Gemini (Enterprise)

What you will set up

By the end of this guide, you will have:

• The Gomboc Enterprise plugin package extracted locally on your machine

• The gomboc Gemini CLI extension installed locally

• A valid GOMBOC_API_TOKEN configured for the extension

• Docker available so the ORL container runtime can run

• A working Gemini CLI flow for Gomboc enterprise remediation and rule workflows

For background on ORL, see ORL (Open Remediation Language). For Gomboc rule concepts, see Rules

Who this is for

This guide is for Gomboc Enterprise customers who:

• use Gemini CLI as their coding agent

• have a valid Gomboc Enterprise subscription

• need enterprise remediation, rule authoring, or rule publishing workflows

Prerequisites

Before you start, make sure you have the following.

Gemini CLI

• Gemini CLI must be installed and authenticated on your machine.

• Confirm the extension manager is available: gemini extensions list

For Gemini CLI extension internals, see the Gemini CLI Extensions reference.

Enterprise Skills Plugin Package

• The plugin is distributed as a zip package via a Google Drive link shared by your Gomboc contact during onboarding.

• Download the zip and extract it to a stable location on your machine (for example ~/gomboc/gomboc-enterprise-skills/). The same extracted folder works for all four supported agent runtimes; you only need to do this once.

• To upgrade later, download the new zip your Gomboc contact provides and replace the extracted folder (or extract alongside and re-point the install commands to the new path).

Gomboc API token

• You need a valid GOMBOC_API_TOKEN. See Generate A Personal Access Token.

Docker (for the ORL runtime)

• The Gomboc Enterprise extension runs ORL through the public gombocai/orl:latest container image, managed automatically by the agent.

• Install Docker Desktop or Docker Engine for your operating system and confirm the daemon is running: docker info

For ORL concepts, see Custom Rules Quickstart

Step 1: Download and extract the plugin package

Download the zip file from the Google Drive link your Gomboc contact provided and extract it:

For the rest of this guide, the path ~/gomboc/gomboc-enterprise-skills/ refers to the extracted folder. Adjust it to wherever you extracted the zip.

Gemini CLI reads the extension manifest from plugins/gomboc/gemini-extension.json inside this folder.

Step 2: Install the Gomboc enterprise extension

Link the extension from the extracted folder into Gemini CLI. Use the absolute path to plugins/gomboc/ inside the extracted folder:

link creates a symbolic link from the Gemini CLI extensions directory to the extracted plugin folder, so when you receive a new zip from your Gomboc contact and replace the folder contents in place, the updates are picked up automatically on the next Gemini CLI session restart — no separate update step is needed.

Verify the extension is installed:

You should see gomboc in the list. Restart your Gemini CLI session if it was already running.

Step 3: Configure your Gomboc token

The gomboc extension declares GOMBOC_API_TOKEN as a required setting (defined in gemini-extension.json). When you install the extension, Gemini CLI prompts you for it. Paste the token from Generate A Personal Access Token when prompted.

If you skipped configuration on install, set the token via your shell environment before launching Gemini CLI:

Step 4: Confirm the ORL runtime

The gomboc plugin's orl skill resolves the runtime for you. It uses a local orl binary when one is on your PATH, and otherwise runs ORL through the gombocai/orl:latest Docker container (pulled automatically on first use). You do not invoke the runtime directly.

Verify the integration end-to-end by asking the agent to run the orl skill with the version subcommand. The skill prints the resolved ORL version and reports the execution method (local binary or container image).

In Gemini CLI, run the namespaced command: /gomboc:orl version

If the call fails (no version returned, or an error referencing the runtime), see ORL runtime not available under Troubleshooting below.

Step 5: Run your first Gomboc workflow

Once the extension, token, and ORL runtime are in place, launch Gemini CLI in a project directory and use the namespaced slash commands provided by the extension. All commands are registered as /gomboc:<name> from commands/gomboc/*.toml.

Diagnose a codebase

Use: /gomboc:diagnose <path> [--policy <name>]

Scans the target path for security and compliance violations across the loaded Gomboc classifications.

Fix a concrete issue in code

Use: /gomboc:fix <policy-description> [--files <file1,file2,...>]

Runs the analyze-context → build-fix → apply-fix pipeline to apply a targeted remediation for a real violation.

