feat: add Gemini skill integration and multi-user AI setup

.gemini/settings.json

@@ -0,0 +1,8 @@
+{
+  "context": {
+    "fileName": "GEMINI.md"
+  },
+  "experimental": {
+    "enableAgents": true
+  }
+}

.gemini/skills/server-manager/SKILL.md

@@ -0,0 +1,84 @@
+---
+name: server-manager
+description: Use ServerManager's shared local server inventory and ssh.py utility to manage configured SSH, Telnet, SQL, Redis, S3/MinIO, Grafana, Prometheus, and WinRM endpoints by alias without exposing credentials. Use when the user asks to operate on servers managed by ServerManager or when editing ServerManager's Claude/Codex/Gemini integration.
+---
+
+# Server Manager
+
+Use this skill for two cases:
+
+1. The user wants work done on a server or service already configured in ServerManager.
+2. The user wants to modify ServerManager's CLI/integration layer so Claude/Codex/Gemini can use it safely.
+
+## First Step
+
+Before any server operation:
+
+```bash
+$HOME/.server-connections/gemini-ssh --list
+```
+
+Read the `Type` column before choosing commands. Do not guess the server type.
+
+If the wrapper is missing, run the doctor script for your platform:
+
+```bash
+$HOME/.gemini/skills/server-manager/scripts/server-manager-gemini-doctor.sh
+```
+
+On Windows, use:
+
+```bat
+%USERPROFILE%\.gemini\skills\server-manager\scripts\server-manager-gemini-doctor.cmd
+```
+
+## Hard Rules
+
+- Never read `~/.server-connections/servers.json`, `settings.json`, or `encryption.py` directly.
+- Never use `--list-full`.
+- Never use raw `ssh`, `scp`, `rsync`, `redis-cli`, `mysql`, `psql`, `mc`, `aws s3`, or similar tools unless the user explicitly asks to bypass ServerManager.
+- Maximum one connection attempt per action. If it times out or fails, report it and stop.
+- `ALIAS "command"` is only for `ssh` and `telnet`.
+- `rdp` and `vnc` are GUI-only. Do not invent CLI access.
+- For S3/MinIO, list buckets and paths before upload, delete, or URL generation.
+- Ask for confirmation before destructive actions if the user's intent is not explicit.
+
+## Preferred Entry Points
+
+Use the shared wrapper:
+
+```bash
+$HOME/.server-connections/gemini-ssh ...
+```
+
+Safe discovery commands:
+
+```bash
+$HOME/.server-connections/gemini-ssh --list
+$HOME/.server-connections/gemini-ssh --info ALIAS
+$HOME/.server-connections/gemini-ssh --status
+```
+
+Read [references/command-matrix.md](references/command-matrix.md) when you need the per-type command matrix.
+
+## Server Operation Workflow
+
+1. Run `--list`.
+2. Match the alias using notes/type, not credentials.
+3. Pick commands strictly from the server type.
+4. Execute exactly one action.
+5. Report the result without exposing IPs, logins, passwords, ports, or secrets.
+
+## Working On ServerManager Itself
+
+Read [references/project.md](references/project.md) before changing integration code.
+
+Source-of-truth files:
+
+- `tools/ssh.py`: local CLI used by AI tools
+- `tools/skill-ssh.md`: current Claude `/ssh` instructions
+- `core/claude_setup.py`: installer for shared CLI files and AI skills
+- `build.py`: auto-deploys `ssh.py`, `encryption.py`, Claude/Codex/Gemini skills after builds
+- `README.md`, `CLAUDE.md`, and `GEMINI.md`: project-level rules and architecture
+
+If you change command semantics in `tools/ssh.py`, update the user-facing instructions alongside it.

