Skip to main content

Gemini CLI

Vectimus governs Gemini CLI through its native BeforeTool hook system. Shell commands, file reads, file writes and MCP tool calls are all intercepted before execution.

Setup

vectimus init

That’s it. If Gemini CLI is installed (the gemini binary is on your PATH or ~/.gemini/ exists), vectimus init detects it and writes the hook configuration automatically.

The generated config lives at .gemini/settings.json in your project directory:

{
  "hooks": {
    "BeforeTool": [
      {
        "command": "vectimus hook --source gemini-cli",
        "matcher": ".*"
      }
    ]
  }
}

If you already have hooks in .gemini/settings.json, Vectimus merges its hook with your existing ones. Your custom hooks are preserved.

How it works

  1. Gemini CLI fires the BeforeTool hook before every tool call
  2. The hook sends the tool name and arguments to vectimus hook via stdin
  3. Vectimus normalises the payload, evaluates it against Cedar policies and returns a decision
  4. On deny, Vectimus exits with code 2 and writes the rejection reason to stderr
  5. Gemini CLI reads the rejection and blocks the tool call

Supported tools

Gemini CLI toolVectimus action type
run_shell_commandshell_command (further classified to git_operation, infrastructure, package_operation based on command)
read_filefile_read
write_filefile_write
edit_filefile_write
list_directoryfile_read
mcp__*mcp_tool

Payload format

Gemini CLI sends this JSON to the hook:

{
  "tool_name": "run_shell_command",
  "tool_input": { "command": "rm -rf /tmp/build" },
  "hook_event_name": "BeforeTool",
  "session_id": "uuid",
  "cwd": "/home/user/project"
}

The same Cedar policies that govern Claude Code and Cursor apply here. No policy changes needed.

Observe mode

To trial Vectimus without blocking:

vectimus observe on

All decisions are logged to ~/.vectimus/logs/ but tool calls proceed normally. Review the audit log, then switch to enforcement:

vectimus observe off

Performance and audit

The evaluation daemon auto-starts on the first hook call and keeps the Cedar engine warm in memory, reducing latency from ~200ms to under 10ms. Every evaluation produces an Ed25519-signed governance receipt stored in .vectimus/receipts/. Receipts are retained for 7 days by default (configurable via [receipts] retention_days in config). Use vectimus verify to validate receipts offline and vectimus receipts prune for manual cleanup.

Remove hooks

vectimus remove

This strips Vectimus entries from .gemini/settings.json while preserving your other hooks.