agent-sh
diff --git a/‎AGENTS.md‎
Lines changed: 4 additions & 4 deletions b/‎AGENTS.md‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎CLAUDE.md‎
Lines changed: 4 additions & 4 deletions b/‎CLAUDE.md‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎README.md‎
Lines changed: 2 additions & 2 deletions b/‎README.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎crates/agnix-cli/tests/rule_parity.rs‎
Lines changed: 9 additions & 3 deletions b/‎crates/agnix-cli/tests/rule_parity.rs‎
Lines changed: 9 additions & 3 deletions
diff --git a/‎crates/agnix-core/locales/en.yml‎
Lines changed: 11 additions & 0 deletions b/‎crates/agnix-core/locales/en.yml‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎crates/agnix-core/src/file_types/detection.rs‎
Lines changed: 11 additions & 0 deletions b/‎crates/agnix-core/src/file_types/detection.rs‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎crates/agnix-core/src/file_types/types.rs‎
Lines changed: 3 additions & 0 deletions b/‎crates/agnix-core/src/file_types/types.rs‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎crates/agnix-core/src/registry.rs‎
Lines changed: 12 additions & 2 deletions b/‎crates/agnix-core/src/registry.rs‎
Lines changed: 12 additions & 2 deletions
@@ -57,7 +57,7 @@ editors/
 ├── vscode/         # VS Code extension
 ├── jetbrains/      # JetBrains IDE plugin
 └── zed/            # Zed extension
-knowledge-base/     # 413 rules, 75+ sources, rules.json
+knowledge-base/     # 414 rules, 75+ sources, rules.json
 
 tests/fixtures/     # Test cases by category
 ```
@@ -66,7 +66,7 @@ tests/fixtures/     # Test cases by category
 
 - `parsers/` - Frontmatter, JSON, Markdown parsing
 - `schemas/` - Type definitions (13 schemas: skill, hooks, agent, mcp, cline, roo, etc.)
-- `rules/` - Validators implementing Validator trait (41 validators)
+- `rules/` - Validators implementing Validator trait (42 validators)
 - `config.rs` - LintConfig, LintConfigBuilder, ConfigError, ToolVersions, SpecRevisions
 - `diagnostics.rs` - Diagnostic, Fix, DiagnosticLevel, ValidationOutcome, LintError (= CoreError), LintResult
 - `eval.rs` - Rule efficacy evaluation (precision/recall/F1)
@@ -178,7 +178,7 @@ cargo run --bin agnix-mcp   # Run MCP server
 
 ## Rules Reference
 
-413 rules defined in `knowledge-base/rules.json` (source of truth)
+414 rules defined in `knowledge-base/rules.json` (source of truth)
 
 
 Human-readable docs: `knowledge-base/VALIDATION-RULES.md`
@@ -190,7 +190,7 @@ Format: `[CATEGORY]-[NUMBER]` (AS-004, CC-HK-001, etc.)
 ## Current State
 
 - v0.18.0 - Production-ready with full validation pipeline
-- 413 validation rules across 41 validators
+- 414 validation rules across 42 validators
 
 - 4200+ passing tests
 - LSP + MCP servers with VS Code extension
 
@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 
 ### Added
+- **GM-AG-001: Validate `auth` block in Gemini CLI agent MCP config (#809)**. Gemini CLI v0.39.0 added an `auth` block to `mcp_servers.*` entries in local agent markdown frontmatter (`.gemini/agents/*.md`) - see google-gemini/gemini-cli#24770. Two variants: `type: "google-credentials"` (only `scopes` allowed) and `type: "oauth"` (`client_id`, `client_secret`, `scopes`, `authorization_url`, `token_url`). GM-AG-001 enforces the discriminator, rejects unknown fields per variant, type-checks string/array values, and validates URL shape. Introduces `FileType::GeminiAgent` for `.gemini/agents/*.md` detection + a new `GeminiAgentValidator` with its own frontmatter extraction + auth-block line scanner. 24 unit tests + valid/invalid fixtures. New `gemini-agents` rule category. Closes #809.
 - **KR-SET-001 + KR-SET-002 + KR-SET-003: Validate Kiro Tool Search settings (#808)**. Kiro CLI 2.1 added the Tool Search feature configured via flat-key JSON in `.kiro/settings.json` (or `~/.kiro/settings.json`): `toolSearch.enabled` (boolean master toggle, default false), `toolSearch.minPct` (number, default 5), and `toolSearch.minTokens` (integer, default 50000). Docs at kiro.dev/docs/cli/mcp/tool-search/. Introduces a new `FileType::KiroSettings` variant + detection for files named `settings.json` with a `.kiro` parent directory, a new `KiroSettingsValidator`, and three rules: KR-SET-001 (HIGH, non-boolean `toolSearch.enabled`), KR-SET-002 (MEDIUM, type/negative/>100 on `toolSearch.minPct`), KR-SET-003 (MEDIUM, type/negative/fractional on `toolSearch.minTokens`). 23 unit tests + valid/invalid fixtures. New `kiro-settings` rule category. Closes #808.
 - **CC-HK-026 + CC-HK-027: Validate required fields on `type: "mcp_tool"` hooks (#804)**. Claude Code v2.1.118 added the `mcp_tool` hook action type; the docs at code.claude.com/docs/en/hooks#mcp-tool-hook-fields specify `server` (required string, names an already-connected MCP server) and `tool` (required string, names the tool to invoke), plus optional `input` (object for tool arguments with `${path}` substitution). CC-HK-026 flags missing/empty/non-string `server`; CC-HK-027 flags the same for `tool`. Both are HIGH severity (hook will fail at runtime), independently disableable. Also updated the typed `Hook::McpTool` schema in `schemas/hooks.rs` with the correct shape (was a stub with wrong fields). 8 new tests + valid/invalid fixtures. Closes #804.
 - **CC-SET-001: Validate `prUrlTemplate` in `.claude/settings.json` (#803)**. Claude Code v2.1.119 added `prUrlTemplate` as a top-level settings key that points the footer PR badge at a custom code-review URL instead of github.com. CC-SET-001 flags three misconfigurations: (a) non-string values (ERROR), (b) empty strings (ERROR, badge would never render), (c) strings with none of the documented placeholders `{host}`, `{owner}`, `{repo}`, `{number}`, `{url}` (WARNING, every PR would resolve to the same static URL). Ships with a new `ClaudeSettingsValidator` scoped to `.claude/settings.json`, `.claude/settings.local.json`, and `.claude/managed-settings.json` so sibling tools (`.amp/settings.json`, etc.) that share the Hooks FileType aren't false-positived. 19 unit tests + valid/invalid fixtures. Introduces a new `claude-settings` rule category to distinguish top-level settings rules from hooks, memory, skills, etc. Closes #803.
 
@@ -57,7 +57,7 @@ editors/
 ├── vscode/         # VS Code extension
 ├── jetbrains/      # JetBrains IDE plugin
 └── zed/            # Zed extension
-knowledge-base/     # 413 rules, 75+ sources, rules.json
+knowledge-base/     # 414 rules, 75+ sources, rules.json
 
 tests/fixtures/     # Test cases by category
 ```
@@ -66,7 +66,7 @@ tests/fixtures/     # Test cases by category
 
