fix(core): explicitly pass messageBus to policy engine for MCP tool saves

[abhipatel12]

Summary

This PR fixes a bug where the agent crashed with a TypeError: Cannot read properties of undefined (reading 'publish') or reading 'isTrustedFolder' when users attempted to permanently save an MCP tool authorization (i.e. "Allow tool for all future sessions").

Details

The regression occurred when updatePolicy() was refactored to accept an AgentLoopContext instead of individual dependencies. AgentLoopContext natively does not include messageBus. However, the internal logic for saving MCP policies (handleMcpPolicyUpdate) was attempting to blindly access messageBus off of deps, resulting in it being undefined and causing a crash when .publish() was invoked.

To resolve this, this PR:

1. Adds messageBus: MessageBus as an explicit parameter to updatePolicy(), rather than trying to read it from AgentLoopContext.
2. Adds a defensive check to ensure config exists before attempting to evaluate isTrustedFolder().
3. Updates scheduler.ts and policy.test.ts to respect the newly explicit method signature.

Related Issues

Related to #21982 (Same architectural root cause)

How to Validate

1. Run the CLI and invoke an MCP tool that requires user confirmation.
2. Select the option: "4. Allow tool for all future sessions"
3. Verify the CLI successfully saves the policy and proceeds with execution without crashing.
4. Verify tests pass via npm test -w @google/gemini-cli-core

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves a critical bug that caused the agent to crash when users attempted to permanently save MCP tool authorizations. The issue stemmed from messageBus being undefined within the updatePolicy() function after a recent refactoring. The fix involves explicitly passing messageBus as a parameter to updatePolicy(), adding a defensive check for the config object, and updating related code and tests to align with these changes, thereby ensuring stable and reliable policy saving without runtime errors.

Highlights

• Explicit MessageBus Passing: The messageBus is now explicitly passed as a parameter to the updatePolicy() function, resolving a TypeError that occurred when attempting to publish messages.
• Defensive Configuration Check: A defensive check was added to ensure the config object exists before attempting to call isTrustedFolder(), preventing potential crashes due to undefined properties.
• Refined Tool Name Extraction: The logic for extracting simple tool names within createPolicyUpdater was refined to correctly handle MCP_TOOL_PREFIX when an mcpName is present.
• Policy Update Options Enhancement: The PolicyUpdateOptions interface and its implementation in DiscoveredMCPToolInvocation were updated to include the toolName for more precise policy definitions.
• Documentation Update: The policy-engine.md documentation was updated to clarify the correct usage of toolName when combined with mcpName in policy configurations.

Changelog

• docs/reference/policy-engine.md
  • Clarified how toolName should be used with mcpName in policy configurations, specifically noting to use the simple tool name.
• packages/core/src/policy/config.ts
  • Updated the logic within createPolicyUpdater to correctly extract the simple tool name by using MCP_TOOL_PREFIX for mcpName prefixed tools.
• packages/core/src/scheduler/policy.test.ts
  • Modified multiple test cases to pass mockMessageBus explicitly to the updatePolicy function.
  • Updated an assertion for toolName to reflect the new mcp_server_* format.
• packages/core/src/scheduler/policy.ts
  • Changed the signature of updatePolicy to accept messageBus: MessageBus as an explicit parameter.
  • Removed the deps object destructuring and directly used context.config and the new messageBus parameter.
  • Added a defensive check context.config && before calling isTrustedFolder().
  • Used formatMcpToolName for constructing the wildcard tool name in handleMcpPolicyUpdate.
• packages/core/src/scheduler/scheduler.test.ts
  • Adjusted updatePolicy test calls to accommodate the new messageBus parameter.
• packages/core/src/scheduler/scheduler.ts
  • Modified the call to updatePolicy to pass this.messageBus explicitly.
• packages/core/src/tools/mcp-tool.ts
  • Updated getPolicyUpdateOptions to include toolName: this.serverToolName in the returned PolicyUpdateOptions object.
• packages/core/src/tools/tools.ts
  • Added toolName?: string; to the PolicyUpdateOptions interface.

Activity

• Added/updated tests to cover the changes.
• Validated the changes on MacOS using npm run.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request effectively addresses the crash that occurred when saving MCP tool authorizations. The core fix, which involves explicitly passing the messageBus to the updatePolicy function, is a solid improvement that makes the dependency clear and resolves the undefined property access. The addition of a defensive check for the config object is also a good practice that enhances robustness.

Furthermore, the changes to standardize the MCP tool name formatting by using the formatMcpToolName utility and updating the parsing logic in config.ts are excellent for improving code consistency and maintainability. The accompanying documentation update in policy-engine.md is clear and will help users correctly configure their policies.

The test files have been updated appropriately to reflect these changes. Overall, this is a well-executed fix.

