fix(agent): prevent exit_plan_mode from being called via shell

[Abhijit-2592]

Summary

This PR prevents the agent from erroneously attempting to call the exit_plan_mode tool via the run_shell_command tool when operating in Plan Mode.

Details

In certain scenarios, the agent would hallucinate treating exit_plan_mode as a CLI command because the system prompts allowed generic shell execution. The core system prompts (snippets.ts and snippets.legacy.ts) have been updated with a strict, critical mandate explicitly forbidding the execution of exit_plan_mode via run_shell_command. Additionally, a behavioral evaluation was added to ensure the agent invokes the tool directly instead of using a shell subprocess.

Related Issues

Fixes #25047

How to Validate

1. Run the newly added behavioral evaluation test:

   npm exec cross-env -- RUN_EVALS=1 vitest run --config evals/vitest.config.ts evals/plan_mode.eval.ts -t "should invoke exit_plan_mode as a tool instead of a shell command"

2. Verify that the agent successfully uses the exit_plan_mode tool directly and does not attempt to invoke it via run_shell_command.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses an issue where the agent incorrectly attempts to call the exit_plan_mode tool as a shell command. By updating the system prompts to include explicit instructions against this behavior and adding a corresponding behavioral evaluation, the change ensures more reliable tool usage and prevents model hallucinations regarding CLI interactions.

Highlights

• System Prompt Update: Updated system prompt snippets to explicitly forbid the agent from invoking the exit_plan_mode tool via the run_shell_command interface.
• Behavioral Evaluation: Added a new behavioral test case to verify that the agent correctly uses the tool directly rather than attempting to trigger it through a shell command.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

🛑 Action Required: Evaluation Approval

Steering changes have been detected in this PR. To prevent regressions, a maintainer must approve the evaluation run before this PR can be merged.

Maintainers:

1. Go to the Workflow Run Summary.
2. Click the yellow 'Review deployments' button.
3. Select the 'eval-gate' environment and click 'Approve'.

Once approved, the evaluation results will be posted here automatically.

[github-actions]

Size Change: +279 B (0%)

Total Size: 33.9 MB

Filename	Size	Change
./bundle/chunk-3ZVZOTE2.js	0 B	-3.43 kB (removed)	🏆
./bundle/chunk-CMKRNGXC.js	0 B	-49.2 kB (removed)	🏆
./bundle/chunk-FDBKWAYX.js	0 B	-14.7 MB (removed)	🏆
./bundle/chunk-MKE4K2QI.js	0 B	-3.8 kB (removed)	🏆
./bundle/chunk-VAFYU6J6.js	0 B	-2.72 MB (removed)	🏆
./bundle/chunk-VPG4SLZ4.js	0 B	-655 kB (removed)	🏆
./bundle/chunk-XNGAVNBV.js	0 B	-19.5 kB (removed)	🏆
./bundle/chunk-YJJA6RFM.js	0 B	-12.6 kB (removed)	🏆
./bundle/core-TC3NRD6J.js	0 B	-48.2 kB (removed)	🏆
./bundle/devtoolsService-CDQJ6G3E.js	0 B	-28 kB (removed)	🏆
./bundle/gemini-CRH2JNCY.js	0 B	-577 kB (removed)	🏆
./bundle/interactiveCli-WA5F4TYY.js	0 B	-1.31 MB (removed)	🏆
./bundle/liteRtServerManager-TVPNFLWC.js	0 B	-2.11 kB (removed)	🏆
./bundle/oauth2-provider-ARLUQFMS.js	0 B	-9.16 kB (removed)	🏆
./bundle/chunk-27PRIGI3.js	19.5 kB	+19.5 kB (new file)	🆕
./bundle/chunk-7FWGDZAT.js	655 kB	+655 kB (new file)	🆕
./bundle/chunk-7VK7FGBZ.js	14.7 MB	+14.7 MB (new file)	🆕
./bundle/chunk-GILKMFE4.js	3.8 kB	+3.8 kB (new file)	🆕
./bundle/chunk-LHXWSXLT.js	49.2 kB	+49.2 kB (new file)	🆕
./bundle/chunk-MIWYTX7S.js	3.43 kB	+3.43 kB (new file)	🆕
./bundle/chunk-TMR64V4W.js	2.72 MB	+2.72 MB (new file)	🆕
./bundle/chunk-XW326ACE.js	12.6 kB	+12.6 kB (new file)	🆕
./bundle/core-3Z2CTYIR.js	48.2 kB	+48.2 kB (new file)	🆕
./bundle/devtoolsService-SUXII4LD.js	28 kB	+28 kB (new file)	🆕
./bundle/gemini-RY4JB5SS.js	577 kB	+577 kB (new file)	🆕
./bundle/interactiveCli-2J7NWOKY.js	1.31 MB	+1.31 MB (new file)	🆕
./bundle/liteRtServerManager-6CTQKZZV.js	2.11 kB	+2.11 kB (new file)	🆕
./bundle/oauth2-provider-FYESPZ7A.js	9.16 kB	+9.16 kB (new file)	🆕