 - `parsers/` - Frontmatter, JSON, Markdown parsing
 - `schemas/` - Type definitions (13 schemas: skill, hooks, agent, mcp, cline, roo, etc.)
-- `rules/` - Validators implementing Validator trait (41 validators)
+- `rules/` - Validators implementing Validator trait (42 validators)
 - `config.rs` - LintConfig, LintConfigBuilder, ConfigError, ToolVersions, SpecRevisions
 - `diagnostics.rs` - Diagnostic, Fix, DiagnosticLevel, ValidationOutcome, LintError (= CoreError), LintResult
 - `eval.rs` - Rule efficacy evaluation (precision/recall/F1)
@@ -178,7 +178,7 @@ cargo run --bin agnix-mcp   # Run MCP server
 
 ## Rules Reference
 
-413 rules defined in `knowledge-base/rules.json` (source of truth)
+414 rules defined in `knowledge-base/rules.json` (source of truth)
 
 
 Human-readable docs: `knowledge-base/VALIDATION-RULES.md`
@@ -190,7 +190,7 @@ Format: `[CATEGORY]-[NUMBER]` (AS-004, CC-HK-001, etc.)
 ## Current State
 
 - v0.18.0 - Production-ready with full validation pipeline
-- 413 validation rules across 41 validators
+- 414 validation rules across 42 validators
 
 - 4200+ passing tests
 - LSP + MCP servers with VS Code extension
 
@@ -12,7 +12,7 @@
   </p>
 </div>
 
-<p align="center">Catch broken agent configs before your AI tools silently ignore them.<br>413 rules across Claude Code, Codex CLI, OpenCode, Cursor, Copilot, and more -<br>validating CLAUDE.md, SKILL.md, hooks, MCP configs, and other agent files.</p>
+<p align="center">Catch broken agent configs before your AI tools silently ignore them.<br>414 rules across Claude Code, Codex CLI, OpenCode, Cursor, Copilot, and more -<br>validating CLAUDE.md, SKILL.md, hooks, MCP configs, and other agent files.</p>
 
