╔═══════════════════════════════════════════════════════════╗
   ║           GEMINI REVIEW PLUGIN                           ║
   ║                                                          ║
   ║   A second pair of eyes from a different model family.   ║
   ║   Standard review.  Adversarial mode.  1M context.       ║
   ╚═══════════════════════════════════════════════════════════╝

---

Gemini Review Plugin brings Google's Gemini 3.1 Pro into Claude Code as a code reviewer. Standard reviews catch bugs. Adversarial mode actively tries to break your code. No CLI dependencies — calls the Gemini API directly.

Why?

Claude writes your code. Claude also reviews your code. That's one model family checking its own work.

Gemini was trained on different data, makes different mistakes, and has different blind spots. When two independent model families agree your code is solid, that means something. When they disagree, you've found something worth investigating.

  CLAUDE WRITES CODE
   |
   v
  /gemini:review                      "Looks clean. One medium issue."
   |
   v
  /gemini:adversarial-review          "Found 4 reasons this shouldn't ship."
   |
   v
  YOU DECIDE

In real testing, Gemini's adversarial review found 4 legitimate bugs in our own code that Claude missed — including a hardcoded path that would break on any other machine, and a synchronous subprocess call blocking an async event loop. These were real bugs, not noise.

How It Works

  /gemini:review
   |
   v
  READ GIT DIFF (or --files/--dirs for full content)
   |
   v
  CALL GEMINI 3.1 PRO API
   |  System prompt: thorough review OR adversarial attack
   |  Temperature: 0.2 (deterministic, precise)
   |  Output: structured JSON (enforced via responseMimeType)
   |
   v
  STRUCTURED FINDINGS
   |
   |  {
   |    "verdict": "needs-attention",
   |    "summary": "Auth bypass in session middleware",
   |    "findings": [
   |      {
   |        "severity": "critical",
   |        "file": "src/middleware/auth.ts",
   |        "line_start": 42,
   |        "title": "Missing auth check on admin routes",
   |        "confidence": 0.92,
   |        "recommendation": "Add explicit auth validation..."
   |      }
   |    ]
   |  }
   |
   v
  PRESENTED IN CLAUDE CODE

No Gemini CLI required. Other Gemini plugins require you to install the Gemini CLI globally, authenticate interactively, and manage a separate tool. This plugin calls the API directly — one env var and you're running.

Install

# Add the marketplace
/plugin marketplace add mtarcure/gemini-review-plugin

# Install
/plugin install gemini-review@gemini-review

# Reload and setup
/reload-plugins
/gemini:setup

Set your API key:

export GEMINI_API_KEY=your-key-here

Get a key at Google AI Studio (free tier available).

Usage

Standard Review

/gemini:review

Reviews staged + unstaged changes. Falls back to branch diff if working tree is clean.

Adversarial Review

/gemini:adversarial-review

Gemini actively tries to break your code. Looks for: auth bypass, race conditions, data loss, rollback hazards, observability gaps, version skew. More aggressive than a standard review — modeled after XBOW's adversarial approach.

Review Specific Files (Uses 1M Context)

# Review all Python files (full content, not just diff)
/gemini:review --files "**/*.py"

# Review specific directories
/gemini:review --dirs src,lib

# Adversarial review of smart contracts
/gemini:adversarial-review --files "contracts/**/*.sol"

File mode sends full file contents to Gemini. With 1M tokens of context, Gemini can see your entire codebase at once — cross-file data flows, trust boundary violations, and architectural issues that file-by-file analysis misses.

Model Selection

/gemini:review --model pro          # Deep analysis (default)
/gemini:review --model flash        # Fast iteration
/gemini:review --model 2.5-pro      # Alternative perspective

Alias	Model	Speed	Best For
pro	gemini-3.1-pro-preview	Thorough	Security audits, complex logic, architecture review
flash	gemini-3-flash-preview	Fast	Quick checks, style review, rapid iteration
3-pro	gemini-3-pro-preview	Balanced	General purpose reviews
2.5-pro	gemini-2.5-pro	Proven	Stable alternative, good for comparison
2.5-flash	gemini-2.5-flash	Fastest	Simple reviews, syntax checks

Review Against a Branch

/gemini:review --base main --scope branch

Review Gate (Auto-Review on Stop)

export GEMINI_REVIEW_GATE=1    # Enable
export GEMINI_REVIEW_GATE=0    # Disable

When enabled, a Gemini review runs automatically when Claude finishes work. If critical/high issues are found, it blocks the session end so Claude can address them first. Like a CI check, but for your AI coding session.

Note: Adds latency + API usage to every session end. Best for high-stakes work.

Triple-Model Review

Combine with the OpenAI Codex plugin for three model families reviewing the same code:

  CLAUDE (writes code)
   |
   +---> /codex:adversarial-review     GPT-5.4 tries to break it
   |
   +---> /gemini:adversarial-review    Gemini 3.1 Pro tries to break it
   |
   v
  THREE MODEL FAMILIES AGREE --------> Ship with confidence
  ANY MODEL DISAGREES ----------------> Investigate before shipping

Different training data. Different failure modes. Different blind spots. The intersection of three independent reviews is stronger than any single model.

Output Format

Every review returns structured JSON:

{
  "verdict": "needs-attention",
  "model": "gemini-3.1-pro-preview",
  "summary": "Race condition in payment processing allows double-charge.",
  "findings": [
    {
      "severity": "high",
      "file": "src/payments/charge.ts",
      "line_start": 87,
      "line_end": 94,
      "title": "Non-atomic read-modify-write on balance",
      "body": "The balance check and deduction are not atomic...",
      "recommendation": "Wrap in a database transaction with SELECT FOR UPDATE",
      "confidence": 0.88
    }
  ]
}

Verdicts: approve (clean), needs-attention (issues found), reject (critical blockers).

Configuration

Env Variable	Description	Default
GEMINI_API_KEY	Google AI API key	Required
GEMINI_REVIEW_GATE	Auto-review on session end	0 (disabled)

Flag	Description	Example
--model	Model alias or full name	--model flash
--base	Base branch for diff	--base main
--scope	auto, working-tree, or branch	--scope branch
--files	Glob pattern for full-file review	--files "**/*.py"
--dirs	Comma-separated directories	--dirs src,lib

vs Other Gemini Plugins

Feature	This Plugin	cc-gemini-plugin	gemini-peer-review
Dependencies	Node.js only	Gemini CLI + auth	Gemini CLI + auth
Adversarial mode	Dedicated prompt	No	No
Structured JSON	Enforced via API	Text only	Markdown
Model selection	5 models	5 models	1 model
File/dir scoping	--files / --dirs	--files / --dirs	No
Review gate hook	Stop hook	No	Multiple hooks
API method	Direct REST	CLI subprocess	CLI subprocess
Install complexity	1 env var	CLI install + auth	CLI install + auth

Plugin Structure

gemini-review-plugin/
  .claude-plugin/
    marketplace.json
  plugins/gemini-review/
    .claude-plugin/plugin.json
    commands/
      review.md                # /gemini:review
      adversarial-review.md    # /gemini:adversarial-review
      setup.md                 # /gemini:setup
    hooks/hooks.json           # Review gate (Stop hook)
    prompts/
      review.md                # Standard review system prompt
      adversarial.md           # Adversarial system prompt
    scripts/
      gemini-review.mjs        # Core: reads diff, calls API, returns JSON
      stop-review-gate.mjs     # Review gate hook

License

MIT

Built By

Mtarcure — part of the WireWork multi-agent system.