.gemini/skills/server-manager/references/command-matrix.md

@@ -0,0 +1,91 @@
+# Command Matrix
+
+Always identify the server type first with:
+
+```bash
+$HOME/.server-connections/gemini-ssh --list
+```
+
+## Type To Command Map
+
+| Type | Use | Do Not Use |
+| --- | --- | --- |
+| `ssh` | `ALIAS "command"`, `--upload`, `--download`, `--ping`, `--install-key` | n/a |
+| `telnet` | `ALIAS "command"` | `--upload`, `--download`, `--install-key` |
+| `mariadb`, `mssql`, `postgresql` | `--sql`, `--sql-databases`, `--sql-tables` | `ALIAS "command"` |
+| `redis` | `--redis`, `--redis-info`, `--redis-keys` | `ALIAS "command"` |
+| `s3` | `--s3-buckets`, `--s3-ls`, `--s3-upload`, `--s3-download`, `--s3-delete`, `--s3-url`, `--s3-create-bucket` | `ALIAS "command"`, SSH/SFTP commands |
+| `grafana` | `--grafana-dashboards`, `--grafana-alerts` | `ALIAS "command"` |
+| `prometheus` | `--prom-query`, `--prom-targets`, `--prom-alerts` | `ALIAS "command"` |
+| `winrm` | `--ps`, `--cmd` | `ALIAS "command"` |
+| `rdp`, `vnc` | GUI only | all CLI actions |
+
+## Common Safe Commands
+
+```bash
+$HOME/.server-connections/gemini-ssh --list
+$HOME/.server-connections/gemini-ssh --info ALIAS
+$HOME/.server-connections/gemini-ssh --status
+$HOME/.server-connections/gemini-ssh --set-note ALIAS "description"
+```
+
+## SSH And Telnet
+
+```bash
+$HOME/.server-connections/gemini-ssh ALIAS "command"
+$HOME/.server-connections/gemini-ssh ALIAS --no-sudo "command"
+$HOME/.server-connections/gemini-ssh ALIAS --upload "local" //remote/path
+$HOME/.server-connections/gemini-ssh ALIAS --download //remote/path "local"
+$HOME/.server-connections/gemini-ssh ALIAS --ping
+```
+
+Use double slashes for remote SSH/SFTP paths when working from Git Bash style environments.
+
+## SQL
+
+```bash
+$HOME/.server-connections/gemini-ssh --sql ALIAS "SELECT * FROM table LIMIT 10"
+$HOME/.server-connections/gemini-ssh --sql-databases ALIAS
+$HOME/.server-connections/gemini-ssh --sql-tables ALIAS [database]
+```
+
+## Redis
+
+```bash
+$HOME/.server-connections/gemini-ssh --redis ALIAS "GET key"
+$HOME/.server-connections/gemini-ssh --redis-info ALIAS
+$HOME/.server-connections/gemini-ssh --redis-keys ALIAS "pattern:*"
+```
+
+## S3 / MinIO
+
+Before modifying objects:
+
+```bash
+$HOME/.server-connections/gemini-ssh --s3-buckets ALIAS
+$HOME/.server-connections/gemini-ssh --s3-ls ALIAS bucket/prefix/
+```
+
+Then act:
+
+```bash
+$HOME/.server-connections/gemini-ssh --s3-upload ALIAS "local" bucket/key
+$HOME/.server-connections/gemini-ssh --s3-download ALIAS bucket/key "local"
+$HOME/.server-connections/gemini-ssh --s3-delete ALIAS bucket/key
+$HOME/.server-connections/gemini-ssh --s3-url ALIAS bucket/key [seconds]
+$HOME/.server-connections/gemini-ssh --s3-create-bucket ALIAS bucket-name
+```
+
+Do not treat S3 as a shell filesystem.
+
+## Grafana / Prometheus / WinRM
+
+```bash
+$HOME/.server-connections/gemini-ssh --grafana-dashboards ALIAS
+$HOME/.server-connections/gemini-ssh --grafana-alerts ALIAS
+$HOME/.server-connections/gemini-ssh --prom-query ALIAS "up"
+$HOME/.server-connections/gemini-ssh --prom-targets ALIAS
+$HOME/.server-connections/gemini-ssh --prom-alerts ALIAS
+$HOME/.server-connections/gemini-ssh --ps ALIAS "Get-Process"
+$HOME/.server-connections/gemini-ssh --cmd ALIAS "dir"
+```

.gemini/skills/server-manager/references/project.md

@@ -0,0 +1,73 @@
+# Project Notes
+
+This skill is based on `/home/code/Desktop/CODING/server-manager`.
+
+## What ServerManager Is
+
+ServerManager is a cross-platform desktop GUI built with CustomTkinter. It manages multiple remote endpoint types through one local encrypted inventory:
+
+- SSH / Telnet
+- MariaDB / MSSQL / PostgreSQL
+- Redis
+- S3 / MinIO
+- Grafana
+- Prometheus
+- WinRM
+- RDP / VNC launchers
+
+## Core Integration Model
+
+The GUI and CLI share one local backend:
+
+```text
+ServerManager GUI <-> ~/.server-connections/servers.json <-> ~/.server-connections/ssh.py
+```
+
+The AI never needs raw credentials. It only uses aliases and the local CLI.
+
+## Important Files
+
+- `README.md`: product overview and install flow
+- `CLAUDE.md`: project rules, architecture, security, workflow
+- `GEMINI.md`: Gemini-native project contract
+- `tools/ssh.py`: CLI entry point used by AI tools
+- `tools/skill-ssh.md`: current Claude `/ssh` instructions
+- `core/claude_setup.py`: installer for shared CLI files plus Claude/Codex/Gemini skill deployment
+- `build.py`: auto-deploys `ssh.py`, `encryption.py`, Claude skill, Codex skill, and Gemini skill after builds
+
+## Architectural Shape
+
+- `core/server_store.py`: encrypted storage, CRUD, observers, backups
+- `core/connection_factory.py`: type-to-client factory with lazy imports
+- `core/*_client.py`: protocol-specific backends
+- `gui/app.py`: tab registry, conditional tabs by server type
+- `gui/tabs/`: protocol-specific GUI surfaces
+
+## Existing Local Agent Integration
+
+Current setup installs:
+
+- `~/.server-connections/ssh.py`
+- `~/.server-connections/encryption.py`
+- `~/.claude/commands/ssh.md`
+- `~/.codex/skills/server-manager/`
+- `~/.gemini/skills/server-manager/`
+- `~/.agents/skills/server-manager/` (cross-tool mirror)
+- `~/.server-connections/codex-ssh` or `codex-ssh.cmd`
+- `~/.server-connections/gemini-ssh` or `gemini-ssh.cmd`
+- a `~/.claude/CLAUDE.md` guidance block
+- a `~/.gemini/GEMINI.md` guidance block
+
+The Gemini skill mirrors the same safety model:
+
+- use aliases only
+- use the shared local CLI
+- never read credentials directly
+- choose commands by server type
+
+## Local Findings
+
+- `ssh.py` is executable and uses a `python3` shebang, so Gemini does not need a `python` alias.
+- `ssh.py` has no `--help`; use `--list`, `--info`, and `--status` for safe discovery.
+- The Unix wrapper path covers both Linux and macOS through `gemini-ssh-wrapper.sh`.
+- Windows-native Gemini wrapper support exists through `gemini-ssh-wrapper.cmd`.

