feat(core): Support GDC air-gapped Service Identity after auth library update

[sidhantgoyal-droid]

Summary

Adds support for GDCH air-gapped service identity token exchange. The underlying google-auth-library was recently updated to v10.7.0 in google-cloud-node PR which introduced support for this. This PR properly passes the apiEndpoint to googleAuthOptions.clientOptions when GOOGLE_VERTEX_BASE_URL is set, allowing the auth library to correctly perform STS token exchange in GDCH environments.

Details

The logic wraps apiEndpoint appropriately in clientOptions inside googleAuthOptions. A new test case has also been added to contentGenerator.test.ts to assert that apiEndpoint is correctly populated.

Related Issues

Fixes #27917

How to Validate

1. Run the test suite for core: npm test -w @google/gemini-cli-core -- src/core/contentGenerator.test.ts
2. Test manually by setting GOOGLE_VERTEX_BASE_URL and verifying if the generated GoogleAuth instance includes the apiEndpoint.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enables support for GDC air-gapped service identity token exchange. By leveraging recent updates in the underlying Google Auth library, the changes ensure that the apiEndpoint is correctly configured when the GOOGLE_VERTEX_BASE_URL environment variable is present, facilitating successful authentication in air-gapped environments.

Highlights

• GDCH Air-gapped Support: Added support for GDC air-gapped service identity token exchange by correctly passing the apiEndpoint to the Google Auth library.
• Configuration Updates: Updated the content generator to detect GOOGLE_VERTEX_BASE_URL and inject it into the clientOptions for proper authentication in GDCH environments.
• Test Coverage: Added a new test case to verify that the apiEndpoint is correctly populated in the GoogleAuth configuration when the environment variable is set.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

📊 PR Size: size/M

• Lines changed: 94
• Additions: +67
• Deletions: -27
• Files changed: 2

[gemini-code-assist]

Code Review

This pull request adds support for injecting the Vertex AI base URL into the Google Auth client options when Vertex AI is enabled. It also updates the unit tests to assert this behavior and refactors existing assertions to use nested object matchers. The review feedback suggests a high-severity improvement: instead of reading the environment variable directly, the code should leverage the already resolved and validated baseUrl variable to ensure that custom base URLs configured via the configuration object are also supported.