feat(core): support nested directories in Plan Mode

[mahimashanware]

Summary

This PR enables support for nested directory structures within the plans directory during Plan Mode. It ensures that implementation plans can be organized into subdirectories (e.g., plans/tracks/feature-x/spec.md) and that tools like write_file, edit, and exit_plan_mode can correctly resolve and validate these paths.

Details

• Path Resolution: Updated resolveAndValidatePlanPath in planUtils.ts to handle nested paths and strip the leading plans/ segment if provided by the agent.
• Validation: Enhanced validatePlanPath to support deep directory validation within the approved plans directory.
• Tool Support:
  • write_file: Now correctly resolves nested paths when isPlanMode is true.
  • edit: Preserves directory structure and handles nested plan files.
  • exit_plan_mode: Validates and accepts nested plan file paths.
• Policy Mapping: Added logic to map ProceedAlways (Allow for session) to ProceedOnce when in Plan Mode. This prevents accidental transitions to AUTO_EDIT mode, which would update the policy and potentially exit Plan Mode prematurely.
• Bug Fixes: Fixed a file exists error in build_package.js by ensuring the target directory is cleaned before copying docs.

Related Issues

Related to #17690

How to Validate

Run the following test suites to verify path resolution, tool behavior, and policy mapping:

npx vitest packages/core/src/utils/planUtils.test.ts
npx vitest packages/core/src/tools/write-file.test.ts
npx vitest packages/core/src/tools/edit.test.ts
npx vitest packages/core/src/tools/exit-plan-mode.test.ts
npx vitest packages/core/src/scheduler/policy.test.ts

Verify that nested paths like tracks/my-feature/plan.md are correctly handled by creating a plan in a subdirectory and editing it.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • Linux
    • npm run

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[github-actions]

🛑 Action Required: Evaluation Approval

Steering changes have been detected in this PR. To prevent regressions, a maintainer must approve the evaluation run before this PR can be merged.

Maintainers:

1. Go to the Workflow Run Summary.
2. Click the yellow 'Review deployments' button.
3. Select the 'eval-gate' environment and click 'Approve'.

Once approved, the evaluation results will be posted here automatically.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the Plan Mode functionality by enabling support for nested directory structures within the designated plans directory. It refines path resolution and validation logic to ensure that tools like 'write_file', 'edit', and 'exit_plan_mode' operate correctly with subdirectories. Additionally, it introduces a policy mapping safeguard to maintain the integrity of Plan Mode and includes a fix for a build script issue related to directory cleanup.

Highlights

• Nested Directory Support: Enabled support for nested directory structures within the 'plans' directory, allowing for better organization of implementation plans.
• Path Resolution Improvements: Updated 'resolveAndValidatePlanPath' to correctly handle nested paths and strip redundant 'plans/' prefixes, ensuring robust path validation.
• Policy Mapping Adjustment: Mapped 'ProceedAlways' to 'ProceedOnce' while in Plan Mode to prevent unintended transitions to 'AUTO_EDIT' mode.
• Bug Fix: Resolved a file system error in 'build_package.js' by cleaning the target directory before copying documentation.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces support for nested directory structures and path normalization within the plans directory across several tools and utilities, including the policy scheduler, edit tool, write-file tool, and plan path utilities. However, two important issues were identified in the review: a critical path traversal vulnerability in planUtils.ts where fallback path resolution bypasses real-path validation for non-existent files, and a cross-platform compatibility issue in build_package.js caused by using the Unix-specific rm -rf command instead of Node's native fs.rmSync.

[gemini-code-assist]

Security Vulnerability: Path Traversal / Arbitrary File Write

The fallback logic in the catch blocks uses isSubpath(realPlansDir, directResolved) where directResolved is resolved using path.resolve instead of resolveToRealPath.

