@codeflyai/codefly 0.24.1 → 0.24.2

package/bundle/docs/cli/skills.md

@@ -0,0 +1,188 @@
+# Agent Skills
+
+_Note: This is an experimental feature enabled via `experimental.skills`. You
+can also search for "Skills" within the `/settings` interactive UI to toggle
+this and manage other skill-related settings._
+
+Agent Skills allow you to extend Gemini CLI with specialized expertise,
+procedural workflows, and task-specific resources. Based on the
+[Agent Skills](https://agentskills.io) open standard, a "skill" is a
+self-contained directory that packages instructions and assets into a
+discoverable capability.
+
+## Overview
+
+Unlike general context files ([`GEMINI.md`](./gemini-md.md)), which provide
+persistent workspace-wide background, Skills represent **on-demand expertise**.
+This allows Gemini to maintain a vast library of specialized capabilities—such
+as security auditing, cloud deployments, or codebase migrations—without
+cluttering the model's immediate context window.
+
+Gemini autonomously decides when to employ a skill based on your request and the
+skill's description. When a relevant skill is identified, the model "pulls in"
+the full instructions and resources required to complete the task using the
+`activate_skill` tool.
+
+## Key Benefits
+
+- **Shared Expertise:** Package complex workflows (like a specific team's PR
+  review process) into a folder that anyone can use.
+- **Repeatable Workflows:** Ensure complex multi-step tasks are performed
+  consistently by providing a procedural framework.
+- **Resource Bundling:** Include scripts, templates, or example data alongside
+  instructions so the agent has everything it needs.
+- **Progressive Disclosure:** Only skill metadata (name and description) is
+  loaded initially. Detailed instructions and resources are only disclosed when
+  the model explicitly activates the skill, saving context tokens.
+
+## Skill Discovery Tiers
+
+Gemini CLI discovers skills from three primary locations:
+
+1.  **Workspace Skills** (`.gemini/skills/`): Workspace-specific skills that are
+    typically committed to version control and shared with the team.
+2.  **User Skills** (`~/.gemini/skills/`): Personal skills available across all
+    your workspaces.
+3.  **Extension Skills**: Skills bundled within installed
+    [extensions](../extensions/index.md).
+
+**Precedence:** If multiple skills share the same name, higher-precedence
+locations override lower ones: **Workspace > User > Extension**.
+
+## Managing Skills
+
+### In an Interactive Session
+
+Use the `/skills` slash command to view and manage available expertise:
+
+- `/skills list` (default): Shows all discovered skills and their status.
+- `/skills disable <name>`: Prevents a specific skill from being used.
+- `/skills enable <name>`: Re-enables a disabled skill.
+- `/skills reload`: Refreshes the list of discovered skills from all tiers.
+
+_Note: `/skills disable` and `/skills enable` default to the `user` scope. Use
+`--scope workspace` to manage workspace-specific settings._
+
+### From the Terminal
+
+The `gemini skills` command provides management utilities:
+
+```bash
+# List all discovered skills
+gemini skills list
+
+# Install a skill from a Git repository, local directory, or zipped skill file (.skill)
+# Uses the user scope by default (~/.gemini/skills)
+gemini skills install https://github.com/user/repo.git
+gemini skills install /path/to/local/skill
+gemini skills install /path/to/local/my-expertise.skill
+
+# Install a specific skill from a monorepo or subdirectory using --path
+gemini skills install https://github.com/my-org/my-skills.git --path skills/frontend-design
+
+# Install to the workspace scope (.gemini/skills)
+gemini skills install /path/to/skill --scope workspace
+
+# Uninstall a skill by name
+gemini skills uninstall my-expertise --scope workspace
+
+# Enable a skill (globally)
+gemini skills enable my-expertise
+
+# Disable a skill. Can use --scope to specify workspace or user (defaults to workspace)
+gemini skills disable my-expertise --scope workspace
+```
+
+## Creating a Skill
+
+A skill is a directory containing a `SKILL.md` file at its root. This file uses
+YAML frontmatter for metadata and Markdown for instructions.
+
+### Folder Structure
+
+Skills are self-contained directories. At a minimum, a skill requires a
+`SKILL.md` file, but can include other resources:
+
+```text
+my-skill/
+├── SKILL.md       (Required) Instructions and metadata
+├── scripts/       (Optional) Executable scripts/tools
+├── references/    (Optional) Static documentation and examples
+└── assets/        (Optional) Templates and binary resources
+```
+
+### Basic Structure (SKILL.md)
+
+```markdown
+---
+name: <unique-name>
+description: <what the skill does and when Gemini should use it>
+---
+
+<your instructions for how the agent should behave / use the skill>
+```
+
+- **`name`**: A unique identifier (lowercase, alphanumeric, and dashes).
+- **`description`**: The most critical field. Gemini uses this to decide when
+  the skill is relevant. Be specific about the expertise provided.
+- **Body**: Everything below the second `---` is injected as expert procedural
+  guidance for the model.
+
+### Example: Team Code Reviewer
+
+Create `~/.gemini/skills/code-reviewer/SKILL.md`:
+
+```markdown
+---
+name: code-reviewer
+description:
+  Expertise in reviewing code for style, security, and performance. Use when the
+  user asks for "feedback," a "review," or to "check" their changes.
+---
+
+# Code Reviewer
+
+You are an expert code reviewer. When reviewing code, follow this workflow:
+
+1.  **Analyze**: Review the staged changes or specific files provided. Ensure
+    that the changes are scoped properly and represent minimal changes required
+    to address the issue.
+2.  **Style**: Ensure code follows the workspace's conventions and idiomatic
+    patterns as described in the `GEMINI.md` file.
+3.  **Security**: Flag any potential security vulnerabilities.
+4.  **Tests**: Verify that new logic has corresponding test coverage and that
+    the test coverage adequately validates the changes.
+
+Provide your feedback as a concise bulleted list of "Strengths" and
+"Opportunities."
+```
+
+### Resource Conventions
+
+While you can structure your skill directory however you like, the Agent Skills
+standard encourages these conventions:
+
+- **`scripts/`**: Executable scripts (bash, python, node) the agent can run.
+- **`references/`**: Static documentation, schemas, or example data for the
+  agent to consult.
+- **`assets/`**: Code templates, boilerplate, or binary resources.
+
+When a skill is activated, Gemini CLI provides the model with a tree view of the
+entire skill directory, allowing it to discover and utilize these assets.
+
+## How it Works (Security & Privacy)
+
+1.  **Discovery**: At the start of a session, Gemini CLI scans the discovery
+    tiers and injects the name and description of all enabled skills into the
+    system prompt.
+2.  **Activation**: When Gemini identifies a task matching a skill's
+    description, it calls the `activate_skill` tool.
+3.  **Consent**: You will see a confirmation prompt in the UI detailing the
+    skill's name, purpose, and the directory path it will gain access to.
+4.  **Injection**: Upon your approval:
+    - The `SKILL.md` body and folder structure is added to the conversation
+      history.
+    - The skill's directory is added to the agent's allowed file paths, granting
+      it permission to read any bundled assets.
+5.  **Execution**: The model proceeds with the specialized expertise active. It
+    is instructed to prioritize the skill's procedural guidance within reason.

