MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-03-23 04:21:31 -07:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into feat/card-component

Browse Source
This commit is contained in:
Mark McLaughlin
2026-02-05 08:27:46 -08:00
committed by GitHub
parent d3f328dc5b ee58e1e3c1
commit 254bdbc027
24 changed files with 2278 additions and 975 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
packages/cli/src/commands/extensions/configure.test.ts
View File

@@ -17,32 +17,26 @@ import yargs from 'yargs';
import { debugLogger } from '@google/gemini-cli-core';
import {
updateSetting,
promptForSetting,
getScopedEnvContents,
type ExtensionSetting,
} from '../../config/extensions/extensionSettings.js';
import prompts from 'prompts';
import * as fs from 'node:fs';
const {
mockExtensionManager,
mockGetExtensionAndManager,
mockGetExtensionManager,
mockLoadSettings,
} = vi.hoisted(() => {
const extensionManager = {
loadExtensionConfig: vi.fn(),
getExtensions: vi.fn(),
loadExtensions: vi.fn(),
getSettings: vi.fn(),
};
return {
mockExtensionManager: extensionManager,
mockGetExtensionAndManager: vi.fn(),
mockGetExtensionManager: vi.fn(),
mockLoadSettings: vi.fn().mockReturnValue({ merged: {} }),
};
});
const { mockExtensionManager, mockGetExtensionManager, mockLoadSettings } =
vi.hoisted(() => {
const extensionManager = {
loadExtensionConfig: vi.fn(),
getExtensions: vi.fn(),
loadExtensions: vi.fn(),
getSettings: vi.fn(),
};
return {
mockExtensionManager: extensionManager,
mockGetExtensionManager: vi.fn(),
mockLoadSettings: vi.fn().mockReturnValue({ merged: {} }),
};
});
vi.mock('../../config/extension-manager.js', () => ({
ExtensionManager: vi.fn().mockImplementation(() => mockExtensionManager),
@@ -62,10 +56,13 @@ vi.mock('../utils.js', () => ({
exitCli: vi.fn(),
}));
vi.mock('./utils.js', () => ({
getExtensionAndManager: mockGetExtensionAndManager,
getExtensionManager: mockGetExtensionManager,
}));
vi.mock('./utils.js', async (importOriginal) => {
const actual = await importOriginal<typeof import('./utils.js')>();
return {
...actual,
getExtensionManager: mockGetExtensionManager,
};
});
vi.mock('prompts');
@@ -91,10 +88,6 @@ describe('extensions configure command', () => {
vi.spyOn(process, 'cwd').mockReturnValue(tempWorkspaceDir);
// Default behaviors
mockLoadSettings.mockReturnValue({ merged: {} });
mockGetExtensionAndManager.mockResolvedValue({
extension: null,
extensionManager: null,
});
mockGetExtensionManager.mockResolvedValue(mockExtensionManager);
(ExtensionManager as unknown as Mock).mockImplementation(
() => mockExtensionManager,
@@ -117,11 +110,6 @@ describe('extensions configure command', () => {
path = '/test/path',
) => {
const extension = { name, path, id };
mockGetExtensionAndManager.mockImplementation(async (n) => {
if (n === name)
return { extension, extensionManager: mockExtensionManager };
return { extension: null, extensionManager: null };
});
mockExtensionManager.getExtensions.mockReturnValue([extension]);
mockExtensionManager.loadExtensionConfig.mockResolvedValue({
@@ -144,17 +132,14 @@ describe('extensions configure command', () => {
expect.objectContaining({ name: 'test-ext' }),
'test-id',
'TEST_VAR',
promptForSetting,
expect.any(Function),
'user',
tempWorkspaceDir,
);
});
it('should handle missing extension', async () => {
mockGetExtensionAndManager.mockResolvedValue({
extension: null,
extensionManager: null,
});
mockExtensionManager.getExtensions.mockReturnValue([]);
await runCommand('config missing-ext TEST_VAR');
@@ -190,7 +175,7 @@ describe('extensions configure command', () => {
expect.objectContaining({ name: 'test-ext' }),
'test-id',
'VAR_1',
promptForSetting,
expect.any(Function),
'user',
tempWorkspaceDir,
);
@@ -205,7 +190,7 @@ describe('extensions configure command', () => {
return {};
},
);
(prompts as unknown as Mock).mockResolvedValue({ overwrite: true });
(prompts as unknown as Mock).mockResolvedValue({ confirm: true });
(updateSetting as Mock).mockResolvedValue(undefined);
await runCommand('config test-ext');
@@ -241,7 +226,7 @@ describe('extensions configure command', () => {
const settings = [{ name: 'Setting 1', envVar: 'VAR_1' }];
setupExtension('test-ext', settings);
(getScopedEnvContents as Mock).mockResolvedValue({ VAR_1: 'existing' });
(prompts as unknown as Mock).mockResolvedValue({ overwrite: false });
(prompts as unknown as Mock).mockResolvedValue({ confirm: false });
await runCommand('config test-ext');

170
packages/cli/src/commands/extensions/configure.ts
View File

@@ -5,18 +5,17 @@
*/
import type { CommandModule } from 'yargs';
import type { ExtensionSettingScope } from '../../config/extensions/extensionSettings.js';
import {
updateSetting,
promptForSetting,
ExtensionSettingScope,
getScopedEnvContents,
} from '../../config/extensions/extensionSettings.js';
import { getExtensionAndManager, getExtensionManager } from './utils.js';
configureAllExtensions,
configureExtension,
configureSpecificSetting,
getExtensionManager,
} from './utils.js';
import { loadSettings } from '../../config/settings.js';
import { debugLogger, coreEvents } from '@google/gemini-cli-core';
import { coreEvents, debugLogger } from '@google/gemini-cli-core';
import { exitCli } from '../utils.js';
import prompts from 'prompts';
import type { ExtensionConfig } from '../../config/extension.js';
interface ConfigureArgs {
name?: string;
setting?: string;
@@ -64,9 +63,12 @@ export const configureCommand: CommandModule<object, ConfigureArgs> = {
}
}
const extensionManager = await getExtensionManager();
// Case 1: Configure specific setting for an extension
if (name && setting) {
await configureSpecificSetting(
extensionManager,
name,
setting,
scope as ExtensionSettingScope,
@@ -74,152 +76,20 @@ export const configureCommand: CommandModule<object, ConfigureArgs> = {
}
// Case 2: Configure all settings for an extension
else if (name) {
await configureExtension(name, scope as ExtensionSettingScope);
await configureExtension(
extensionManager,
name,
scope as ExtensionSettingScope,
);
}
// Case 3: Configure all extensions
else {
await configureAllExtensions(scope as ExtensionSettingScope);
await configureAllExtensions(
extensionManager,
scope as ExtensionSettingScope,
);
}
await exitCli();
},
};
async function configureSpecificSetting(
extensionName: string,
settingKey: string,
scope: ExtensionSettingScope,
) {
const { extension, extensionManager } =
await getExtensionAndManager(extensionName);
if (!extension || !extensionManager) {
return;
}
const extensionConfig = await extensionManager.loadExtensionConfig(
extension.path,
);
if (!extensionConfig) {
debugLogger.error(
`Could not find configuration for extension "${extensionName}".`,
);
return;
}
await updateSetting(
extensionConfig,
extension.id,
settingKey,
promptForSetting,
scope,
process.cwd(),
);
}
async function configureExtension(
extensionName: string,
scope: ExtensionSettingScope,
) {
const { extension, extensionManager } =
await getExtensionAndManager(extensionName);
if (!extension || !extensionManager) {
return;
}
const extensionConfig = await extensionManager.loadExtensionConfig(
extension.path,
);
if (
!extensionConfig ||
!extensionConfig.settings ||
extensionConfig.settings.length === 0
) {
debugLogger.log(
`Extension "${extensionName}" has no settings to configure.`,
);
return;
}
debugLogger.log(`Configuring settings for "${extensionName}"...`);
await configureExtensionSettings(extensionConfig, extension.id, scope);
}
async function configureAllExtensions(scope: ExtensionSettingScope) {
const extensionManager = await getExtensionManager();
const extensions = extensionManager.getExtensions();
if (extensions.length === 0) {
debugLogger.log('No extensions installed.');
return;
}
for (const extension of extensions) {
const extensionConfig = await extensionManager.loadExtensionConfig(
extension.path,
);
if (
extensionConfig &&
extensionConfig.settings &&
extensionConfig.settings.length > 0
) {
debugLogger.log(`\nConfiguring settings for "${extension.name}"...`);
await configureExtensionSettings(extensionConfig, extension.id, scope);
}
}
}
async function configureExtensionSettings(
extensionConfig: ExtensionConfig,
extensionId: string,
scope: ExtensionSettingScope,
) {
const currentScopedSettings = await getScopedEnvContents(
extensionConfig,
extensionId,
scope,
process.cwd(),
);
let workspaceSettings: Record<string, string> = {};
if (scope === ExtensionSettingScope.USER) {
workspaceSettings = await getScopedEnvContents(
extensionConfig,
extensionId,
ExtensionSettingScope.WORKSPACE,
process.cwd(),
);
}
if (!extensionConfig.settings) return;
for (const setting of extensionConfig.settings) {
const currentValue = currentScopedSettings[setting.envVar];
const workspaceValue = workspaceSettings[setting.envVar];
if (workspaceValue !== undefined) {
debugLogger.log(
`Note: Setting "${setting.name}" is already configured in the workspace scope.`,
);
}
if (currentValue !== undefined) {
const response = await prompts({
type: 'confirm',
name: 'overwrite',
message: `Setting "${setting.name}" (${setting.envVar}) is already set. Overwrite?`,
initial: false,
});
if (!response.overwrite) {
continue;
}
}
await updateSetting(
extensionConfig,
extensionId,
setting.envVar,
promptForSetting,
scope,
process.cwd(),
);
}
}

