Add GitHub workflow and documentation for Gemini agent

Copilot · FuzzysTodd · Copilot · commit 72e45ddca2da · 2026-02-15T04:57:58.000Z
Co-authored-by: FuzzysTodd &lt;157565446+FuzzysTodd@users.noreply.github.com&gt;
diff --git a/.github/workflows/gemini-code-analysis.yml b/.github/workflows/gemini-code-analysis.yml
@@ -0,0 +1,66 @@
+name: Gemini Code Analysis
+
+on:
+  workflow_dispatch:
+    inputs:
+      file_path:
+        description: 'Path to the file to analyze'
+        required: true
+        type: string
+  pull_request:
+    types: [opened, synchronize]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
+        with:
+          persist-credentials: false
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+
+      - name: Run Gemini Analysis (Manual)
+        if: github.event_name == 'workflow_dispatch'
+        env:
+          GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
+        run: |
+          if [ -z "$GEMINI_API_KEY" ]; then
+            echo "Warning: GEMINI_API_KEY secret is not set. Skipping analysis."
+            exit 0
+          fi
+          node scripts/gemini_agent.js "${{ github.event.inputs.file_path }}" --api-key="$GEMINI_API_KEY"
+
+      - name: Run Gemini Analysis (PR)
+        if: github.event_name == 'pull_request'
+        env:
+          GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
+        run: |
+          if [ -z "$GEMINI_API_KEY" ]; then
+            echo "Warning: GEMINI_API_KEY secret is not set. Skipping analysis."
+            exit 0
+          fi
+          
+          # Get list of changed files in the PR
+          CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}...HEAD | grep -E '\.(go|js|ts|sol)$' || true)
+          
+          if [ -z "$CHANGED_FILES" ]; then
+            echo "No relevant files changed in this PR."
+            exit 0
+          fi
+          
+          # Analyze each changed file
+          echo "$CHANGED_FILES" | while read -r file; do
+            if [ -f "$file" ]; then
+              echo "Analyzing $file..."
+              node scripts/gemini_agent.js "$file" --api-key="$GEMINI_API_KEY" || true
+            fi
+          done
diff --git a/scripts/GEMINI_AGENT_README.md b/scripts/GEMINI_AGENT_README.md
@@ -0,0 +1,83 @@
+# Gemini Code Analysis Agent
+
+This script uses Google's Gemini AI model to analyze code for potential vulnerabilities, best practice deviations, and mathematical instability.
+
+## Features
+
+- Analyzes code files using the Gemini 2.5 Flash Preview model
+- Provides a Protocol Stability Score (1-10)
+- Identifies potential flaws and security issues
+- Suggests repaired code when issues are found
+
+## Prerequisites
+
+- Node.js 18+ (which includes built-in fetch support)
+- A Google Gemini API key
+
+## Usage
+
+### Command Line
+
+```bash
+node scripts/gemini_agent.js <filepath> --api-key=<your_key>
+```
+
+Example:
+```bash
+node scripts/gemini_agent.js ./pkg/model/model.go --api-key=your_gemini_api_key
+```
+
+### GitHub Actions
+
+The script can be run automatically via GitHub Actions:
+
+1. **Manual Trigger**: Go to Actions → "Gemini Code Analysis" → Run workflow, and specify the file path
+2. **Automatic PR Analysis**: The workflow will automatically analyze changed files in pull requests (if GEMINI_API_KEY secret is configured)
+
+## Setting up the API Key
+
+### For Local Development
+
+```bash
+node scripts/gemini_agent.js path/to/file.go --api-key=YOUR_API_KEY
+```
+
+### For GitHub Actions
+
+Add `GEMINI_API_KEY` as a repository secret:
+
+1. Go to your repository settings
+2. Navigate to Secrets and variables → Actions
+3. Add a new secret named `GEMINI_API_KEY`
+4. Paste your Google Gemini API key
+
+## Getting a Gemini API Key
+
+1. Visit [Google AI Studio](https://makersuite.google.com/app/apikey)
+2. Sign in with your Google account
+3. Create a new API key
+4. Copy the key for use with this script
+
+## Output
+
+The script will output:
+- Protocol Stability Score (1-10)
+- Summary of potential flaws
+- Repaired code block (if issues are found)
+- "NO REPAIR NEEDED" (if code is perfect)
+
+## Error Handling
+
+The script includes comprehensive error handling:
+- Missing API key: Shows usage instructions
+- Missing file: Shows file read error
+- API failures: Shows detailed error message
+- Network issues: Gracefully handles fetch failures
+
+## Note
+
+This is a conceptual implementation designed for protocol analysis. The script can be extended to:
+- Write repaired code back to files
+- Comment on GitHub PRs with analysis results
+- Support batch analysis of multiple files
+- Integrate with CI/CD pipelines