 <p align="center"><strong>Auto-fix</strong> | <strong><a href="https://github.com/marketplace/actions/agnix-ci">GitHub Action</a></strong> | <strong><a href="https://marketplace.visualstudio.com/items?itemName=avifenesh.agnix">VS Code</a> + <a href="https://plugins.jetbrains.com/plugin/30087-agnix">JetBrains</a> + <a href="https://github.com/agent-sh/agnix.nvim">Neovim</a> + <a href="https://zed.dev/extensions?query=agnix">Zed</a></strong></p>
 
@@ -37,7 +37,7 @@
 
 **Bad patterns get amplified.** AI assistants don't ignore wrong configs - they [learn from them](https://www.augmentcode.com/guides/enterprise-coding-standards-12-rules-for-ai-ready-teams).
 
-agnix validates all of it - 413 rules sourced from official specs, academic research, and real-world breakage patterns. Auto-fix included.
+agnix validates all of it - 414 rules sourced from official specs, academic research, and real-world breakage patterns. Auto-fix included.
 
 > **Want to try it first?** [Open the playground](https://agent-sh.github.io/agnix/playground) - paste any agent config, see diagnostics instantly. No install, runs in your browser.
 
 
@@ -166,9 +166,10 @@ fn extract_implemented_rule_ids() -> BTreeSet<String> {
     // Known rule ID prefixes to filter out false positives
     let valid_prefixes = [
         "AS-", "CC-SK-", "CC-HK-", "CC-AG-", "CC-MEM-", "CC-OS-", "CC-PL-", "CC-SET-", "AGM-",
-        "MCP-", "COP-", "CUR-", "CLN-", "CDX-", "OC-", "GM-", "XML-", "REF-", "PE-", "XP-", "VER-",
-        "WS-", "CR-SK-", "CL-SK-", "CP-SK-", "CX-SK-", "OC-SK-", "WS-SK-", "KR-SK-", "KR-AG-",
-        "KR-HK-", "KR-PW-", "KR-MCP-", "KR-SET-", "KIRO-", "AMP-SK-", "AMP-", "RC-SK-", "ROO-",
+        "MCP-", "COP-", "CUR-", "CLN-", "CDX-", "OC-", "GM-", "GM-AG-", "XML-", "REF-", "PE-",
+        "XP-", "VER-", "WS-", "CR-SK-", "CL-SK-", "CP-SK-", "CX-SK-", "OC-SK-", "WS-SK-", "KR-SK-",
+        "KR-AG-", "KR-HK-", "KR-PW-", "KR-MCP-", "KR-SET-", "KIRO-", "AMP-SK-", "AMP-", "RC-SK-",
+        "ROO-",
     ];
 
     fn extract_from_file(
@@ -336,6 +337,10 @@ fn infer_fixture_coverage(rules: &[RuleEntry]) -> HashMap<String, Vec<String>> {
         ("amp-checks", vec!["amp-checks"]),
         ("roo-code-skills", vec!["per_client_skills"]),
         ("gemini-cli", vec!["gemini_md", "gemini_md-invalid"]),
+        (
+            "gemini-agents",
+            vec!["valid/gemini-agents", "invalid/gemini-agents"],
+        ),
         ("codex", vec!["codex", "codex-invalid"]),
         ("roo-code", vec!["roo-code"]),
         ("windsurf", vec!["windsurf", "windsurf-legacy"]),
@@ -526,6 +531,7 @@ fn test_rules_json_integrity() {
         "claude-memory",
         "claude-output-styles",
         "claude-settings",
+        "gemini-agents",
         "agents-md",
         "claude-plugins",
         "mcp",
 
