Add BYOID experiment flag and skeleton for BYOID auth flow.

[DavidAPierce]

Summary

Gates the new BYOID (Bring Your Own IDentifier) authentication features behind an experimental flag and updates related tests and UI components to support the gated flow. Focuses on ensuring that experimental authentication method is not used unless explicitly enabled.

Details

• Core Configuration: Added experimentalByoid to ConfigParameters and the Config class in packages/core to provide a central gating mechanism.
• Authentication Path:
  • Updated createContentGenerator in packages/core to enforce the experiment flag when AuthType.BYOID is requested.
  • Updated validateAuthMethod in packages/cli to require the flag for BYOID validation to succeed.
• CLI and Settings:
  • Added the --experimental-byoid CLI argument.
  • Updated the settings schema to include byoid under experimental features.
  • Ensured the flag is correctly propagated from CLI arguments and merged settings.
• UI & Integration:
  • Updated AppContainer.tsx, gemini.tsx, and useAuth.ts to correctly handle and pass the experimentalByoid state.
  • Fixed lint errors, including an unsafe assignment in config.ts and missing dependencies in AppContainer hooks.
• Testing:
  • Significantly expanded auth.test.ts to cover all gating permutations, including verifying that explicit CLI flags can override settings state for the experiment.

Related Issues

Part of the BYOID authentication feature set.

How to Validate

1. Test Gating: Run the CLI with security.auth.selectedType set to byoid without the experimental flag to confirm it is blocked with a descriptive error.
2. Verify Enablement: Run with --experimental-byoid (or enable it in settings.json) to confirm the gating is bypassed.
3. Unit Tests:

   npx vitest run packages/cli/src/config/auth.test.ts

4. Lint Check:

   npm run lint

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • Linux
    • npm run

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request implements the foundational infrastructure for a 'Bring Your Own IDentifier' (BYOID) authentication flow. By gating this feature behind an experimental flag, the changes ensure that the new authentication method remains opt-in and configurable via both CLI arguments and settings files. The implementation spans core configuration, CLI argument parsing, UI state management, and robust validation logic to prevent unauthorized or misconfigured use of the experimental feature.

Highlights

• Experimental Gating: Introduced an experimental flag experimentalByoid to gate the new Bring Your Own IDentifier (BYOID) authentication flow, ensuring it is not used unless explicitly enabled.
• Configuration Updates: Updated ConfigParameters and Config classes to support the new experimentalByoid flag and byoidConfigPath setting.
• CLI and UI Integration: Added the --experimental-byoid CLI argument and updated settings schema, while propagating the experimental state through the UI and authentication validation logic.
• Testing: Expanded auth.test.ts to include comprehensive test cases for BYOID gating, including verification of CLI flag overrides and path validation.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces experimental support for BYOID (Bring Your Own IDentifier) authentication across the CLI and core packages, including CLI argument parsing, settings schema updates, and validation logic. However, there are two critical issues in packages/core/src/config/config.ts that need to be addressed: the isExperimentalByoidEnabled() method is defined twice, which will cause a TypeScript compilation error, and the byoidConfigPath property is declared but never assigned in the constructor, rendering it always undefined at runtime.

_{Note: Security Review did not run due to the size of the PR.}

[gemini-code-assist]

The method isExperimentalByoidEnabled() is defined twice in the Config class (once at line 2661 and again here at line 4150). This duplicate method definition will cause a TypeScript compilation error. Please remove this duplicate definition.

Suggested change

	isExperimentalByoidEnabled(): boolean {
	return this.experimentalByoid;
	}
	getByoidConfigPath(): string | undefined {
	return this.byoidConfigPath;
	}
	getByoidConfigPath(): string | undefined {
	return this.byoidConfigPath;
	}

[gemini-code-assist]

The byoidConfigPath property is declared as a private readonly field on the Config class, but it is never assigned in the constructor. As a result, it will always be undefined at runtime, breaking the BYOID configuration path propagation. Please assign it in the constructor. Avoid using redundant nullish coalescing operators for configuration defaults, relying on the schema instead.

Suggested change

	this.experimentalByoid = params.experimentalByoid ?? false;
	this.byoidConfigPath = params.byoidConfigPath;

References

1. Rely on the schema as the single source of truth for configuration defaults, avoiding redundant nullish coalescing operators.