package/bundle/docs/cli/system-prompt.md

@@ -56,6 +56,38 @@ error with: `missing system prompt file '<path>'`.
 When `GEMINI_SYSTEM_MD` is active, the CLI shows a `|⌐■_■|` indicator in the UI
 to signal custom system‑prompt mode.
 
+## Variable Substitution
+
+When using a custom system prompt file, you can use the following variables to
+dynamically include built-in content:
+
+- `${AgentSkills}`: Injects a complete section (including header) of all
+  available agent skills.
+- `${SubAgents}`: Injects a complete section (including header) of available
+  sub-agents.
+- `${AvailableTools}`: Injects a bulleted list of all currently enabled tool
+  names.
+- Tool Name Variables: Injects the actual name of a tool using the pattern:
+  `${toolName}_ToolName` (e.g., `${write_file_ToolName}`,
+  `${run_shell_command_ToolName}`).
+
+  This pattern is generated dynamically for all available tools.
+
+### Example
+
+```markdown
+# Custom System Prompt
+
+You are a helpful assistant. ${AgentSkills}
+${SubAgents}
+
+## Tooling
+
+The following tools are available to you: ${AvailableTools}
+
+You can use ${write_file_ToolName} to save logs.
+```
+
 ## Export the default prompt (recommended)
 