.gemini/skills/server-manager/scripts/gemini-ssh-wrapper.cmd

@@ -0,0 +1,11 @@
+@echo off
+setlocal
+set SHARED_DIR=%SERVER_MANAGER_SHARED_DIR%
+if "%SHARED_DIR%"=="" set SHARED_DIR=%USERPROFILE%\.server-connections
+set SSH_SCRIPT=%SHARED_DIR%\ssh.py
+if not exist "%SSH_SCRIPT%" (
+  echo error: missing executable ssh.py at %SSH_SCRIPT% 1>&2
+  echo hint: install ServerManager's shared CLI files first 1>&2
+  exit /b 1
+)
+"%SSH_SCRIPT%" %*

.gemini/skills/server-manager/scripts/gemini-ssh-wrapper.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+shared_dir="${SERVER_MANAGER_SHARED_DIR:-$HOME/.server-connections}"
+ssh_script="${shared_dir}/ssh.py"
+
+if [[ ! -x "$ssh_script" ]]; then
+  echo "error: missing executable ssh.py at ${ssh_script}" >&2
+  echo "hint: install ServerManager's shared CLI files first" >&2
+  exit 1
+fi
+
+exec "$ssh_script" "$@"

.gemini/skills/server-manager/scripts/server-manager-gemini-doctor.cmd

@@ -0,0 +1,39 @@
+@echo off
+setlocal
+set SHARED_DIR=%SERVER_MANAGER_SHARED_DIR%
+if "%SHARED_DIR%"=="" set SHARED_DIR=%USERPROFILE%\.server-connections
+set SSH_SCRIPT=%SHARED_DIR%\ssh.py
+set ENCRYPTION=%SHARED_DIR%\encryption.py
+set WRAPPER=%SHARED_DIR%\gemini-ssh.cmd
+set SKILL=%USERPROFILE%\.gemini\skills\server-manager\SKILL.md
+set STATUS=0
+
+if exist "%ENCRYPTION%" (
+  echo [ok] file %ENCRYPTION%
+) else (
+  echo [missing] file %ENCRYPTION% 1>&2
+  set STATUS=1
+)
+
+if exist "%SSH_SCRIPT%" (
+  echo [ok] file %SSH_SCRIPT%
+) else (
+  echo [missing] file %SSH_SCRIPT% 1>&2
+  set STATUS=1
+)
+
+if exist "%WRAPPER%" (
+  echo [ok] file %WRAPPER%
+) else (
+  echo [missing] file %WRAPPER% 1>&2
+  set STATUS=1
+)
+
+if exist "%SKILL%" (
+  echo [ok] file %SKILL%
+) else (
+  echo [missing] file %SKILL% 1>&2
+  set STATUS=1
+)
+
+exit /b %STATUS%

.gemini/skills/server-manager/scripts/server-manager-gemini-doctor.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+shared_dir="${SERVER_MANAGER_SHARED_DIR:-$HOME/.server-connections}"
+ssh_script="${shared_dir}/ssh.py"
+encryption_module="${shared_dir}/encryption.py"
+wrapper="${shared_dir}/gemini-ssh"
+skill_dir="$HOME/.gemini/skills/server-manager"
+
+status=0
+
+check_file() {
+  local path="$1"
+  if [[ -f "$path" ]]; then
+    printf '[ok] file %s\n' "$path"
+  else
+    printf '[missing] file %s\n' "$path" >&2
+    status=1
+  fi
+}
+
+check_exec() {
+  local path="$1"
+  if [[ -x "$path" ]]; then
+    printf '[ok] executable %s\n' "$path"
+  else
+    printf '[missing] executable %s\n' "$path" >&2
+    status=1
+  fi
+}
+
+check_file "$encryption_module"
+check_exec "$ssh_script"
+check_exec "$wrapper"
+check_file "$skill_dir/SKILL.md"
+
+exit "$status"