fix(core): limit recursive reasoning turns per single user request

[amelidev]

Summary

This PR implements a strict recursive reasoning turn limit of 15 turns per single user request (customizable if maxSessionTurns is configured to a positive value) in the core agent reasoning engine. This protects user local CPU resources and model API quotas/credits from infinite loop exploits caused by malicious workspace files with indirect prompt injection.

Details

• Turn Tracking per unique request: Added promptTurnCount to GeminiClient which tracks recursive turn depth scoped precisely to the unique prompt_id of the user's single query.
• Auto-reset on New Prompts: Correctly resets the count to 0 whenever a new prompt is initiated (transitioning to a new prompt_id).
• Configurable Override Support: If maxSessionTurns is set by the user to a positive integer, that limit is honored; otherwise, it defaults to a safe and robust limit of 15 turns.
• Graceful Termination: Yields a MaxSessionTurns event and aborts recursive processing, allowing the CLI layers to gracefully terminate execution.
• Comprehensive Unit Tests: Covered default limit checks, reset capability across different prompt IDs, and custom limits inside packages/core/src/core/client.test.ts.

Related Issues

Resolves the infinite loop issue described in issue.md.

How to Validate

1. Run the new suite of unit tests for the core client:

   npm test -w @google/gemini-cli-core -- src/core/client.test.ts

2. Verify all checks and tests pass with:

   npm run lint

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[github-actions]

📊 PR Size: size/M

• Lines changed: 120
• Additions: +120
• Deletions: -0
• Files changed: 2

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a safety mechanism to the core agent reasoning engine to mitigate potential infinite loop exploits. By enforcing a maximum turn limit per request, the system is better protected against malicious inputs that could otherwise exhaust local CPU resources or API quotas. The implementation includes flexible configuration options and robust unit testing to ensure reliable behavior across different usage scenarios.

Highlights

• Recursive Turn Limiting: Implemented a strict limit of 15 recursive reasoning turns per user request to prevent infinite loops and protect system resources.
• Configurable Limits: Added support for a custom maxSessionTurns configuration, allowing users to override the default limit.
• State Management: Introduced promptTurnCount tracking scoped to unique prompt_ids, ensuring the counter resets correctly when a new request begins.
• Graceful Error Handling: Added a MaxSessionTurns event to signal when the limit is reached, allowing for clean termination of recursive processes.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a mechanism to limit recursive turns per single prompt_id in GeminiClient. It tracks the turn count using a new promptTurnCount property, resetting it when the prompt_id changes. If the turn count exceeds the configured maximum (defaulting to 15), it yields a MaxSessionTurns event and terminates the turn. Corresponding unit tests have been added to verify both the default and custom limits, as well as the reset behavior. There are no review comments, so no additional feedback is provided.

[amelidev]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a mechanism to limit recursive turns per single prompt_id in GeminiClient to prevent infinite loops, defaulting to 15 turns or respecting a custom configured limit. It also adds a comprehensive test suite to verify this behavior. Feedback points out a leftover debug statement in the test file that writes to ./debug-test.log and should be removed.

[gemini-code-assist]

This appears to be a leftover debug statement that writes to ./debug-test.log. It should be removed to avoid polluting the workspace with untracked files during test execution.