227
packages/cli/src/commands/extensions/utils.ts
View File

@@ -1,17 +1,54 @@
/**
* @license
* Copyright 2025 Google LLC
* Copyright 2026 Google LLC
* SPDX-License-Identifier: Apache-2.0
*/
import { ExtensionManager } from '../../config/extension-manager.js';
import { promptForSetting } from '../../config/extensions/extensionSettings.js';
import { loadSettings } from '../../config/settings.js';
import { requestConsentNonInteractive } from '../../config/extensions/consent.js';
import {
debugLogger,
type ResolvedExtensionSetting,
} from '@google/gemini-cli-core';
import type { ExtensionConfig } from '../../config/extension.js';
import prompts from 'prompts';
import {
promptForSetting,
updateSetting,
type ExtensionSetting,
getScopedEnvContents,
ExtensionSettingScope,
} from '../../config/extensions/extensionSettings.js';
export interface ConfigLogger {
log(message: string): void;
error(message: string): void;
}
export type RequestSettingCallback = (
setting: ExtensionSetting,
) => Promise<string>;
export type RequestConfirmationCallback = (message: string) => Promise<boolean>;
const defaultLogger: ConfigLogger = {
log: (message: string) => debugLogger.log(message),
error: (message: string) => debugLogger.error(message),
};
const defaultRequestSetting: RequestSettingCallback = async (setting) =>
promptForSetting(setting);
const defaultRequestConfirmation: RequestConfirmationCallback = async (
message,
) => {
const response = await prompts({
type: 'confirm',
name: 'confirm',
message,
initial: false,
});
return response.confirm;
};
export async function getExtensionManager() {
const workspaceDir = process.cwd();
@@ -25,18 +62,192 @@ export async function getExtensionManager() {
return extensionManager;
}
export async function getExtensionAndManager(name: string) {
const extensionManager = await getExtensionManager();
export async function getExtensionAndManager(
extensionManager: ExtensionManager,
name: string,
logger: ConfigLogger = defaultLogger,
) {
const extension = extensionManager
.getExtensions()
.find((ext) => ext.name === name);
if (!extension) {
debugLogger.error(`Extension "${name}" is not installed.`);
return { extension: null, extensionManager: null };
logger.error(`Extension "${name}" is not installed.`);
return { extension: null };
}
return { extension, extensionManager };
return { extension };
}
export async function configureSpecificSetting(
extensionManager: ExtensionManager,
extensionName: string,
settingKey: string,
scope: ExtensionSettingScope,
logger: ConfigLogger = defaultLogger,
requestSetting: RequestSettingCallback = defaultRequestSetting,
) {
const { extension } = await getExtensionAndManager(
extensionManager,
extensionName,
logger,
);
if (!extension) {
return;
}
const extensionConfig = await extensionManager.loadExtensionConfig(
extension.path,
);
if (!extensionConfig) {
logger.error(
`Could not find configuration for extension "${extensionName}".`,
);
return;
}
await updateSetting(
extensionConfig,
extension.id,
settingKey,
requestSetting,
scope,
process.cwd(),
);
logger.log(`Setting "${settingKey}" updated.`);
}
export async function configureExtension(
extensionManager: ExtensionManager,
extensionName: string,
scope: ExtensionSettingScope,
logger: ConfigLogger = defaultLogger,
requestSetting: RequestSettingCallback = defaultRequestSetting,
requestConfirmation: RequestConfirmationCallback = defaultRequestConfirmation,
) {
const { extension } = await getExtensionAndManager(
extensionManager,
extensionName,
logger,
);
if (!extension) {
return;
}
const extensionConfig = await extensionManager.loadExtensionConfig(
extension.path,
);
if (
!extensionConfig ||
!extensionConfig.settings ||
extensionConfig.settings.length === 0
) {
logger.log(`Extension "${extensionName}" has no settings to configure.`);
return;
}
logger.log(`Configuring settings for "${extensionName}"...`);
await configureExtensionSettings(
extensionConfig,
extension.id,
scope,
logger,
requestSetting,
requestConfirmation,
);
}
export async function configureAllExtensions(
extensionManager: ExtensionManager,
scope: ExtensionSettingScope,
logger: ConfigLogger = defaultLogger,
requestSetting: RequestSettingCallback = defaultRequestSetting,
requestConfirmation: RequestConfirmationCallback = defaultRequestConfirmation,
) {
const extensions = extensionManager.getExtensions();
if (extensions.length === 0) {
logger.log('No extensions installed.');
return;
}
for (const extension of extensions) {
const extensionConfig = await extensionManager.loadExtensionConfig(
extension.path,
);
if (
extensionConfig &&
extensionConfig.settings &&
extensionConfig.settings.length > 0
) {
logger.log(`\nConfiguring settings for "${extension.name}"...`);
await configureExtensionSettings(
extensionConfig,
extension.id,
scope,
logger,
requestSetting,
requestConfirmation,
);
}
}
}
export async function configureExtensionSettings(
extensionConfig: ExtensionConfig,
extensionId: string,
scope: ExtensionSettingScope,
logger: ConfigLogger = defaultLogger,
requestSetting: RequestSettingCallback = defaultRequestSetting,
requestConfirmation: RequestConfirmationCallback = defaultRequestConfirmation,
) {
const currentScopedSettings = await getScopedEnvContents(
extensionConfig,
extensionId,
scope,
process.cwd(),
);
let workspaceSettings: Record<string, string> = {};
if (scope === ExtensionSettingScope.USER) {
workspaceSettings = await getScopedEnvContents(
extensionConfig,
extensionId,
ExtensionSettingScope.WORKSPACE,
process.cwd(),
);
}
if (!extensionConfig.settings) return;
for (const setting of extensionConfig.settings) {
const currentValue = currentScopedSettings[setting.envVar];
const workspaceValue = workspaceSettings[setting.envVar];
if (workspaceValue !== undefined) {
logger.log(
`Note: Setting "${setting.name}" is already configured in the workspace scope.`,
);
}
if (currentValue !== undefined) {
const confirmed = await requestConfirmation(
`Setting "${setting.name}" (${setting.envVar}) is already set. Overwrite?`,
);
if (!confirmed) {
continue;
}
}
await updateSetting(
extensionConfig,
extensionId,
setting.envVar,
requestSetting,
scope,
process.cwd(),
);
}
}
export function getFormattedSettingValue(

