Verdict
Conditional pilot
CLI coding assistance with local command context requires terminal sandbox, command allowlist, and test credentials before pilot.
Decision depth: AI-assisted launch evidence record
Evidence audit: AI-assisted evidence audit
Conditional pilot Pilot Gemini CLI locally or in disposable devcontainers; restrict command execution and require human review of all diffs.
Conditional pilot
CLI coding assistance with local command context requires terminal sandbox, command allowlist, and test credentials before pilot.
Decision depth: AI-assisted launch evidence record
Evidence audit: AI-assisted evidence audit
Level 3: executes actions
Highest-risk evidenced power: shell command execution
least-privilege permissions, isolated branch, protected branches, mandatory human review, sandbox, command allowlist, audit logs, separate test credentials
security docs, admin console
native sandbox, permission system, audit logs, branch isolation, SSO, data-retention settings
Task class: Terminal and coding agent
Environment: local sandbox or non-production repository
Maximum access: shell command execution
Reviewer: senior developer plus security reviewer
Success criteria: bounded maintenance tasks complete with inspected commands and clean diffs
Stop conditions: unsafe shell command, unapproved network/secret access, or unreviewable changes
Prohibited: production systems, credential stores, unbounded shell access
Blockers: edits files is not explicitly evidenced in the current source set.
Unknowns: Enterprise audit and data-boundary controls depend on Google account/workspace configuration.
Limitations: CLI plugins and local environment change risk.
Gemini CLI: runs commands
Status: explicitly-supported · Reviewer: AI-assisted evidence audit · Confidence: 86/100
Source: Tools reference (repo)
Excerpt: Gemini CLI uses tools to interact with your local environment, access information, and perform actions on your behalf. These tools extend the model's capabilities beyond text generation, letting it read files, execute commands, and search the web.
Limitations: Official-source excerpt is claim-specific; tenant/workspace configuration can still change rollout risk.
Gemini CLI: supports human approval controls
Status: explicitly-supported · Reviewer: AI-assisted evidence audit · Confidence: 86/100
Source: Tools reference (repo)
Excerpt: You must manually approve tools that modify files or execute shell commands (mutators). The CLI shows you a diff or the exact command before you confirm.
Limitations: Official-source excerpt is claim-specific; tenant/workspace configuration can still change rollout risk.
Gemini CLI: supports sandboxing
Status: explicitly-supported · Reviewer: AI-assisted evidence audit · Confidence: 86/100
Source: Sandboxing in Gemini CLI (repo)
Excerpt: Sandboxing isolates potentially dangerous operations (such as shell commands or file modifications) from your host system, providing a security barrier between AI operations and your environment.
Limitations: Official-source excerpt is claim-specific; tenant/workspace configuration can still change rollout risk.
Gemini CLI: supports permission controls
Status: explicitly-supported · Reviewer: AI-assisted evidence audit · Confidence: 86/100
Source: Sandboxing in Gemini CLI (repo)
Excerpt: Sandbox expansion is a dynamic permission system that lets Gemini CLI request additional permissions for a command when needed.
Limitations: Official-source excerpt is claim-specific; tenant/workspace configuration can still change rollout risk.
Gemini CLI: reads repository
Status: explicitly-supported · Reviewer: AI-assisted evidence audit · Confidence: 86/100
Source: File system tools reference (repo)
Excerpt: Gemini CLI core provides a suite of tools for interacting with the local file system. These tools allow the model to explore and modify your codebase.
Limitations: Official-source excerpt is claim-specific; tenant/workspace configuration can still change rollout risk.
Gemini CLI: edits files
Status: not-evidenced · Reviewer: AI-assisted evidence audit · Confidence: 24/100
Source: Google official source set (official-docs)
Excerpt:
Limitations: No exact official-source excerpt was found for edits files; treat as an evidence gap.
Gemini CLI: opens pull requests
Status: not-evidenced · Reviewer: AI-assisted evidence audit · Confidence: 24/100
Source: Google official source set (official-docs)
Excerpt:
Limitations: No exact official-source excerpt was found for opens pull requests; treat as an evidence gap.
Gemini CLI: comments on issues or PRs
Status: not-evidenced · Reviewer: AI-assisted evidence audit · Confidence: 24/100
Source: Google official source set (official-docs)
Excerpt:
Limitations: No exact official-source excerpt was found for comments on issues or PRs; treat as an evidence gap.
Gemini CLI: accesses secrets or environment variables
Status: not-evidenced · Reviewer: AI-assisted evidence audit · Confidence: 24/100
Source: Google official source set (official-docs)
Excerpt:
Limitations: No exact official-source excerpt was found for accesses secrets or environment variables; treat as an evidence gap.
Gemini CLI: makes network/API calls
Status: not-evidenced · Reviewer: AI-assisted evidence audit · Confidence: 24/100
Source: Google official source set (official-docs)
Excerpt:
Limitations: No exact official-source excerpt was found for makes network/API calls; treat as an evidence gap.
Gemini CLI: provides audit logging
Status: not-evidenced · Reviewer: AI-assisted evidence audit · Confidence: 24/100
Source: Google official source set (official-docs)
Excerpt:
Limitations: No exact official-source excerpt was found for provides audit logging; treat as an evidence gap.
Gemini CLI: supports enterprise administration
Status: not-evidenced · Reviewer: AI-assisted evidence audit · Confidence: 24/100
Source: Google official source set (official-docs)
Excerpt:
Limitations: No exact official-source excerpt was found for supports enterprise administration; treat as an evidence gap.
Last successful source check: 2026-07-15T05:34:48.576Z
Generate a receipt that inherits this record depth, unsupported claims, inferred claims, source health, and expiry.
Check this agent for your environment