feat(plan): integrate planning artifacts and tools into primary workflows

[jerop]

This commit enhances the primary software engineering and new application workflows to better leverage planning artifacts and tools.

Key changes:

• Approved Plan Integration: Enabled the agent to recognize and leverage an existing approved plan within primary workflows. Updated 'workflowStepPlan' and 'newApplicationSteps' to guide the agent to use the approved plan as the source of truth, relying on chat history for the file location to maintain security.
• Guarded Planning Mode Suggestion: Enhanced the standard new application workflow by suggesting the use of 'enter_plan_mode' for complex tasks. This suggestion is dynamically guarded to only appear when the 'enter_plan_mode' tool is available to the agent.
• Workflow Refinements: Refactored 'newApplicationSteps' to support both approved-plan-based and standard development with centralized implementation guidance and robust template management.
• Security & Quality: Secured instructions by avoiding direct path interpolation in the system prompt. Added comprehensive unit tests and updated snapshots to verify correct prompt generation across different tool and plan configurations.

Closes #18242

[gemini-code-assist]

Summary of Changes

Hello @jerop, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly upgrades the agent's primary workflows by deeply integrating planning artifacts and tools. It enables the agent to operate more effectively with pre-approved plans, offers intelligent suggestions for complex task planning, and refines existing development processes for greater flexibility and security.

Highlights

• Approved Plan Integration: The system now explicitly integrates approved plans into both general software engineering tasks and new application development workflows, treating the plan file as the single source of truth for implementation.
• Dynamic Planning Mode Suggestion: The new application workflow now conditionally suggests entering a dedicated planning mode ('enter_plan_mode' tool) for complex tasks, appearing only when the tool is available to the agent.
• Workflow Refactoring: The 'newApplicationSteps' function has been refactored to support both plan-driven and standard development paths, centralizing implementation guidance and improving template management.
• Enhanced Testing and Security: New unit tests and updated snapshots ensure correct prompt generation under various tool and plan configurations, while system prompts avoid direct path interpolation for improved security.

Changelog

• packages/core/src/core/snapshots/prompts.test.ts.snap
  • Added new snapshot entries for system prompts that include instructions for approved plans.
  • Added new snapshot entries for system prompts that include suggestions for entering planning mode when the 'enter_plan_mode' tool is enabled.
• packages/core/src/core/prompts.test.ts
  • Introduced new test cases to verify that approved plan instructions are correctly included in the system prompt when 'approvedPlanPath' is set.
  • Added a test case to confirm that the planning phase suggestion is included when the 'enter_plan_mode' tool is available.
  • Updated mock configuration to include 'getApprovedPlanPath' for testing purposes.
• packages/core/src/prompts/promptProvider.ts
  • Imported 'ENTER_PLAN_MODE_TOOL_NAME'.
  • Retrieved 'approvedPlanPath' from the configuration.
  • Passed 'enableEnterPlanModeTool' and 'approvedPlan' status to the 'PrimaryWorkflowsOptions' for prompt generation.
• packages/core/src/prompts/snippets.ts
  • Imported 'ENTER_PLAN_MODE_TOOL_NAME'.
  • Extended 'PrimaryWorkflowsOptions' interface to include 'enableEnterPlanModeTool' and an optional 'approvedPlan' object.
  • Modified 'workflowStepPlan' to prioritize and include specific instructions for agents when an 'approvedPlan' is present, making it the 'SOURCE OF TRUTH'.
  • Refactored 'newApplicationSteps' to accept the full 'options' object instead of just 'interactive'.
  • Added a new 'newApplicationSteps' branch for when an 'approvedPlan' is present, outlining a plan-driven implementation process.
  • Introduced 'NEW_APP_IMPLEMENTATION_GUIDANCE' constant to centralize common implementation instructions.
  • Created 'planningPhaseSuggestion' function to conditionally add a suggestion to use 'enter_plan_mode' based on tool availability.

Activity

• The pull request introduces new features and refactors existing code. No specific review comments or discussions are available in the provided context.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: +1.3 kB (+0.01%)

Total Size: 23.7 MB

Filename	Size	Change
./bundle/gemini.js	23.7 MB	+1.3 kB (+0.01%)

ℹ️ View Unchanged

Filename	Size
./bundle/sandbox-macos-permissive-closed.sb	1.03 kB
./bundle/sandbox-macos-permissive-open.sb	890 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB
./bundle/sandbox-macos-restrictive-closed.sb	3.29 kB
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request effectively integrates planning artifacts and tools into the primary workflows. However, it introduces a high-severity indirect prompt injection vulnerability. The agent is instructed to treat external, potentially untrusted plan files as the 'SOURCE OF TRUTH' without sufficient safeguards, which could allow an attacker to control its behavior via a malicious plan file in a repository. While the changes to the system prompts are well-implemented and the refactoring in newApplicationSteps improves code clarity, addressing this critical security concern is paramount.

[jerop]

/gemini review

[gemini-code-assist]

Code Review

This pull request effectively integrates approved planning artifacts into the primary workflows. The changes to the system prompt generation are well-implemented, conditionally guiding the agent to use an existing plan or suggesting planning mode for complex tasks. The refactoring of prompt snippets improves maintainability, and the security consideration of not interpolating file paths directly into the prompt is correctly handled. The accompanying tests and snapshot updates ensure the new logic is verified. Overall, the changes are of high quality and I have no further feedback.

[jacob314]

Please also make sure this is reviewed by @mattKorwel and/or @NTaylorMullen as these are fairly significant system prompt changes.

[abhipatel12]

LGTM overall. Just some thoughts!