ShellTool fails to execute commands (ls, python, pdflatex) while FileEditor functions correctly #16158
Description
What happened?
Description
I am experiencing a partial failure of the Agent's capabilities. While the Agent can successfully request and execute file edits (requesting permission and modifying files within the project), it fails to execute shell commands such as ls and cat, throwing error:
Command "ls -F" is not in the list of allowed tools for non-interactive mode.
This affects both system binaries (like /bin/ls, cat) and user-installed binaries (python, pdflatex).
Also setting tools.shell.enableInteractiveShell in project setting.json to be true does not resolve the problem.
Environment
- OS: macOS 26.1 (Build 25B78)
- Gemini CLI Version 0.23.0
- IDE/Terminal: VS Code 1.107.1
- Shell: zsh 5.9 (arm64-apple-darwin25.0)
- Git Version: 2.50.1 (Apple Git-155)
- Python Version: 3.12.2
Reproduction Steps
-
Initialize the Gemini Code Assist agent in a project.
-
Request a file edit (e.g., "Add a comment to
main.py").
- Result: Success. The agent asks for permission, and the file is updated.
- Request a shell command (e.g., "List the files in this directory" or "Run
ls ../").
- Result: Failure. The agent says 'Command "ls ../" is not in the list of allowed tools for non-interactive mode.'
- Request a specific binary execution (e.g., "Compile this file using
pdflatex").
- Result: Failure. The agent gives same error message.
- Edit the
tools.shell.enableInteractiveShellto betrue. Then ask gemini:Are you in a interactive mode?
- Result:
I am a non-interactive CLI agent. Warning: OnlyDIR/TO/PROJECT/` from the mult-root workspace is being considered.
6 Repeat step 3 - 5 in Gemini CLI.
- Result: Success for step 3 and 4. Step 5 outputs
Yes, I am an interactive CLI agent....
Troubleshooting Already Attempted
I have verified the following, and the issue persists:
- PATH Visibility: Tried using absolute paths (e.g.,
/bin/ls) to rule out$PATHenvironment variable isolation issues. - Tool Configuration: Verified that shell tools are not explicitly disabled in the settings.
- Permissions: Account running the IDE has full execution rights for these binaries.
- Interactive Mode: Ensured commands were not hanging on
stdin(e.g., used non-interactive flags). - Setting: Project setting as follows:
{
"general": {
"previewFeatures": true
},
"security": {
"auth": {
"selectedType": "oauth-personal"
}
},
"tools": {
"shell": {
"enableInteractiveShell": true
}
}
}Hypothesis
Since FileEditor works (which requires filesystem write access) but ShellTool fails (which requires spawn/exec access), there may be a specific issue with how the subprocess is being spawned or a sandbox restriction preventing shell context initialization.
What did you expect to happen?
Expected Behavior
The ShellTool should execute the command in the current working directory and return stdout/stderr to the context window, similar to how the FileEditor tool functions.
Actual Behavior
Error message The agent says 'Command "ls ../" is not in the list of allowed tools for non-interactive mode.'
Client information
Client Information
Run gemini to enter the interactive CLI, then run the /about command.
> /about
│ About Gemini CLI │
│ │
│ CLI Version 0.23.0 │
│ Git Commit 3ff055840 │
│ Model auto-gemini-3 │
│ Sandbox no sandbox │
│ OS darwin │
│ Auth Method OAuth │
│ User Email westernchurchill@gmail.com``` |
</details>
**Environment**
* **OS:** macOS 26.1 (Build 25B78)
* **Gemini CLI Version** 0.23.0
* **IDE/Terminal:** VS Code 1.107.1
* **Shell:** zsh 5.9 (arm64-apple-darwin25.0)
* **Git Version:** 2.50.1 (Apple Git-155)
* **Python Version:** 3.12.2
### Login information
Login via Google Account.
### Anything else we need to know?
_No response_