feat(core): add skill patching support with /memory inbox integration

[SandyTao520]

Summary

Add skill patching support so the extraction agent can propose updates to existing skills that live outside its writable directory (global or workspace skills). Replaces git-based patch validation with the pure-JS diff library (already a project dependency), removing the requirement for git to be installed. Integrates patch review into the /memory inbox UI alongside new skills.

Details

New module: memoryPatchUtils.ts — Core patch engine using Diff.parsePatch/Diff.applyPatch. Validates that patch targets are within allowed skill roots (global ~/.gemini/skills/ or project .gemini/skills/), resolves symlinks safely, and supports dry-run application with detailed typed error reasons.

Patch lifecycle in commands/memory.ts:

• listInboxPatches — scans skills memory dir for .patch files, parses them into structured InboxPatch entries.
• applyInboxPatch — validates headers → checks workspace trust → dry-run → stages to temp files (exclusive writes) → atomically renames to targets → rolls back on partial failure → deletes .patch on success.
• dismissInboxPatch — deletes the .patch file from inbox.

Memory service integration (memoryService.ts):

• New validatePatches function parses and dry-run applies every .patch file, deleting invalid ones.
• Extraction flow snapshots pre-existing patch contents, validates post-extraction, detects new/updated patches, and emits feedback for both skills and patches.
• Existing skills summary now includes file paths for global/workspace skills so the extraction agent can produce correct patch headers.

Extraction agent prompt (skill-extraction-agent.ts):

• New "UPDATING EXISTING SKILLS (PATCHES)" section instructs the LLM to produce unified diff .patch files targeting skills outside its directory, with strict formatting rules.

Inbox UI overhaul (SkillInboxDialog.tsx):

• Phase model expanded: list → skill-preview → skill-action for skills, list → patch-preview for patches.
• Unified item list with section headers when both types are present.
• Skills now show a SKILL.md diff preview before move/dismiss.
• Patches show per-file diffs via DiffRenderer with Apply/Dismiss actions.
• Origin tags ([Global], [Workspace], etc.) displayed on patches.
• Renamed "Skill Inbox" → "Memory Inbox" throughout.

Security:

• Patch targets are constrained to allowed skill roots with symlink-resolved path validation.
• Project skill patches are blocked in untrusted workspaces.
• Atomic multi-file writes with rollback on partial failure.

Related Issues

Related to #24272

How to Validate

1. New skill flow (unchanged): Run a session, let the extraction agent create a new skill, then use /memory inbox → verify the skill appears with a SKILL.md preview, and can be moved (Global/Project) or dismissed.

2. Patch flow: Place a valid .patch file in the project's .gemini/memory/skills/ directory targeting an existing global or workspace skill:

   --- /Users/<you>/.gemini/skills/my-skill/SKILL.md
   +++ /Users/<you>/.gemini/skills/my-skill/SKILL.md
   @@ -1,3 +1,4 @@
    ---
    name: my-skill
   +description: Updated description
    ---
   

   Then run /memory inbox → verify the patch appears under "Skill Updates" with an origin tag and diff preview → Apply it → verify the target file is updated and the .patch file is removed.

3. Invalid patch rejection: Create a .patch targeting a path outside skill directories (e.g. /etc/passwd). Run the memory service or /memory inbox apply → verify it's rejected with an appropriate error message.

4. Untrusted workspace: In an untrusted workspace, attempt to apply a patch targeting project skills → verify it's blocked with a trust-related error.

5. Atomic rollback: Create a multi-file .patch where the second file target is unwritable. Apply → verify the first file is rolled back to its original content.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[github-actions]

Size Change: +40.1 kB (+0.12%)

Total Size: 34.1 MB

Filename	Size	Change
./bundle/chunk-5MTPIP2P.js	0 B	-14.8 MB (removed)	🏆
./bundle/chunk-DEIUXSN4.js	0 B	-3.8 kB (removed)	🏆
./bundle/chunk-IKQTM5SS.js	0 B	-3.16 MB (removed)	🏆
./bundle/chunk-P52CHEF3.js	0 B	-1.96 MB (removed)	🏆
./bundle/core-3PWJQDRU.js	0 B	-46.2 kB (removed)	🏆
./bundle/devtoolsService-7M2QBO5S.js	0 B	-28.4 kB (removed)	🏆
./bundle/gemini-CKDWSP6B.js	0 B	-552 kB (removed)	🏆
./bundle/interactiveCli-LSIIXZ22.js	0 B	-1.66 MB (removed)	🏆
./bundle/oauth2-provider-M2XK32PX.js	0 B	-9.16 kB (removed)	🏆
./bundle/chunk-6ACRQYC3.js	3.54 MB	+3.54 MB (new file)	🆕
./bundle/chunk-CJDCONPV.js	3.8 kB	+3.8 kB (new file)	🆕
./bundle/chunk-MKPNQHQJ.js	1.96 MB	+1.96 MB (new file)	🆕
./bundle/chunk-RMB7AI6W.js	14.9 MB	+14.9 MB (new file)	🆕
./bundle/core-MV43VAGW.js	46.4 kB	+46.4 kB (new file)	🆕
./bundle/devtoolsService-FOLMO72V.js	28.4 kB	+28.4 kB (new file)	🆕
./bundle/gemini-YXMSHJNH.js	553 kB	+553 kB (new file)	🆕
./bundle/interactiveCli-R3WBGY2T.js	1.29 MB	+1.29 MB (new file)	🆕
./bundle/oauth2-provider-OTOLYYU7.js	9.16 kB	+9.16 kB (new file)	🆕

