fix(a2a-server): prioritize ADC before evaluating headless constraints for auth initialization

[spencer426]

Summary

This PR fixes a bug introduced in #21045 that inadvertently prevented headless authentication using GOOGLE_APPLICATION_CREDENTIALS (or GEMINI_CLI_USE_COMPUTE_ADC).

Previously, the logic immediately evaluated isHeadlessMode() and threw a FatalAuthenticationError if headless, completely blocking processes like IDE background agents from authenticating via explicitly provided ADC paths.

Details

This update refactors the authentication flow in packages/a2a-server/src/config/config.ts to prioritize COMPUTE_ADC. It now attempts to load and validate credentials via COMPUTE_ADC before evaluating any interactive/headless constraints. If the credentials are valid, the interactive flow and headless checks are bypassed. If ADC fails, it will properly throw a FatalAuthenticationError in headless environments (or fall back to LOGIN_WITH_GOOGLE in interactive ones), appending the reason for the ADC failure.

I also updated packages/a2a-server/src/config/config.test.ts to ensure these behaviors are fully covered.

Related Issues

Fixes #1598

How to Validate

Run tests inside packages/a2a-server:
npm test -w @google/gemini-cli-a2a-server

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical bug that prevented headless authentication in certain scenarios by incorrectly evaluating interactive mode constraints too early. The authentication flow has been refactored to first attempt authentication via Application Default Credentials (ADC). This ensures that background agents and other headless processes can successfully authenticate using explicitly provided ADC paths, improving reliability and user experience for non-interactive environments. The changes also provide more informative error messages when authentication attempts fail.

Highlights

• Authentication Priority: Prioritized Application Default Credentials (ADC) for authentication before evaluating headless mode constraints, ensuring ADC is always attempted first.
• Bug Fix: Resolved a bug that inadvertently prevented headless authentication using GOOGLE_APPLICATION_CREDENTIALS or GEMINI_CLI_USE_COMPUTE_ADC.
• Error Reporting: Enhanced error messages to include details from COMPUTE_ADC failures when falling back to other authentication methods or when in headless mode.
• Test Coverage: Updated unit tests to thoroughly cover the new authentication flow, including COMPUTE_ADC prioritization and fallback scenarios.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request refactors the authentication flow to prioritize COMPUTE_ADC over LOGIN_WITH_GOOGLE. The system now attempts COMPUTE_ADC first, and only falls back to LOGIN_WITH_GOOGLE if COMPUTE_ADC fails and an interactive session is available. If both authentication methods fail, the error message now includes details from both attempts. The reviewer suggests improving the clarity of an error message to accurately reflect that COMPUTE_ADC is the initial attempt, not a fallback, when both methods fail.

[github-actions]

Size Change: +56 B (0%)

Total Size: 26.4 MB

Filename	Size	Change
./bundle/chunk-2N2VPNGO.js	0 B	-14.7 MB (removed)	🏆
./bundle/chunk-WJXCLZDC.js	0 B	-3.77 MB (removed)	🏆
./bundle/core-VDUDWI2W.js	0 B	-44.1 kB (removed)	🏆
./bundle/devtoolsService-SAMFFSOW.js	0 B	-28.4 kB (removed)	🏆
./bundle/interactiveCli-PZP6WR2Q.js	0 B	-1.63 MB (removed)	🏆
./bundle/oauth2-provider-WKMPOFJF.js	0 B	-9.16 kB (removed)	🏆
./bundle/chunk-GR4S7REI.js	14.7 MB	+14.7 MB (new file)	🆕
./bundle/chunk-MUPWTWS3.js	3.77 MB	+3.77 MB (new file)	🆕
./bundle/core-IRDJW5MD.js	44.1 kB	+44.1 kB (new file)	🆕
./bundle/devtoolsService-3DK6XWTJ.js	28.4 kB	+28.4 kB (new file)	🆕
./bundle/interactiveCli-RRV46PIU.js	1.63 MB	+1.63 MB (new file)	🆕
./bundle/oauth2-provider-B7RZVYLR.js	9.16 kB	+9.16 kB (new file)	🆕

ℹ️ View Unchanged

Filename	Size
./bundle/chunk-34MYV7JD.js	2.45 kB
./bundle/chunk-5AUYMPVF.js	858 B
./bundle/chunk-664ZODQF.js	124 kB
./bundle/chunk-DAHVX5MI.js	206 kB
./bundle/chunk-IUUIT4SU.js	56.5 kB
./bundle/chunk-K7ASY5QY.js	1.96 MB
./bundle/chunk-RJTRUG2J.js	39.8 kB
./bundle/chunk-U4FACSVX.js	1.13 kB
./bundle/devtools-36NN55EP.js	696 kB
./bundle/dist-T73EYRDX.js	356 B
./bundle/events-CLX3JQHP.js	418 B
./bundle/gemini.js	532 kB
./bundle/getMachineId-bsd-TXG52NKR.js	1.55 kB
./bundle/getMachineId-darwin-7OE4DDZ6.js	1.55 kB
./bundle/getMachineId-linux-SHIFKOOX.js	1.34 kB
./bundle/getMachineId-unsupported-5U5DOEYY.js	1.06 kB
./bundle/getMachineId-win-6KLLGOI4.js	1.72 kB
./bundle/memoryDiscovery-3DVAQSAI.js	922 B
./bundle/multipart-parser-KPBZEGQU.js	11.7 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	222 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	229 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	13.4 kB
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B
./bundle/sandbox-macos-permissive-open.sb	890 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB
./bundle/sandbox-macos-strict-open.sb	4.82 kB
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB
./bundle/src-QVCVGIUX.js	47 kB
./bundle/tree-sitter-7U6MW5PS.js	274 kB
./bundle/tree-sitter-bash-34ZGLXVX.js	1.84 MB

_{compressed-size-action}