google-gemini · Abhijit-2592 · Feb 27, 2026 · Feb 27, 2026
@@ -12,6 +12,8 @@ import {
   resolveWorkspacePolicyState,
   autoAcceptWorkspacePolicies,
   setAutoAcceptWorkspacePolicies,
+  disableWorkspacePolicies,
+  setDisableWorkspacePolicies,
 } from './policy.js';
 import { writeToStderr } from '@google/gemini-cli-core';
 
@@ -45,6 +47,9 @@ describe('resolveWorkspacePolicyState', () => {
     fs.mkdirSync(workspaceDir);
     policiesDir = path.join(workspaceDir, '.gemini', 'policies');
 
+    // Enable policies for these tests to verify loading logic
+    setDisableWorkspacePolicies(false);
+
     vi.clearAllMocks();
   });
 
@@ -67,6 +72,13 @@ describe('resolveWorkspacePolicyState', () => {
     });
   });
 
+  it('should have disableWorkspacePolicies set to true by default', () => {
+    // We explicitly set it to false in beforeEach for other tests,
+    // so here we test that setting it to true works.
+    setDisableWorkspacePolicies(true);
+    expect(disableWorkspacePolicies).toBe(true);
+  });
+
   it('should return policy directory if integrity matches', async () => {
     // Set up policies directory with a file
     fs.mkdirSync(policiesDir, { recursive: true });
@@ -188,7 +200,26 @@ describe('resolveWorkspacePolicyState', () => {
     expect(result.policyUpdateConfirmationRequest).toBeUndefined();
   });
 
-  it('should not return workspace policies if cwd is a symlink to the home directory', async () => {
+  it('should return empty state if disableWorkspacePolicies is true even if folder is trusted', async () => {
+    setDisableWorkspacePolicies(true);
+
+    // Set up policies directory with a file
+    fs.mkdirSync(policiesDir, { recursive: true });
+    fs.writeFileSync(path.join(policiesDir, 'policy.toml'), 'rules = []');
+
+    const result = await resolveWorkspacePolicyState({
+      cwd: workspaceDir,
+      trustedFolder: true,
+      interactive: true,
+    });
+
+    expect(result).toEqual({
+      workspacePoliciesDir: undefined,
+      policyUpdateConfirmationRequest: undefined,
+    });
+  });
+
+  it('should return empty state if cwd is a symlink to the home directory', async () => {
     const policiesDir = path.join(tempDir, '.gemini', 'policies');
     fs.mkdirSync(policiesDir, { recursive: true });
     fs.writeFileSync(path.join(policiesDir, 'policy.toml'), 'rules = []');

@@ -35,6 +35,20 @@ export function setAutoAcceptWorkspacePolicies(value: boolean) {
   autoAcceptWorkspacePolicies = value;
 }
 
+/**
+ * Temporary flag to disable workspace level policies altogether.
+ * Exported as 'let' to allow monkey patching in tests via the setter.
+ */
+export let disableWorkspacePolicies = true;
+
+/**
+ * Sets the disableWorkspacePolicies flag.
+ * Used primarily for testing purposes.
+ */
+export function setDisableWorkspacePolicies(value: boolean) {
+  disableWorkspacePolicies = value;
+}
+
 export async function createPolicyEngineConfig(
   settings: Settings,
   approvalMode: ApprovalMode,
@@ -81,7 +95,7 @@ export async function resolveWorkspacePolicyState(options: {
     | PolicyUpdateConfirmationRequest
     | undefined;
 
-  if (trustedFolder) {
+  if (trustedFolder && !disableWorkspacePolicies) {
     const storage = new Storage(cwd);
 
     // If we are in the home directory (or rather, our target Gemini dir is the global one),

@@ -54,6 +54,7 @@ describe('Workspace-Level Policy CLI Integration', () => {
 
   beforeEach(() => {
     vi.clearAllMocks();
+    Policy.setDisableWorkspacePolicies(false);
     // Default to MATCH for existing tests
     mockCheckIntegrity.mockResolvedValue({
       status: 'match',