web_fetch to a different URL (e.g., "fetch example.com").
5. Verify that the second call is allowed without a prompt.
6. (Optional) Select "Allow Always and Save" and verify the rule is added to your config without a narrow argsPattern.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed) - Verified via existing policy tests and manual analysis.
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a regression that prevented the web_fetch tool from being approved globally for a session or persistently without specific argument narrowing. The core issue stemmed from web_fetch being incorrectly categorized within a list of tools that strictly mandated argument narrowing for such approvals. The changes clarify the purpose of this list by renaming it, remove web_fetch from it, and explicitly configure web_fetch to support global approvals, thereby restoring its intended behavior and aligning it with other tools that permit broader permissions.

Highlights

• Tool List Renaming: The SENSITIVE_TOOLS list was renamed to TOOLS_REQUIRING_NARROWING to more accurately reflect its purpose of enforcing mandatory argument narrowing for powerful tools.
• Web Fetch Policy Update: web_fetch was removed from the TOOLS_REQUIRING_NARROWING list, allowing it to be approved globally for a session or persistently without requiring argument-narrowing patterns.
• Global Approval for Web Fetch: The web_fetch tool was explicitly updated to opt into the global approval model for both ProceedAlways (session-wide) and ProceedAlwaysAndSave (persistent) outcomes.
• Auto-edit Support for Web Fetch: web_fetch was added to the auto_edit allow-list in write.toml for consistency with other modification tools.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: -219 B (0%)

Total Size: 26.1 MB

Filename	Size	Change
./bundle/chunk-5725SFQR.js	0 B	-1.95 MB (removed)	🏆
./bundle/chunk-QGRZDB3C.js	0 B	-3.64 MB (removed)	🏆
./bundle/chunk-Y4WT6QYH.js	0 B	-14.5 MB (removed)	🏆
./bundle/core-LCHJY526.js	0 B	-42.4 kB (removed)	🏆
./bundle/devtoolsService-OSKK3Q7G.js	0 B	-27.7 kB (removed)	🏆
./bundle/interactiveCli-DWPVPNMG.js	0 B	-1.61 MB (removed)	🏆
./bundle/oauth2-provider-QW3CAXQO.js	0 B	-9.16 kB (removed)	🏆
./bundle/chunk-VEQJBRSQ.js	14.5 MB	+14.5 MB (new file)	🆕
./bundle/chunk-W3MSOS6U.js	1.95 MB	+1.95 MB (new file)	🆕
./bundle/chunk-ZNTHCWYD.js	3.64 MB	+3.64 MB (new file)	🆕
./bundle/core-NOXSDJNX.js	42.4 kB	+42.4 kB (new file)	🆕
./bundle/devtoolsService-IXWLRMJO.js	27.7 kB	+27.7 kB (new file)	🆕
./bundle/interactiveCli-CUOVDHSZ.js	1.61 MB	+1.61 MB (new file)	🆕
./bundle/oauth2-provider-Q3P2XSJ5.js	9.16 kB	+9.16 kB (new file)	🆕

ℹ️ View Unchanged

Filename	Size	Change
./bundle/chunk-34MYV7JD.js	2.45 kB	0 B
./bundle/chunk-5AUYMPVF.js	858 B	0 B
./bundle/chunk-664ZODQF.js	124 kB	0 B
./bundle/chunk-DAHVX5MI.js	206 kB	0 B
./bundle/chunk-IUUIT4SU.js	56.5 kB	0 B
./bundle/chunk-RJTRUG2J.js	39.8 kB	0 B
./bundle/devtools-36NN55EP.js	696 kB	0 B
./bundle/dist-T73EYRDX.js	356 B	0 B
./bundle/gemini.js	519 kB	0 B
./bundle/getMachineId-bsd-TXG52NKR.js	1.55 kB	0 B
./bundle/getMachineId-darwin-7OE4DDZ6.js	1.55 kB	0 B
./bundle/getMachineId-linux-SHIFKOOX.js	1.34 kB	0 B
./bundle/getMachineId-unsupported-5U5DOEYY.js	1.06 kB	0 B
./bundle/getMachineId-win-6KLLGOI4.js	1.72 kB	0 B
./bundle/memoryDiscovery-OV4FUTHJ.js	0 B	-922 B (removed)	🏆
./bundle/multipart-parser-KPBZEGQU.js	11.7 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	221 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	227 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	11.5 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B
./bundle/src-QVCVGIUX.js	47 kB	0 B
./bundle/tree-sitter-7U6MW5PS.js	274 kB	0 B
./bundle/tree-sitter-bash-34ZGLXVX.js	1.84 MB	0 B
./bundle/memoryDiscovery-LVDE732W.js	922 B	+922 B (new file)	🆕

_{compressed-size-action}

[gemini-code-assist]

Code Review

The changes effectively address the regression where web_fetch could not be approved globally for a session or persistently without argument narrowing. The renaming of SENSITIVE_TOOLS to TOOLS_REQUIRING_NARROWING improves clarity, and the removal of web_fetch from this list, combined with the updated getPolicyUpdateOptions method, correctly implements the desired behavior. The addition of web_fetch to the autoEdit allow-list in write.toml is also consistent with the goal of making this tool more broadly usable.

[spencer426]

The PR modifies getPolicyUpdateOptions in web-fetch.ts but does not add or update any unit tests in web-fetch.test.ts

[spencer426]

LGTM