206
packages/cli/src/config/config.test.ts
View File

@@ -18,6 +18,7 @@ import {
type ExtensionLoader,
debugLogger,
ApprovalMode,
type MCPServerConfig,
} from '@google/gemini-cli-core';
import { loadCliConfig, parseArguments, type CliArgs } from './config.js';
import { type Settings, createTestMergedSettings } from './settings.js';
@@ -1441,6 +1442,211 @@ describe('loadCliConfig with allowed-mcp-server-names', () => {
});
});
describe('loadCliConfig with admin.mcp.config', () => {
beforeEach(() => {
vi.resetAllMocks();
vi.mocked(os.homedir).mockReturnValue('/mock/home/user');
vi.stubEnv('GEMINI_API_KEY', 'test-api-key');
vi.spyOn(ExtensionManager.prototype, 'getExtensions').mockReturnValue([]);
});
afterEach(() => {
vi.unstubAllEnvs();
vi.restoreAllMocks();
});
const localMcpServers: Record<string, MCPServerConfig> = {
serverA: {
command: 'npx',
args: ['-y', '@mcp/server-a'],
env: { KEY: 'VALUE' },
cwd: '/local/cwd',
trust: false,
},
serverB: {
command: 'npx',
args: ['-y', '@mcp/server-b'],
trust: false,
},
};
const baseSettings = createTestMergedSettings({
mcp: { serverCommand: 'npx -y @mcp/default-server' },
mcpServers: localMcpServers,
});
it('should use local configuration if admin allowlist is empty', async () => {
process.argv = ['node', 'script.js'];
const argv = await parseArguments(createTestMergedSettings());
const settings = createTestMergedSettings({
mcp: baseSettings.mcp,
mcpServers: localMcpServers,
admin: {
...baseSettings.admin,
mcp: { enabled: true, config: {} },
},
});
const config = await loadCliConfig(settings, 'test-session', argv);
expect(config.getMcpServers()).toEqual(localMcpServers);
expect(config.getMcpServerCommand()).toBe('npx -y @mcp/default-server');
});
it('should ignore locally configured servers not present in the allowlist', async () => {
process.argv = ['node', 'script.js'];
const argv = await parseArguments(createTestMergedSettings());
const adminAllowlist: Record<string, MCPServerConfig> = {
serverA: {
type: 'sse',
url: 'https://admin-server-a.com/sse',
trust: true,
},
};
const settings = createTestMergedSettings({
mcp: baseSettings.mcp,
mcpServers: localMcpServers,
admin: {
...baseSettings.admin,
mcp: { enabled: true, config: adminAllowlist },
},
});
const config = await loadCliConfig(settings, 'test-session', argv);
const mergedServers = config.getMcpServers();
expect(mergedServers).toHaveProperty('serverA');
expect(mergedServers).not.toHaveProperty('serverB');
});
it('should clear command, args, env, and cwd for present servers', async () => {
process.argv = ['node', 'script.js'];
const argv = await parseArguments(createTestMergedSettings());
const adminAllowlist: Record<string, MCPServerConfig> = {
serverA: {
type: 'sse',
url: 'https://admin-server-a.com/sse',
trust: true,
},
};
const settings = createTestMergedSettings({
mcpServers: localMcpServers,
admin: {
...baseSettings.admin,
mcp: { enabled: true, config: adminAllowlist },
},
});
const config = await loadCliConfig(settings, 'test-session', argv);
const serverA = config.getMcpServers()?.['serverA'];
expect(serverA).toEqual({
...localMcpServers['serverA'],
type: 'sse',
url: 'https://admin-server-a.com/sse',
trust: true,
command: undefined,
args: undefined,
env: undefined,
cwd: undefined,
httpUrl: undefined,
tcp: undefined,
});
});
it('should not initialize a server if it is in allowlist but missing locally', async () => {
process.argv = ['node', 'script.js'];
const argv = await parseArguments(createTestMergedSettings());
const adminAllowlist: Record<string, MCPServerConfig> = {
serverC: {
type: 'sse',
url: 'https://admin-server-c.com/sse',
trust: true,
},
};
const settings = createTestMergedSettings({
mcpServers: localMcpServers,
admin: {
...baseSettings.admin,
mcp: { enabled: true, config: adminAllowlist },
},
});
const config = await loadCliConfig(settings, 'test-session', argv);
const mergedServers = config.getMcpServers();
expect(mergedServers).not.toHaveProperty('serverC');
expect(Object.keys(mergedServers || {})).toHaveLength(0);
});
it('should merge local fields and prefer admin tool filters', async () => {
process.argv = ['node', 'script.js'];
const argv = await parseArguments(createTestMergedSettings());
const adminAllowlist: Record<string, MCPServerConfig> = {
serverA: {
type: 'sse',
url: 'https://admin-server-a.com/sse',
trust: true,
includeTools: ['admin_tool'],
},
};
const localMcpServersWithTools: Record<string, MCPServerConfig> = {
serverA: {
...localMcpServers['serverA'],
includeTools: ['local_tool'],
timeout: 1234,
},
};
const settings = createTestMergedSettings({
mcpServers: localMcpServersWithTools,
admin: {
...baseSettings.admin,
mcp: { enabled: true, config: adminAllowlist },
},
});
const config = await loadCliConfig(settings, 'test-session', argv);
const serverA = config.getMcpServers()?.['serverA'];
expect(serverA).toMatchObject({
timeout: 1234,
includeTools: ['admin_tool'],
type: 'sse',
url: 'https://admin-server-a.com/sse',
trust: true,
});
expect(serverA).not.toHaveProperty('command');
expect(serverA).not.toHaveProperty('args');
expect(serverA).not.toHaveProperty('env');
expect(serverA).not.toHaveProperty('cwd');
expect(serverA).not.toHaveProperty('httpUrl');
expect(serverA).not.toHaveProperty('tcp');
});
it('should use local tool filters when admin does not define them', async () => {
process.argv = ['node', 'script.js'];
const argv = await parseArguments(createTestMergedSettings());
const adminAllowlist: Record<string, MCPServerConfig> = {
serverA: {
type: 'sse',
url: 'https://admin-server-a.com/sse',
trust: true,
},
};
const localMcpServersWithTools: Record<string, MCPServerConfig> = {
serverA: {
...localMcpServers['serverA'],
includeTools: ['local_tool'],
},
};
const settings = createTestMergedSettings({
mcpServers: localMcpServersWithTools,
admin: {
...baseSettings.admin,
mcp: { enabled: true, config: adminAllowlist },
},
});
const config = await loadCliConfig(settings, 'test-session', argv);
const serverA = config.getMcpServers()?.['serverA'];
expect(serverA?.includeTools).toEqual(['local_tool']);
});
});
describe('loadCliConfig model selection', () => {
beforeEach(() => {
vi.spyOn(ExtensionManager.prototype, 'getExtensions').mockReturnValue([]);

