packages/cli/src/validateNonInterActiveAuth.ts

/**
 * @license
 * Copyright 2025 Google LLC
 * SPDX-License-Identifier: Apache-2.0
 */

import type { Config } from '@google/gemini-cli-core';
import { AuthType, debugLogger, OutputFormat } from '@google/gemini-cli-core';
import { USER_SETTINGS_PATH } from './config/settings.js';
import { validateAuthMethod } from './config/auth.js';
import { type LoadedSettings } from './config/settings.js';
import { handleError } from './utils/errors.js';

function getAuthTypeFromEnv(): AuthType | undefined {
  if (process.env['GOOGLE_GENAI_USE_GCA'] === 'true') {
    return AuthType.LOGIN_WITH_GOOGLE;
  }
  if (process.env['GOOGLE_GENAI_USE_VERTEXAI'] === 'true') {
    return AuthType.USE_VERTEX_AI;
  }
  if (process.env['GEMINI_API_KEY']) {
    return AuthType.USE_GEMINI;
  }
  return undefined;
}

export async function validateNonInteractiveAuth(
  configuredAuthType: AuthType | undefined,
  useExternalAuth: boolean | undefined,
  nonInteractiveConfig: Config,
  settings: LoadedSettings,
) {
  try {
    const effectiveAuthType = configuredAuthType || getAuthTypeFromEnv();

    const enforcedType = settings.merged.security?.auth?.enforcedType;
    if (enforcedType && effectiveAuthType !== enforcedType) {
      const message = effectiveAuthType
        ? `The enforced authentication type is '${enforcedType}', but the current type is '${effectiveAuthType}'. Please re-authenticate with the correct type.`
        : `The auth type '${enforcedType}' is enforced, but no authentication is configured.`;
      throw new Error(message);
    }

    if (!effectiveAuthType) {
      const message = `Please set an Auth method in your ${USER_SETTINGS_PATH} or specify one of the following environment variables before running: GEMINI_API_KEY, GOOGLE_GENAI_USE_VERTEXAI, GOOGLE_GENAI_USE_GCA`;
      throw new Error(message);
    }

    const authType: AuthType = effectiveAuthType as AuthType;

    if (!useExternalAuth) {
      const err = validateAuthMethod(String(authType));
      if (err != null) {
        throw new Error(err);
      }
    }

    await nonInteractiveConfig.refreshAuth(authType);
    return nonInteractiveConfig;
  } catch (error) {
    if (nonInteractiveConfig.getOutputFormat() === OutputFormat.JSON) {
      handleError(
        error instanceof Error ? error : new Error(String(error)),
        nonInteractiveConfig,
        1,
      );
    } else {
      debugLogger.error(error instanceof Error ? error.message : String(error));
      process.exit(1);
    }
  }
}
feat(auth): support gemini api key and vertex auth in non-interactive mode (#4631) 2025-07-22 10:52:40 -04:00			`/**`
			`* @license`
			`* Copyright 2025 Google LLC`
			`* SPDX-License-Identifier: Apache-2.0`
			`*/`

Explict imports & exports with `type` modifier (#3774) 2025-08-26 00:04:53 +02:00			`import type { Config } from '@google/gemini-cli-core';`
refactor(logging): Centralize all console messaging to a shared logger (part 1) (#11537) 2025-10-20 18:16:47 -04:00			`import { AuthType, debugLogger, OutputFormat } from '@google/gemini-cli-core';`
feat(auth): support gemini api key and vertex auth in non-interactive mode (#4631) 2025-07-22 10:52:40 -04:00			`import { USER_SETTINGS_PATH } from './config/settings.js';`
			`import { validateAuthMethod } from './config/auth.js';`
Add enforcedAuthType setting (#6564) 2025-09-03 15:33:37 -07:00			`import { type LoadedSettings } from './config/settings.js';`
JSON errors in non-interactive auth validation (#8373) 2025-09-13 08:18:40 +09:00			`import { handleError } from './utils/errors.js';`
feat(auth): support gemini api key and vertex auth in non-interactive mode (#4631) 2025-07-22 10:52:40 -04:00
feat(auth): Enhance non-interactive gcp auth (#4811) 2025-07-25 10:19:38 -07:00			`function getAuthTypeFromEnv(): AuthType \| undefined {`
chore(compiler): Enable strict property access TS compiler flag. (#6255) Co-authored-by: Jacob Richman <jacob314@gmail.com> 2025-08-17 12:43:21 -04:00			`if (process.env['GOOGLE_GENAI_USE_GCA'] === 'true') {`
feat(auth): Enhance non-interactive gcp auth (#4811) 2025-07-25 10:19:38 -07:00			`return AuthType.LOGIN_WITH_GOOGLE;`
			`}`
chore(compiler): Enable strict property access TS compiler flag. (#6255) Co-authored-by: Jacob Richman <jacob314@gmail.com> 2025-08-17 12:43:21 -04:00			`if (process.env['GOOGLE_GENAI_USE_VERTEXAI'] === 'true') {`
feat(auth): Enhance non-interactive gcp auth (#4811) 2025-07-25 10:19:38 -07:00			`return AuthType.USE_VERTEX_AI;`
			`}`
chore(compiler): Enable strict property access TS compiler flag. (#6255) Co-authored-by: Jacob Richman <jacob314@gmail.com> 2025-08-17 12:43:21 -04:00			`if (process.env['GEMINI_API_KEY']) {`
feat(auth): Enhance non-interactive gcp auth (#4811) 2025-07-25 10:19:38 -07:00			`return AuthType.USE_GEMINI;`
			`}`
			`return undefined;`
			`}`

