Skip to content

fix(google-gemini-cli-auth): fix Gemini CLI OAuth failures on Windows#40729

Merged
vincentkoc merged 4 commits intoopenclaw:mainfrom
hughcube:fix/windows-gemini-cli-oauth
Apr 4, 2026
Merged

fix(google-gemini-cli-auth): fix Gemini CLI OAuth failures on Windows#40729
vincentkoc merged 4 commits intoopenclaw:mainfrom
hughcube:fix/windows-gemini-cli-oauth

Conversation

@hughcube
Copy link
Copy Markdown
Contributor

@hughcube hughcube commented Mar 9, 2026
edited
Loading

Summary

Gemini CLI OAuth is broken on Windows when gemini-cli is installed via nvm. Two independent bugs prevent setup from completing.

Bug 1: extractGeminiCliCredentials accepts wrong oauth2.js and gives up

Root cause: On Windows with nvm, gemini.cmd resolves (via realpathSync) to e.g. C:\Users\<user>\AppData\Local\nvm\v24.1.0\gemini.cmd. The first candidate path dirname(dirname(resolvedPath)) becomes C:\Users\<user>\AppData\Local\nvm — the nvm root directory.

Since the direct path checks fail for this directory, findFile kicks in with depth 10 and finds discord-api-types/payloads/v10/oauth2.js — a completely unrelated file. The code then immediately breaks out of the candidate loop and tries to extract credentials from this Discord types file. The regex naturally fails, and the function returns null, surfacing as:

Error: Gemini CLI not found. Install it first: brew install gemini-cli

Fix: Move the credential regex validation (googleusercontent.com + GOCSPX-) inside the candidate loop. When a found oauth2.js does not contain valid Google OAuth credentials, the search now continues to the next candidate instead of giving up. This is a minimal, defensive change that:

  • Does not alter resolveGeminiCliDirs or the candidate generation logic
  • Preserves all existing install layout support (npm global, Homebrew, etc.)
  • Only changes behavior when the wrong file is found — correct files match on first try as before

Bug 2: resolvePlatform returns "WINDOWS" which Google API rejects

Root cause: resolvePlatform() returns "WINDOWS" on win32, but Google's loadCodeAssist API does not accept it as a valid Platform enum value (same as "LINUX"). All three endpoints respond with 400 INVALID_ARGUMENT.

Fix: Use "PLATFORM_UNSPECIFIED" for all non-macOS platforms, consistent with how "LINUX" was already handled.

Test plan

  • Verified both fixes resolve the issues on Windows 10 with nvm4w + Node.js v24.1.0
  • Updated getExpectedPlatform() test helper to match new resolvePlatform() behavior
  • Reverted test mock changes from previous approach — tests now match upstream structure
  • Existing test suite should pass on CI (Linux/macOS unaffected)

@openclaw-barnacle openclaw-barnacle bot added extensions: google-gemini-cli-auth Extension: google-gemini-cli-auth size: S labels Mar 9, 2026
@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps bot commented Mar 9, 2026

Greptile Summary

This PR fixes two independent Windows-only bugs in the Gemini CLI OAuth flow:

  1. resolveGeminiCliDirs guard (oauth.ts:164-169): Candidates are now validated by checking for package.json or node_modules/@google/gemini-cli-core before being included. This prevents the nvm root (and other unrelated ancestor directories) from being passed to the expensive findFile DFS traversal, which was previously finding oauth2.js from unrelated packages like discord-api-types.

  2. resolvePlatform simplification (oauth.ts:238-246): The "WINDOWS" branch is removed; all non-macOS platforms now return "PLATFORM_UNSPECIFIED", consistent with the pre-existing treatment of Linux. This resolves the 400 INVALID_ARGUMENT errors from Google's loadCodeAssist API that rejects both "LINUX" and "WINDOWS" as invalid Platform enum values.

  3. Test updates (oauth.test.ts): Mock existsSync implementations now validate the package.json path check, and getExpectedPlatform() correctly expects "PLATFORM_UNSPECIFIED" on all non-macOS platforms.