54
packages/cli/src/config/config.ts
View File

@@ -12,7 +12,6 @@ import { extensionsCommand } from '../commands/extensions.js';
import { skillsCommand } from '../commands/skills.js';
import { hooksCommand } from '../commands/hooks.js';
import {
Config,
setGeminiMdFilename as setServerGeminiMdFilename,
getCurrentGeminiMdFilename,
ApprovalMode,
@@ -34,12 +33,16 @@ import {
ASK_USER_TOOL_NAME,
getVersion,
PREVIEW_GEMINI_MODEL_AUTO,
type HookDefinition,
type HookEventName,
type OutputFormat,
coreEvents,
GEMINI_MODEL_ALIAS_AUTO,
getAdminErrorMessage,
Config,
} from '@google/gemini-cli-core';
import type {
MCPServerConfig,
HookDefinition,
HookEventName,
OutputFormat,
} from '@google/gemini-cli-core';
import {
type Settings,
@@ -687,6 +690,45 @@ export async function loadCliConfig(
? mcpEnablementManager.getEnablementCallbacks()
: undefined;
const adminAllowlist = settings.admin?.mcp?.config;
let mcpServerCommand = mcpEnabled ? settings.mcp?.serverCommand : undefined;
let mcpServers = mcpEnabled ? settings.mcpServers : {};
if (mcpEnabled && adminAllowlist && Object.keys(adminAllowlist).length > 0) {
const filteredMcpServers: Record<string, MCPServerConfig> = {};
for (const [serverId, localConfig] of Object.entries(mcpServers)) {
const adminConfig = adminAllowlist[serverId];
if (adminConfig) {
const mergedConfig = {
...localConfig,
url: adminConfig.url,
type: adminConfig.type,
trust: adminConfig.trust,
};
// Remove local connection details
delete mergedConfig.command;
delete mergedConfig.args;
delete mergedConfig.env;
delete mergedConfig.cwd;
delete mergedConfig.httpUrl;
delete mergedConfig.tcp;
if (
(adminConfig.includeTools && adminConfig.includeTools.length > 0) ||
(adminConfig.excludeTools && adminConfig.excludeTools.length > 0)
) {
mergedConfig.includeTools = adminConfig.includeTools;
mergedConfig.excludeTools = adminConfig.excludeTools;
}
filteredMcpServers[serverId] = mergedConfig;
}
}
mcpServers = filteredMcpServers;
mcpServerCommand = undefined;
}
return new Config({
sessionId,
clientVersion: await getVersion(),
@@ -706,8 +748,8 @@ export async function loadCliConfig(
excludeTools,
toolDiscoveryCommand: settings.tools?.discoveryCommand,
toolCallCommand: settings.tools?.callCommand,
mcpServerCommand: mcpEnabled ? settings.mcp?.serverCommand : undefined,
mcpServers: mcpEnabled ? settings.mcpServers : {},
mcpServerCommand,
mcpServers,
mcpEnablementCallbacks,
mcpEnabled,
extensionsEnabled,

69
packages/cli/src/config/extensions/extensionSettings.test.ts
View File

@@ -821,5 +821,74 @@ describe('extensionSettings', () => {
);
// Should complete without error
});
it('should throw error if env var name contains invalid characters', async () => {
const securityConfig: ExtensionConfig = {
name: 'test-ext',
version: '1.0.0',
settings: [{ name: 's2', description: 'd2', envVar: 'VAR-BAD' }],
};
mockRequestSetting.mockResolvedValue('value');
await expect(
updateSetting(
securityConfig,
'12345',
'VAR-BAD',
mockRequestSetting,
ExtensionSettingScope.USER,
tempWorkspaceDir,
),
).rejects.toThrow(/Invalid environment variable name/);
});
it('should throw error if env var value contains newlines', async () => {
mockRequestSetting.mockResolvedValue('value\nwith\nnewlines');
await expect(
updateSetting(
config,
'12345',
'VAR1',
mockRequestSetting,
ExtensionSettingScope.USER,
tempWorkspaceDir,
),
).rejects.toThrow(/Invalid environment variable value/);
});
it('should quote values with spaces', async () => {
mockRequestSetting.mockResolvedValue('value with spaces');
await updateSetting(
config,
'12345',
'VAR1',
mockRequestSetting,
ExtensionSettingScope.USER,
tempWorkspaceDir,
);
const expectedEnvPath = path.join(extensionDir, '.env');
const actualContent = await fsPromises.readFile(expectedEnvPath, 'utf-8');
expect(actualContent).toContain('VAR1="value with spaces"');
});
it('should escape quotes in values', async () => {
mockRequestSetting.mockResolvedValue('value with "quotes"');
await updateSetting(
config,
'12345',
'VAR1',
mockRequestSetting,
ExtensionSettingScope.USER,
tempWorkspaceDir,
);
const expectedEnvPath = path.join(extensionDir, '.env');
const actualContent = await fsPromises.readFile(expectedEnvPath, 'utf-8');
expect(actualContent).toContain('VAR1="value with \\"quotes\\""');
});
});
});

14
packages/cli/src/config/extensions/extensionSettings.ts
View File

@@ -130,7 +130,19 @@ export async function maybePromptForSettings(
function formatEnvContent(settings: Record<string, string>): string {
let envContent = '';
for (const [key, value] of Object.entries(settings)) {
const formattedValue = value.includes(' ') ? `"${value}"` : value;
if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(key)) {
throw new Error(
`Invalid environment variable name: "${key}". Must contain only alphanumeric characters and underscores.`,
);
}
if (value.includes('\n') || value.includes('\r')) {
throw new Error(
`Invalid environment variable value for "${key}". Values cannot contain newlines.`,
);
}
const formattedValue = value.includes(' ')
? `"${value.replace(/\\/g, '\\\\').replace(/"/g, '\\"')}"`
: value;
envContent += `${key}=${formattedValue}\n`;
}
return envContent;

28
packages/cli/src/config/settings.test.ts
View File

@@ -76,7 +76,11 @@ import {
LoadedSettings,
sanitizeEnvVar,
} from './settings.js';
import { FatalConfigError, GEMINI_DIR } from '@google/gemini-cli-core';
import {
FatalConfigError,
GEMINI_DIR,
type MCPServerConfig,
} from '@google/gemini-cli-core';
import { updateSettingsFilePreservingFormat } from '../utils/commentJson.js';
import {
getSettingsSchema,
@@ -2350,6 +2354,28 @@ describe('Settings Loading and Merging', () => {
expect(loadedSettings.merged.admin?.extensions?.enabled).toBe(true);
});
it('should un-nest MCP configuration from remote settings', () => {
const loadedSettings = loadSettings(MOCK_WORKSPACE_DIR);
const mcpServers: Record<string, MCPServerConfig> = {
'admin-server': {
url: 'http://admin-mcp.com',
type: 'sse',
trust: true,
},
};
loadedSettings.setRemoteAdminSettings({
mcpSetting: {
mcpEnabled: true,
mcpConfig: {
mcpServers,
},
},
});
expect(loadedSettings.merged.admin?.mcp?.config).toEqual(mcpServers);
});
it('should set skills based on unmanagedCapabilitiesEnabled', () => {
const loadedSettings = loadSettings();
loadedSettings.setRemoteAdminSettings({

