Gemini and Codex agents are silently skipped when authenticated via interactive login instead of env vars

[niti-go]

Problem

In agentic_common.py, get_available_agents() requires environment variables to be set for Gemini and Codex, even if the user has already authenticated those CLIs interactively.

• Codex: requires OPENAI_API_KEY or PDD_CODEX_AUTH_AVAILABLE to be set. A user who ran codex login (interactive OAuth) won't have OPENAI_API_KEY in their environment, and PDD_CODEX_AUTH_AVAILABLE is an undocumented escape hatch they wouldn't know about.
• Gemini: requires GOOGLE_API_KEY, GEMINI_API_KEY, or Vertex AI env vars. A user who authenticated via gemini CLI's interactive OAuth or gcloud auth won't have any of these set.
• Claude: correctly only checks for the CLI binary — no env var gate. This is the right approach since Claude Code handles auth internally.

The result is that pdd change, pdd bug, and pdd fix silently skip Gemini/Codex even when those CLIs are fully authenticated and work fine on their own. The user gets no warning about why they were skipped — they just don't appear as available agents.

Suggested fix

Instead of gating on env vars, try actually invoking the CLI with a lightweight auth check. For example:

1. Run something like codex --version or gemini --help (or whatever minimal command confirms the CLI is authenticated, not just installed).
2. If the CLI exits successfully, treat it as available regardless of whether env vars are set.
3. Fall back to the current env var checks only if the CLI probe fails or times out.

This mirrors the Claude approach — trust that the CLI manages its own auth — and avoids silently excluding agents that would actually work.

If a runtime probe is too slow, an alternative is to check for the CLI's local credential/token files (e.g. ~/.codex/auth.json or wherever Gemini stores OAuth tokens) as an additional signal alongside env vars.

[gltanaka]

Closing as already fixed.

The interactive-login fallback you're suggesting was implemented in PR #846 (commit 3539838) as a follow-up to issue #813. get_available_agents() in pdd/agentic_common.py already accepts file-based OAuth credentials as auth signals:

• Codex (pdd/agentic_common.py:807-812): accepts OPENAI_API_KEY, PDD_CODEX_AUTH_AVAILABLE, or _has_codex_auth_file() — which reads ~/.codex/auth.json, the file codex login creates.
• Gemini (pdd/agentic_common.py:793-795): accepts GOOGLE_API_KEY/GEMINI_API_KEY, Vertex env, or _has_gemini_oauth_credentials() — which reads ~/.gemini/oauth_creds.json.
• Claude (pdd/agentic_common.py:777-778): CLI-only, as you noted.

The docstrings on _has_codex_auth_file / _has_gemini_oauth_credentials even call out this exact UX concern.

If you're still seeing Gemini/Codex silently skipped on a recent version, please reopen with:

1. pdd --version
2. Whether ~/.codex/auth.json and/or ~/.gemini/oauth_creds.json exist and contain a token/refresh_token