fix(core): ignore GOOGLE_CLOUD_PROJECT for LOGIN_WITH_GOOGLE

[AndyAWD]

Summary

This PR fixes a bug where users authenticating via LOGIN_WITH_GOOGLE encounter a 403 Permission Denied error if they have GOOGLE_CLOUD_PROJECT set in their .env file. It modifies the setupUser logic to temporarily ignore the environment variable during the initial Code Assist API request, allowing Free Tier users to be assigned a server-managed project successfully.

Details

• Passed authType down from createCodeAssistContentGenerator to setupUser.
• Implemented a "conditional double-load" strategy in setupUser:
  • If authType is LOGIN_WITH_GOOGLE, it attempts to load without a project ID first.
  • If a ProjectIdRequiredError or IneligibleTierError is thrown (e.g., for Workspace GCA users requiring a specific project), it safely falls back to using the envProjectId.
• Auth types like COMPUTE_ADC strictly use the environment variable immediately without any fallback.
• Added comprehensive unit tests in setup.test.ts to cover the fallback logic.

Related Issues

Fixes #26564

How to Validate

1. Add GOOGLE_CLOUD_PROJECT=<any_vertex_project_id> to your ~/.gemini/.env.
2. Start the CLI using npm start and choose /auth -> Sign in with Google.
3. Try sending a chat message. It should succeed without a 403 error.
4. Run tests: npm run test -w @google/gemini-cli-core.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves a 403 Permission Denied error that occurred for users authenticating with LOGIN_WITH_GOOGLE when the GOOGLE_CLOUD_PROJECT environment variable was set. The change introduces a more flexible project ID resolution for Google login, allowing Free Tier users to successfully obtain a server-managed project by temporarily ignoring the environment variable during the initial API request. This ensures a smoother onboarding experience for users who do not require an explicit project ID, while maintaining strict project ID usage for other authentication types.

Highlights

• Conditional Project ID Loading: Implemented a new strategy for LOGIN_WITH_GOOGLE authentication to initially attempt to load user data without a project ID, falling back to the GOOGLE_CLOUD_PROJECT environment variable only if a ProjectIdRequiredError or IneligibleTierError is encountered.
• AuthType Parameter Propagation: The authType is now passed down from createCodeAssistContentGenerator to setupUser to enable authentication-specific logic.
• Strict Project ID Usage for COMPUTE_ADC: Ensured that COMPUTE_ADC authentication strictly uses the environment variable for the project ID without any fallback mechanism.
• Comprehensive Unit Tests: Added new unit tests to cover the authType fallback logic, including scenarios for LOGIN_WITH_GOOGLE and COMPUTE_ADC.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request modifies the setupUser function to handle project ID fallbacks based on the authentication type. Specifically, for LOGIN_WITH_GOOGLE, it now attempts to load user data without a project ID first and falls back to environment variables only if a ProjectIdRequiredError or IneligibleTierError occurs. Comprehensive tests were added to verify this logic. However, the introduction of the AuthType import in setup.ts creates a circular dependency chain (setup.ts -> contentGenerator.ts -> codeAssist.ts -> setup.ts), which can cause runtime issues with undefined exports.