If a file does not exist yet (which is always the case for new files being created), resolveToRealPath throws an error, causing the code to enter the catch block. If the path contains a symbolic link pointing to an outside directory (e.g., plans/symlink_to_outside/new_file.md), directResolved will textually start with realPlansDir, bypassing the subpath check. This allows an attacker or a compromised agent to write files to arbitrary locations on the filesystem.

To fix this, we should resolve the real path of the closest existing ancestor directory before performing the subpath check.

  const getRealResolvedPath = (targetPath: string): string => {
    let current = path.resolve(targetPath);
    while (current && current !== path.dirname(current)) {
      try {
        const real = resolveToRealPath(current);
        const relative = path.relative(current, targetPath);
        return path.resolve(real, relative);
      } catch {
        current = path.dirname(current);
      }
    }
    return targetPath;
  };

  // 1. Handle case where agent provided an absolute path
  if (path.isAbsolute(normalizedPlanPath)) {
    const realResolved = getRealResolvedPath(normalizedPlanPath);
    if (isSubpath(realPlansDir, realResolved)) {
      return normalizedPlanPath;
    }
  }

  // 2. Try resolving relative to project root
  const resolvedFromProjectRoot = path.resolve(projectRoot, normalizedPlanPath);
  const realResolvedFromRoot = getRealResolvedPath(resolvedFromProjectRoot);
  if (isSubpath(realPlansDir, realResolvedFromRoot)) {
    return resolvedFromProjectRoot;
  }

  // 3. Try resolving relative to plansDir
  const resolvedFromPlansDir = path.resolve(plansDir, normalizedPlanPath);
  const realResolvedFromPlans = getRealResolvedPath(resolvedFromPlansDir);
  if (isSubpath(realPlansDir, realResolvedFromPlans)) {
    return resolvedFromPlansDir;
  }

References

1. Ensure consistent path resolution by using a single, robust function (e.g., resolveToRealPath) for all related path validations.
2. Sanitize user-provided file paths used in file system operations to prevent path traversal vulnerabilities.

[gemini-code-assist]

Cross-Platform Compatibility Issue

Using execSync('rm -rf ...') is not cross-platform compatible and will fail on Windows environments that do not have rm installed.

Since Node.js >= 14.14.0, fs.rmSync is natively supported and works reliably across all platforms without spawning a shell process. We can use a dynamic import with top-level await to load rmSync from node:fs cleanly.

    if (existsSync(docsTarget)) {
      const { rmSync } = await import('node:fs');
      rmSync(docsTarget, { recursive: true, force: true });
    }

[github-actions]

Size Change: +1.16 kB (0%)