@@ -806,6 +806,17 @@ rules:
   cc_hk_027:
     message: "MCP tool hook at %{location} is missing required 'tool' field"
     suggestion: "Add a 'tool' field naming the MCP tool to invoke (e.g. \"tool\": \"security_scan\")"
+  gm_ag_001:
+    not_object: "MCP server '%{server}': 'auth' block must be a mapping (type + fields)"
+    missing_type: "MCP server '%{server}': 'auth' block is missing required 'type' discriminator"
+    invalid_type: "MCP server '%{server}': 'auth.type' is '%{value}', must be one of: %{valid}"
+    unknown_field_google: "MCP server '%{server}': auth.type is 'google-credentials' - field '%{field}' is not supported for this variant (only 'scopes' is)"
+    unknown_field_oauth: "MCP server '%{server}': auth.type is 'oauth' - field '%{field}' is not part of the oauth schema"
+    not_string: "MCP server '%{server}': 'auth.%{field}' must be a string"
+    invalid_url: "MCP server '%{server}': 'auth.%{field}' is '%{value}', must be a valid http(s) URL"
+    scopes_not_array: "MCP server '%{server}': 'auth.scopes' must be an array of strings"
+    scope_not_string: "MCP server '%{server}': 'auth.scopes[%{index}]' must be a string"
+    suggestion: "Align the auth block with the schema documented at google-gemini/gemini-cli#24770. For google-credentials: {type: google-credentials, scopes?: [...]}. For oauth: {type: oauth, client_id?, client_secret?, scopes?, authorization_url?, token_url?}"
   kr_set_001:
     type_error: "toolSearch.enabled must be a boolean (true or false)"
     suggestion: "Set toolSearch.enabled to true or false. Example: {\"toolSearch.enabled\": true}. See https://kiro.dev/docs/cli/mcp/tool-search/"
 
@@ -318,6 +318,17 @@ pub fn detect_file_type(path: &Path) -> FileType {
         return FileType::KiroSettings;
     }
 
+    // Gemini CLI local agent markdown files live under `.gemini/agents/`.
+    // They have YAML frontmatter with `kind: local`, a `mcp_servers` map,
+    // and a system_prompt. Schema documented via the gemini-cli source at
+    // packages/core/src/agents/agentLoader.ts.
+    if ends_with_ignore_ascii_case(filename, ".md")
+        && parent_eq_ignore_ascii_case(parent, "agents")
+        && parent_eq_ignore_ascii_case(grandparent, ".gemini")
+    {
+        return FileType::GeminiAgent;
+    }
+
     match filename {
         // Amp code review checks (.agents/checks/**/*.md), excluding AGENTS
         // variants so AGENTS.md keeps ClaudeMd validator coverage.
 
@@ -100,6 +100,8 @@ pub enum FileType {
     KiroMcp,
     /// Kiro CLI settings (.kiro/settings.json or ~/.kiro/settings.json)
     KiroSettings,
+    /// Gemini CLI agent definition (.gemini/agents/*.md)
+    GeminiAgent,
     /// Other .md files (for XML/import checks)
     GenericMarkdown,
     /// Skip validation
@@ -175,6 +177,7 @@ impl fmt::Display for FileType {
             FileType::KiroHook => "KiroHook",
             FileType::KiroMcp => "KiroMcp",
             FileType::KiroSettings => "KiroSettings",
+            FileType::GeminiAgent => "GeminiAgent",
             FileType::GenericMarkdown => "GenericMarkdown",
             FileType::Unknown => "Unknown",
         })
 
@@ -398,7 +398,7 @@ impl ValidatorRegistryBuilder {
 ///
 /// Used by `BuiltinProvider` (via `debug_assert_eq!`) and tests to catch
 /// accidental additions or removals without updating all providers.
-const EXPECTED_BUILTIN_COUNT: usize = 76;
+const EXPECTED_BUILTIN_COUNT: usize = 77;
 
 // -- Category providers -----------------------------------------------------
 //
@@ -814,6 +814,11 @@ impl ValidatorProvider for MiscProvider {
                 Some("KiroSettingsValidator"),
                 kiro_settings_validator,
             ),
+            (
+                FileType::GeminiAgent,
+                Some("GeminiAgentValidator"),
+                gemini_agent_validator,
+            ),
             (
                 FileType::GenericMarkdown,
                 Some("CrossPlatformValidator"),
@@ -977,6 +982,10 @@ fn kiro_settings_validator() -> Box<dyn Validator> {
     Box::new(crate::rules::kiro_settings::KiroSettingsValidator)
 }
 
+fn gemini_agent_validator() -> Box<dyn Validator> {
+    Box::new(crate::rules::gemini_agent::GeminiAgentValidator)
+}
+
 fn kiro_mcp_validator() -> Box<dyn Validator> {
     Box::new(crate::rules::kiro_mcp::KiroMcpValidator)
 }
@@ -1475,6 +1484,7 @@ mod tests {
                 | FileType::KiroHook
                 | FileType::KiroMcp
                 | FileType::KiroSettings
+                | FileType::GeminiAgent
                 | FileType::GenericMarkdown => (),
                 FileType::Unknown => {
                     panic!("Unknown must not appear in validatable_types")
@@ -1963,7 +1973,7 @@ mod tests {
 
     #[test]
     fn misc_provider_count() {
-        assert_eq!(MiscProvider.named_validators().len(), 26);
+        assert_eq!(MiscProvider.named_validators().len(), 27);
     }
 
     #[test]