feat(sdk): initial package bootstrap for SDK

[mbleigh]

Initial structure for the SDK package.

[gemini-cli]

Hi @mbleigh, thank you so much for your contribution to Gemini CLI! We really appreciate the time and effort you've put into this.

We're making some updates to our contribution process to improve how we track and review changes. Please take a moment to review our recent discussion post: Improving Our Contribution Process & Introducing New Guidelines.

Key Update: Starting January 26, 2026, the Gemini CLI project will require all pull requests to be associated with an existing issue. Any pull requests not linked to an issue by that date will be automatically closed.

Thank you for your understanding and for being a part of our community!

[gemini-cli]

Hi there! Thank you for your contribution to Gemini CLI.

To improve our contribution process and better track changes, we now require all pull requests to be associated with an existing issue, as announced in our recent discussion and as detailed in our CONTRIBUTING.md.

This pull request is being closed because it is not currently linked to an issue. Once you have updated the description of this PR to link an issue (e.g., by adding Fixes #123 or Related to #123), it will be automatically reopened.

How to link an issue:
Add a keyword followed by the issue number (e.g., Fixes #123) in the description of your pull request. For more details on supported keywords and how linking works, please refer to the GitHub Documentation on linking pull requests to issues.

Thank you for your understanding and for being a part of our community!

[gemini-code-assist]

Summary of Changes

Hello @mbleigh, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request establishes the foundational structure for a new SDK package, @google/gemini-cli-sdk, designed to allow external interaction with the Gemini CLI's core agent. It includes setting up the package's build system, dependencies, and initial core components like the agent and tool definition system, along with an example to demonstrate its usage.

Highlights

• New SDK Package: A new packages/sdk directory has been created, establishing the @google/gemini-cli-sdk package, which will serve as the public SDK for the Gemini CLI's core agent.
• ESLint Configuration: A new ESLint rule was added to enforce relative imports within the new SDK package, preventing direct imports of its own package name to ensure proper module resolution.
• Core Agent Implementation: The GeminiCliAgent class was introduced, providing an interface for interacting with the Gemini CLI's core functionalities, including tool registration and stream-based message sending.
• Tool Definition System: A system for defining and integrating custom tools (Tool, SdkTool) using Zod for schema validation has been implemented, allowing the SDK to leverage the CLI's tool execution capabilities.
• Example Usage: A basic example (simple.ts) demonstrates how to instantiate the GeminiCliAgent, define a custom tool, and send prompts to the agent, showcasing the SDK's core functionality.

Changelog

• eslint.config.js
  • Added a no-restricted-imports rule specifically for the packages/sdk directory to enforce relative imports.
• package-lock.json
  • Updated to include the new @google/gemini-cli-sdk package, linking it to the packages/sdk directory and specifying its dependencies.
• packages/sdk/README.md
  • Added a basic README file outlining the SDK's purpose, installation, and usage.
• packages/sdk/examples/simple.ts
  • Added an example TypeScript file demonstrating the basic usage of the GeminiCliAgent and custom tools.
• packages/sdk/index.ts
  • Added the main entry point for the SDK, re-exporting modules from src/index.js.
• packages/sdk/package.json
  • Created the package manifest for @google/gemini-cli-sdk, defining its name, version, description, scripts, dependencies, and development dependencies.
• packages/sdk/src/agent.ts
  • Implemented the GeminiCliAgent class, which manages configuration, authentication, tool registration, and interaction with the Gemini client.
• packages/sdk/src/tool.ts
  • Defined interfaces and classes (ToolDefinition, Tool, SdkToolInvocation, SdkTool) for creating and managing declarative tools within the SDK, utilizing Zod for input schema validation.
• packages/sdk/tsconfig.json
  • Configured TypeScript compilation settings for the new SDK package, including output directory, composite project settings, and type references.
• packages/sdk/vitest.config.ts
  • Configured Vitest for unit testing within the SDK package, setting up globals and the Node.js environment.

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new SDK package with an initial structure, including GeminiCliAgent and tool definition helpers. However, a security audit identified two high-severity prompt injection vulnerabilities in packages/sdk/src/agent.ts, which could lead to manipulation of the language model. Additionally, there's a major bug in agent.ts causing crashes with JSON string tool arguments, and the sendStream method and tool action functions lack support for cancellation via AbortSignal. Addressing these security and functional issues is crucial for the robustness and usability of the new SDK.

[github-actions]

Size Change: +122 B (0%)

Total Size: 24.4 MB

ℹ️ View Unchanged

Filename	Size	Change
./bundle/gemini.js	24.4 MB	+122 B (0%)
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B

_{compressed-size-action}

[mbleigh]

I've fixed the issue with JSON string tool arguments by parsing them if they are strings. I've also added a TODO to support AbortSignal cancellation properly in a future PR. Regarding prompt injection warnings, since this is an SDK designed to execute user prompts, these are expected and I'm proceeding without changes for those.

