singularity/singularity-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
singularity-forge/packages/pi-coding-agent/src
History
Tom Boucher d9cea627bf fix: detect and block Gemini CLI OAuth tokens used as API keys (#3296) 
* fix: detect and block Gemini CLI OAuth tokens used as API keys

Users who install Google's standalone Gemini CLI may inadvertently set
GEMINI_API_KEY to an OAuth access token (ya29.*) instead of an AI Studio
API key (AIza*). These tokens fail at the Google API with a confusing
error. This adds early detection at three entry points:

- AuthStorage.set(): throws when storing ya29.* as api_key for "google"
- AuthStorage.getApiKey(): blocks ya29.* from runtime overrides (--api-key)
- AuthStorage.getApiKey(): blocks ya29.* from environment variables

Each path provides a clear error message explaining the issue and
directing users to either get an API key from aistudio.google.com or
use /login google-gemini-cli for OAuth-based access.

Fixes #2157

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore: retrigger CI

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: trek-e <trek-e@users.noreply.github.com>
2026-04-05 01:05:08 -04:00
..
cli feat: Wire --bare mode across headless → pi-coding-agent → resource-loa… 2026-03-26 11:39:25 -06:00
core fix: detect and block Gemini CLI OAuth tokens used as API keys (#3296) 2026-04-05 01:05:08 -04:00
modes fix: route non-builtin slash commands after TUI dispatch 2026-04-03 06:44:09 +02:00
resources/extensions/memory refactor(test): replace try/finally with beforeEach/afterEach in packages tests (#2390) 2026-03-24 21:34:10 -06:00
tests fix: normalize Windows paths in LLM-visible text to prevent bash failures (#874) (#884) 2026-03-17 09:02:23 -06:00
utils fix(windows): prevent EINVAL by disabling detached process groups on Win32 (#2744) 2026-03-26 16:08:03 -06:00
cli.ts feat: vendor Pi source into workspace monorepo 2026-03-12 21:55:17 -06:00
config.ts refactor: remove dead code (unused exports) (#1486) 2026-03-19 15:33:32 -06:00
index.ts fix(security): add configurable overrides for command allowlist and SSRF blocklist 2026-04-02 13:45:05 +02:00
main.ts feat: Wire --bare mode across headless → pi-coding-agent → resource-loa… 2026-03-26 11:39:25 -06:00
migrations.ts refactor: remove dead code (unused exports) (#1486) 2026-03-19 15:33:32 -06:00