 Before overriding, export the current default prompt so you can review required

package/bundle/docs/cli/telemetry.md

@@ -8,14 +8,17 @@ Learn how to enable and setup OpenTelemetry for Gemini CLI.
   - [Configuration](#configuration)
   - [Google Cloud telemetry](#google-cloud-telemetry)
     - [Prerequisites](#prerequisites)
+    - [Authenticating with CLI Credentials](#authenticating-with-cli-credentials)
     - [Direct export (recommended)](#direct-export-recommended)
     - [Collector-based export (advanced)](#collector-based-export-advanced)
+    - [Monitoring Dashboards](#monitoring-dashboards)
   - [Local telemetry](#local-telemetry)
     - [File-based output (recommended)](#file-based-output-recommended)
     - [Collector-based export (advanced)](#collector-based-export-advanced-1)
   - [Logs and metrics](#logs-and-metrics)
     - [Logs](#logs)
       - [Sessions](#sessions)
+      - [Approval Mode](#approval-mode)
       - [Tools](#tools)
       - [Files](#files)
       - [API](#api)
@@ -214,6 +217,24 @@ forward data to Google Cloud.
    - Open `~/.codefly/tmp/<projectHash>/otel/collector-gcp.log` to view local
      collector logs.
 
+### Monitoring Dashboards
+
+Gemini CLI provides a pre-configured
+[Google Cloud Monitoring](https://cloud.google.com/monitoring) dashboard to
+visualize your telemetry.
+
+This dashboard can be found under **Google Cloud Monitoring Dashboard
+Templates** as "**Gemini CLI Monitoring**".
+
+![Gemini CLI Monitoring Dashboard Overview](/docs/assets/monitoring-dashboard-overview.png)
+
+![Gemini CLI Monitoring Dashboard Metrics](/docs/assets/monitoring-dashboard-metrics.png)
+
+![Gemini CLI Monitoring Dashboard Logs](/docs/assets/monitoring-dashboard-logs.png)
+
+To learn more, check out this blog post:
+[Instant insights: Gemini CLI’s new pre-configured monitoring dashboards](https://cloud.google.com/blog/topics/developers-practitioners/instant-insights-gemini-clis-new-pre-configured-monitoring-dashboards/).
+
 ## Local telemetry
 
 For local development and debugging, you can capture telemetry data locally:
@@ -296,9 +317,23 @@ Captures startup configuration and user prompt submissions.
     - `prompt` (string; excluded if `telemetry.logPrompts` is `false`)
     - `auth_type` (string)
 
+#### Approval Mode
+
+Tracks changes and duration of approval modes.
+
+- `approval_mode_switch`: Approval mode was changed.
+  - **Attributes**:
+    - `from_mode` (string)
+    - `to_mode` (string)
+
+- `approval_mode_duration`: Duration spent in an approval mode.
+  - **Attributes**:
+    - `mode` (string)
+    - `duration_ms` (int)
+
 #### Tools
 
-Captures tool executions, output truncation, and Smart Edit behavior.
+Captures tool executions, output truncation, and Edit behavior.
 
 - `gemini_cli.tool_call`: Emitted for each tool (function) call.
   - **Attributes**:
@@ -326,11 +361,11 @@ Captures tool executions, output truncation, and Smart Edit behavior.
     - `lines` (int)
     - `prompt_id` (string)
 
-- `gemini_cli.smart_edit_strategy`: Smart Edit strategy chosen.
+- `gemini_cli.edit_strategy`: Edit strategy chosen.
   - **Attributes**:
     - `strategy` (string)
 
-- `gemini_cli.smart_edit_correction`: Smart Edit correction result.
+- `gemini_cli.edit_correction`: Edit correction result.
   - **Attributes**:
     - `correction` ("success" | "failure")
 

package/bundle/docs/cli/themes.md

@@ -86,7 +86,6 @@ color keys. For example:
 - `Gray`
 - `DiffAdded` (optional, for added lines in diffs)
 - `DiffRemoved` (optional, for removed lines in diffs)
-- `DiffModified` (optional, for modified lines in diffs)
 
