How do I block specific shell commands?

You can block specific commands by creating a rule with the 'toolName' set to 'run_shell_command' and using the 'commandRegex' or 'commandPrefix' fields with 'decision' set to 'deny'.

How do I test a new policy rule before applying it?

You can validate TOML syntax using a Python script and test the logic by running the Gemini CLI with the '--debug-policy' flag to see which rules are matching your commands.

Can I restrict tools from specific MCP servers?

Yes, you can use the 'mcpName' field to target all tools from a specific server, or use wildcard patterns like 'server-name__*' in the 'toolName' field to set specific permissions.

What is the policy priority tier system?

Gemini uses three tiers: Admin (system-level), User (personal), and Default (built-in). Admin rules always override User rules, which in turn override Default rules, regardless of the individual priority number within the file.

Gemini Policy Engine Builder

Name: Gemini Policy Engine Builder
Author: melodic-software

bymelodic-software

•

セキュリティとテスト

Configures and manages secure tool execution policies for Gemini CLI using TOML-based rules and priority tiers.

The Policy Engine Builder skill provides a comprehensive framework for defining how Claude interacts with the Gemini CLI. It enables developers and enterprise administrators to create fine-grained security policies, matching specific tool names, shell command patterns, and MCP server permissions. By utilizing a robust priority system across Admin, User, and Default tiers, and various decision types like Allow, Deny, and Ask, it ensures that AI tool execution remains safe, auditable, and compliant with organizational standards.

主な機能

01Context-aware rules for YOLO and Auto-edit modes

021 GitHub stars

03TOML-based rule generation and validation

04MCP server-level and tool-level permission control

05Hierarchical priority tier management (Admin, User, Default)

06Regex-based shell command and argument pattern filtering

ユースケース

01Restricting destructive shell commands like 'rm' or 'format'

02Establishing enterprise-wide security guardrails for AI tool usage

03Managing granular permissions for third-party MCP servers

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add melodic-software/claude-code-plugins policy-engine-builder

For use in Claude.ai and ChatGPT

Download Skill