5
packages/cli/src/config/settings.ts
View File

@@ -412,7 +412,10 @@ export class LoadedSettings {
}
admin.secureModeEnabled = !strictModeDisabled;
admin.mcp = { enabled: mcpSetting?.mcpEnabled };
admin.mcp = {
enabled: mcpSetting?.mcpEnabled,
config: mcpSetting?.mcpConfig?.mcpServers,
};
admin.extensions = {
enabled: cliFeatureSetting?.extensionsSetting?.extensionsEnabled,
};

14
packages/cli/src/config/settingsSchema.ts
View File

@@ -1867,6 +1867,20 @@ const SETTINGS_SCHEMA = {
showInDialog: false,
mergeStrategy: MergeStrategy.REPLACE,
},
config: {
type: 'object',
label: 'MCP Config',
category: 'Admin',
requiresRestart: false,
default: {} as Record<string, MCPServerConfig>,
description: 'Admin-configured MCP servers.',
showInDialog: false,
mergeStrategy: MergeStrategy.REPLACE,
additionalProperties: {
type: 'object',
ref: 'MCPServerConfig',
},
},
},
},
skills: {

145
packages/cli/src/ui/commands/extensionsCommand.test.ts
View File

@@ -4,6 +4,8 @@
* SPDX-License-Identifier: Apache-2.0
*/
import { type ReactElement } from 'react';
import type {
ExtensionLoader,
GeminiCLIExtension,
@@ -15,7 +17,12 @@ import {
completeExtensionsAndScopes,
extensionsCommand,
} from './extensionsCommand.js';
import {
ConfigExtensionDialog,
type ConfigExtensionDialogProps,
} from '../components/ConfigExtensionDialog.js';
import { type CommandContext, type SlashCommand } from './types.js';
import {
describe,
it,
@@ -53,6 +60,20 @@ vi.mock('node:fs/promises', () => ({
stat: vi.fn(),
}));
vi.mock('../../config/extensions/extensionSettings.js', () => ({
ExtensionSettingScope: {
USER: 'user',
WORKSPACE: 'workspace',
},
getScopedEnvContents: vi.fn().mockResolvedValue({}),
promptForSetting: vi.fn(),
updateSetting: vi.fn(),
}));
vi.mock('prompts', () => ({
default: vi.fn(),
}));
vi.mock('../../config/extensions/update.js', () => ({
updateExtension: vi.fn(),
checkForAllExtensionUpdates: vi.fn(),
@@ -107,27 +128,31 @@ const allExt: GeminiCLIExtension = {
describe('extensionsCommand', () => {
let mockContext: CommandContext;
const mockDispatchExtensionState = vi.fn();
let mockExtensionLoader: unknown;
beforeEach(() => {
vi.resetAllMocks();
mockExtensionLoader = Object.create(ExtensionManager.prototype);
Object.assign(mockExtensionLoader as object, {
enableExtension: mockEnableExtension,
disableExtension: mockDisableExtension,
installOrUpdateExtension: mockInstallExtension,
uninstallExtension: mockUninstallExtension,
getExtensions: mockGetExtensions,
loadExtensionConfig: vi.fn().mockResolvedValue({
name: 'test-ext',
settings: [{ name: 'setting1', envVar: 'SETTING1' }],
}),
});
mockGetExtensions.mockReturnValue([inactiveExt, activeExt, allExt]);
vi.mocked(open).mockClear();
mockContext = createMockCommandContext({
services: {
config: {
getExtensions: mockGetExtensions,
getExtensionLoader: vi.fn().mockImplementation(() => {
const actual = Object.create(ExtensionManager.prototype);
Object.assign(actual, {
enableExtension: mockEnableExtension,
disableExtension: mockDisableExtension,
installOrUpdateExtension: mockInstallExtension,
uninstallExtension: mockUninstallExtension,
getExtensions: mockGetExtensions,
});
return actual;
}),
getExtensionLoader: vi.fn().mockReturnValue(mockExtensionLoader),
getWorkingDir: () => '/test/dir',
},
},
@@ -978,4 +1003,102 @@ describe('extensionsCommand', () => {
expect(suggestions).toEqual(['ext1']);
});
});
describe('config', () => {
let configAction: SlashCommand['action'];
beforeEach(async () => {
configAction = extensionsCommand(true).subCommands?.find(
(cmd) => cmd.name === 'config',
)?.action;
expect(configAction).not.toBeNull();
mockContext.invocation!.name = 'config';
const prompts = (await import('prompts')).default;
vi.mocked(prompts).mockResolvedValue({ overwrite: true });
const { getScopedEnvContents } = await import(
'../../config/extensions/extensionSettings.js'
);
vi.mocked(getScopedEnvContents).mockResolvedValue({});
});
it('should return dialog to configure all extensions if no args provided', async () => {
const result = await configAction!(mockContext, '');
if (result?.type !== 'custom_dialog') {
throw new Error('Expected custom_dialog');
}
const dialogResult = result;
const component =
dialogResult.component as ReactElement<ConfigExtensionDialogProps>;
expect(component.type).toBe(ConfigExtensionDialog);
expect(component.props.configureAll).toBe(true);
expect(component.props.extensionManager).toBeDefined();
});
it('should return dialog to configure specific extension', async () => {
const result = await configAction!(mockContext, 'ext-one');
if (result?.type !== 'custom_dialog') {
throw new Error('Expected custom_dialog');
}
const dialogResult = result;
const component =
dialogResult.component as ReactElement<ConfigExtensionDialogProps>;
expect(component.type).toBe(ConfigExtensionDialog);
expect(component.props.extensionName).toBe('ext-one');
expect(component.props.settingKey).toBeUndefined();
expect(component.props.configureAll).toBe(false);
});
it('should return dialog to configure specific setting for an extension', async () => {
const result = await configAction!(mockContext, 'ext-one SETTING1');
if (result?.type !== 'custom_dialog') {
throw new Error('Expected custom_dialog');
}
const dialogResult = result;
const component =
dialogResult.component as ReactElement<ConfigExtensionDialogProps>;
expect(component.type).toBe(ConfigExtensionDialog);
expect(component.props.extensionName).toBe('ext-one');
expect(component.props.settingKey).toBe('SETTING1');
expect(component.props.scope).toBe('user'); // Default scope
});
it('should respect scope argument passed to dialog', async () => {
const result = await configAction!(
mockContext,
'ext-one SETTING1 --scope=workspace',
);
if (result?.type !== 'custom_dialog') {
throw new Error('Expected custom_dialog');
}
const dialogResult = result;
const component =
dialogResult.component as ReactElement<ConfigExtensionDialogProps>;
expect(component.props.scope).toBe('workspace');
});
it('should show error for invalid extension name', async () => {
await configAction!(mockContext, '../invalid');
expect(mockContext.ui.addItem).toHaveBeenCalledWith({
type: MessageType.ERROR,
text: 'Invalid extension name. Names cannot contain path separators or "..".',
});
});
// "should inform if extension has no settings" - This check is now inside ConfigExtensionDialog logic.
// We can test that we still return a dialog, and the dialog will handle logical checks via utils.ts
// For unit testing extensionsCommand, we just ensure delegation.
it('should return dialog even if extension has no settings (dialog handles logic)', async () => {
const result = await configAction!(mockContext, 'ext-one');
if (result?.type !== 'custom_dialog') {
throw new Error('Expected custom_dialog');
}
const dialogResult = result;
const component =
dialogResult.component as ReactElement<ConfigExtensionDialogProps>;
expect(component.type).toBe(ConfigExtensionDialog);
});
});
});

