fix(gemini): refresh OAuth tokens on Homebrew-installed gemini-cli

[Rich627]

Summary

Fixes #384 — Gemini plugin fails to refresh OAuth tokens when gemini-cli is installed via Homebrew, producing misleading "Gemini session expired. Run `gemini auth login`..." errors (a command that doesn't exist).

Root cause: loadOauthClientCreds() only searched for oauth2.js at known install paths. Homebrew-installed gemini-cli (verified on v0.38.2) bundles everything into @google/gemini-cli/bundle/chunk-*.js — no oauth2.js exists. refreshToken() returned null silently, the access token expired, and API calls threw "session expired".

Changes

• plugins/gemini/plugin.js
  • Scan STATIC_NESTED_ONLY + /@google/gemini-cli/bundle/chunk-*.js as OAuth cred candidates (chunk hashes change per version, so we can't hardcode filenames)
  • Replace 5 misleading "Run \gemini auth login`..."messages with"Run `gemini` and re-authenticate when prompted."(per [docs](https://geminicli.com/docs/get-started/authentication/), Gemini CLI has noauth loginsubcommand — users just re-rungemini`)
• plugins/gemini/plugin.test.js
  • Regression test covering Homebrew bundle layout + mixed chunk content (one unrelated + one with creds) to verify scan + parse behavior

Test plan

• All 31 existing unit tests still pass (bun run test plugins/gemini/plugin.test.js)
• New regression test passes
• End-to-end verification on real Homebrew-installed gemini-cli v0.38.2:
  • Forced expiry_date = 1 in ~/.gemini/oauth_creds.json
  • Loaded plugin.js in Node.js with real filesystem
  • probe() scanned bundle → found creds in chunk-EA775AOR.js → POST oauth2.googleapis.com/token returned 200 → loadCodeAssist and retrieveUserQuota returned 200 with new token → expiry_date updated, access_token rotated, Pro/Flash usage rendered correctly

🤖 Generated with Claude Code

---

Summary by cubic

Fixes OAuth token refresh when gemini-cli is installed via Homebrew by scanning bundled chunk files and updating error messages to direct users to re-run gemini. Prevents false “session expired” errors and restores API calls.

• Bug Fixes
  • Scan .../@google/gemini-cli/bundle/chunk-*.js for OAuth client creds when oauth2.js isn’t present (Homebrew layout).
  • Update messages: replace “Run gemini auth login” with “Run gemini and re-authenticate when prompted,” and clarify warn logs to refer to an OAuth “candidate” path (covers bundle chunks).
  • Add regression test for Homebrew bundle discovery and mixed chunk content.

^{Written for commit 1a91101. Summary will update on new commits.}

[augmentcode]

🤖 Augment PR Summary

Summary: Fix Gemini plugin token refresh for Homebrew-installed gemini-cli where OAuth creds are bundled into chunk files (no oauth2.js).
Changes:

• Discover OAuth client creds by scanning /@google/gemini-cli/bundle/chunk-*.js under Homebrew nested install roots.
• Update user-facing auth-expired / not-logged-in messages to instruct rerunning gemini to re-authenticate.
• Add a regression test that simulates mixed bundle chunks and verifies the refresh call uses discovered client id/secret.

Notes: Bundle chunk filenames are enumerated dynamically via host.fs.listDir since hashes vary by version.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 1 suggestion posted.

Comment augment review to trigger a new review at any time.

[cubic-dev-ai]

No issues found across 2 files

[validatedev]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Nice work!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[robinebers]

Thank you!