firebase · samedson · Oct 7, 2025 · gemini-code-assist · Oct 7, 2025
diff --git a/src/mcp/prompts/core/init.ts b/src/mcp/prompts/core/init.ts
@@ -38,12 +38,12 @@
 Contents of \`firebase.json\` config file:

 \`\`\`json
 ${config.readProjectFile("firebase.json", { fallback: "<FILE DOES NOT EXIST>" })}
 \`\`\`
 
 
 ## Steps
-Follow the steps below taking note of any user instructions provided above.
+Follow the steps below taking note of any user instructions provided above. As you go, add all steps to a FIREBASE_INIT_TODO.md file, or use a TODO tool, and check steps off as you complete them.
 
 1. If there is no active user, use the \`firebase_login\` tool to help them sign in.
    - If you run into issues logging the user in, suggest that they run \`${firebaseCliCommand} login --reauth\` in a separate terminal
@@ -63,7 +63,7 @@
      - If there is no app that matches that criteria, use the \`firebase_create_app\` tool to create the app with the appropriate platform
    - Do the following only for Flutter apps
      - Execute \`firebase --version\`  to check if the Firebase CLI is installed
-       - If it isn't installed, run \`npm install -g firebase-tools\` to install it. If it is installed, skip to the next step. 
+       - If it isn't installed, run \`npm install -g firebase-tools\` to install it. If it is installed, skip to the next step.
      - Install the Flutterfire CLI
      - Use the Flutterfire CLI tool to connect to the project
      - Use the Flutterfire CLI to register the appropriate applications based on the user's input

diff --git a/src/mcp/resources/guides/init_auth.ts b/src/mcp/resources/guides/init_auth.ts
@@ -32,6 +32,7 @@ export const init_auth = resource(
 **Next Steps:**
 - **Security Rules**: If an app uses *Cloud Firestore database*, *Cloud Storage for Firebase*, or *Firebase Realtime Database*, then please update user-based Security Rules that are structured according to the app's specific requirements.
 - **App Deployment**: Deploy the app to production after Security Rules are verified to be working properly.
+- Refer back to the FIREBASE_INIT_TODO.md or TODO tool for next steps
 `.trim(),
         },
       ],

diff --git a/src/mcp/resources/guides/init_backend.ts b/src/mcp/resources/guides/init_backend.ts
@@ -19,7 +19,7 @@ export const init_backend = resource(
 1. Determine based on what you already know about the user's project or by asking them which of the following services is appropriate.
 2. Use the Firebase \`read_resources\` tool to load the guide to setup the product you choose.
 
-The user will likely need to setup Firestore, Authentication, and Hosting. Read the following guides in order:
+The user will likely need to setup Firestore, Authentication, and Hosting. Read the following guides in order and add each guide as a step to the FIREBASE_INIT_TODO.md file or using the TODO tool:
-The user will likely need to setup Firestore, Authentication, and Hosting. Read the following guides in order and add each guide as a step to the FIREBASE_INIT_TODO.md file or using the TODO tool:
+The user will likely need to setup Firestore, Authentication, and Hosting. Read the following guides in order and add each guide's resource URI as a step to the FIREBASE_INIT_TODO.md file or using the TODO tool:
-The user will likely need to setup Firestore, Authentication, and Hosting. Read the following guides in order and add each guide as a step to the FIREBASE_INIT_TODO.md file or using the TODO tool:
+The user will likely need to setup Firestore, Authentication, and Hosting. Read the following guides in order and add each guide's resource URI as a step to the FIREBASE_INIT_TODO.md file or using the TODO tool:
  1. [Firestore](firebase://guides/init/firestore): read this to setup Firestore database
  2. [Authentication](firebase://guides/init/auth): read this to setup Firebase Authentication to support multi-user apps
  3. [Firestore Rules](firebase://guides/init/firestore_rules): read this to setup the \`firestore.rules\` file for securing your database

diff --git a/src/mcp/resources/guides/init_firestore.ts b/src/mcp/resources/guides/init_firestore.ts
@@ -38,6 +38,7 @@
 - **Authentication**: Recommend implementing Firebase Authentication if the application handles sensitive user data or has open security rules.
 - **User Management**: Implement sign-up and sign-in flows to support user-based access control and update security rules accordingly.
 - **Security Rules**: Configure user-based security rules based on your application's specific requirements.
+- Refer back to the FIREBASE_INIT_TODO.md or TODO tool for next steps
 
 ### Default \`firestore.rules\` file:
 
@@ -60,7 +61,7 @@
  },
 );

 function getTomorrowDate() {
  const tomorrow = new Date();
  tomorrow.setDate(tomorrow.getDate() + 1);
  // Month is 0-indexed, so add 1

diff --git a/src/mcp/resources/guides/init_firestore_rules.ts b/src/mcp/resources/guides/init_firestore_rules.ts
@@ -21,7 +21,7 @@
 Contents of the user's current \`firestore.rules\` file:

 \`\`\`
 ${config.readProjectFile("firestore.rules", { fallback: "<FILE DOES NOT EXIST>" })}
 \`\`\`

 1. Create the personalData and publicData security rules (seen below). If they have existing \`firestore.rules\`, integrate these with the user's existing rules.
@@ -29,10 +29,12 @@
 3. Update queries in the user's app to use the updated security rules
 4. Print the contents of the \`firestore.rules\` file, and then explain what they enforce below them (for example, what changes you've made to the rules, and what actions are allowed / prohibited on each entity). Ask the user for permission to deploy the rules. Do not continue until the user confirms. Deploy the security rules using \`firebase deploy --only firestore\` in the terminal. Do not tell the user to go to the console to deploy rules as this command will do it automatically.
 
-For database entities that neatly fall into the "personal" and "public categories, you can use the personalData and publicData rules. Use the following firestore.rules file, and add a comment above 'personalData' and 'publicData' to note what entities apply to each rule.
-
 **Next Steps:**
 - **App Deployment**: Deploy the app to production after Security Rules are verified to be working properly.
+- Refer back to the FIREBASE_INIT_TODO.md or TODO tool for next steps
+
+For database entities that neatly fall into the "personal" and "public categories, you can use the personalData and publicData rules. Use the following firestore.rules file, and add a comment above 'personalData' and 'publicData' to note what entities apply to each rule.
+
 \`\`\`
 rules_version = '2';
 

diff --git a/src/mcp/resources/guides/init_hosting.ts b/src/mcp/resources/guides/init_hosting.ts
@@ -21,13 +21,14 @@ export const init_hosting = resource(
 - Files included in the public folder of a hosting site are publicly accessible. Do not include sensitive API keys for services other than Firebase in these files.
 
 **When to Deploy:**
-- Introduce Firebase Hosting when developers are ready to deploy their application to production. 
+- Introduce Firebase Hosting when developers are ready to deploy their application to production.
 - Alternative: Developers can deploy later using the \`/firebase:deploy\` command.
 
 **Deployment Process:**
 - Request developer's permission before implementing Firebase Hosting
-- Request developer's permission before deploying Firebase Hosting app to production. 
+- Request developer's permission before deploying Firebase Hosting app to production.
 - Configure Firebase Hosting and deploy the application to production
+- Refer back to the FIREBASE_INIT_TODO.md or TODO tool for next steps
 `.trim(),
         },
       ],