84
packages/cli/src/ui/commands/extensionsCommand.ts
View File

@@ -32,6 +32,10 @@ import { SettingScope } from '../../config/settings.js';
import { McpServerEnablementManager } from '../../config/mcp/mcpServerEnablement.js';
import { theme } from '../semantic-colors.js';
import { stat } from 'node:fs/promises';
import { ExtensionSettingScope } from '../../config/extensions/extensionSettings.js';
import { type ConfigLogger } from '../../commands/extensions/utils.js';
import { ConfigExtensionDialog } from '../components/ConfigExtensionDialog.js';
import React from 'react';
function showMessageIfNoExtensions(
context: CommandContext,
@@ -583,6 +587,77 @@ async function uninstallAction(context: CommandContext, args: string) {
}
}
async function configAction(context: CommandContext, args: string) {
const parts = args.trim().split(/\s+/).filter(Boolean);
let scope = ExtensionSettingScope.USER;
const scopeEqIndex = parts.findIndex((p) => p.startsWith('--scope='));
if (scopeEqIndex > -1) {
const scopeVal = parts[scopeEqIndex].split('=')[1];
if (scopeVal === 'workspace') {
scope = ExtensionSettingScope.WORKSPACE;
} else if (scopeVal === 'user') {
scope = ExtensionSettingScope.USER;
}
parts.splice(scopeEqIndex, 1);
} else {
const scopeIndex = parts.indexOf('--scope');
if (scopeIndex > -1) {
const scopeVal = parts[scopeIndex + 1];
if (scopeVal === 'workspace' || scopeVal === 'user') {
scope =
scopeVal === 'workspace'
? ExtensionSettingScope.WORKSPACE
: ExtensionSettingScope.USER;
parts.splice(scopeIndex, 2);
}
}
}
const otherArgs = parts;
const name = otherArgs[0];
const setting = otherArgs[1];
if (name) {
if (name.includes('/') || name.includes('\\') || name.includes('..')) {
context.ui.addItem({
type: MessageType.ERROR,
text: 'Invalid extension name. Names cannot contain path separators or "..".',
});
return;
}
}
const extensionManager = context.services.config?.getExtensionLoader();
if (!(extensionManager instanceof ExtensionManager)) {
debugLogger.error(
`Cannot ${context.invocation?.name} extensions in this environment`,
);
return;
}
const logger: ConfigLogger = {
log: (message: string) => {
context.ui.addItem({ type: MessageType.INFO, text: message.trim() });
},
error: (message: string) =>
context.ui.addItem({ type: MessageType.ERROR, text: message }),
};
return {
type: 'custom_dialog' as const,
component: React.createElement(ConfigExtensionDialog, {
extensionManager,
onClose: () => context.ui.removeComponent(),
extensionName: name,
settingKey: setting,
scope,
configureAll: !name && !setting,
loggerAdapter: logger,
}),
};
}
/**
* Exported for testing.
*/
@@ -701,6 +776,14 @@ const restartCommand: SlashCommand = {
completion: completeExtensions,
};
const configCommand: SlashCommand = {
name: 'config',
description: 'Configure extension settings',
kind: CommandKind.BUILT_IN,
autoExecute: false,
action: configAction,
};
export function extensionsCommand(
enableExtensionReloading?: boolean,
): SlashCommand {
@@ -711,6 +794,7 @@ export function extensionsCommand(
installCommand,
uninstallCommand,
linkCommand,
configCommand,
]
: [];
return {

343
packages/cli/src/ui/components/ConfigExtensionDialog.tsx Normal file
View File

