A flexible API interface for managing and executing custom AI instructions ("Gems") using Google Gemini models with MCP integration.
Since the standard Gemini Gems interface does not currently support direct API access, gemsAPI emulates that functionality by providing a complete backend service for storing, managing, and executing custom AI prompts with the latest Gemini 3.0 models.
- Gem Management: Create, edit, and delete custom AI instruction sets ("Gems") stored in Supabase
- Flexible Execution: Execute Gems by name with custom user prompts via REST API
- Gemini 3.0 Support: Full support for Gemini 1.5, 2.0, and 3.0 series with low-latency thinking
- MCP Integration: Model Context Protocol (MCP) server for Claude Desktop and other MCP clients
- Authentication: Supabase-based authentication with Row Level Security (RLS)
- Rate Limiting: Built-in rate limiting to prevent abuse
- React UI: Modern web interface for gem management and testing
- Docker Ready: Containerized deployment with multi-stage builds
gemsAPI is a full-stack application with a React frontend, FastAPI backend, Supabase database, and Google Gemini AI integration. The system supports multiple transport mechanisms including REST API, MCP SSE transport, and MCP STDIO for Claude Desktop.
Key Components:
- Frontend: React 19 + Vite, served statically by FastAPI
- Backend: FastAPI with async/await, rate limiting, and CORS
- Database: Supabase (PostgreSQL) with Row Level Security
- AI Integration: Google Gemini API with thinking artifact cleanup
- MCP Server: FastMCP integration for tool-based access
Key Workflows:
- Create/Manage Gem: User β React UI β OAuth β FastAPI β RLS Check β Supabase
- Execute Gem: User β GemChat β Rate Limit β Fetch Gem β Gemini API β Clean Thinking β Response
- MCP Integration: MCP Client β Transport (STDIO/SSE) β FastMCP β API Auth β Database
- Authentication: Google OAuth β JWT Token β Client β Bearer Token β RLS Enforcement
Tables:
auth.users- Supabase built-in user authenticationpublic.gems- Gem definitions with user ownership and RLSpublic.admin_users- Administrator accounts for full access
Row Level Security (RLS):
- Users can only manage their own gems
- Admin users can manage ALL gems
- Service role bypasses RLS for backend operations
- Docker & Docker Compose (recommended)
- Supabase account and project
- Google Gemini API key
git clone https://github.com/sruckh/gemsAPI.git
cd gemsAPICreate a .env file in the project root:
cp .env.example .envEdit .env with your credentials:
# Required
GEMINI_API_KEY=your_gemini_api_key
SUPABASE_URL=your_supabase_project_url
SUPABASE_KEY=your_supabase_service_role_key
# Optional (with defaults)
GEMINI_MODEL=gemini-3-pro-preview
PORT=8000
NODE_ENV=production
# MCP Integration
ENABLE_MCP=true
API_TOKEN=your_secure_api_token_for_mcpdocker compose up -d --buildThe service will be available at http://localhost:8000
If you prefer to run without Docker:
Frontend:
npm installBackend:
pip install -r requirements.txtnpm run devuvicorn fastapi_server:app --reload --host 0.0.0.0 --port 8000| Method | Endpoint | Description |
|---|---|---|
GET |
/api/gems |
List all gems (requires auth) |
POST |
/api/gems |
Create a new gem |
PUT |
/api/gems/{id} |
Update a gem |
DELETE |
/api/gems/{id} |
Delete a gem |
GET |
/api/gems/{id}/package |
Get gem as prompt package |
| Method | Endpoint | Description |
|---|---|---|
POST |
/api/gems/execute |
Execute a gem by name |
POST |
/api/gemini/generate |
Free-form generation with custom instructions |
| Method | Endpoint | Description |
|---|---|---|
GET |
/.well-known/mcp.json |
MCP manifest |
GET |
/mcp |
MCP SSE transport endpoint |
GET |
/api/mcp/ping |
MCP auth check |
GET |
/api/mcp/stdio-script |
Download STDIO script for Claude Desktop |
GET |
/api/mcp/claude-desktop-config |
Claude Desktop configuration |
| Method | Endpoint | Description |
|---|---|---|
POST |
/api/auth/check-admin |
Check if user is admin |
POST |
/api/auth/register-admin |
Register first admin (one-time) |
| Variable | Description | Default |
|---|---|---|
GEMINI_API_KEY |
Google Gemini API key | required |
SUPABASE_URL |
Supabase project URL | required |
SUPABASE_KEY |
Supabase service role key | required |
GEMINI_MODEL |
Default Gemini model | gemini-3-pro-preview |
PORT |
Server port | 8000 |
NODE_ENV |
Environment mode | production |
ENABLE_MCP |
Enable MCP integration | false |
API_TOKEN |
Bearer token for API/MCP bypass | none |
For the complete database schema with all tables, relationships, and RLS policies, see the ER Diagram above.
