fix(agent): prevent silent scope expansion on task failure

[Suryap-hub]

Fixes #28155

Problem

When asked to review a specific set of lines, the agent silently
expanded its scope — running scripts and reading the full file
without user approval.

Root Cause

The mandateConfirm function in snippets.ts lacked explicit
instructions to prevent silent strategy escalation.

Fix

Added 3 guardrails to mandateConfirm in
packages/core/src/prompts/snippets.ts:

• Do not change approach silently: Tell the user and ask before switching to a broader strategy.
• Stay within stated boundaries: Only read the requested lines — not the full file.
• Escalation requires confirmation: Ask before running any shell command to investigate.

Testing

• npm run build -w packages/core ✅
• npm test -w packages/core ✅

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses an issue where the agent would silently expand its operational scope upon task failure. By updating the mandateConfirm function with stricter prompt guardrails, the agent is now explicitly instructed to seek user approval before changing strategies, reading beyond requested line ranges, or executing investigative shell commands.

Highlights

• Scope Guardrails: Added explicit instructions to the mandateConfirm function to prevent silent strategy escalation when tasks fail.
• Boundary Enforcement: Updated the prompt to ensure the agent strictly adheres to requested line ranges and avoids reading full files without authorization.
• Confirmation Requirements: Mandated that the agent must seek user confirmation before executing investigative shell commands or switching to broader strategies.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

📊 PR Size: size/XS

• Lines changed: 4
• Additions: +2
• Deletions: -2
• Files changed: 1

[github-actions]

🛑 Action Required: Evaluation Approval

Steering changes have been detected in this PR. To prevent regressions, a maintainer must approve the evaluation run before this PR can be merged.

Maintainers:

1. Go to the Workflow Run Summary.
2. Click the yellow 'Review deployments' button.
3. Select the 'eval-gate' environment and click 'Approve'.

Once approved, the evaluation results will be posted here automatically.

[Suryap-hub]

Hey team! 👋

This is my first open source contribution. I noticed issue #28155
where the agent silently expanded its scope instead of staying
within the requested boundaries.

The fix adds 3 guardrails to the mandateConfirm function:

1. Agent must tell the user before switching strategy
2. Agent must stay within the requested line boundaries
3. Agent must ask before running any shell commands to investigate

Happy to make any changes based on your feedback!

[gemini-code-assist]

Code Review

This pull request updates the mandateConfirm prompt helper in packages/core/src/prompts/snippets.ts to enforce stricter boundaries on agent behavior. It adds explicit instructions for both interactive and non-interactive modes to prevent silent approach changes, restrict file reading to requested boundaries, and require user confirmation before running shell commands or escalating investigations. I have no feedback to provide.