feat(policies): add gemini preset

[AbbyJL]

Summary

Adds a new gemini policy preset for Google Gemini API access so the repo can route the Generative Language API through a dedicated, security-scoped preset. This keeps Gemini access consistent with the other policy presets and makes the allowed network surface explicit.

Related Issue

None.

Changes

• Added nemoclaw-blueprint/policies/presets/gemini.yaml with the Gemini host, REST routing rules, and binary allowlist.
• Updated test/policies.test.ts to include the new preset in the preset list assertions.
• Added coverage for preset endpoint extraction and the Gemini preset policy details.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• npm run docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

Additional Verification

• npm run build:cli
• npm test -- --run test/policies.test.ts

---

DCO sign-off required by CI.
Signed-off-by: AbbyJL 454816714@qq.com

Summary by CodeRabbit

• New Features

  • Introduced a new Google Gemini API preset providing secure, pre-configured access to Generative Language API endpoints with network security policies and authorized binary allowlist.

• Tests

  • Added comprehensive test coverage for the Gemini preset, validating endpoint extraction, network policy configuration, REST routing rules, and authorized binary restrictions.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds a new Gemini preset enabling Google Gemini API access with enforced network policies. The preset defines allowed REST endpoints on generativelanguage.googleapis.com:443 and specifies permitted binaries (node and curl). Tests validate preset discovery, configuration parsing, and endpoint extraction.

Changes

Gemini API Preset and Coverage

Layer / File(s)	Summary
Gemini preset definition nemoclaw-blueprint/policies/presets/gemini.yaml	New preset defining Google Gemini API access with enforced GET/POST rules to /v1beta/openai/** on port 443, and whitelisted node and curl binaries.
Test coverage for Gemini preset test/policies.test.ts	Updated listPresets test to include gemini, added loadPreset("gemini") test validating endpoint port/protocol/enforcement and REST rules, and added getPresetEndpoints test confirming endpoint host extraction.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

A fluffy blueprint hops with glee,
Gemini's path now open and free,
Google's great API takes flight,
With tests that glow oh-so-bright. 🚀✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a gemini preset to the policies. It is concise, specific, and clearly summarizes the primary feature addition.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/policies.test.ts`:
- Line 184: The file exceeds the test-size guardrail because multiple
Gemini-specific assertions (the tests containing the "gemini" string and the
related assertion blocks you added) were added to the large policies test;
extract all Gemini-focused tests into a new, focused test file (e.g.,
policies-gemini.test.ts): locate the top-level describe/it blocks that reference
"gemini" and the related assertion groups you added, copy them into the new
file, ensure any shared helpers/imports used by those blocks are imported there,
then remove those blocks from the original test file so the original drops under
the size budget and the new file runs the Gemini assertions separately.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 4a7cf623-2aa8-40c9-8a18-39f48efad02c

📥 Commits

Reviewing files that changed from the base of the PR and between 2c5283c and c7340d8.

📒 Files selected for processing (2)

• nemoclaw-blueprint/policies/presets/gemini.yaml
• test/policies.test.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Split the new Gemini tests into a dedicated test file to unblock CI.

This file now fails the test-size guardrail (3174 > 2763). Please move the newly added Gemini assertions into a focused file (e.g., test/policies-gemini.test.ts) so test/policies.test.ts drops back under budget.

Also applies to: 233-255, 502-506

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/policies.test.ts` at line 184, The file exceeds the test-size guardrail
because multiple Gemini-specific assertions (the tests containing the "gemini"
string and the related assertion blocks you added) were added to the large
policies test; extract all Gemini-focused tests into a new, focused test file
(e.g., policies-gemini.test.ts): locate the top-level describe/it blocks that
reference "gemini" and the related assertion groups you added, copy them into
the new file, ensure any shared helpers/imports used by those blocks are
imported there, then remove those blocks from the original test file so the
original drops under the size budget and the new file runs the Gemini assertions
separately.

Source: Pipeline failures