"Allow for session" only allows once for shell commands that include a path #16750
Description
What happened?
The agent prompted for confirmation before running commands like tools/autotest.py foo or testing/xvfb.py bar. I select "allow for this session". The agent continues to prompt me for each instance that it wants to run the command, even if the command is character-for-character identical to one I have previously allowed.
Also, the prompt for the command is somewhat strange. For tools/autotest.py it asks me if I want to allow autotest.py to run. This is less of an issue since the full command is shown above the prompt with the correct path, but could be confusing if there was an instance of autotest.py in the path.
What did you expect to happen?
I expected that once I selected "allow for this session" that the agent would be able to execute that specific command without prompting.
Client information
Client Information
Run gemini to enter the interactive CLI, then run the /about command.
> /about
╭───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ │
│ About Gemini CLI │
│ │
│ CLI Version 0.25.0-nightly.20260107.59a18e710-git.b08b0d7 │
│ Git Commit b08b0d7 │
│ Model auto-gemini-2.5 │
│ Sandbox no sandbox │
│ OS linux │
│ Auth Method gemini-api-key │
│ │
╰───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
Login information
I use an API key to log in.
Anything else we need to know?
I suspect this issue may be due to an inconsistency in how the shell command is comparing against the allowed command list. It may be using the command name after normalizeCommandName (which removes preceding directories from the command) as either the saved, allowed, command or the command used in the comparison.