# Endor Labs Agent Kit Gemini CLI Extension Version: `2.1.0` This generated Gemini CLI extension package includes Endor Labs setup support, Gemini Agent Skills, and preview Gemini subagents generated from source recipes in the Endor Labs Agent Kit repository. ## Start Here | Reader | First move | | --- | --- | | Human installer | Install the generated extension directory locally or the tagged public GitHub repository. Then run setup: ask Gemini CLI to use the `endor-agent-kit-setup` skill. | | Agent installer | Preserve generated package files exactly. Do not broaden permissions, change the logo, add plugin-wide MCP, or rewrite generated agents and skills. | | Maintainer | Change source recipes or publication code in `endor-labs-agent-kit`, regenerate with `--include-plugins`, then sync generated artifacts to `ai-plugins`. | Content releases require a package version bump. If a host still shows old prompt content after reinstalling the same version, remove or reinstall the plugin, clear the host cache when supported, and start a fresh host session. This package is host-specific for Gemini CLI. Use the root README when choosing between hosts. ## Host Metadata - Manifest: `gemini-extension.json`. - Context: `GEMINI.md`, loaded through the manifest `contextFileName` field. - Skills: `skills//SKILL.md`, including `endor-agent-kit-setup`. - Preview subagents: `agents/.md`. - Hooks: `hooks/hooks.json` plus fail-open advisory scripts for prompt routing, dependency installs, and manifest edits. - Model/runtime: generated skills and subagents inherit Gemini CLI defaults; the extension does not set a plugin-wide default model. - MCP: no extension-wide MCP server is declared by default. ## Install From A Local Checkout ```bash gemini extensions install /path/to/endor-labs-agent-kit/plugins/gemini/endor-labs-agent-kit ``` Install from the public GitHub repository after a release tag is published: ```bash git clone --depth 1 --branch https://github.com/endorlabs/ai-plugins ai-plugins gemini extensions install ./ai-plugins/plugins/gemini/endor-labs-agent-kit ``` Gemini CLI 0.44.1 local validation showed a folder trust prompt for local paths even with `--consent`. Inspect the package and approve only the expected Endor Agent Kit extension source. Google documents Antigravity CLI as the consumer transition path for Gemini CLI. If your Gemini CLI account is affected by that transition, use the Antigravity package instead; keep this Gemini extension for supported Gemini CLI environments and compatibility checks. Do not create or install zip archives for Gemini CLI; use the local extension directory for local testing and clone the tagged GitHub repository before installing the generated extension directory for published installs. Restart Gemini CLI after installing or reinstalling the extension. ## Set Up This Machine Ask Gemini CLI: ```text Use the endor-agent-kit-setup skill to check Endor Agent Kit readiness. ``` The setup skill can guide package-manager-first `endorctl` installation, verify Endor auth and namespace readiness, and report missing `gh` or toolchain prerequisites. It does not run scans, run `endorctl host-check`, edit shell profiles, auto-install `gh`, or install language runtimes and package managers. ## Capabilities And Skills | Job | Gemini skill | Gemini subagent | Safety | | --- | --- | --- | --- | | Triage AI SAST findings | `ai-sast-triage` | `@ai-sast-triage` | mutating, approval-gated | | Assess CI/CD and supply chain posture | `cicd-posture` | `@cicd-posture` | read-only | | Dependency Decision Helper | `dependency-decision-helper` | `@dependency-decision-helper` | read-only | | Diagnose Endor setup and scan issues | `endor-troubleshooter` | `@endor-troubleshooter` | read-only | | Browse existing Endor findings | `findings-browser` | `@findings-browser` | read-only | | Malware Response | `malware-response` | `@malware-response` | read-only | | Package Risk Summary | `package-risk-summary` | `@package-risk-summary` | read-only | | Assess GitHub onboarding gaps | `probe-droid` | `@probe-droid` | read-only | | Remediation Planner | `remediation-planner` | `@remediation-planner` | read-only | | Repository Dependency Reviewer | `repository-dependency-reviewer` | `@repository-dependency-reviewer` | read-only | | Find safe SCA remediation paths | `sca-remediation` | `@sca-remediation` | mutating, approval-gated | | Upgrade Impact Analysis | `upgrade-impact-analysis` | `@upgrade-impact-analysis` | read-only | | Vulnerability Explainer | `vulnerability-explainer` | `@vulnerability-explainer` | read-only | Mutating workflows keep file edits, branch pushes, PR/MR creation, comments, approval verification, and Endor policy writes behind separate approval gates. Setup never performs those workflow actions. ## Boundaries And Rules - Always run readiness and namespace checks before live Endor lookups. - Always keep setup, file edits, branch pushes, PR/MR creation, comments, tickets, and policy writes as separate evidence-backed steps. - Never run setup scans or `endorctl host-check`. - Never auto-install `gh`, language runtimes, or package managers. - Never print, persist, or copy Endor API key, secret, token, or full config values. ## Provider Docs - https://geminicli.com/docs/extensions/writing-extensions/ - https://geminicli.com/docs/extensions/reference/ - https://geminicli.com/docs/hooks/ - https://geminicli.com/docs/extensions/releasing/ - https://geminicli.com/docs/core/subagents/