Enforce a policy end to end

Use: /gomboc:enforce <path> <policy> [--create-missing] [--publish] [--dry-run]

Runs the full enforcement loop: diagnose, assess rule coverage, apply existing rules, optionally create missing rules, and verify compliance.

Create a classification from a policy document

Use: /gomboc:new-policy <source> [--org <namespace>] [--languages <lang1,lang2>]

Parses a policy URL, standard ID, or local file and creates a Gomboc classification plus per-language use cases.

Create a reusable rule

Use: /gomboc:new-rule <classification-name> [--language <lang>] [--use-case-path <path>]

Builds a production-quality ORL rule from an existing classification, runs the 12-item review, and applies metadata enrichment.

Release or publish a rule

Use: /gomboc:release <rule-package-path> [--push]

Releases a reviewed rule package either via PR to the org rule repository or directly to the Gomboc Rules Service. For details about publishing ORL rules, see Publish and Rule Service API

Save an in-context fix as a persistent rule

Use: /gomboc:save-rule [--classification <name>] [--generalize] [--push]

Promotes a .gomboc/orl-rules/ package created by /gomboc:fix into the org's persistent rule repository.

Troubleshooting

Use this section to diagnose the most common setup issues.

Plugin package download or extraction issues

If the zip file provided by your Gomboc contact cannot be downloaded or extracted:

• Confirm the Google Drive link is still valid and has not expired. Ask your Gomboc contact to re-share if needed.

• Confirm the download completed fully before extracting — a partial download will fail silently or produce an empty folder.

• On macOS, if unzipping via Finder produces an incomplete result, prefer the terminal: unzip ~/Downloads/gomboc-enterprise-skills.zip -d ~/gomboc/

• Confirm you have write access to the destination folder.

If you are still unable to obtain the package, contact your Gomboc representative.

Gemini extensions install fails

If the install command fails:

• Confirm Gemini CLI is up to date.

• Confirm you are pointing at the directory that contains gemini-extension.json, i.e. plugins/gomboc inside the extracted folder, not the extracted folder's root.

• Run gemini extensions list to check whether a previous install left a stale entry; remove it with gemini extensions uninstall gomboc and retry.

Extension installed but commands do not appear

If gemini extensions list shows gomboc but /gomboc:diagnose and the other commands are missing:

• Quit and restart Gemini CLI. Extension changes take effect on session restart.

• Confirm the extension is enabled: gemini extensions enable gomboc.

• For install-based setups, replace the extracted folder with the latest zip your Gomboc contact provides and run gemini extensions update gomboc. For link-based setups, just restart Gemini CLI — the symlink picks up changes automatically.

Token configuration errors

If the extension reports authentication or token errors:

• Confirm that GOMBOC_API_TOKEN is configured for the extension or exported in your shell.

• Confirm that the token is valid and has not expired.

• Generate or rotate your token — see Generate A Personal Access Token

• Restart Gemini CLI after updating the token.

ORL runtime not available

If a Gomboc command reports that ORL cannot be executed:

• Run docker info to confirm Docker is installed and the daemon is running.

• Pull the image manually to confirm registry access: docker pull gombocai/orl:latest

• If you maintain a local orl binary, confirm it is on PATH with command -v orl.

• Restart your terminal and Gemini CLI after fixing Docker or PATH.

ORL command runs but remediation fails

If ORL launches but the workflow does not complete:

• Confirm that you are running Gemini CLI from the correct project or workspace.

• Confirm that the target files are supported by the workflow you are running.

• Confirm that your GOMBOC_API_TOKEN is valid.

• Review the Gemini CLI output for rule, language, workspace, or authentication errors.

For ORL concepts and supported rule workflows, see ORL (Open Remediation Language) and Workspace

Extension updates do not appear

If a new version of the extension is available but Gemini CLI still shows an older version:

• Replace the extracted folder contents with the latest zip your Gomboc contact provided.

• For install-based setups: gemini extensions update gomboc

• For link-based setups, the symlink picks up changes automatically; just restart Gemini CLI.

Still need help?

If you are still blocked, contact the Gomboc team with:

• the step where the setup failed

• the error message you received

• the absolute path to your extracted plugin folder

• the output of gemini extensions list

• the output of docker info (or orl --help, if you use a local binary)

See Support for support channels.