From 509dba96ccd860f489d2675f813226a831d6d136 Mon Sep 17 00:00:00 2001 From: Spencer Date: Mon, 30 Mar 2026 16:35:29 +0000 Subject: [PATCH] fix(rebase): resolve remaining omissions from rebase on main --- packages/a2a-server/src/config/config.ts | 82 +++++++------------ packages/core/.geminiignore | 0 packages/core/.gitignore | 0 packages/core/src/policy/topic-policy.test.ts | 9 +- 4 files changed, 34 insertions(+), 57 deletions(-) create mode 100644 packages/core/.geminiignore create mode 100644 packages/core/.gitignore diff --git a/packages/a2a-server/src/config/config.ts b/packages/a2a-server/src/config/config.ts index 367fdc1b08..a547eb9235 100644 --- a/packages/a2a-server/src/config/config.ts +++ b/packages/a2a-server/src/config/config.ts @@ -25,7 +25,6 @@ import { ExperimentFlags, isHeadlessMode, FatalAuthenticationError, - isCloudShell, type TelemetryTarget, type ConfigParameters, type ExtensionLoader, @@ -41,7 +40,6 @@ export async function loadConfig( taskId: string, ): Promise { const workspaceDir = process.cwd(); - const adcFilePath = process.env['GOOGLE_APPLICATION_CREDENTIALS']; const folderTrust = settings.folderTrust === true || @@ -174,7 +172,7 @@ export async function loadConfig( await config.waitForMcpInit(); startupProfiler.flush(config); - await refreshAuthentication(config, adcFilePath, 'Config'); + await refreshAuthentication(config, 'Config'); return config; } @@ -245,75 +243,51 @@ function findEnvFile(startDir: string): string | null { async function refreshAuthentication( config: Config, - adcFilePath: string | undefined, logPrefix: string, ): Promise { if (process.env['USE_CCPA']) { logger.info(`[${logPrefix}] Using CCPA Auth:`); + + logger.info(`[${logPrefix}] Attempting COMPUTE_ADC first.`); try { - if (adcFilePath) { - path.resolve(adcFilePath); - } - } catch (e) { - logger.error( - `[${logPrefix}] USE_CCPA env var is true but unable to resolve GOOGLE_APPLICATION_CREDENTIALS file path ${adcFilePath}. Error ${e}`, + await config.refreshAuth(AuthType.COMPUTE_ADC); + logger.info(`[${logPrefix}] COMPUTE_ADC successful.`); + } catch (adcError) { + const adcMessage = + adcError instanceof Error ? adcError.message : String(adcError); + logger.info( + `[${logPrefix}] COMPUTE_ADC failed or not available: ${adcMessage}`, ); - } - const useComputeAdc = process.env['GEMINI_CLI_USE_COMPUTE_ADC'] === 'true'; - const isHeadless = isHeadlessMode(); - const shouldSkipOauth = isHeadless || useComputeAdc; + const useComputeAdc = + process.env['GEMINI_CLI_USE_COMPUTE_ADC'] === 'true'; + const isHeadless = isHeadlessMode(); - if (shouldSkipOauth) { - if (isCloudShell() || useComputeAdc) { - logger.info( - `[${logPrefix}] Skipping LOGIN_WITH_GOOGLE due to ${isHeadless ? 'headless mode' : 'GEMINI_CLI_USE_COMPUTE_ADC'}. Attempting COMPUTE_ADC.`, - ); - try { - await config.refreshAuth(AuthType.COMPUTE_ADC); - logger.info(`[${logPrefix}] COMPUTE_ADC successful.`); - } catch (adcError) { - const adcMessage = - adcError instanceof Error ? adcError.message : String(adcError); - throw new FatalAuthenticationError( - `COMPUTE_ADC failed: ${adcMessage}. (Skipped LOGIN_WITH_GOOGLE due to ${isHeadless ? 'headless mode' : 'GEMINI_CLI_USE_COMPUTE_ADC'})`, - ); - } - } else { + if (isHeadless || useComputeAdc) { + const reason = isHeadless + ? 'headless mode' + : 'GEMINI_CLI_USE_COMPUTE_ADC=true'; throw new FatalAuthenticationError( - `Interactive terminal required for LOGIN_WITH_GOOGLE. Run in an interactive terminal or set GEMINI_CLI_USE_COMPUTE_ADC=true to use Application Default Credentials.`, + `COMPUTE_ADC failed: ${adcMessage}. (LOGIN_WITH_GOOGLE fallback skipped due to ${reason}. Run in an interactive terminal to use OAuth.)`, ); } - } else { + + logger.info( + `[${logPrefix}] COMPUTE_ADC failed, falling back to LOGIN_WITH_GOOGLE.`, + ); try { await config.refreshAuth(AuthType.LOGIN_WITH_GOOGLE); } catch (e) { - if ( - e instanceof FatalAuthenticationError && - (isCloudShell() || useComputeAdc) - ) { - logger.warn( - `[${logPrefix}] LOGIN_WITH_GOOGLE failed. Attempting COMPUTE_ADC fallback.`, + if (e instanceof FatalAuthenticationError) { + const originalMessage = e instanceof Error ? e.message : String(e); + throw new FatalAuthenticationError( + `${originalMessage}. The initial COMPUTE_ADC attempt also failed: ${adcMessage}`, ); - try { - await config.refreshAuth(AuthType.COMPUTE_ADC); - logger.info(`[${logPrefix}] COMPUTE_ADC fallback successful.`); - } catch (adcError) { - logger.error( - `[${logPrefix}] COMPUTE_ADC fallback failed: ${adcError}`, - ); - const originalMessage = e instanceof Error ? e.message : String(e); - const adcMessage = - adcError instanceof Error ? adcError.message : String(adcError); - throw new FatalAuthenticationError( - `${originalMessage}. Fallback to COMPUTE_ADC also failed: ${adcMessage}`, - ); - } - } else { - throw e; } + throw e; } } + logger.info( `[${logPrefix}] GOOGLE_CLOUD_PROJECT: ${process.env['GOOGLE_CLOUD_PROJECT']}`, ); diff --git a/packages/core/.geminiignore b/packages/core/.geminiignore new file mode 100644 index 0000000000..e69de29bb2 diff --git a/packages/core/.gitignore b/packages/core/.gitignore new file mode 100644 index 0000000000..e69de29bb2 diff --git a/packages/core/src/policy/topic-policy.test.ts b/packages/core/src/policy/topic-policy.test.ts index 91450af056..77c73b3adf 100644 --- a/packages/core/src/policy/topic-policy.test.ts +++ b/packages/core/src/policy/topic-policy.test.ts @@ -48,11 +48,14 @@ describe('Topic Tool Policy', () => { expect(result.decision).toBe(PolicyDecision.ALLOW); }); - it('should allow update_topic in YOLO mode', async () => { + it('should allow update_topic in wildcard mode', async () => { const rules = await loadDefaultPolicies(); const engine = new PolicyEngine({ - rules, - approvalMode: ApprovalMode.YOLO, + rules: [ + ...rules, + { toolName: '*', decision: PolicyDecision.ALLOW, priority: 1 }, + ], + approvalMode: ApprovalMode.DEFAULT, }); const result = await engine.check(