feat/fast and no save sessions flag for quick one shot prompt execution

[adrian-gierakowski]

fixes #16335

feat(cli): implement --fast mode to minimize one-shot prompt overhead

This commit introduces a new --fast flag designed to reduce the execution time and API payload size for simple, single-turn prompts.

Key features of Fast Mode:

• Zero Pre-flight Requests: Skips all non-essential network calls during initialization, including:
  • User quota checks (/v1internal:retrieveUserQuota)
  • Experiment fetching (/v1internal:listExperiments)
  • Admin control requests (/v1internal:fetchAdminControls)
  • OAuth metadata validation (/tokeninfo)
• Minimal Request Payload: Automatically strips the following from the Gemini API request:
  • Default System Prompt (no need for GEMINI_SYSTEM_MD=/dev/null)
  • Session Context (OS info, current date, directory listings)
  • Loaded Context (global, project, and extension memory)
  • Tool Definitions (function declarations)
• Feature Disabling: Automatically turns off directory tree scanning, system/project hooks, and skill discovery.
• Persistent Metadata Caching: Implements a local cache at ~/.gemini/user_data.json to store the Project ID and account tier. This allows Fast Mode to use your real project ID without needing a network call to fetch it, avoiding 'unknown-project' permission errors.

How to use:
gemini --fast -p "your simple prompt"

To warm up the cache after a long period of inactivity or account change:
gemini --list-sessions

feat(cli): add --no-save-session flag to skip session persistence

This commit adds a new --no-save-session flag (mapped to the --save-session boolean option) that allows users to skip saving the chat conversation to disk.

This is particularly useful when combined with --fast for transient prompts that do not need to be resumed or kept in the session history.

Usage:
gemini --fast --no-save-session -p "transient prompt"

By default, sessions continue to be saved to disk (--save-session=true).

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces performance optimizations for the CLI by adding a 'fast' mode and a session persistence toggle. These changes are designed to streamline one-shot prompt execution by reducing network overhead and bypassing unnecessary initialization steps, while also providing users with more control over local file system usage.

Highlights

• Fast Mode Implementation: Introduced a --fast flag to minimize request payloads and skip preflight requests like quota checks and experiment fetching, significantly reducing overhead for one-shot prompt execution.
• Session Persistence Control: Added a --no-save-session flag to allow users to skip chat session persistence to disk.
• Configuration and Core Updates: Updated the configuration system to support these new flags and propagated them through the core client, prompt provider, and setup logic to ensure minimal resource usage when fast mode is enabled.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a 'fast mode' and session persistence options to the CLI, aimed at reducing latency by minimizing request payloads and skipping preflight checks such as quota, experiments, and admin controls. While these optimizations improve performance, the review highlights critical security vulnerabilities where the 'fail-open' design allows users to bypass administrative security policies and hooks (e.g., Data Loss Prevention) via CLI flags. It is recommended to ensure security-critical operations are handled in a 'fail-closed' manner and cannot be overridden by less-trusted configuration scopes.

[gemini-code-assist]

The requestPost method returns an empty object {} when skipPreflightRequests is enabled. This bypasses security-sensitive operations like fetchAdminControls. Security checks should be implemented in a 'fail-closed' manner; returning an empty object instead of performing the request can lead to an insecure default state. Ensure that security-critical requests are always executed or handled with a safe default that does not bypass policy enforcement.

References

1. Security checks should be implemented in a 'fail-closed' manner. If an item's validity cannot be verified, it should be rejected by default.

[gemini-code-assist]

The --fast CLI flag disables the hook system, which is used for security policies such as Data Loss Prevention (DLP). Allowing users to bypass these hooks via a CLI flag undermines the security model. Security-sensitive settings should not allow less-trusted configuration scopes (like a user-provided CLI flag) to completely override or bypass more-trusted security enforcement mechanisms. Ensure security-critical hooks remain active even when performance optimizations are requested.

References

1. Security checks should be implemented in a 'fail-closed' manner. If an item's validity cannot be verified, it should be rejected by default.
2. Security-sensitive settings should not use a merge strategy that allows less-trusted configuration scopes to completely override more-trusted scopes.

[gemini-code-assist]

The skipPreflightRequests flag skips the retrieval of remote admin controls. If these controls are intended to enforce organization-wide security policies, allowing users to bypass them via a CLI flag constitutes a security policy bypass. Security checks should be mandatory and fail-closed, ensuring that user-level configurations cannot override administrative security restrictions.

References

1. Security checks should be implemented in a 'fail-closed' manner. If an item's validity cannot be verified, it should be rejected by default.
2. Security-sensitive settings should not use a merge strategy that allows less-trusted configuration scopes to completely override more-trusted scopes.