Disable Local Tools In Gemini CLI: A Simple Boolean Proposal

This article discusses a proposal to enhance the Gemini CLI by introducing a simple boolean setting within the settings.json file. This new setting would allow users to easily disable tools that perform local file operations and command executions. This feature aims to provide a more streamlined approach to configuring the Gemini CLI for users who prioritize security or wish to limit the tool's access to local resources.

Introduction to the Proposal

The core idea revolves around adding a single boolean, excludeLocalTools, to the settings.json configuration file of the Gemini CLI. This boolean, when set to true, would effectively disable all built-in tools that involve local file operations and command executions. Examples of such tools include WriteFileTool and ShellTool. This functionality offers a more straightforward way to manage tool permissions compared to the current method of manually listing allowed tools.

The Need for a Simpler Solution

Currently, to achieve the same outcome of disabling local tools, users must explicitly list all the safe core tools they want to enable. This approach, while functional, is cumbersome and requires users to stay updated with any new tools introduced in future Gemini CLI releases. The proposed boolean setting simplifies this process, providing a single switch to disable potentially risky tools. This enhancement not only improves user experience but also reduces the risk of inadvertently enabling unwanted tools.

Benefits of the excludeLocalTools Boolean

Implementing the excludeLocalTools boolean offers several key advantages:

Simplified Configuration

By introducing a single boolean setting, the configuration process becomes significantly simpler. Users can easily disable local tools without needing to manage a list of individual tools. This streamlined approach reduces the complexity of setting up the Gemini CLI, especially for users who are not deeply familiar with its inner workings.

Enhanced Security

Disabling local tools can improve the security posture of the Gemini CLI. By preventing tools from accessing the local file system or executing commands, the risk of malicious activity or accidental data breaches is reduced. This is particularly important in environments where security is a top priority.

Future-Proofing

As the Gemini CLI evolves and new tools are added, the excludeLocalTools boolean ensures that users don't need to constantly update their configurations. Any new tools that involve local file operations or command executions will automatically be disabled when this setting is enabled. This future-proofs the configuration and reduces the maintenance overhead for users.

Flexibility with User-Specified MCP Tools

The proposal acknowledges the need for flexibility. Even with the excludeLocalTools boolean enabled, users can still leverage user-specified MCP (Machine Configuration Protocol) tools. For instance, tools like Lima offer sandboxed environments for file operations and command executions. This allows users to maintain a secure environment while still utilizing the desired functionalities.

How the excludeLocalTools Boolean Works

The excludeLocalTools boolean acts as a convenient shortcut for configuring the coreTools setting. When excludeLocalTools is set to true, it effectively sets the coreTools setting to the following:

{
  "coreTools": ["WebFetchTool", "WebSearchTool", "MemoryTool"]
}

This configuration explicitly allows only the WebFetchTool, WebSearchTool, and MemoryTool to be used, while disabling all other core tools that may interact with the local file system or execute commands. Users can still supply equivalents of the disabled local tools as user-specified MCP tools, providing a balance between security and functionality.

Use Cases and Examples

To illustrate the usefulness of the excludeLocalTools boolean, consider the following scenarios:

Scenario 1: Security-Conscious Environments

In environments where security is paramount, such as enterprise settings or sensitive development environments, disabling local tools can significantly reduce the attack surface. By setting excludeLocalTools to true, administrators can ensure that the Gemini CLI operates within a restricted scope, minimizing the risk of unauthorized access or data manipulation.

Scenario 2: Sandboxed Development

Developers often work with sandboxed environments to isolate their projects and prevent interference with the host system. The excludeLocalTools boolean can be used in conjunction with tools like Lima to create a secure and isolated development environment. By disabling local tools and utilizing sandboxed alternatives, developers can mitigate the risks associated with executing untrusted code or manipulating files.

Scenario 3: Simplified Configuration for New Users

New users of the Gemini CLI may find the configuration options overwhelming. The excludeLocalTools boolean provides a simple and intuitive way to disable potentially risky tools without needing to understand the intricacies of each individual tool. This makes the Gemini CLI more accessible to a wider range of users.

Alternatives and Considerations

While the excludeLocalTools boolean offers a straightforward solution, it's important to consider alternative approaches and potential drawbacks.

Alternative: Manual Configuration of coreTools

The existing method of manually configuring the coreTools setting provides fine-grained control over which tools are enabled. However, this approach is more complex and requires users to have a thorough understanding of the available tools. It also necessitates ongoing maintenance as new tools are introduced.

Consideration: Granularity of Control

The excludeLocalTools boolean provides a broad-stroke approach to disabling local tools. Users who require more granular control may prefer the manual configuration of coreTools. However, for many users, the simplicity and convenience of the boolean setting outweigh the need for fine-grained control.

Implementation Details

Implementing the excludeLocalTools boolean in the Gemini CLI would involve the following steps:

1. Add the excludeLocalTools setting to the settings.json schema.
2. Modify the Gemini CLI's configuration loading logic to recognize the new setting.
3. When excludeLocalTools is set to true, the coreTools setting should be implicitly set to ["WebFetchTool", "WebSearchTool", "MemoryTool"].
4. Ensure that user-specified MCP tools can still be used even when excludeLocalTools is enabled.
5. Update the documentation to reflect the new setting and its behavior.

These steps ensure a smooth integration of the new feature, maintaining backward compatibility and providing clear guidance for users.

Conclusion: Streamlining Security and Configuration

The proposed excludeLocalTools boolean setting represents a significant improvement to the Gemini CLI's configuration options. By providing a simple and intuitive way to disable local tools, this feature enhances security, simplifies configuration, and future-proofs user setups. While the manual configuration of coreTools remains an option for users who require fine-grained control, the excludeLocalTools boolean offers a compelling alternative for the majority of users who prioritize security and ease of use.

Call to Action

We encourage the Gemini CLI community to discuss and provide feedback on this proposal. Your input is valuable in shaping the future of the Gemini CLI and ensuring that it meets the needs of its users. By working together, we can create a more secure, efficient, and user-friendly tool.

To learn more about secure coding practices and how to protect your applications, visit the Open Web Application Security Project (OWASP).