Total Size: 33.9 MB

Filename	Size	Change
./bundle/chunk-3EA2KB4L.js	0 B	-3.77 kB (removed)	🏆
./bundle/chunk-DG4Q7X56.js	0 B	-16.4 MB (removed)	🏆
./bundle/chunk-HRP6Z6KZ.js	0 B	-3.43 kB (removed)	🏆
./bundle/chunk-L5PRLBTW.js	0 B	-49.2 kB (removed)	🏆
./bundle/chunk-MFNFADG7.js	0 B	-2.79 MB (removed)	🏆
./bundle/chunk-U5F4B43G.js	0 B	-660 kB (removed)	🏆
./bundle/chunk-W6Q6GKFL.js	0 B	-19.5 kB (removed)	🏆
./bundle/chunk-YTLG42NH.js	0 B	-13 kB (removed)	🏆
./bundle/core-BIL5OCWL.js	0 B	-49.5 kB (removed)	🏆
./bundle/devtoolsService-GQPZ367L.js	0 B	-28 kB (removed)	🏆
./bundle/gemini-XOORSS25.js	0 B	-589 kB (removed)	🏆
./bundle/interactiveCli-FP2RAT4Y.js	0 B	-1.3 MB (removed)	🏆
./bundle/liteRtServerManager-CUV7VERV.js	0 B	-2.08 kB (removed)	🏆
./bundle/oauth2-provider-WDMBRAOA.js	0 B	-9.12 kB (removed)	🏆
./bundle/chunk-3HB3SJXA.js	13 kB	+13 kB (new file)	🆕
./bundle/chunk-6XKC3BX2.js	3.43 kB	+3.43 kB (new file)	🆕
./bundle/chunk-AI437QPL.js	660 kB	+660 kB (new file)	🆕
./bundle/chunk-M7IIC7IO.js	2.79 MB	+2.79 MB (new file)	🆕
./bundle/chunk-MZSKZCRP.js	19.5 kB	+19.5 kB (new file)	🆕
./bundle/chunk-NMYFV2MV.js	16.4 MB	+16.4 MB (new file)	🆕
./bundle/chunk-RDZB2WOV.js	49.2 kB	+49.2 kB (new file)	🆕
./bundle/chunk-SOEUWOGG.js	3.77 kB	+3.77 kB (new file)	🆕
./bundle/core-FFP646BV.js	49.5 kB	+49.5 kB (new file)	🆕
./bundle/devtoolsService-GR2YBACO.js	28 kB	+28 kB (new file)	🆕
./bundle/gemini-FDR4EVLB.js	589 kB	+589 kB (new file)	🆕
./bundle/interactiveCli-LDYDECQ5.js	1.3 MB	+1.3 MB (new file)	🆕
./bundle/liteRtServerManager-4TE22HEK.js	2.08 kB	+2.08 kB (new file)	🆕
./bundle/oauth2-provider-RW3C3VRX.js	9.12 kB	+9.12 kB (new file)	🆕

ℹ️ View Unchanged

Filename	Size	Change
./bundle/bundled/third_party/index.js	8 MB	0 B
./bundle/chunk-34MYV7JD.js	2.45 kB	0 B
./bundle/chunk-5AUYMPVF.js	858 B	0 B
./bundle/chunk-5PS3AYFU.js	1.18 kB	0 B
./bundle/chunk-6HI7VNOG.js	124 kB	0 B
./bundle/chunk-DAHVX5MI.js	206 kB	0 B
./bundle/chunk-IUUIT4SU.js	56.5 kB	0 B
./bundle/chunk-TUDYL3X4.js	40.3 kB	0 B
./bundle/cleanup-TU5LX3C6.js	0 B	-902 B (removed)	🏆
./bundle/devtools-V7NE4CQA.js	696 kB	0 B
./bundle/events-XB7DADIJ.js	418 B	0 B
./bundle/examples/hooks/scripts/on-start.js	188 B	0 B
./bundle/examples/mcp-server/example.js	1.43 kB	0 B
./bundle/gemini.js	5.1 kB	0 B
./bundle/getMachineId-bsd-TXG52NKR.js	1.55 kB	0 B
./bundle/getMachineId-darwin-7OE4DDZ6.js	1.55 kB	0 B
./bundle/getMachineId-linux-SHIFKOOX.js	1.34 kB	0 B
./bundle/getMachineId-unsupported-5U5DOEYY.js	1.06 kB	0 B
./bundle/getMachineId-win-6KLLGOI4.js	1.72 kB	0 B
./bundle/https-proxy-agent-AVGR4LHR.js	490 B	0 B
./bundle/multipart-parser-KPBZEGQU.js	11.7 kB	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B
./bundle/src-LG4OHBW7.js	233 kB	0 B
./bundle/src-QVCVGIUX.js	47 kB	0 B
./bundle/start-J4ES4RMT.js	0 B	-622 B (removed)	🏆
./bundle/tree-sitter-7U6MW5PS.js	274 kB	0 B
./bundle/tree-sitter-bash-34ZGLXVX.js	1.84 MB	0 B
./bundle/worker/worker-entry.js	361 kB	0 B
./bundle/cleanup-CCLT57KR.js	902 B	+902 B (new file)	🆕
./bundle/start-CXUPYMPQ.js	622 B	+622 B (new file)	🆕

_{compressed-size-action}