Google Gemini (google-genai)
Status
Section titled “Status”First-party AI provider shipped with arka-deck. Chat runtime on the Google Generative Language API.
| Field | Value |
|---|---|
| Manifest id | google-genai |
| Addon id | google-genai (kebab-case, convention) |
| Maturity | beta |
| Models | gemini-2.5-flash, gemini-2.5-flash-lite, gemini-2.5-pro |
| Authentication | API key |
| API key doc | aistudio.google.com/apikey |
Surfaces
Section titled “Surfaces”| Surface | Detail |
|---|---|
ChatRuntime | providers/google-genai/runtime.ts |
ProviderTester | GoogleGenAITester (REST gemini-2.5-flash-lite:generateContent probe) |
LlmInvoker | Used by some workers (1-shot JSON) |
| Catalogue manifest | composition/addons/provider-manifests.ts (entry google-genai) |
| Provider spec | addons/google-genai/specs/SPEC-...md |
Available models
Section titled “Available models”| Model | Usage profile |
|---|---|
gemini-2.5-flash | Structured drafting, extraction, medium tasks |
gemini-2.5-flash-lite | Fast probes, classification, connection test |
gemini-2.5-pro | Complex tasks, extended reasoning |
Security — API key encryption
Section titled “Security — API key encryption”| Property | Mechanism |
|---|---|
| Key never plain-text on disk | AES-256-GCM in SQLite (api_key_ciphertext) |
| Master key protected | <arkaHome>/secrets/secrets.key, mode 600 |
| Key never returned to UI | Public DTO exposes only apiKeyConfigured: boolean |
| No key logging | The tester receives the decrypted key in ephemeral memory |
| Controlled external transmission | Only the live test POSTs the key to Google (header x-goog-api-key), explicit and user-triggered |
Ciphertext format: v1:<iv-base64>:<tag-base64>:<encrypted-base64>.
Going further
Section titled “Going further”- “Write a provider” tutorial: ../extension/ecrire-un-provider (coming)
- Anti-SSRF policy: ADR 0006
- Secrets policy: ADR 0005