Quick Reference:
- Full SQL schema available in
docs/supabase/gems_table.sql - RLS ensures users can only access their own gems (except admins)
- Admin users table for elevated permissions
gemsAPI provides Model Context Protocol (MCP) integration for tool-based access to gems.
- Download the STDIO script:
curl -H "Authorization: Bearer YOUR_TOKEN" \
https://your-domain.com/api/mcp/stdio-script \
-o gemsapi_mcp.py- Edit your Claude Desktop config:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
- macOS:
{
"mcpServers": {
"gemsapi": {
"command": "python",
"args": ["/path/to/gemsapi_mcp.py"],
"env": {
"GEMSAPI_TOKEN": "YOUR_SUPABASE_ACCESS_TOKEN",
"GEMSAPI_URL": "https://your-domain.com"
}
}
}
}- Install dependencies:
pip install fastmcp httpx- Restart Claude Desktop
gems.list: List all gems for authenticated usergems.get: Get a specific gem by ID or namegems.search: Search gems by name or description
Secret hygiene:
- Never add
SUPABASE_KEY(service role) toVITE_*variables - The backend fails to start if service key is exposed to frontend
- Use
API_TOKENfor server-to-server communication only - Run
npm run secret:checkbefore committing to scan for leaked tokens
Authentication:
- All data operations require valid Supabase JWT token
- Row Level Security (RLS) ensures users can only access their own gems
- Admin operations require entry in
admin_userstable
# Health check
curl http://localhost:8000/healthz
# List gems (requires auth token)
curl -H "Authorization: Bearer YOUR_TOKEN" \
http://localhost:8000/api/gems
# Execute a gem
curl -X POST http://localhost:8000/api/gems/execute \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_TOKEN" \
-d '{"gem_name": "MyGem", "user_prompt": "Hello!"}'# Scan for leaked secrets before committing
npm run secret:check# Build image
docker build -t gemsapi:latest .
# Run container
docker run -p 8000:8000 --env-file .env gemsapi:latest- Set
NODE_ENV=productionin.env - Ensure
VITE_SUPABASE_KEYis NOT set (security check) - Build frontend:
npm run build - Use reverse proxy (Nginx, Traefik) for SSL
- Configure proper CORS origins via
FRONTEND_URL
# Forward proxy configuration
location /gemsapi/ {
proxy_pass http://gemsapi:8000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}Contributions are welcome! Please follow these guidelines:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes
- Run tests and security checks
- Commit changes (
git commit -m 'Add amazing feature') - Push to branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Follow existing code style and patterns
- Add TypeScript types for all new code
- Update documentation for API changes
- Test MCP integration when modifying tools
- Run
npm run secret:checkbefore committing
This project is licensed under the MIT License - see LICENSE for details.
- Google - For the Gemini AI models and API
- Supabase - For the excellent PostgreSQL backend service
- FastAPI - For the modern Python web framework
- React - For the frontend UI framework
- FastMCP - For MCP integration toolkit
- Phase 2 MCP Integration - MCP implementation details
- CLAUDE.md - Project-specific guidance for Claude Code
- AGENTS.md - Agent configuration and usage