v1.3.5
What's Changed in v1.3.5
feat: port block-no-verify hook + workflow-security CI validator (#47) by @Jamkris
Summary
Adopts two security additions from everything-claude-code (upstream as of 4e66b28) that are protocol-portable to Gemini CLI without rewriting:
-
scripts/hooks/block-no-verify.js— registered as a BeforeTool hook onrun_shell_command. Blocks--no-verify(and-nshorthand oncommit) plus-c core.hooksPath=overrides forgit commit / push / merge / cherry-pick / rebase / am. Detects subcommand even in chained shells (git log -n 5 && git commit ...) without false-positiving on-nthat belongs togit log. Returns exit 2 with stderr explanation when blocking; exit 0 otherwise. -
scripts/ci/validate-workflow-security.js— rejects unsafegithub.event.{workflow_run,pull_request}.head.*refs insideactions/checkoutsteps when triggered from privileged events (workflow_run/pull_request_target). Wired intoreusable-validate.ymlas a 5th validation step.
The tool_input.command JSON shape that block-no-verify reads is the same shape Gemini CLI's BeforeTool already produces, so no protocol translation was needed for the hook code itself.
Hook registration (per session direction: same blast radius as the Claude side)
{
"matcher": "tool == \"run_shell_command\"",
"hooks": [
{ "type": "command", "command": "node \"$HOME/.gemini/extensions/everything-gemini-code/scripts/hooks/block-no-verify.js\"" }
]
}Always-on: matches every shell command, with the hook returning exit 0 fast for non-git commands.
Skipped from upstream (with reasons)
gateguard-fact-force.js+skills/gateguard— hardcoded Claude tool names (Edit/Write/MultiEdit/Bash), ClaudepermissionDecisionJSON output protocol,CLAUDE_*env vars. Porting would be a near-rewrite to fit Gemini's stderr+exit hook contract.bash-hook-dispatcher.js+pre/post-bash-dispatcher.js— dispatcher pattern works around Claude's single-hook-per-event limit; Geminihooks.jsonalready supports multiple entries per event natively.
Test plan
-
node scripts/hooks/block-no-verify.js— direct stdin invocation works (12 cases pass) -
node scripts/ci/validate-workflow-security.js— passes against this repo's 5 workflow files (and against the 4 fixture cases in the test) -
node scripts/ci/validate-hooks.js— 16 hook matchers (was 15) -
npm run lint— clean -
npm test— 181/181 pass (was 165: +12 hook tests, +4 CI validator tests) - Reviewer spot-check: manually verify a
git commit --no-verifyattempt is blocked once the extension is reinstalled
feat: port a11y-architect agent + accessibility skill from upstream (#46) by @Jamkris
Summary
Ports two clean additions from everything-claude-code (upstream as of 4e66b28) that fit the Gemini CLI extension scope without rewriting:
agents/a11y-architect.md— WCAG 2.2 accessibility architect (Web/iOS/Android). Frontmatter migrated to the Gemini CLI shape per the strict validator added in #45.skills/accessibility/SKILL.md— WCAG 2.2 implementation patterns. Copied as-is (no Claude-specific content).
Larger upstream items (gateguard hook + skill, bash dispatcher, Python LLM provider layer, Rust core, plugin manifests) are intentionally not included — they are deeply Claude-Code-protocol-coupled or out of scope for a Gemini CLI extension. PR 2 in this sync wave will cover block-no-verify.js and validate-workflow-security.js.
Frontmatter migration (a11y-architect)
| Before (upstream) | After (this PR) |
|---|---|
model: sonnet + model: opus (duplicate, schema-forbidden) |
removed (Gemini CLI agent schema does not accept model) |
tools: [Read, Write, Edit, Bash, Grep, Glob] |
tools: [read_file, write_file, replace, run_shell_command, search_file_content, glob] |
| Body content | unchanged — no Claude-specific references |
The migration is the exact mapping enforced by scripts/lib/gemini-tools.js (Phase 2 SoT).
Test plan
-
node scripts/ci/validate-agents.js— 48 agents validated (was 47) -
node scripts/ci/validate-skills.js— 183 skill directories validated (was 182) -
npm run lint— clean -
npm test— 165/165 pass - Reviewer spot-check that the agent's tool list still makes sense for an accessibility audit workflow
Summary by CodeRabbit
- Documentation
- Added new accessibility agent guidance for designing WCAG 2.2 Level AA compliant interfaces
- Included comprehensive skill documentation covering semantic mapping, focus management, and cross-platform labeling standards for Web, iOS, and Android
- Provided best practices, anti-patterns, and implementation examples for accessible components
feat: strict agent/command validators to prevent Issue #34-class regr… (#45) by @Jamkris
Strengthens the existing CI validators to catch frontmatter and filename issues before the Gemini CLI agent loader rejects them.
scripts/lib/gemini-tools.js (new)
- Single source of truth for the 11 valid Gemini CLI tool names
- Claude-style → Gemini name mapping table for actionable error hints
- Levenshtein-based "Did you mean?" suggestions for typos
- Frontmatter validator: required keys, forbidden keys (color/model), malformed/empty tools array, MCP entries
scripts/ci/validate-agents.js
- Now uses the lib instead of only checking that "tools" exists
- Catches Read/Edit/Bash, search_files/replace_in_file, mcp__* tools, and color/model keys (all of which break the loader)
scripts/ci/validate-commands.js
- Enforces egc- filename prefix (PR #38 regression guard)
- Requires a non-empty description field
- Logic exported as a module for integration tests
tests/lib/gemini-tools.test.js (new, 24 cases)
- parseToolsField, suggestTool, validateToolList, validateAgentFrontmatter, allowlist sanity
tests/lint/validators.test.js (new, 13 cases)
- Fixture-based: good + Claude-style + MCP + forbidden keys + legacy names + missing frontmatter; mirrored for commands
- Plus a sweep that runs the live validators across every real agents/.md and commands/.toml in the repo
.gemini/styleguide.md
- Notes that scripts/lib/gemini-tools.js is the authoritative allowlist and the styleguide is its human-facing mirror
Lint green / 161 tests pass (was 124).
Summary by CodeRabbit
-
New Features
- Enhanced validation for agent and command configurations with detection of invalid tool names, forbidden keys, missing descriptions, and naming convention violations.
- Added intelligent tool name suggestions for common misspellings.
-
Documentation
- Updated style guide to clarify validation requirements and enforcement mechanisms.
-
Tests
- Added comprehensive test suites and fixtures for validation verification.
chore: release v1.3.4 (#44) by @Jamkris
Bump version to 1.3.4