ℹ️ View Unchanged

Filename	Size	Change
./bundle/bundled/third_party/index.js	8 MB	0 B
./bundle/chunk-34MYV7JD.js	2.45 kB	0 B
./bundle/chunk-5AUYMPVF.js	858 B	0 B
./bundle/chunk-5PS3AYFU.js	1.18 kB	0 B
./bundle/chunk-664ZODQF.js	124 kB	0 B
./bundle/chunk-DAHVX5MI.js	206 kB	0 B
./bundle/chunk-IUUIT4SU.js	56.5 kB	0 B
./bundle/chunk-RJTRUG2J.js	39.8 kB	0 B
./bundle/cleanup-QDGW7GB4.js	0 B	-932 B (removed)	🏆
./bundle/devtools-36NN55EP.js	696 kB	0 B
./bundle/dist-T73EYRDX.js	356 B	0 B
./bundle/events-XB7DADIJ.js	418 B	0 B
./bundle/gemini.js	4.97 kB	0 B
./bundle/getMachineId-bsd-TXG52NKR.js	1.55 kB	0 B
./bundle/getMachineId-darwin-7OE4DDZ6.js	1.55 kB	0 B
./bundle/getMachineId-linux-SHIFKOOX.js	1.34 kB	0 B
./bundle/getMachineId-unsupported-5U5DOEYY.js	1.06 kB	0 B
./bundle/getMachineId-win-6KLLGOI4.js	1.72 kB	0 B
./bundle/memoryDiscovery-23MICZEL.js	0 B	-980 B (removed)	🏆
./bundle/multipart-parser-KPBZEGQU.js	11.7 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	222 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	229 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	13.4 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B
./bundle/src-QVCVGIUX.js	47 kB	0 B
./bundle/tree-sitter-7U6MW5PS.js	274 kB	0 B
./bundle/tree-sitter-bash-34ZGLXVX.js	1.84 MB	0 B
./bundle/cleanup-AHVGLLZD.js	932 B	+932 B (new file)	🆕
./bundle/memoryDiscovery-ZLS4FEK7.js	980 B	+980 B (new file)	🆕

_{compressed-size-action}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the agent's capability by enabling it to propose updates to existing skills, regardless of their storage location. By integrating a new, robust patching mechanism and a revamped 'Memory Inbox' UI, users can now seamlessly review and manage both new skill extractions and proposed skill updates. This change improves the agent's adaptability and maintainability of skills across different scopes, while also bolstering security through comprehensive patch validation and atomic application processes.

Highlights

• Skill Patching Support: Introduced the ability for the extraction agent to propose updates to existing skills that reside outside its writable directory (global or workspace skills) using unified diff .patch files.
• Memory Inbox Integration: Integrated patch review and management directly into the /memory inbox UI, allowing users to preview, apply, or dismiss skill updates alongside new skill proposals. The UI has been renamed from 'Skill Inbox' to 'Memory Inbox'.
• Enhanced Patch Engine: Developed a core patch engine (memoryPatchUtils.ts) that uses the diff library for applying patches, replacing the previous git-based validation. This engine includes robust validation for patch targets, safe symlink resolution, dry-run application, and atomic multi-file writes with rollback capabilities.
• Security and Validation: Implemented strict security measures for patches, including constraining targets to allowed skill roots, blocking project skill patches in untrusted workspaces, and validating patch integrity (e.g., correct headers, no hunks, non-existent new files).
• Agent Prompt Updates: Updated the extraction agent's prompt to include a new section on 'UPDATING EXISTING SKILLS (PATCHES)', providing clear instructions and strict formatting rules for generating .patch files.

Ignored Files

• Ignored by pattern: .gemini/** (1)
  • .gemini/settings.json

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request implements support for skill patches, enabling the AI agent to propose updates to existing skills via unified diffs. The changes include backend logic for atomic patch application with dry-run validation, UI updates to the 'Memory Inbox' for previewing changes, and security measures to restrict patches to authorized directories. Feedback was provided to address a potential unhandled exception when parsing malformed patch files in the applyInboxPatch function.

_{Note: Security Review did not run due to the size of the PR.}

[joshualitt]

Consider factoring out some of the new inbox management logic away from the command handling piece.

[joshualitt]

I wonder if we want some kind of diff utils to capture some of the diff idioms?