_{Note: Security Review did not run due to the size of the PR.}

[github-actions]

Size Change: +227 B (0%)

Total Size: 26.1 MB

Filename	Size	Change
./bundle/chunk-FXR7IA3Q.js	0 B	-1.95 MB (removed)	🏆
./bundle/chunk-HD26CB2N.js	0 B	-13.4 MB (removed)	🏆
./bundle/chunk-Z6SWWESI.js	0 B	-3.62 MB (removed)	🏆
./bundle/core-ZHRT2KF2.js	0 B	-40.1 kB (removed)	🏆
./bundle/devtoolsService-TZVSZVZU.js	0 B	-27.7 kB (removed)	🏆
./bundle/interactiveCli-2NOF4NCU.js	0 B	-1.59 MB (removed)	🏆
./bundle/oauth2-provider-YDXJJYEV.js	0 B	-9.19 kB (removed)	🏆
./bundle/chunk-5Q3GACO5.js	1.95 MB	+1.95 MB (new file)	🆕
./bundle/chunk-M4U663MN.js	13.4 MB	+13.4 MB (new file)	🆕
./bundle/chunk-OTKR7IUX.js	3.62 MB	+3.62 MB (new file)	🆕
./bundle/core-T6KQ5URC.js	40.1 kB	+40.1 kB (new file)	🆕
./bundle/devtoolsService-GHCXE2ZR.js	27.7 kB	+27.7 kB (new file)	🆕
./bundle/interactiveCli-HZORY4BE.js	1.59 MB	+1.59 MB (new file)	🆕
./bundle/oauth2-provider-4PGWTLW5.js	9.19 kB	+9.19 kB (new file)	🆕

ℹ️ View Unchanged

Filename	Size	Change
./bundle/chunk-34MYV7JD.js	2.45 kB	0 B
./bundle/chunk-37ZTTFQF.js	966 kB	0 B
./bundle/chunk-5AUYMPVF.js	858 B	0 B
./bundle/chunk-664ZODQF.js	124 kB	0 B
./bundle/chunk-DAHVX5MI.js	206 kB	0 B
./bundle/chunk-IUUIT4SU.js	56.5 kB	0 B
./bundle/chunk-RJTRUG2J.js	39.8 kB	0 B
./bundle/devtools-36NN55EP.js	696 kB	0 B
./bundle/dist-T73EYRDX.js	356 B	0 B
./bundle/gemini.js	689 kB	0 B
./bundle/getMachineId-bsd-TXG52NKR.js	1.55 kB	0 B
./bundle/getMachineId-darwin-7OE4DDZ6.js	1.55 kB	0 B
./bundle/getMachineId-linux-SHIFKOOX.js	1.34 kB	0 B
./bundle/getMachineId-unsupported-5U5DOEYY.js	1.06 kB	0 B
./bundle/getMachineId-win-6KLLGOI4.js	1.72 kB	0 B
./bundle/keychain-token-storage-LF5BRABV.js	0 B	-518 B (removed)	🏆
./bundle/memoryDiscovery-URXPIMBI.js	0 B	-922 B (removed)	🏆
./bundle/multipart-parser-KPBZEGQU.js	11.7 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	221 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	227 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	11.5 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B
./bundle/src-QVCVGIUX.js	47 kB	0 B
./bundle/tree-sitter-7U6MW5PS.js	274 kB	0 B
./bundle/tree-sitter-bash-34ZGLXVX.js	1.84 MB	0 B
./bundle/undici-4X2YZID5.js	360 B	0 B
./bundle/keychain-token-storage-RIILY6A7.js	518 B	+518 B (new file)	🆕
./bundle/memoryDiscovery-RQEFN44F.js	922 B	+922 B (new file)	🆕

_{compressed-size-action}

[galz10]

/patch preview

[github-actions]

🚀 [Step 1/4] Patch workflow(s) waiting for approval!

📋 Details:

• Channels: preview
• Commit: 1d2585dba6e6248d5dad14afa9cbdae443516060
• Workflows Created: 1

⏳ Status: The patch creation workflow has been triggered and is waiting for deployment approval. Please visit the specific workflow links below and approve the runs.

🔗 Track Progress:

• View dispatched workflow run
• View patch workflow history
• This trigger workflow run

[github-actions]

🚀 [Step 2/4] Patch PR Created!

📋 Patch Details:

• Environment: prod
• Channel: preview → will publish to npm tag preview
• Commit: 1d2585dba6e6248d5dad14afa9cbdae443516060
• Hotfix Branch: hotfix/v0.34.0-preview.2/0.34.0-preview.3/preview/cherry-pick-1d2585d/pr-22255
• Hotfix PR: #22385
• ⚠️ Status: Cherry-pick conflicts detected - manual resolution required

📝 Next Steps:

1. ⚠️ Resolve conflicts in the hotfix PR first: #22385
2. Test your changes after resolving conflicts
3. Once merged, the patch release will automatically trigger
4. You'll receive updates here when the release completes

🔗 Track Progress:

• View hotfix PR #22385
• This patch creation workflow run