feat(admin): defer gemini mcp/extension commands until after auth to apply admin settings correctly

[skeshive]

Summary

Details

Related Issues

How to Validate

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-cli]

Hi @skeshive, thank you so much for your contribution to Gemini CLI! We really appreciate the time and effort you've put into this.

We're making some updates to our contribution process to improve how we track and review changes. Please take a moment to review our recent discussion post: Improving Our Contribution Process & Introducing New Guidelines.

Key Update: Starting January 26, 2026, the Gemini CLI project will require all pull requests to be associated with an existing issue. Any pull requests not linked to an issue by that date will be automatically closed.

Thank you for your understanding and for being a part of our community!

[gemini-code-assist]

Summary of Changes

Hello @skeshive, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a robust system for deferring the execution of certain CLI commands until after the application has successfully authenticated and loaded all administrative settings. This ensures that commands interacting with features like MCP or extensions adhere to organizational policies and are prevented from running if they have been disabled by an administrator, thereby enhancing security and control over the CLI's functionality.

Highlights

• Deferred Command Execution: Commands like mcp list are now deferred, meaning their execution is postponed. Instead of running immediately, their logic is encapsulated within a _deferredCommand object and stored in the command-line arguments (argv).
• Admin Setting Enforcement: A new mechanism has been introduced to check administrative settings (e.g., settings.admin?.mcp?.enabled) before any deferred command is executed. If a command's associated feature is disabled by an administrator, the process will exit with an error, preventing unauthorized operations.
• New DeferredCommand Interface: A new TypeScript interface, DeferredCommand, has been added to define the structure for these postponed operations. It includes a run function for the command's logic and an optional type property to categorize the command (e.g., 'mcp', 'extensions').
• Centralized Deferred Command Runner: The main application entry point (gemini.tsx) now includes a call to a new runDeferredCommand function. This function is invoked after authentication and the retrieval of admin settings, ensuring that any pending deferred commands are executed only after all necessary configurations and policies are in place.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: +1.89 kB (+0.01%)

Total Size: 23.1 MB

Filename	Size	Change
./bundle/gemini.js	23.1 MB	+1.89 kB (+0.01%)

ℹ️ View Unchanged

Filename	Size
./bundle/sandbox-macos-permissive-closed.sb	1.03 kB
./bundle/sandbox-macos-permissive-open.sb	890 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB
./bundle/sandbox-macos-restrictive-closed.sb	3.29 kB
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request introduces a mechanism to defer the execution of certain CLI commands until after user authentication and fetching of admin settings. This is a good approach to ensure that commands for features disabled by an admin (like MCP or extensions) are not executed. The implementation looks solid, with a new _deferredCommand property on CliArgs and a runDeferredCommand function that performs the check before execution. The suggestion to also handle the 'skills' command type in runDeferredCommand is valid and ensures all admin-configurable features are covered by this new mechanism, as it does not contradict any existing rules regarding skill validation or trusted content.

[skeshive]

@chrstnb Which gemini extension* commands should we disable when an admin disables extensions? Generally, the principle I've been following is if the command could be loading or running any 3P code, we should disable it