fix: add missing type field to MCPServerConfig

[jackwotherspoon]

Summary

Fix regression where type was added to gemini mcp add command but not MCPServerConfig causing startup to fail with servers added with gemini mcp add command.

• Adds missing type field to MCPServerConfig schema with enum values ['sse', 'http']
• Updates url field description to clarify it works with SSE and HTTP transports
• Adds regression tests to validate MCP configs with the type field

Details

The gemini mcp add command was updated to write a type field (e.g., type: 'sse' or type: 'http') when adding remote MCP servers.

However, the MCPServerConfig schema in settingsSchema.ts was not updated to include this field.

Since the schema uses additionalProperties: false, Zod validation rejects any unknown properties, causing startup failures:

Invalid configuration in /path/to/.gemini/settings.json:

Error in: mcpServers.sentry
    Unrecognized key(s) in object: 'type'

Test plan

• Added test that validates MCP configs with type: 'sse', type: 'http'
• Added test that rejects invalid type values

Related Issues

Fixes #15450
Fixes #15449

How to Validate

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello @jackwotherspoon, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a regression where the type field, recently introduced by the gemini mcp add command, was not recognized by the MCPServerConfig schema. This oversight led to configuration validation failures. The changes rectify this by integrating the type field into the schema, enhancing the url field's description for better clarity, and introducing comprehensive tests to prevent future regressions in configuration validation.

Highlights

• Schema Update: The MCPServerConfig schema has been updated to include the missing type field, which supports stdio, sse, and http transport types.
• Documentation Clarity: The description for the url field in MCPServerConfig has been clarified to indicate its compatibility with SSE and HTTP transports.
• Regression Tests: New regression tests have been added to validate MCPServerConfig entries with the type field, covering valid and invalid transport types.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: +277 B (0%)

Total Size: 22 MB

ℹ️ View Unchanged

Filename	Size	Change
./bundle/gemini.js	22 MB	+277 B (0%)
./bundle/sandbox-macos-permissive-closed.sb	1.03 kB	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-closed.sb	3.29 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request correctly adds the missing "type" field to the "MCPServerConfig" schema, resolving a startup failure. However, it introduces a high-severity Command Injection vulnerability by making it easier to configure MCP servers to run local commands ("stdio" transport), potentially leading to arbitrary code execution. This also creates a critical risk of silent misconfiguration, necessitating stricter validation for robust and unambiguous configuration.

[jacob314]

approved after one minor testing comment is addressed.

[jacob314]

[jackwotherspoon]

/patch preview

[github-actions]

✅ Patch workflow(s) dispatched successfully!

📋 Details:

• Channels: preview
• Commit: e9a601c1fe87b17650d9942fd4fe493322615fd8
• Workflows Created: 1

🔗 Track Progress:

• View patch workflows
• This workflow run

[github-actions]

🚀 Patch PR Created!

📋 Patch Details:

• Environment: prod
• Channel: preview → will publish to npm tag preview
• Commit: e9a601c1fe87b17650d9942fd4fe493322615fd8
• Hotfix Branch: hotfix/v0.23.0-preview.3/0.23.0-preview.4/preview/cherry-pick-e9a601c/pr-15465
• Hotfix PR: #15682

📝 Next Steps:

1. Review and approve the hotfix PR: #15682
2. Once merged, the patch release will automatically trigger
3. You'll receive updates here when the release completes

🔗 Track Progress:

• View hotfix PR #15682

[github-actions]

🚀 Patch Release Started!

📋 Release Details:

• Environment: prod
• Channel: preview → publishing to npm tag preview
• Version: v0.23.0-preview.3
• Hotfix PR: Merged ✅
• Release Branch: release/v0.23.0-preview.3-pr-15465

⏳ Status: The patch release is now running. You'll receive another update when it completes.

🔗 Track Progress:

• View release workflow