fix(patch): cherry-pick 58df1c6 to release/v0.30.0-pr-20374 [CONFLICTS]

[gemini-cli-robot]

This PR automatically cherry-picks commit 58df1c6 to patch version v0.30.0 in the stable release to create version 0.30.1.

⚠️ Merge Conflicts Detected

This cherry-pick resulted in merge conflicts that need manual resolution.

🔧 Next Steps:

1. Review the conflicts: Check out this branch and review the conflict markers
2. Resolve conflicts: Edit the affected files to resolve the conflicts
3. Test the changes: Ensure the patch works correctly after resolution
4. Update this PR: Push your conflict resolution

📋 Files with conflicts:

The commit has been created with conflict markers for easier manual resolution.

🚨 Important:

• Do not merge this PR until conflicts are resolved
• The automated patch release will trigger once this PR is merged

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request aims to deliver a critical patch release (v0.30.1) by cherry-picking a fix for environment variable loading in MCP servers. The core change enhances the system's ability to correctly process and expand environment variables from various sources, including extensions. However, the automated cherry-pick encountered merge conflicts, necessitating manual resolution to integrate these important stability improvements.

Highlights

• Automated Cherry-Pick: This pull request is an automated cherry-pick of commit 58df1c6 to create patch version 0.30.1 for the stable release.
• Merge Conflicts Detected: The cherry-pick operation resulted in merge conflicts that require manual resolution before the PR can be merged.
• Environment Variable Handling Fix: The underlying commit 58df1c6 addresses a bug related to how environment variables are loaded and expanded for MCP servers, especially those originating from extensions.
• New Test Coverage: New test cases have been added to mcp-client.test.ts to validate the correct loading, resolution, and expansion of environment variables from extension settings and mcpServerConfig.env.

Changelog

• packages/core/src/tools/mcp-client.test.ts
  • Added new test cases to ensure extension settings with defined values are correctly included in the environment.
  • Added tests to verify that environment variables defined in mcpServerConfig.env are properly resolved using values from extension settings.
  • Added tests to confirm that environment variables in mcpServerConfig.env are expanded correctly and not inadvertently redacted.
• packages/core/src/tools/mcp-client.ts
  • Imported the GeminiCLIExtension type to support extension-related environment variable processing.
  • Modified the createTransportRequestInit function to incorporate environment sanitization and expansion for request headers.
  • Updated createTransportWithOAuth and retryWithOAuth functions to propagate the environment sanitization configuration.
  • Implemented new logic within the createTransport function to sanitize, expand, and merge environment variables from the process, extension settings, and mcpServerConfig.env for command-based transports.
  • Added a new helper function, getExtensionEnvironment, to extract relevant environment variables from extension settings.

Activity

• An automated cherry-pick was initiated to create a patch release.
• Merge conflicts were detected during the cherry-pick process.
• The PR description outlines the next steps for manual conflict resolution, testing, and updating the PR.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request appears to be a cherry-pick that has resulted in several unresolved merge conflicts. These conflicts are present in both the test file and the main source file, and will prevent the code from compiling or running correctly. It is critical to resolve these conflicts before merging. Additionally, ensure that environment variable expansion for HTTP headers and stdio-based MCP server configurations correctly utilizes sanitized environments as per repository guidelines.

[gemini-code-assist]

This function contains unresolved merge conflict markers. After resolving them, please also note that expandedHeaders is calculated but not used in the return statement on line 759. The original mcpServerConfig.headers are used instead, which means the header values are not being expanded as intended. This is critical for ensuring that environment variables in HTTP headers are properly sanitized and expanded as per repository guidelines.

  const extensionEnv = getExtensionEnvironment(mcpServerConfig.extension);
  const expansionEnv = { ...process.env, ...extensionEnv };

  const sanitizedEnv = sanitizeEnvironment(expansionEnv, {
    ...sanitizationConfig,
    enableEnvironmentVariableRedaction: true,
  });

  const expandedHeaders: Record<string, string> = {};
  if (mcpServerConfig.headers) {
    for (const [key, value] of Object.entries(mcpServerConfig.headers)) {
      expandedHeaders[key] = expandEnvVars(value, sanitizedEnv);
    }
  }

References

1. Sanitize the environment used for variable expansion in HTTP headers to prevent malicious extensions from exfiltrating sensitive system environment variables.

[github-actions]

Size Change: +5.85 kB (+0.02%)

Total Size: 24.5 MB

Filename	Size	Change
./bundle/gemini.js	24.5 MB	+5.85 kB (+0.02%)

ℹ️ View Unchanged

Filename	Size
./bundle/sandbox-macos-permissive-open.sb	890 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB
./bundle/sandbox-macos-strict-open.sb	4.82 kB
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB

_{compressed-size-action}