@@ -0,0 +1,343 @@
/**
* @license
* Copyright 2025 Google LLC
* SPDX-License-Identifier: Apache-2.0
*/
import type React from 'react';
import { useEffect, useState, useRef, useCallback } from 'react';
import { Box, Text } from 'ink';
import { theme } from '../semantic-colors.js';
import type { ExtensionManager } from '../../config/extension-manager.js';
import {
configureExtension,
configureSpecificSetting,
configureAllExtensions,
type ConfigLogger,
type RequestSettingCallback,
type RequestConfirmationCallback,
} from '../../commands/extensions/utils.js';
import {
ExtensionSettingScope,
type ExtensionSetting,
} from '../../config/extensions/extensionSettings.js';
import { TextInput } from './shared/TextInput.js';
import { useTextBuffer } from './shared/text-buffer.js';
import { DialogFooter } from './shared/DialogFooter.js';
import { type Key, useKeypress } from '../hooks/useKeypress.js';
export interface ConfigExtensionDialogProps {
extensionManager: ExtensionManager;
onClose: () => void;
extensionName?: string;
settingKey?: string;
scope?: ExtensionSettingScope;
configureAll?: boolean;
loggerAdapter: ConfigLogger;
}
type DialogState =
| { type: 'IDLE' }
| { type: 'BUSY'; message?: string }
| {
type: 'ASK_SETTING';
setting: ExtensionSetting;
resolve: (val: string) => void;
initialValue?: string;
}
| {
type: 'ASK_CONFIRMATION';
message: string;
resolve: (val: boolean) => void;
}
| { type: 'DONE' }
| { type: 'ERROR'; error: Error };
export const ConfigExtensionDialog: React.FC<ConfigExtensionDialogProps> = ({
extensionManager,
onClose,
extensionName,
settingKey,
scope = ExtensionSettingScope.USER,
configureAll,
loggerAdapter,
}) => {
const [state, setState] = useState<DialogState>({ type: 'IDLE' });
const [logMessages, setLogMessages] = useState<string[]>([]);
// Buffers for input
const settingBuffer = useTextBuffer({
initialText: '',
viewport: { width: 80, height: 1 },
singleLine: true,
isValidPath: () => true,
});
const mounted = useRef(true);
useEffect(() => {
mounted.current = true;
return () => {
mounted.current = false;
};
}, []);
const addLog = useCallback(
(msg: string) => {
setLogMessages((prev) => [...prev, msg].slice(-5)); // Keep last 5
loggerAdapter.log(msg);
},
[loggerAdapter],
);
const requestSetting: RequestSettingCallback = useCallback(
async (setting) =>
new Promise<string>((resolve) => {
if (!mounted.current) return;
settingBuffer.setText(''); // Clear buffer
setState({
type: 'ASK_SETTING',
setting,
resolve: (val) => {
resolve(val);
setState({ type: 'BUSY', message: 'Updating...' });
},
});
}),
[settingBuffer],
);
const requestConfirmation: RequestConfirmationCallback = useCallback(
async (message) =>
new Promise<boolean>((resolve) => {
if (!mounted.current) return;
setState({
type: 'ASK_CONFIRMATION',
message,
resolve: (val) => {
resolve(val);
setState({ type: 'BUSY', message: 'Processing...' });
},
});
}),
[],
);
useEffect(() => {
async function run() {
try {
setState({ type: 'BUSY', message: 'Initializing...' });
// Wrap logger to capture logs locally too
const localLogger: ConfigLogger = {
log: (msg) => {
addLog(msg);
},
error: (msg) => {
addLog('Error: ' + msg);
loggerAdapter.error(msg);
},
};
if (configureAll) {
await configureAllExtensions(
extensionManager,
scope,
localLogger,
requestSetting,
requestConfirmation,
);
} else if (extensionName && settingKey) {
await configureSpecificSetting(
extensionManager,
extensionName,
settingKey,
scope,
localLogger,
requestSetting,
);
} else if (extensionName) {
await configureExtension(
extensionManager,
extensionName,
scope,
localLogger,
requestSetting,
requestConfirmation,
);
}
if (mounted.current) {
setState({ type: 'DONE' });
// Delay close slightly to show done
setTimeout(onClose, 1000);
}
} catch (err: unknown) {
if (mounted.current) {
const error = err instanceof Error ? err : new Error(String(err));
setState({ type: 'ERROR', error });
loggerAdapter.error(error.message);
}
}
}
// Only run once
if (state.type === 'IDLE') {
void run();
}
}, [
extensionManager,
extensionName,
settingKey,
scope,
configureAll,
loggerAdapter,
requestSetting,
requestConfirmation,
addLog,
onClose,
state.type,
]);
// Handle Input Submission
const handleSettingSubmit = (val: string) => {
if (state.type === 'ASK_SETTING') {
state.resolve(val);
}
};
// Handle Keys for Confirmation
useKeypress(
(key: Key) => {
if (state.type === 'ASK_CONFIRMATION') {
if (key.name === 'y' || key.name === 'return') {
state.resolve(true);
return true;
}
if (key.name === 'n' || key.name === 'escape') {
state.resolve(false);
return true;
}
}
if (state.type === 'DONE' || state.type === 'ERROR') {
if (key.name === 'return' || key.name === 'escape') {
onClose();
return true;
}
}
return false;
},
{
isActive:
state.type === 'ASK_CONFIRMATION' ||
state.type === 'DONE' ||
state.type === 'ERROR',
},
);
if (state.type === 'BUSY' || state.type === 'IDLE') {
return (
<Box
flexDirection="column"
borderStyle="round"
borderColor={theme.border.default}
paddingX={1}
>
<Text color={theme.text.secondary}>
{state.type === 'BUSY' ? state.message : 'Starting...'}
</Text>
{logMessages.map((msg, i) => (
<Text key={i}>{msg}</Text>
))}
</Box>
);
}
if (state.type === 'ASK_SETTING') {
return (
<Box
flexDirection="column"
borderStyle="round"
borderColor={theme.border.default}
paddingX={1}
>
<Text bold color={theme.text.primary}>
Configure {state.setting.name}
</Text>
<Text color={theme.text.secondary}>
{state.setting.description || state.setting.envVar}
</Text>
<Box flexDirection="row" marginTop={1}>
<Text color={theme.text.accent}>{'> '}</Text>
<TextInput
buffer={settingBuffer}
onSubmit={handleSettingSubmit}
focus={true}
placeholder={`Enter value for ${state.setting.name}`}
/>
</Box>
<DialogFooter primaryAction="Enter to submit" />
</Box>
);
}
if (state.type === 'ASK_CONFIRMATION') {
return (
<Box
flexDirection="column"
borderStyle="round"
borderColor={theme.border.default}
paddingX={1}
>
<Text color={theme.status.warning} bold>
Confirmation Required
</Text>
<Text>{state.message}</Text>
<Box marginTop={1}>
<Text color={theme.text.secondary}>
Press{' '}
<Text color={theme.text.accent} bold>
Y
</Text>{' '}
to confirm or{' '}
<Text color={theme.text.accent} bold>
N
</Text>{' '}
to cancel
</Text>
</Box>
</Box>
);
}
if (state.type === 'ERROR') {
return (
<Box
flexDirection="column"
borderStyle="round"
borderColor={theme.status.error}
paddingX={1}
>
<Text color={theme.status.error} bold>
Error
</Text>
<Text>{state.error.message}</Text>
<DialogFooter primaryAction="Enter to close" />
</Box>
);
}
return (
<Box
flexDirection="column"
borderStyle="round"
borderColor={theme.status.success}
paddingX={1}
>
<Text color={theme.status.success} bold>
Configuration Complete
</Text>
<DialogFooter primaryAction="Enter to close" />
</Box>
);
};

17
packages/core/src/core/geminiChat.ts
View File

@@ -394,16 +394,23 @@ export class GeminiChat {
return; // Stop the generator
}
if (isConnectionPhase) {
throw error;
}
lastError = error;
const isContentError = error instanceof InvalidStreamError;
// Check if the error is retryable (e.g., transient SSL errors
// like ERR_SSL_SSLV3_ALERT_BAD_RECORD_MAC)
const isRetryable = isRetryableError(
error,
this.config.getRetryFetchErrors(),
);
// For connection phase errors, only retryable errors should continue
if (isConnectionPhase) {
if (!isRetryable || signal.aborted) {
throw error;
}
// Fall through to retry logic for retryable connection errors
}
lastError = error;
const isContentError = error instanceof InvalidStreamError;
if (
(isContentError && isGemini2Model(model)) ||
(isRetryable && !signal.aborted)

