fix: block insert env param to gemini(eg: gemini_api_key form json co…#283
fix: block insert env param to gemini(eg: gemini_api_key form json co…#283Next2012 wants to merge 1 commit intotiann:mainfrom
Conversation
…nfig), which will cause google auth account tigger using limit
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| cwd?: string; | ||
| }): NodeJS.ProcessEnv { | ||
| const env: NodeJS.ProcessEnv = { | ||
| return { |
There was a problem hiding this comment.
[MAJOR] buildGeminiEnv now ignores hookSettingsPath and cwd, so the ACP Gemini process no longer receives GEMINI_CLI_SYSTEM_SETTINGS_PATH or GEMINI_PROJECT_DIR. That disables hook server config and can put remote sessions in the wrong project context (ACP spawn has no cwd). Evidence: cli/src/gemini/utils/config.ts:104-112.
Suggested fix:
export function buildGeminiEnv(opts: {
model?: string;
token?: string;
hookSettingsPath?: string;
cwd?: string;
}): NodeJS.ProcessEnv {
const env: NodeJS.ProcessEnv = { ...process.env };
if (opts.hookSettingsPath) {
env.GEMINI_CLI_SYSTEM_SETTINGS_PATH = opts.hookSettingsPath;
}
if (opts.cwd) {
env.GEMINI_PROJECT_DIR = opts.cwd;
}
return env;
}
hqhq1025
left a comment
hqhq1025
left a comment
There was a problem hiding this comment.
Thanks for identifying the issue — you're right that injecting GEMINI_API_KEY can override Google account login and downgrade quota for paid users (Google AI Pro).
However, the current fix removes all environment variable injection, not just the API key. This breaks two critical features:
1. GEMINI_CLI_SYSTEM_SETTINGS_PATH — hook settings lost
if (opts.hookSettingsPath) {
env.GEMINI_CLI_SYSTEM_SETTINGS_PATH = opts.hookSettingsPath;
}Without this, HAPI's hook settings (custom behaviors, permission rules) won't be passed to Gemini CLI. Remote sessions will lose all hook-based customization.
2. GEMINI_PROJECT_DIR — project directory lost
if (opts.cwd) {
env.GEMINI_PROJECT_DIR = opts.cwd;
}Without this, Gemini won't know the correct working directory for the session.
3. GEMINI_MODEL — minor, already redundant
The model env var removal is fine because it's already passed via --model CLI arg (line 32 of geminiBackend.ts).
Suggested fix
Only remove the API key injection while keeping the other env vars:
export function buildGeminiEnv(opts: {
model?: string;
token?: string;
hookSettingsPath?: string;
cwd?: string;
}): NodeJS.ProcessEnv {
const env: NodeJS.ProcessEnv = {
...process.env
};
// NOTE: intentionally NOT injecting opts.token into GEMINI_API_KEY.
// Gemini CLI handles auth on its own (env var or Google account login).
// Injecting the token would override Google account auth and downgrade
// quota for paid plans like Google AI Pro.
if (opts.hookSettingsPath) {
env.GEMINI_CLI_SYSTEM_SETTINGS_PATH = opts.hookSettingsPath;
}
if (opts.cwd) {
env.GEMINI_PROJECT_DIR = opts.cwd;
}
return env;
}This addresses your concern (no API key override) while preserving hook settings and project directory injection.
The bot review also flagged this:
Major: ACP Gemini env no longer passes hook settings or project dir to Gemini CLI; remote sessions can lose hooks and project context
2 participants
GeminiCLI can automatically obtain authorization, whether by retrieving the API_KEY from environment variables or by logging in with a Google account. This statement indicates that the extracted GEMINI_API_KEY will override the normal account login, thereby significantly reducing the quota of paid versions (such as Google AI Pro).