How do I block specific shell commands?

You can block specific commands by creating a rule with the 'toolName' set to 'run_shell_command' and using the 'commandRegex' or 'commandPrefix' fields with 'decision' set to 'deny'.

How do I test a new policy rule before applying it?

You can validate TOML syntax using a Python script and test the logic by running the Gemini CLI with the '--debug-policy' flag to see which rules are matching your commands.

Can I restrict tools from specific MCP servers?

Yes, you can use the 'mcpName' field to target all tools from a specific server, or use wildcard patterns like 'server-name__*' in the 'toolName' field to set specific permissions.

What is the policy priority tier system?

Gemini uses three tiers: Admin (system-level), User (personal), and Default (built-in). Admin rules always override User rules, which in turn override Default rules, regardless of the individual priority number within the file.

Gemini Policy Engine Builder

Name: Gemini Policy Engine Builder
Author: melodic-software

bymelodic-software

•

セキュリティとテスト

Configures and manages secure tool execution policies for Gemini CLI using TOML-based rules and priority tiers.

概要

The Policy Engine Builder skill provides a comprehensive framework for defining how Claude interacts with the Gemini CLI. It enables developers and enterprise administrators to create fine-grained security policies, matching specific tool names, shell command patterns, and MCP server permissions. By utilizing a robust priority system across Admin, User, and Default tiers, and various decision types like Allow, Deny, and Ask, it ensures that AI tool execution remains safe, auditable, and compliant with organizational standards.

主な機能

Context-aware rules for YOLO and Auto-edit modes
1 GitHub stars
TOML-based rule generation and validation
MCP server-level and tool-level permission control
Hierarchical priority tier management (Admin, User, Default)
Regex-based shell command and argument pattern filtering

ユースケース

Restricting destructive shell commands like 'rm' or 'format'
Establishing enterprise-wide security guardrails for AI tool usage
Managing granular permissions for third-party MCP servers

概要

主な機能

Context-aware rules for YOLO and Auto-edit modes
1 GitHub stars
TOML-based rule generation and validation
MCP server-level and tool-level permission control
Hierarchical priority tier management (Admin, User, Default)
Regex-based shell command and argument pattern filtering

ユースケース

Restricting destructive shell commands like 'rm' or 'format'
Establishing enterprise-wide security guardrails for AI tool usage
Managing granular permissions for third-party MCP servers