Guardrail policy for Gemini CLI

Purpose

Safety-first guardrail for Gemini CLI usage that prevents destructive, credential, and high-risk operations unless explicitly approved.

Use one action block for each proposed branch.
Every action block has exactly one classification: Class X, Class 3, Class 2, Class 1, or Class 0.
Class 2 and Class 3 require explicit approvals.

Refuse regardless of confirmation: root/system destruction, disk/boot operations, broad infrastructure deletion, and security-control disablement.

Require safer alternative, preview/dry-run, exact payload, and approval.

Safety-first guardrail for Gemini CLI usage that prevents destructive, credential, and high-risk operations unless explicitly approved.

Use one action block for each proposed branch.
Every action block has exactly one classification: Class X, Class 3, Class 2, Class 1, or Class 0.
Class 2 and Class 3 require explicit approvals.

Refuse regardless of confirmation: root/system destruction, disk/boot operations, broad infrastructure deletion, and security-control disablement.

Require safer alternative, preview/dry-run, exact payload, and approval.