ℹ️ View Unchanged

Filename	Size	Change
./bundle/bundled/third_party/index.js	8 MB	0 B
./bundle/chunk-34MYV7JD.js	2.45 kB	0 B
./bundle/chunk-5AUYMPVF.js	858 B	0 B
./bundle/chunk-5PS3AYFU.js	1.18 kB	0 B
./bundle/chunk-664ZODQF.js	124 kB	0 B
./bundle/chunk-DAHVX5MI.js	206 kB	0 B
./bundle/chunk-IUUIT4SU.js	56.5 kB	0 B
./bundle/chunk-RJTRUG2J.js	39.8 kB	0 B
./bundle/chunk-XRLFHCHC.js	1.97 MB	0 B
./bundle/cleanup-IAI2LNDV.js	0 B	-932 B (removed)	🏆
./bundle/devtools-36NN55EP.js	696 kB	0 B
./bundle/dist-T73EYRDX.js	356 B	0 B
./bundle/events-XB7DADIJ.js	418 B	0 B
./bundle/examples/hooks/scripts/on-start.js	188 B	0 B
./bundle/examples/mcp-server/example.js	1.43 kB	0 B
./bundle/gemini.js	5.1 kB	0 B
./bundle/getMachineId-bsd-TXG52NKR.js	1.55 kB	0 B
./bundle/getMachineId-darwin-7OE4DDZ6.js	1.55 kB	0 B
./bundle/getMachineId-linux-SHIFKOOX.js	1.34 kB	0 B
./bundle/getMachineId-unsupported-5U5DOEYY.js	1.06 kB	0 B
./bundle/getMachineId-win-6KLLGOI4.js	1.72 kB	0 B
./bundle/memoryDiscovery-FN3IAPBT.js	980 B	0 B
./bundle/multipart-parser-KPBZEGQU.js	11.7 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	222 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	229 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	13.4 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B
./bundle/src-QVCVGIUX.js	47 kB	0 B
./bundle/start-7VJQ6IC7.js	0 B	-652 B (removed)	🏆
./bundle/tree-sitter-7U6MW5PS.js	274 kB	0 B
./bundle/tree-sitter-bash-34ZGLXVX.js	1.84 MB	0 B
./bundle/cleanup-Z33MB5IU.js	932 B	+932 B (new file)	🆕
./bundle/start-UNZLO2RT.js	652 B	+652 B (new file)	🆕

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request updates the documentation and prompt instructions to explicitly warn against calling the exit_plan_mode tool via run_shell_command, emphasizing that it must be used as a built-in tool. Additionally, a new behavioral test has been added to verify that the agent correctly invokes exit_plan_mode as a tool rather than a shell command. I have no feedback to provide as there are no review comments.

[Samee24]

LGTM