Gemini Guardrails
Enforces Gemini-specific CI safety standards. Validates that Gemini CLI invocations do not use dangerous flags and use structured JSON output.
gemini to your lunar-config.yml:uses: github://earthly/lunar-lib/policies/gemini@v1.0.5
Included Guardrails
This policy includes 2 guardrails that enforce standards for your devex build and ci.
cli-safe-flags
Ensures Gemini CLI invocations in CI do not use dangerous permission-bypassing flags. Flags like --yolo and -y remove safety guardrails that prevent the AI from executing arbitrary code without human approval.
cli-structured-output
Ensures Gemini CLI invocations in CI use structured JSON output instead of plain text. JSON output makes AI automation deterministic and parseable.
How Guardrails Fit into Lunar
Lunar guardrails define your engineering standards as code. They evaluate data collected by integrations and produce pass/fail checks with actionable feedback.
Policies support gradual enforcement—from silent scoring to blocking PRs or deployments—letting you roll out standards at your own pace without disrupting existing workflows.
Learn How Lunar Works →Example Evaluated Data
This policy evaluates structured metadata from the Component JSON. Here's an example of the data it checks:
{
"ai": {
"native": {
"gemini": {
"cicd": {
"cmds": [
{
"cmd": "gemini run --json 'review this PR'",
"tool": "gemini",
"version": "0.1.0"
}
]
}
}
}
}
}Required Integrations
This policy evaluates data gathered by one or more of the following integration(s).
Make sure to enable them in your lunar-config.yml.
Configuration
Configure this policy in your lunar-config.yml.
Inputs
| Input | Required | Default | Description |
|---|---|---|---|
dangerous_flags
|
Optional |
--yolo,-y
|
Comma-separated dangerous flags for Gemini CLI |
Documentation
View on GitHubGemini Guardrails
Gemini-specific CI safety and conventions guardrails.
Overview
This policy enforces Gemini-specific CI standards. It validates that Gemini CLI invocations in CI pipelines do not use dangerous permission-bypassing flags and use structured JSON output for deterministic automation.
Policies
| Policy | Severity | Description |
|---|---|---|
cli-safe-flags |
error | Gemini CLI must not use --yolo or -y flags |
cli-structured-output |
warning | Gemini CLI in CI should use structured JSON output |
Required Data
| Path | Provided By | Description |
|---|---|---|
.ai.native.gemini.cicd.cmds[] |
gemini collector |
Gemini CLI invocations captured in CI |
Installation
collectors:
- uses: github://earthly/lunar-lib/collectors/gemini@main
on: ["domain:your-domain"]
policies:
- uses: github://earthly/lunar-lib/policies/gemini@main
enforcement: report-pr
Examples
Passing
Gemini CLI using safe flags and structured output:
{
"ai": {
"native": {
"gemini": {
"cicd": {
"cmds": [
{
"cmd": "gemini run --json 'review this PR'",
"tool": "gemini"
}
]
}
}
}
}
}
Failing
Gemini CLI using dangerous flag:
{
"ai": {
"native": {
"gemini": {
"cicd": {
"cmds": [
{
"cmd": "gemini run --yolo 'deploy to prod'",
"tool": "gemini"
}
]
}
}
}
}
}
Remediation
- cli-safe-flags: Remove
--yoloand-yfrom Gemini CI invocations. Use scoped permissions instead. - cli-structured-output: Add
--jsonor equivalent structured output flag to Gemini CLI invocations in CI.
Open Source
This policy is open source and available on GitHub. Contribute improvements, report issues, or fork it for your own use.
Common Use Cases
Explore how individual guardrails work with specific integrations.
Ready to Automate Your Standards?
See how Lunar can turn your AGENTS.md, engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.
AI agent rules & prompt files
Post-mortem action items
Security & compliance policies
Testing & quality requirements