feat(auth): support gemini api key and vertex auth in non-interactive mode (#4631) 2025-07-22 10:52:40 -04:00			`export async function validateNonInteractiveAuth(`
			`configuredAuthType: AuthType \| undefined,`
Add a setting to disable auth mode validation on startup (#5358) 2025-08-01 11:49:03 -07:00			`useExternalAuth: boolean \| undefined,`
feat(auth): support gemini api key and vertex auth in non-interactive mode (#4631) 2025-07-22 10:52:40 -04:00			`nonInteractiveConfig: Config,`
Add enforcedAuthType setting (#6564) 2025-09-03 15:33:37 -07:00			`settings: LoadedSettings,`
feat(auth): support gemini api key and vertex auth in non-interactive mode (#4631) 2025-07-22 10:52:40 -04:00			`) {`
JSON errors in non-interactive auth validation (#8373) 2025-09-13 08:18:40 +09:00			`try {`
fix(cli): prioritize configured auth over env vars in non-interactive mode (#10935) 2025-10-10 16:50:54 -07:00			`const effectiveAuthType = configuredAuthType \|\| getAuthTypeFromEnv();`

JSON errors in non-interactive auth validation (#8373) 2025-09-13 08:18:40 +09:00			`const enforcedType = settings.merged.security?.auth?.enforcedType;`
fix(cli): prioritize configured auth over env vars in non-interactive mode (#10935) 2025-10-10 16:50:54 -07:00			`if (enforcedType && effectiveAuthType !== enforcedType) {`
			`const message = effectiveAuthType`
			? `The enforced authentication type is '${enforcedType}', but the current type is '${effectiveAuthType}'. Please re-authenticate with the correct type.`
			: `The auth type '${enforcedType}' is enforced, but no authentication is configured.`;
			`throw new Error(message);`
Add enforcedAuthType setting (#6564) 2025-09-03 15:33:37 -07:00			`}`

JSON errors in non-interactive auth validation (#8373) 2025-09-13 08:18:40 +09:00			`if (!effectiveAuthType) {`
			const message = `Please set an Auth method in your ${USER_SETTINGS_PATH} or specify one of the following environment variables before running: GEMINI_API_KEY, GOOGLE_GENAI_USE_VERTEXAI, GOOGLE_GENAI_USE_GCA`;
			`throw new Error(message);`
			`}`
feat(auth): support gemini api key and vertex auth in non-interactive mode (#4631) 2025-07-22 10:52:40 -04:00
JSON errors in non-interactive auth validation (#8373) 2025-09-13 08:18:40 +09:00			`const authType: AuthType = effectiveAuthType as AuthType;`

			`if (!useExternalAuth) {`
			`const err = validateAuthMethod(String(authType));`
			`if (err != null) {`
			`throw new Error(err);`
			`}`
			`}`

			`await nonInteractiveConfig.refreshAuth(authType);`
			`return nonInteractiveConfig;`
			`} catch (error) {`
			`if (nonInteractiveConfig.getOutputFormat() === OutputFormat.JSON) {`
			`handleError(`
			`error instanceof Error ? error : new Error(String(error)),`
			`nonInteractiveConfig,`
			`1,`
			`);`
			`} else {`
refactor(logging): Centralize all console messaging to a shared logger (part 1) (#11537) 2025-10-20 18:16:47 -04:00			`debugLogger.error(error instanceof Error ? error.message : String(error));`
Add a setting to disable auth mode validation on startup (#5358) 2025-08-01 11:49:03 -07:00			`process.exit(1);`
			`}`
feat(auth): support gemini api key and vertex auth in non-interactive mode (#4631) 2025-07-22 10:52:40 -04:00			`}`
			`}`