[mbleigh]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a new SDK package, @google/gemini-cli-sdk, providing a public API for interacting with the Gemini CLI's core agent. A critical security vulnerability was identified in the agent's tool execution loop, as the implementation bypasses the core library's security policy engine and user confirmation, potentially allowing unauthorized tool execution via prompt injection. This must be addressed before the SDK is used for sensitive tasks. Furthermore, the usage example in the README is incorrect, and the sendStream method does not support cancellation via an AbortSignal.

[mbleigh]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a new SDK package with an initial structure, including an agent, tool definitions, and example usage. The setup is generally good, but there are a few critical issues to address. The README contains an incorrect usage example which will be confusing for new users. Additionally, the implementation for tool cancellation is incomplete, as AbortSignal is not properly propagated and handled, which violates a general repository rule for cancellable async operations and could lead to dangling processes. Finally, there's an unsafe type assertion in the agent implementation that bypasses TypeScript's type safety and violates the project's linting rules.

I am having trouble creating individual review comments. Click here to see my feedback.

packages/sdk/README.md (14-16)

The usage example in the README refers to a function helloSdk which does not seem to be exported by the SDK. This will confuse users trying to get started with the package. The example should be updated to use the actual exported members like GeminiCliAgent.

import { GeminiCliAgent } from '@google/gemini-cli-sdk';

async function main() {
  const agent = new GeminiCliAgent({
    instructions: 'You are a helpful assistant.',
  });

  for await (const chunk of agent.sendStream('Why is the sky blue?')) {
    if (chunk.type === 'text') {
      process.stdout.write(chunk.value.text);
    }
  }
}

main().catch(console.error);

packages/sdk/src/agent.ts (82-83)

The AbortSignal is created but not passed down to the tool execution logic, as noted by the TODO. This means long-running tools cannot be cancelled, which can lead to dangling processes. This violates a general rule for the repository regarding cancellable async operations.

The signal should be passed to invocation.execute() on line 125. This will also require updating the action signature in packages/sdk/src/tool.ts to accept and handle the signal.

References

1. Asynchronous operations that can be cancelled by the user should accept and propagate an AbortSignal to ensure cancellability and prevent dangling processes or network requests.

packages/sdk/src/agent.ts (144-147)

Using as unknown as ... is an unsafe type assertion that bypasses TypeScript's type checking. This can lead to runtime errors if the shape of functionResponses is not what sendMessageStream expects. This also violates the project's linting rules which disallow unsafe assertions in product code.

Please define a more specific type for functionResponses and use a single, more specific type assertion if necessary, or align the types to avoid assertions altogether.

packages/sdk/src/tool.ts (47-50)

The _signal parameter is ignored in the execute method. This means that if the action is a long-running asynchronous operation, it cannot be cancelled. The AbortSignal should be passed to the action function so it can listen for cancellation events.

This will also require updating the Tool interface and the tool helper function to accept the AbortSignal in the action signature, and then using it in the execute method: const result = await this.action(this.params, signal);

  async execute(
    signal: AbortSignal,
    _updateOutput?: (output: string) => void,
  ): Promise<ToolResult> {

References

1. Asynchronous operations that can be cancelled by the user should accept and propagate an AbortSignal to ensure cancellability and prevent dangling processes or network requests.

[gemini-cli]

Hi there! Thank you for your contribution to Gemini CLI.

To improve our contribution process and better track changes, we now require all pull requests to be associated with an existing issue, as announced in our recent discussion and as detailed in our CONTRIBUTING.md.

This pull request is being closed because it is not currently linked to an issue. Once you have updated the description of this PR to link an issue (e.g., by adding Fixes #123 or Related to #123), it will be automatically reopened.

How to link an issue:
Add a keyword followed by the issue number (e.g., Fixes #123) in the description of your pull request. For more details on supported keywords and how linking works, please refer to the GitHub Documentation on linking pull requests to issues.

Thank you for your understanding and for being a part of our community!

[NTaylorMullen]

Should mark this and tools as readonly

[gemini-cli]

Hi there! Thank you for your contribution to Gemini CLI.

To improve our contribution process and better track changes, we now require all pull requests to be associated with an existing issue, as announced in our recent discussion and as detailed in our CONTRIBUTING.md.

This pull request is being closed because it is not currently linked to an issue. Once you have updated the description of this PR to link an issue (e.g., by adding Fixes #123 or Related to #123), it will be automatically reopened.

How to link an issue:
Add a keyword followed by the issue number (e.g., Fixes #123) in the description of your pull request. For more details on supported keywords and how linking works, please refer to the GitHub Documentation on linking pull requests to issues.

Thank you for your understanding and for being a part of our community!