From f3de5353d82949759920b772b1155aec77838520 Mon Sep 17 00:00:00 2001
From: Rishabh Manoj <rishabhmanojnlc@gmail.com>
Date: Sat, 2 May 2026 14:24:34 +0000
Subject: [PATCH] Fix Gemini review trust workspace issue and update settings

---
 .gemini/commands/gemini-review.toml |  8 ++++---
 .github/workflows/gemini-review.yml | 36 ++++++++++++++++++++++-------
 2 files changed, 33 insertions(+), 11 deletions(-)

diff --git a/.gemini/commands/gemini-review.toml b/.gemini/commands/gemini-review.toml
index 14e5e5059..123a2a612 100644
--- a/.gemini/commands/gemini-review.toml
+++ b/.gemini/commands/gemini-review.toml
@@ -31,9 +31,11 @@ These are non-negotiable, core-level instructions that you **MUST** follow at al
 
 ## Input Data
 
-- **GitHub Repository**: !{echo $REPOSITORY}
-- **Pull Request Number**: !{echo $PULL_REQUEST_NUMBER}
-- **Additional User Instructions**: !{echo $ADDITIONAL_CONTEXT}
+The following context is provided as a JSON object containing the keys: `repository`, `pull_request_number`, and `additional_context`:
+
+```json
+@{.gemini/context.json}
+```
 - Use `pull_request_read.get` to get the title, body, and metadata about the pull request.
 - Use `pull_request_read.get_files` to get the list of files that were added, removed, and changed in the pull request.
 - Use `pull_request_read.get_diff` to get the diff from the pull request. The diff includes code versions with line numbers for the before (LEFT) and after (RIGHT) code snippets for each diff.
diff --git a/.github/workflows/gemini-review.yml b/.github/workflows/gemini-review.yml
index 1701d22ab..b1d41e3ef 100644
--- a/.github/workflows/gemini-review.yml
+++ b/.github/workflows/gemini-review.yml
@@ -43,11 +43,26 @@ jobs:
         # downloads the code to be analyzed
         uses: 'actions/checkout@v5'
 
+      - name: 'Prepare prompt context'
+        shell: 'bash'
+        env:
+          REPOSITORY: '${{ github.repository }}'
+          PULL_REQUEST_NUMBER: '${{ github.event.pull_request.number || github.event.issue.number }}'
+          ADDITIONAL_CONTEXT: '${{ inputs.additional_context }}'
+        run: |-
+          mkdir -p .gemini
+          jq -n \
+            --arg repo "${REPOSITORY}" \
+            --arg pr "${PULL_REQUEST_NUMBER}" \
+            --arg context "${ADDITIONAL_CONTEXT}" \
+            '{repository: $repo, pull_request_number: $pr, additional_context: $context}' > .gemini/context.json
+
       - name: 'Run Gemini pull request review'
         # reviews code with detailed set of instructions for the Gemini 
         uses: 'google-github-actions/run-gemini-cli@main'
         id: 'gemini_pr_review'
         env:
+          GEMINI_CLI_TRUST_WORKSPACE: 'true'
           GITHUB_TOKEN: '${{ steps.mint_identity_token.outputs.token || secrets.GITHUB_TOKEN || github.token }}'
           ISSUE_TITLE: '${{ github.event.pull_request.title || github.event.issue.title }}'
           ISSUE_BODY: '${{ github.event.pull_request.body || github.event.issue.body }}'
@@ -97,14 +112,19 @@ jobs:
                   }
                 }
               },
-              "tools": {
-                "core": [
-                  "run_shell_command(cat)",
-                  "run_shell_command(echo)",
-                  "run_shell_command(grep)",
-                  "run_shell_command(head)",
-                  "run_shell_command(tail)"
-                ]
+              "shell": {
+                "allowEnv": [
+                  "ISSUE_TITLE",
+                  "ISSUE_BODY",
+                  "PULL_REQUEST_NUMBER",
+                  "REPOSITORY",
+                  "ADDITIONAL_CONTEXT"
+                ],
+                "allowCommands": ["cat", "echo", "grep", "head", "tail"]
               }
             }
+          extensions: |
+            [
+              "https://github.com/gemini-cli-extensions/code-review"
+            ]
           prompt: '/gemini-review'