 You can also override individual UI text roles by adding a nested `text` object.
 This object supports the keys `primary`, `secondary`, `link`, `accent`, and
@@ -157,7 +156,6 @@ custom theme defined in `settings.json`.
   "Gray": "#ABB2BF",
   "DiffAdded": "#A6E3A1",
   "DiffRemoved": "#F38BA8",
-  "DiffModified": "#89B4FA",
   "GradientColors": ["#4796E4", "#847ACE", "#C3677F"]
 }
 ```

package/bundle/docs/cli/tutorials/skills-getting-started.md

@@ -0,0 +1,124 @@
+# Getting Started with Agent Skills
+
+Agent Skills allow you to extend Gemini CLI with specialized expertise. This
+tutorial will guide you through creating your first skill, enabling it, and
+using it in a session.
+
+## 1. Enable Agent Skills
+
+Agent Skills are currently an experimental feature and must be enabled in your
+settings.
+
+### Via the interactive UI
+
+1.  Start a Gemini CLI session by running `gemini`.
+2.  Type `/settings` to open the interactive settings dialog.
+3.  Search for "Skills".
+4.  Toggle **Agent Skills** to `true`.
+5.  Press `Esc` to save and exit. You may need to restart the CLI for the
+    changes to take effect.
+
+### Via `settings.json`
+
+Alternatively, you can manually edit your global settings file at
+`~/.gemini/settings.json` (create it if it doesn't exist):
+
+```json
+{
+  "experimental": {
+    "skills": true
+  }
+}
+```
+
+## 2. Create Your First Skill
+
+A skill is a directory containing a `SKILL.md` file. Let's create an **API
+Auditor** skill that helps you verify if local or remote endpoints are
+responding correctly.
+
+1.  **Create the skill directory structure:**
+
+    ```bash
+    mkdir -p .gemini/skills/api-auditor/scripts
+    ```
+
+2.  **Create the `SKILL.md` file:** Create a file at
+    `.gemini/skills/api-auditor/SKILL.md` with the following content:
+
+    ```markdown
+    ---
+    name: api-auditor
+    description:
+      Expertise in auditing and testing API endpoints. Use when the user asks to
+      "check", "test", or "audit" a URL or API.
+    ---
+
+    # API Auditor Instructions
+
+    You act as a QA engineer specialized in API reliability. When this skill is
+    active, you MUST:
+
+    1.  **Audit**: Use the bundled `scripts/audit.js` utility to check the
+        status of the provided URL.
+    2.  **Report**: Analyze the output (status codes, latency) and explain any
+        failures in plain English.
+    3.  **Secure**: Remind the user if they are testing a sensitive endpoint
+        without an `https://` protocol.
+    ```
+
+3.  **Create the bundled Node.js script:** Create a file at
+    `.gemini/skills/api-auditor/scripts/audit.js`. This script will be used by
+    the agent to perform the actual check:
+
+    ```javascript
+    // .gemini/skills/api-auditor/scripts/audit.js
+    const url = process.argv[2];
+
+    if (!url) {
+      console.error('Usage: node audit.js <url>');
+      process.exit(1);
+    }
+
+    console.log(`Auditing ${url}...`);
+    fetch(url, { method: 'HEAD' })
+      .then((r) => console.log(`Result: Success (Status ${r.status})`))
+      .catch((e) => console.error(`Result: Failed (${e.message})`));
+    ```
+
+## 3. Verify the Skill is Discovered
+
+Use the `/skills` slash command (or `gemini skills list` from your terminal) to
+see if Gemini CLI has found your new skill.
+
+In a Gemini CLI session:
+
+```
+/skills list
+```
+
+You should see `api-auditor` in the list of available skills.
+
+## 4. Use the Skill in a Chat
+
+Now, let's see the skill in action. Start a new session and ask a question about
+an endpoint.
+
+**User:** "Can you audit http://geminili.com"
+
+Gemini will recognize the request matches the `api-auditor` description and will
+ask for your permission to activate it.
+
+**Model:** (After calling `activate_skill`) "I've activated the **api-auditor**
+skill. I'll run the audit script now..."
+
+Gemini will then use the `run_shell_command` tool to execute your bundled Node
+script:
+
+`node .gemini/skills/api-auditor/scripts/audit.js http://geminili.com`
+
+## Next Steps
+
+- Explore [Agent Skills Authoring Guide](../skills.md#creating-a-skill) to learn
+  about more advanced skill features.
