A resilient, zero-dependency Python wrapper for the official Google Gemini Node.js CLI.
Project description
Gemini CLI Headless
⚠️ CRITICAL: VERSION LOCK This orchestrator relies on deeply undocumented internal mechanics of the policy engine. It is strictly version-locked and certified ONLY for Gemini CLI
v0.38.2. Using newer versions may cause the sandbox to silently fail. See Version Lock & System Brittleness for details.
gemini-cli-headless is a Python-based Headless Orchestrator for the Gemini CLI. It provides a secure, programmatically controllable execution environment designed for autonomous agents, automated workflows, and complex system integrations (such as Cortex OS).
This wrapper moves beyond simple convenience flags and establishes a 100% physically secure, "Zero-Trust" sandbox by directly manipulating the internal policy engine of the Gemini CLI.
Quick Start
import os
from gemini_cli_headless import run_gemini_cli_headless
project_root = os.path.abspath("./my_project")
session = run_gemini_cli_headless(
prompt="Refactor the authentication logic.",
cwd=project_root,
# 1. Physical Tool Sandbox
allowed_tools=["read_file", "replace", "run_shell_command"],
# 2. Physical Path Sandbox
allowed_paths=[project_root],
# 3. Surgical Shell Sandbox
allowed_commands=["npm test", "git status"]
)
print(session.text)
Documentation
The architecture and security philosophy of this orchestrator are deeply intertwined with the internal physics of the Gemini CLI. To understand how to leverage it effectively, please refer to the detailed documentation:
- 01. Architecture Overview - The "Cognition vs. Enforcement" philosophy.
- 02. The Tier System & Priority Caps - Why we use the
--admin-policy(Tier 5) Kernel. - 03. Path Security & Structural Anchoring - Defeating content-injection using Null Bytes (
\0). - 04. Soft Interception & Model Psychology - Using "Invisible Enforcement" to overcome model paranoia.
- 05. Trace Auditing & Testing Philosophy - Why we test the physical engine traces, not the model's text.
- 06. Usage & Examples - Detailed API usage and common sandbox configurations.
- 07. Version Lock & System Brittleness - [IMPORTANT] Why the system is locked to
v0.38.2and the likely breaking points in future updates.
Running the Integrity Battery
To verify the physical security of the engine on your machine, you can run the exhaustive 29-point test battery.
python tests/run_integrity.py <optional_model_id> <optional_regex_filter>
Example (Run only path security tests):
python tests/run_integrity.py gemini-3-flash-preview "sec_paths"
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file gemini_cli_headless-2.0.0.tar.gz.
File metadata
- Download URL: gemini_cli_headless-2.0.0.tar.gz
- Upload date:
- Size: 9.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
882a314a9398d43c5acaed94bcf817a9ae15a22c474df0045109ecd02ce99c63
|
|
| MD5 |
ad22c2eb10db2ccc2dc9c820a2731bab
|
|
| BLAKE2b-256 |
794156fc6db6317cd8e3e6734146f07ed0f798c7c9d4414bcedbadfc23ea82e1
|
File details
Details for the file gemini_cli_headless-2.0.0-py3-none-any.whl.
File metadata
- Download URL: gemini_cli_headless-2.0.0-py3-none-any.whl
- Upload date:
- Size: 7.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
096fde6686334afafbbffc192ee6e837bd7bb4cadd7e11b2e0fe735ffd4a1f8c
|
|
| MD5 |
0d61f4339a366cfd7f30cb8c82c1511e
|
|
| BLAKE2b-256 |
812f3a20b4113ca9df45b975604e8ee6c53dc45258802c8b5dd48bb284f047ec
|
