JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 652
  • Score
    100M100P100Q103568F
  • License Apache-2.0

Ory extension for Gemini CLI: scaffolding skills, a local Ory instance, and authentication, authorization, and audit for every tool call

Package Exports

  • @ory/gemini-cli

Readme

Ory Agent Extension: Gemini CLI

Ory bundled into Gemini CLI: skills and TOML slash commands that scaffold Ory authentication into your codebase, a local Ory stack you can spin up in one command, and (when pointed at an Ory project) authentication, authorization, and audit for every tool Gemini runs.

Install

Try these in order; the first that works is the simplest path:

1. Google's public extension registry. Find Ory Agent Extension and install:

gemini extensions install ory-agent-extension

2. The Ory-hosted extension source:

gemini extensions install https://github.com/ory/gemini-cli-extension

3. The Ory installer. No prior npm install required:

npx @ory/gemini-cli install
npx @ory/gemini-cli uninstall

Every flow installs the same extension: skills, TOML slash commands, hooks, and the Ory MCP server. If the gemini binary isn't on your PATH, npx ory-gemini-setup writes the extension config directly.

Developer experience

This extension is a productivity layer for Ory itself. You don't need a real Ory project, an account, or any prior Ory experience to start using it.

Skills for scaffolding Ory into your application

Ask Gemini to add Ory auth to your codebase. The extension bundles four skills that the model auto-invokes by description:

  • ory-auth-setup: full project setup. Install the Ory CLI, create an Ory Network project, add Ory Elements, configure the SDK, build the auth pages, wire session middleware.
  • ory-login-flow: login, registration, recovery, verification, and settings pages with Ory Elements. Next.js App Router and React SPA variants.
  • ory-social-login: Google, GitHub, Apple, Microsoft, Discord, and other OIDC providers with Jsonnet data mappers.
  • ory-local-dev: drive the local Ory stack (below) from within Gemini to prototype and test against without a remote project.

Skills are versioned with the extension so guidance stays in sync as Ory APIs evolve.

Ory MCP server

Bundled and registered automatically. It exposes the Ory CLI and the Ory Network REST API as MCP tools so Gemini can manage identities, OAuth2 clients, projects, permission tuples, and configuration without ever leaving the chat. Useful for seeding test data, verifying a scaffolded integration, or running one-off admin tasks.

Local Ory stack in one command

/ory:local-up      # start a local Ory instance in Docker
/ory:local-down    # tear it all down

local up runs a local Ory instance in Docker, covering everything the extension and your scaffolded application need. It also brings up a login UI on :3000 and Jaeger on :16686, all reachable through http://localhost:4000. A test user identity is seeded and the credentials are printed for you. Use it to:

  • Learn Ory hands-on without signing up for a hosted project.
  • Prototype flows (login, social, MFA, recovery, permission tuples) against a real Ory backend in your local dev loop.
  • Test an auth integration end-to-end before pushing anything to a real environment.
  • Develop your application against the same identity, OAuth2, and permission surfaces you'll ship with.

Point ORY_PROJECT_URL at http://localhost:4000 (or run npx ory-gemini configure) and the security features below run against the local stack.

Configure

npx ory-gemini configure --project-url https://<id>.projects.oryapis.com --api-key ory_pat_...

Config is saved to ~/.config/ory-agent-plugins/config.json and shared across every Ory agent plugin or extension on the machine. Without it the extension still loads cleanly and runs in pass-through mode: skills and commands work, but nothing is blocked.

Agent security (Argus)

Once the extension is pointed at an Ory project (local or hosted), Gemini's session and every tool call are governed by Ory.

  • Authentication. Two identities. The human at the keyboard (the user) authenticates interactively via Ory Identities when ORY_AUTH_GATE=1. The Gemini process (the agent) gets its own OAuth2 identity, self-registered via Dynamic Client Registration on first run.
  • Authorization. Before any tool runs, the extension checks Ory Permissions against the user's subject and blocks the call on deny. MCP tool calls additionally get a server-level check.
  • Audit. Every decision (allow, deny, fallback) is recorded as a structured trace span: NDJSON file output and/or OTLP/HTTP export to Jaeger, Honeycomb, Grafana, and similar collectors. The user-to-agent delegation is written to Ory as a Zanzibar tuple so "agent X acting on behalf of user Y" stays queryable after tokens expire.

The extension is fail-open on its own infrastructure failures (network errors, rate limits, missing config), so enforcement is only as strong as your tuples; grant explicit invoke relations for the tools each user should be able to run.

CLI

npx ory-gemini install                             [--link]
npx ory-gemini uninstall
npx ory-gemini configure                           [--project-url <url>] [--api-key <key>] [--audit-only]
npx ory-gemini agent <status|unregister>           Manage the agent's OAuth2 identity
npx ory-gemini local <up|down|status|seed|logs|env|configure|reset>
npx ory-gemini status

License

Apache-2.0