Both changes are narrow, focused fixes with no impact on Linux or macOS behavior.

Confidence Score: 5/5

  • This PR is safe to merge — both changes are narrow, well-reasoned fixes for Windows-specific regressions with no impact on Linux or macOS behavior.
  • The PR fixes two concrete, reproducible bugs with targeted changes. The resolvePlatform fix is trivially correct (removing a rejected enum value). The resolveGeminiCliDirs validation is sound — valid gemini-cli package directories will always contain package.json, so the filter is reliable. Tests cover both fix paths. No files require special attention.
  • No files require special attention

Last reviewed commit: 19531f6

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Mar 9, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 19531f686c

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

@hughcube hughcube force-pushed the fix/windows-gemini-cli-oauth branch from 59ac27b to d9b89fe Compare March 9, 2026 07:36
@byungsker

This comment was marked as spam.

Sign in to view
@hughcube hughcube force-pushed the fix/windows-gemini-cli-oauth branch 2 times, most recently from 612db0b to 88d1d76 Compare March 9, 2026 09:13
@hughcube hughcube mentioned this pull request Mar 10, 2026
Open
@hughcube
Copy link
Copy Markdown
Contributor Author

hughcube commented Mar 10, 2026

Friendly ping 🙂 — all CI checks are green and the PR is mergeable. Filed #41800 to track the underlying Windows bug.

cc @steipete @mbelinky @obviyus — would appreciate a review when you get a chance. This fixes two independent bugs that completely break Gemini CLI OAuth on Windows (nvm installs). Happy to address any feedback!

@openclaw-barnacle
Copy link
Copy Markdown

openclaw-barnacle bot commented Mar 10, 2026

Please don’t spam-ping multiple maintainers at once. Be patient, or join our community Discord for help: https://discord.gg/clawd

@vincentkoc vincentkoc self-assigned this Apr 4, 2026
hughcube and others added 2 commits April 4, 2026 22:38
@hughcube @vincentkoc
fix(google-gemini-cli-auth): fix Gemini CLI OAuth failures on Windows
be9e343 
Two issues prevented Gemini CLI OAuth from working on Windows:

1. resolveGeminiCliDirs: the first candidate `dirname(dirname(resolvedPath))`
   can resolve to an unrelated ancestor directory (e.g. the nvm root
   `C:\Users\<user>\AppData\Local\nvm`) when gemini is installed via nvm.
   The subsequent `findFile` recursive search (depth 10) then picks up an
   `oauth2.js` from a completely different package (e.g.
   `discord-api-types/payloads/v10/oauth2.js`), which naturally does not
   contain Google OAuth credentials, causing silent extraction failure.

   Fix: validate candidate directories before including them — only keep
   candidates that contain a `package.json` or a `node_modules/@google/
   gemini-cli-core` subdirectory.

2. resolvePlatform: returns "WINDOWS" on win32, but Google's loadCodeAssist
   API rejects it as an invalid Platform enum value (400 INVALID_ARGUMENT),
   just like it rejects "LINUX".

   Fix: use "PLATFORM_UNSPECIFIED" for all non-macOS platforms.
@vincentkoc
test(google-gemini-cli-auth): keep oauth regressions portable
a865230
@vincentkoc vincentkoc force-pushed the fix/windows-gemini-cli-oauth branch from 88d1d76 to a865230 Compare April 4, 2026 13:41
@vincentkoc vincentkoc force-pushed the fix/windows-gemini-cli-oauth branch from 45905a5 to ed11613 Compare April 4, 2026 14:17
@vincentkoc vincentkoc merged commit 9dd4490 into openclaw:main Apr 4, 2026
7 checks passed
@github-actions github-actions bot mentioned this pull request Apr 4, 2026
Open
@vincentkoc vincentkoc mentioned this pull request Apr 4, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

@vincentkoc vincentkoc

Labels

extensions: google-gemini-cli-auth Extension: google-gemini-cli-auth size: M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hughcube @byungsker @vincentkoc