feat(webui): add /web slash command with browser-based chat GUI#24369
feat(webui): add /web slash command with browser-based chat GUI#24369TIPC1110 wants to merge 13 commits intogoogle-gemini:mainfrom
Conversation
Add a new `@google/gemini-cli-webui` package that provides a Material You web dashboard served on localhost:11267. The `/web` command in the CLI launches the server and opens the browser. Features: - SSE-streamed chat with the configured Gemini model - Model picker with auto/pro/flash/flash-lite tiers and thinking badges - @-mention file attachment with fuzzy search - File creation via __FILE: syntax with approve/decline/session approval flow - Context token usage tracking panel - Collapsible thinking blocks and tool-call cards - CLI session resume — browse and load saved conversations - Slash commands: /model, /clear, /resume, /stats, /tools, /memory, /init, /theme, /copy, /about, /docs, /compress, /corgi, /help - Directory picker for workspace switching - 4 themes: dark, light, ocean, forest (Material Design 3 tokens) - Responsive layout: desktop sidebar, tablet, mobile bottom-sheet - Session delete with confirmation dialog - Security: localhost-only binding, path traversal prevention, CORS restricted Architecture: - packages/webui/src/server.ts — HTTP server, HTML template, route dispatch - packages/webui/src/api.ts — API handlers (chat, commands, files, models, sessions) - packages/webui/src/client.ts — Browser JS as template literal (ES5 compat) - packages/webui/src/styles.ts — CSS with MD3 design tokens - packages/webui/src/tokens.ts — Material Design 3 color schemes - packages/webui/src/icons.ts — SVG icon helpers - packages/cli/src/ui/commands/webCommand.ts — thin bridge to SlashCommand Docs: docs/cli/web-gui.md Signed-off-by: TIPC1110 <tienichpc1110@gmail.com>
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces a browser-based chat interface for the Gemini CLI, significantly enhancing the user experience by providing a visual dashboard. The new web GUI allows users to interact with Gemini models, manage project files, and track session context in a modern, responsive environment while maintaining the existing authentication and configuration of the CLI. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a new web-based GUI for the Gemini CLI, allowing users to interact with the AI assistant through a browser-based interface served locally. The changes include the addition of a new package @google/gemini-cli-webui, a new /web slash command in the CLI, and the necessary server and client-side logic to support chat streaming, file operations, and model selection. My review identified several critical and high-severity security vulnerabilities related to Cross-Site Scripting (XSS) in the client-side rendering logic and potential path traversal issues in the API handlers. Additionally, I have provided feedback on improving the efficiency and workspace awareness of the file search functionality and suggested propagating AbortSignals for better resource management during chat streaming.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
- Replace all inline onclick handlers containing user-controlled data (file paths, session IDs) with data-* attributes wired via addEventListener/event delegation to eliminate XSS vectors flagged by Gemini Code Assist review - Add escJsHtml() helper that HTML-encodes after JS-escaping for contexts where an attribute value holds a JS string literal - Use fs.realpath() in handleFileRead, handleFileWrite, handleFileOpen before the startsWith prefix check to prevent symlink-based path traversal (CVE class: symlink escape) - Make handleFileSearch workspace-aware: accept optional cwd from request body so @ mentions respect the directory selected in the UI - Use path.sep instead of hardcoded '/' in file search scoring for cross-platform correctness (Windows backslash paths) Signed-off-by: TIPC1110 <tienichpc1110@gmail.com>
TIPC1110
left a comment
TIPC1110
left a comment
There was a problem hiding this comment.
feat(webui): add /web slash command with browser-based chat GUI
The function is no longer called after makeSI was refactored to use data-* attributes and addEventListener. Signed-off-by: TIPC1110 <tienichpc1110@gmail.com>
gemini-cli
bot
added
the
priority/p1
- Add /web command example to README quick examples - Document Web GUI in Advanced Capabilities section - Add v0.36.0 changelog entry for Web GUI feature This update documents the new browser-based chat interface that provides Material You design, model picker, file attachments, and session management at localhost:11267.
|
Hi @google-gemini/gemini-cli-maintainers! 👋 I wanted to follow up on this PR that introduces a Web GUI for Gemini CLI with a browser-based chat interface. SummaryThis PR adds a
Status✅ All automated reviews completed (gemini-code-assist) TestingThe web GUI has been tested locally and provides a smooth browser-based alternative to the terminal UI while reusing the same authentication and configuration. Could you please review when you have a chance? Happy to make any needed changes! 🙏 /cc @google-gemini/gemini-cli-askmode-approvers @google-gemini/gemini-cli-docs |
|
Hi @TIPC1110 👋 Thanks for the PR! The Going to have to close this PR as it does not have a linked issue and is for a large feature that has not been approved or discussed. Please file an issue for the feature request and then folks can chat about whether this is a feature we want to support in the near term. 👍 |
2 participants
Add a new
@google/gemini-cli-webuipackage that provides a Material You web dashboard served on localhost:11267. The/webcommand in the CLI launches the server and opens the browser.Features:
Architecture:
Docs: docs/cli/web-gui.md
Summary
Details
Related Issues
How to Validate
Pre-Merge Checklist