+- Learn how to share skills via [Extensions](../../extensions/index.md).

package/bundle/docs/cli/tutorials.md

@@ -2,6 +2,10 @@
 
 This page contains tutorials for interacting with Gemini CLI.
 
+## Agent Skills
+
+- [Getting Started with Agent Skills](./tutorials/skills-getting-started.md)
+
 ## Setting up a Model Context Protocol (MCP) server
 
 > [!CAUTION] Before using a third-party MCP server, ensure you trust its source

package/bundle/docs/core/index.md

@@ -68,6 +68,10 @@ If you are using the default "pro" model and the CLI detects that you are being
 rate-limited, it automatically switches to the "flash" model for the current
 session. This allows you to continue working without interruption.
 
+Internal utility calls that use `gemini-2.5-flash-lite` (for example, prompt
+completion and classification) silently fall back to `gemini-2.5-flash` and
+`gemini-2.5-pro` when quota is exhausted, without changing the configured model.
+
 ## File discovery service
 
 The file discovery service is responsible for finding files in the project that

package/bundle/docs/core/memport.md

@@ -83,7 +83,9 @@ The processor automatically detects and prevents circular imports:
 # file-a.md
 
 @./file-b.md
+```
 
+```markdown
 # file-b.md
 
 @./file-a.md <!-- This will be detected and prevented -->

package/bundle/docs/core/policy-engine.md

@@ -258,8 +258,9 @@ The Gemini CLI ships with a set of default policies to provide a safe
 out-of-the-box experience.
 
 - **Read-only tools** (like `read_file`, `glob`) are generally **allowed**.
-- **Agent delegation** (like `delegate_to_agent`) is **allowed** (sub-agent
-  actions are checked individually).
+- **Agent delegation** (like `delegate_to_agent`) defaults to **`ask_user`** to
+  ensure remote agents can prompt for confirmation, but local sub-agent actions
+  are executed silently and checked individually.
 - **Write tools** (like `write_file`, `run_shell_command`) default to
   **`ask_user`**.
 - In **`yolo`** mode, a high-priority rule allows all tools.

package/bundle/docs/extensions/getting-started-extensions.md

@@ -222,9 +222,45 @@ need this for extensions built to expose commands and prompts.
 Restart the CLI again. The model will now have the context from your
 `CODEFLY.md` file in every session where the extension is active.
 
-## Step 6: Releasing your extension
+## (Optional) Step 6: Add an Agent Skill
 
-Once you are happy with your extension, you can share it with others. The two
+_Note: This is an experimental feature enabled via `experimental.skills`._
+
+[Agent Skills](../cli/skills.md) let you bundle specialized expertise and
+procedural workflows. Unlike `GEMINI.md`, which provides persistent context,
+skills are activated only when needed, saving context tokens.
+
+1.  Create a `skills` directory and a subdirectory for your skill:
+
+    ```bash
+    mkdir -p skills/security-audit
+    ```
+
+2.  Create a `skills/security-audit/SKILL.md` file:
+
+    ```markdown
+    ---
+    name: security-audit
+    description:
+      Expertise in auditing code for security vulnerabilities. Use when the user
+      asks to "check for security issues" or "audit" their changes.
+    ---
+
+    # Security Auditor
+
+    You are an expert security researcher. When auditing code:
+
+    1. Look for common vulnerabilities (OWASP Top 10).
+    2. Check for hardcoded secrets or API keys.
+    3. Suggest remediation steps for any findings.
+    ```
+
+Skills bundled with your extension are automatically discovered and can be
+activated by the model during a session when it identifies a relevant task.
+
+## Step 7: Release your extension
+
+Once you're happy with your extension, you can share it with others. The two
 primary ways of releasing extensions are via a Git repository or through GitHub
 Releases. Using a public Git repository is the simplest method.
 
@@ -239,6 +275,7 @@ You've successfully created a Gemini CLI extension! You learned how to:
 - Add custom tools with an MCP server.
 - Create convenient custom commands.
 - Provide persistent context to the model.
+- Bundle specialized Agent Skills.
 - Link your extension for local development.
 
 From here, you can explore more advanced features and build powerful new