singularity/singularity-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
singularity-forge/packages/pi-coding-agent
History
Tom Boucher d9cea627bf fix: detect and block Gemini CLI OAuth tokens used as API keys (#3296) 
* fix: detect and block Gemini CLI OAuth tokens used as API keys

Users who install Google's standalone Gemini CLI may inadvertently set
GEMINI_API_KEY to an OAuth access token (ya29.*) instead of an AI Studio
API key (AIza*). These tokens fail at the Google API with a confusing
error. This adds early detection at three entry points:

- AuthStorage.set(): throws when storing ya29.* as api_key for "google"
- AuthStorage.getApiKey(): blocks ya29.* from runtime overrides (--api-key)
- AuthStorage.getApiKey(): blocks ya29.* from environment variables

Each path provides a clear error message explaining the issue and
directing users to either get an API key from aistudio.google.com or
use /login google-gemini-cli for OAuth-based access.

Fixes #2157

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore: retrigger CI

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: trek-e <trek-e@users.noreply.github.com>
2026-04-05 01:05:08 -04:00
..
scripts fix: handle Windows non-ASCII paths in cpSync with copyFileSync fallback (#1181) 2026-03-18 10:13:37 -06:00
src fix: detect and block Gemini CLI OAuth tokens used as API keys (#3296) 2026-04-05 01:05:08 -04:00
package.json release: v2.63.0 2026-04-05 03:48:56 +00:00
tsconfig.json feat: vendor Pi source into workspace monorepo 2026-03-12 21:55:17 -06:00