Public beta. SignalSpore is a decision-support registry, not certification or security assurance. Evidence may be incomplete; verify controls in your own environment. Methodology · Launch audit · Correction policy · Limitations
Agent rollout decision record

Gemini CLI

Conditional pilot Pilot Gemini CLI locally or in disposable devcontainers; restrict command execution and require human review of all diffs.

Verdict

Conditional pilot

CLI coding assistance with local command context requires terminal sandbox, command allowlist, and test credentials before pilot.

Decision depth: AI-assisted launch evidence record

Evidence audit: AI-assisted evidence audit

Permission footprint

Repository readexplicitly evidenced
File editsnot evidenced
Shell commandsexplicitly evidenced
Pull requestsnot evidenced
Issue/PR commentsnot evidenced
Network/API callsnot evidenced
Secrets/env varsnot evidenced
Sandboxingexplicitly evidenced
Permission controlsexplicitly evidenced
Audit loggingnot evidenced
Enterprise adminnot evidenced
Branch isolationnot evidenced
Human approvalexplicitly evidenced
Production deploymentnot evidenced

Power level

Level 3: executes actions

Highest-risk evidenced power: shell command execution

Controls separated

Required before pilot — organization must implement

least-privilege permissions, isolated branch, protected branches, mandatory human review, sandbox, command allowlist, audit logs, separate test credentials

Vendor-native control evidenced

security docs, admin console

Vendor-native control not evidenced

native sandbox, permission system, audit logs, branch isolation, SSO, data-retention settings

Pilot plan

Task class: Terminal and coding agent

Environment: local sandbox or non-production repository

Maximum access: shell command execution

Reviewer: senior developer plus security reviewer

Success criteria: bounded maintenance tasks complete with inspected commands and clean diffs

Stop conditions: unsafe shell command, unapproved network/secret access, or unreviewable changes

Prohibited: production systems, credential stores, unbounded shell access

Blocking issues and unknowns

Blockers: edits files is not explicitly evidenced in the current source set.

Unknowns: Enterprise audit and data-boundary controls depend on Google account/workspace configuration.

Limitations: CLI plugins and local environment change risk.

Claim-level evidence

runs commands

Gemini CLI: runs commands

Status: explicitly-supported · Reviewer: AI-assisted evidence audit · Confidence: 86/100

Source: Tools reference (repo)

Excerpt: Gemini CLI uses tools to interact with your local environment, access information, and perform actions on your behalf. These tools extend the model's capabilities beyond text generation, letting it read files, execute commands, and search the web.

Limitations: Official-source excerpt is claim-specific; tenant/workspace configuration can still change rollout risk.

supports human approval controls

Gemini CLI: supports human approval controls

Status: explicitly-supported · Reviewer: AI-assisted evidence audit · Confidence: 86/100

Source: Tools reference (repo)

Excerpt: You must manually approve tools that modify files or execute shell commands (mutators). The CLI shows you a diff or the exact command before you confirm.

Limitations: Official-source excerpt is claim-specific; tenant/workspace configuration can still change rollout risk.

supports sandboxing

Gemini CLI: supports sandboxing

Status: explicitly-supported · Reviewer: AI-assisted evidence audit · Confidence: 86/100

Source: Sandboxing in Gemini CLI (repo)

Excerpt: Sandboxing isolates potentially dangerous operations (such as shell commands or file modifications) from your host system, providing a security barrier between AI operations and your environment.

Limitations: Official-source excerpt is claim-specific; tenant/workspace configuration can still change rollout risk.

supports permission controls

Gemini CLI: supports permission controls

Status: explicitly-supported · Reviewer: AI-assisted evidence audit · Confidence: 86/100

Source: Sandboxing in Gemini CLI (repo)

Excerpt: Sandbox expansion is a dynamic permission system that lets Gemini CLI request additional permissions for a command when needed.

Limitations: Official-source excerpt is claim-specific; tenant/workspace configuration can still change rollout risk.

reads repository

Gemini CLI: reads repository

Status: explicitly-supported · Reviewer: AI-assisted evidence audit · Confidence: 86/100

Source: File system tools reference (repo)

Excerpt: Gemini CLI core provides a suite of tools for interacting with the local file system. These tools allow the model to explore and modify your codebase.

Limitations: Official-source excerpt is claim-specific; tenant/workspace configuration can still change rollout risk.

edits files

Gemini CLI: edits files

Status: not-evidenced · Reviewer: AI-assisted evidence audit · Confidence: 24/100

Source: Google official source set (official-docs)

Excerpt:

Limitations: No exact official-source excerpt was found for edits files; treat as an evidence gap.

opens pull requests

Gemini CLI: opens pull requests

Status: not-evidenced · Reviewer: AI-assisted evidence audit · Confidence: 24/100

Source: Google official source set (official-docs)

Excerpt:

Limitations: No exact official-source excerpt was found for opens pull requests; treat as an evidence gap.

comments on issues or PRs

Gemini CLI: comments on issues or PRs

Status: not-evidenced · Reviewer: AI-assisted evidence audit · Confidence: 24/100

Source: Google official source set (official-docs)

Excerpt:

Limitations: No exact official-source excerpt was found for comments on issues or PRs; treat as an evidence gap.

accesses secrets or environment variables

Gemini CLI: accesses secrets or environment variables

Status: not-evidenced · Reviewer: AI-assisted evidence audit · Confidence: 24/100

Source: Google official source set (official-docs)

Excerpt:

Limitations: No exact official-source excerpt was found for accesses secrets or environment variables; treat as an evidence gap.

makes network/API calls

Gemini CLI: makes network/API calls

Status: not-evidenced · Reviewer: AI-assisted evidence audit · Confidence: 24/100

Source: Google official source set (official-docs)

Excerpt:

Limitations: No exact official-source excerpt was found for makes network/API calls; treat as an evidence gap.

provides audit logging

Gemini CLI: provides audit logging

Status: not-evidenced · Reviewer: AI-assisted evidence audit · Confidence: 24/100

Source: Google official source set (official-docs)

Excerpt:

Limitations: No exact official-source excerpt was found for provides audit logging; treat as an evidence gap.

supports enterprise administration

Gemini CLI: supports enterprise administration

Status: not-evidenced · Reviewer: AI-assisted evidence audit · Confidence: 24/100

Source: Google official source set (official-docs)

Excerpt:

Limitations: No exact official-source excerpt was found for supports enterprise administration; treat as an evidence gap.

Recent history

Last successful source check: 2026-07-15T05:34:48.576Z

Alternatives

  • Claude Code — relevant alternative for Terminal and coding agent.
  • Aider — relevant alternative for Terminal and coding agent.
  • OpenCode — relevant alternative for Terminal and coding agent.