feat: add Gemini CLI support

[huytunguyenn]

Summary

Add Gemini CLI extension support so the Kobiton plugin can be installed via gemini extensions install alongside the existing Claude Code and GitHub Copilot CLI install paths.

Extension manifest

• Add gemini-extension.json at repo root with:

  • Inline mcpServers.kobiton.httpUrl pointing at the prod endpoint
  • contextFileName: "AGENTS.md" to reuse the existing instructions file (also read by Copilot CLI) — no separate GEMINI.md needed
  • Name kobiton-automate (Gemini convention: lowercase + dashes)
  • No explicit oauth block — Gemini CLI's default authProviderType: "dynamic_discovery" follows the same RFC 9728 .well-known/oauth-protected-resource flow that Kobiton MCP server already implements.

• Register gemini-extension.json in scripts/validate.js JSON-validity loop; update scripts/validate.test.js fixtures.

Skills (skills/<name>/SKILL.md) are auto-discovered by Gemini CLI from the default location — no manifest reference needed.

Follow-up commits

• Phase 2 — Local end-to-end test with gemini extensions link .: verify install, OAuth flow via dynamic discovery, tool calls.
• Phase 3 — README updates: add a "Gemini CLI" section to Installation, Login, and Troubleshooting; update the prerequisites bullet to mention Gemini CLI.
• Phase 4 (optional) — Submit to the Gemini Extensions marketplace at https://geminicli.com/extensions/ for public discoverability.
• After feat: add GitHub Copilot CLI support #10 is merged, rebase this PR onto main.

Server-side: zero changes required

Kobiton MCP server already implements OAuth 2.1 PKCE with dynamic client registration and .well-known discovery. Gemini CLI uses the same spec, so no MCP server changes are required.

Test plan

• pnpm run validate passes (now also checks gemini-extension.json)
• pnpm test passes (30 tests across 3 files)
• Phase 2: gemini extensions link . + /mcp auth kobiton + tool call end-to-end (after Gemini CLI installation)
• Phase 2: verify OAuth redirect URI Gemini uses is accepted by Kobiton's OAUTH_ALLOWED_REDIRECT_URIS allowlist (likely yes — both use loopback patterns)

[jeremylongshore]

Phase 1 reads cleanly. Particularly nice that dynamic-discovery OAuth lets the Gemini install flow piggyback off Kobiton's existing RFC 9728 .well-known endpoint — two CLIs now (with #10) installing against the same MCP server with zero server-side change.

Question on the manifest: skills auto-discover from skills/<name>/SKILL.md per the Gemini docs, but the spec also supports an explicit contextFileName array. Was on-demand agent invocation enough for the run-automation-suite use case, or did you weigh listing the skill files alongside AGENTS.md so they're loaded into initial context?