v0.49.0-nightly.20260625.gd845bc5d4
Gemini CLISummary
This release introduces significant new capabilities, including support for GDC air-gapped Service Identity and new CLI commands like "eval:inventory" with JSON output. Several critical bug fixes address path traversal vulnerabilities, resolve issues with pending tools and trust overrides, and stabilize the nightly release process.
New Features
- Enabled support for GDC air-gapped Service Identity after an authentication library update.
- Introduced the "eval:inventory" CLI command and associated reporting logic.
- Added JSON output format capability for the eval inventory report.
- Enabled tool registry discovery functionality.
Bug Fixes
- Prevented path traversal vulnerabilities during skill installation in the CLI.
- Fixed issues related to pending tools and trust overrides.
- Resolved a false positive background detection issue when using tmux.
- Fixed configuration migration where the coreTools setting was incorrectly handled; now correctly migrates to tools.core.
- Resolved an issue where defensive path resolution for at-reference files was failing (though this was later reverted, indicating a fix attempt).
- Fixed workspace publish failures and scheduler event loop starvation issues.
- Fixed CI issues by providing fallbacks for package variables during nightly releases.
- Fixed CI issues by appending a trailing slash to the registry URL in npmrc.
- Fixed CI issues by using a wombat dressing room fallback in nightly releases to prevent ENEEDAUTH errors.
- Fixed verification issues by ensuring npm ci ignores scripts during release verification.
- Prevented workspace binary shadowing during release verification in CI.
Improvements
- Dependencies have been pinned, and a 14-day update cooldown has been enforced.