200
packages/core/src/core/geminiChat_network_retry.test.ts
View File

@@ -274,4 +274,204 @@ describe('GeminiChat Network Retries', () => {
expect(mockLogContentRetry).not.toHaveBeenCalled();
});
it('should retry on SSL error during connection phase (ERR_SSL_SSLV3_ALERT_BAD_RECORD_MAC)', async () => {
// Create an SSL error that occurs during connection (before any yield)
const sslError = new Error(
'SSL routines:ssl3_read_bytes:sslv3 alert bad record mac',
);
(sslError as NodeJS.ErrnoException).code =
'ERR_SSL_SSLV3_ALERT_BAD_RECORD_MAC';
vi.mocked(mockContentGenerator.generateContentStream)
// First call: throw SSL error immediately (connection phase)
.mockRejectedValueOnce(sslError)
// Second call: succeed
.mockImplementationOnce(async () =>
(async function* () {
yield {
candidates: [
{
content: { parts: [{ text: 'Success after SSL retry' }] },
finishReason: 'STOP',
},
],
} as unknown as GenerateContentResponse;
})(),
);
const stream = await chat.sendMessageStream(
{ model: 'test-model' },
'test message',
'prompt-id-ssl-retry',
new AbortController().signal,
);
const events: StreamEvent[] = [];
for await (const event of stream) {
events.push(event);
}
// Should have retried and succeeded
const retryEvent = events.find((e) => e.type === StreamEventType.RETRY);
expect(retryEvent).toBeDefined();
const successChunk = events.find(
(e) =>
e.type === StreamEventType.CHUNK &&
e.value.candidates?.[0]?.content?.parts?.[0]?.text ===
'Success after SSL retry',
);
expect(successChunk).toBeDefined();
// Verify the API was called twice (initial + retry)
expect(mockContentGenerator.generateContentStream).toHaveBeenCalledTimes(2);
});
it('should retry on ECONNRESET error during connection phase', async () => {
const connectionError = new Error('read ECONNRESET');
(connectionError as NodeJS.ErrnoException).code = 'ECONNRESET';
vi.mocked(mockContentGenerator.generateContentStream)
.mockRejectedValueOnce(connectionError)
.mockImplementationOnce(async () =>
(async function* () {
yield {
candidates: [
{
content: {
parts: [{ text: 'Success after connection retry' }],
},
finishReason: 'STOP',
},
],
} as unknown as GenerateContentResponse;
})(),
);
const stream = await chat.sendMessageStream(
{ model: 'test-model' },
'test message',
'prompt-id-connection-retry',
new AbortController().signal,
);
const events: StreamEvent[] = [];
for await (const event of stream) {
events.push(event);
}
const retryEvent = events.find((e) => e.type === StreamEventType.RETRY);
expect(retryEvent).toBeDefined();
const successChunk = events.find(
(e) =>
e.type === StreamEventType.CHUNK &&
e.value.candidates?.[0]?.content?.parts?.[0]?.text ===
'Success after connection retry',
);
expect(successChunk).toBeDefined();
});
it('should NOT retry on non-retryable error during connection phase', async () => {
const nonRetryableError = new Error('Some non-retryable error');
vi.mocked(mockContentGenerator.generateContentStream).mockRejectedValueOnce(
nonRetryableError,
);
const stream = await chat.sendMessageStream(
{ model: 'test-model' },
'test message',
'prompt-id-no-connection-retry',
new AbortController().signal,
);
await expect(async () => {
for await (const _ of stream) {
// consume
}
}).rejects.toThrow(nonRetryableError);
// Should only be called once (no retry)
expect(mockContentGenerator.generateContentStream).toHaveBeenCalledTimes(1);
});
it('should retry on SSL error during stream iteration (mid-stream failure)', async () => {
// This simulates the exact scenario from issue #17318 where the error
// occurs during a long session while streaming content
const sslError = new Error(
'request to https://cloudcode-pa.googleapis.com/v1internal:streamGenerateContent failed',
) as NodeJS.ErrnoException & { type?: string };
sslError.type = 'system';
sslError.errno = 'ERR_SSL_SSLV3_ALERT_BAD_RECORD_MAC' as unknown as number;
sslError.code = 'ERR_SSL_SSLV3_ALERT_BAD_RECORD_MAC';
vi.mocked(mockContentGenerator.generateContentStream)
// First call: yield some content, then throw SSL error mid-stream
.mockImplementationOnce(async () =>
(async function* () {
yield {
candidates: [
{ content: { parts: [{ text: 'Partial response...' }] } },
],
} as unknown as GenerateContentResponse;
// SSL error occurs while waiting for more data
throw sslError;
})(),
)
// Second call: succeed
.mockImplementationOnce(async () =>
(async function* () {
yield {
candidates: [
{
content: { parts: [{ text: 'Complete response after retry' }] },
finishReason: 'STOP',
},
],
} as unknown as GenerateContentResponse;
})(),
);
const stream = await chat.sendMessageStream(
{ model: 'test-model' },
'test message',
'prompt-id-ssl-mid-stream',
new AbortController().signal,
);
const events: StreamEvent[] = [];
for await (const event of stream) {
events.push(event);
}
// Should have received partial content, then retry, then success
const partialChunk = events.find(
(e) =>
e.type === StreamEventType.CHUNK &&
e.value.candidates?.[0]?.content?.parts?.[0]?.text ===
'Partial response...',
);
expect(partialChunk).toBeDefined();
const retryEvent = events.find((e) => e.type === StreamEventType.RETRY);
expect(retryEvent).toBeDefined();
const successChunk = events.find(
(e) =>
e.type === StreamEventType.CHUNK &&
e.value.candidates?.[0]?.content?.parts?.[0]?.text ===
'Complete response after retry',
);
expect(successChunk).toBeDefined();
// Verify retry logging was called with NETWORK_ERROR type
expect(mockLogContentRetry).toHaveBeenCalledWith(
expect.anything(),
expect.objectContaining({
error_type: 'NETWORK_ERROR',
}),
);
});
});

81
packages/core/src/utils/retry.test.ts
View File

@@ -409,6 +409,87 @@ describe('retryWithBackoff', () => {
await vi.runAllTimersAsync();
await expect(promise).resolves.toBe('success');
});
it('should retry on SSL error code (ERR_SSL_SSLV3_ALERT_BAD_RECORD_MAC)', async () => {
const error = new Error('SSL error');
(error as any).code = 'ERR_SSL_SSLV3_ALERT_BAD_RECORD_MAC';
const mockFn = vi
.fn()
.mockRejectedValueOnce(error)
.mockResolvedValue('success');
const promise = retryWithBackoff(mockFn, {
initialDelayMs: 1,
maxDelayMs: 1,
});
await vi.runAllTimersAsync();
await expect(promise).resolves.toBe('success');
expect(mockFn).toHaveBeenCalledTimes(2);
});
it('should retry on SSL error code in deeply nested cause chain', async () => {
const deepCause = new Error('OpenSSL error');
(deepCause as any).code = 'ERR_SSL_BAD_RECORD_MAC';
const middleCause = new Error('TLS handshake failed');
(middleCause as any).cause = deepCause;
const outerError = new Error('fetch failed');
(outerError as any).cause = middleCause;
const mockFn = vi
.fn()
.mockRejectedValueOnce(outerError)
.mockResolvedValue('success');
const promise = retryWithBackoff(mockFn, {
initialDelayMs: 1,
maxDelayMs: 1,
});
await vi.runAllTimersAsync();
await expect(promise).resolves.toBe('success');
expect(mockFn).toHaveBeenCalledTimes(2);
});
it('should retry on EPROTO error (generic protocol/SSL error)', async () => {
const error = new Error('Protocol error');
(error as any).code = 'EPROTO';
const mockFn = vi
.fn()
.mockRejectedValueOnce(error)
.mockResolvedValue('success');
const promise = retryWithBackoff(mockFn, {
initialDelayMs: 1,
maxDelayMs: 1,
});
await vi.runAllTimersAsync();
await expect(promise).resolves.toBe('success');
expect(mockFn).toHaveBeenCalledTimes(2);
});
it('should retry on gaxios-style SSL error with code property', async () => {
// This matches the exact structure from issue #17318
const error = new Error(
'request to https://cloudcode-pa.googleapis.com/v1internal:streamGenerateContent failed',
);
(error as any).type = 'system';
(error as any).errno = 'ERR_SSL_SSLV3_ALERT_BAD_RECORD_MAC';
(error as any).code = 'ERR_SSL_SSLV3_ALERT_BAD_RECORD_MAC';
const mockFn = vi
.fn()
.mockRejectedValueOnce(error)
.mockResolvedValue('success');
const promise = retryWithBackoff(mockFn, {
initialDelayMs: 1,
maxDelayMs: 1,
});
await vi.runAllTimersAsync();
await expect(promise).resolves.toBe('success');
expect(mockFn).toHaveBeenCalledTimes(2);
});
});
describe('Flash model fallback for OAuth users', () => {

24
packages/core/src/utils/retry.ts
View File

@@ -54,6 +54,12 @@ const RETRYABLE_NETWORK_CODES = [
'ENOTFOUND',
'EAI_AGAIN',
'ECONNREFUSED',
// SSL/TLS transient errors
'ERR_SSL_SSLV3_ALERT_BAD_RECORD_MAC',
'ERR_SSL_WRONG_VERSION_NUMBER',
'ERR_SSL_DECRYPTION_FAILED_OR_BAD_RECORD_MAC',
'ERR_SSL_BAD_RECORD_MAC',
'EPROTO', // Generic protocol error (often SSL-related)
];
function getNetworkErrorCode(error: unknown): string | undefined {
@@ -72,8 +78,22 @@ function getNetworkErrorCode(error: unknown): string | undefined {
return directCode;
}
if (typeof error === 'object' && error !== null && 'cause' in error) {
return getCode((error as { cause: unknown }).cause);
// Traverse the cause chain to find error codes (SSL errors are often nested)
let current: unknown = error;
const maxDepth = 5; // Prevent infinite loops in case of circular references
for (let depth = 0; depth < maxDepth; depth++) {
if (
typeof current !== 'object' ||
current === null ||
!('cause' in current)
) {
break;
}
current = (current as { cause: unknown }).cause;
const code = getCode(current);
if (code) {
return code;
}
}
return undefined;