fix: surface upstream error details in Gemini CLI OAuth onboarding UI

[thebtf]

Summary

• SetOAuthSessionError in RequestGeminiCLIToken previously sent generic messages to the management panel (e.g. "Failed to complete Gemini CLI onboarding"), hiding the actual error returned by Google APIs
• The specific error was only written to the server log via log.Errorf, which is often inaccessible in headless/Docker deployments
• Now all 8 error paths include the upstream error message via fmt.Sprintf, so the management panel shows actionable messages like "no Google Cloud projects available for this account" instead of a generic failure

Changes

File: internal/api/handlers/management/auth_files.go

Error path	Before	After
onboardAllGeminiProjects fail	"Failed to complete Gemini CLI onboarding"	fmt.Sprintf("...onboarding: %v", errAll)
ensureGeminiProjectsEnabled fail	"Failed to verify Cloud AI API status"	fmt.Sprintf("...status: %v", errVerify)
Google One auto-discovery fail	"Google One auto-discovery failed"	fmt.Sprintf("...failed: %v", errSetup)
Cloud AI check fail (Google One)	"Failed to verify Cloud AI API status"	fmt.Sprintf("...status: %v", errCheck)
Cloud AI not enabled (Google One)	"Cloud AI API not enabled"	fmt.Sprintf("...not enabled for project %s", ts.ProjectID)
ensureGeminiProjectAndOnboard fail	"Failed to complete Gemini CLI onboarding"	fmt.Sprintf("...onboarding: %v", errEnsure)
Cloud AI check fail (default)	"Failed to verify Cloud AI API status"	fmt.Sprintf("...status: %v", errCheck)
Cloud AI not enabled (default)	"Cloud AI API not enabled"	fmt.Sprintf("...not enabled for project %s", ts.ProjectID)

Test plan

• go build ./... passes
• Deployed to private instance, triggered Gemini CLI OAuth with a fresh Google account (no GCP projects)
• Management panel now shows: "Failed to complete Gemini CLI onboarding: no Google Cloud projects available for this account" instead of the generic message

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the user experience during the Gemini CLI OAuth onboarding process by providing more descriptive and actionable error messages. Instead of generic failure notifications, users will now see the underlying reasons for onboarding issues directly in the management panel, making it easier to understand and resolve problems related to Google Cloud projects or API statuses.

Highlights

• Improved Error Messaging: The SetOAuthSessionError function now includes specific upstream error details from Google APIs in the Gemini CLI OAuth onboarding UI, replacing generic failure messages.
• Enhanced Debuggability: Previously, detailed errors were only logged to the server, making them inaccessible in headless/Docker deployments. Now, these details are surfaced directly to the management panel, aiding in quicker diagnosis.
• Comprehensive Error Path Coverage: All eight identified error paths within the RequestGeminiCLIToken function have been updated to include the fmt.Sprintf format, ensuring consistent and informative error reporting.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• internal/api/handlers/management/auth_files.go
  • Updated SetOAuthSessionError calls to include detailed error messages from onboardAllGeminiProjects failures.
  • Modified SetOAuthSessionError calls to pass through specific errors from ensureGeminiProjectsEnabled failures.
  • Enhanced SetOAuthSessionError for performGeminiCLISetup (Google One auto-discovery) to include the underlying error.
  • Updated SetOAuthSessionError to provide detailed error messages when checkCloudAPIIsEnabled fails during Google One auto-discovery.
  • Changed SetOAuthSessionError to specify the project ID when the Cloud AI API is not enabled for an auto-discovered project.
  • Improved SetOAuthSessionError to include specific errors from ensureGeminiProjectAndOnboard failures.
  • Updated SetOAuthSessionError to provide detailed error messages when checkCloudAPIIsEnabled fails for a default project.
  • Modified SetOAuthSessionError to specify the project ID when the Cloud AI API is not enabled for a selected project.

Activity

• The code successfully passed go build ./....
• The changes were deployed to a private instance for testing.
• Gemini CLI OAuth was triggered with a fresh Google account (without GCP projects) to validate the new error messages.
• The management panel correctly displayed the expected detailed error message: "Failed to complete Gemini CLI onboarding: no Google Cloud projects available for this account".

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request improves the error reporting for the Gemini CLI OAuth onboarding process by surfacing upstream error details in the UI. The changes are straightforward and correctly replace generic error messages with more specific ones using fmt.Sprintf. This will significantly help users diagnose and resolve onboarding issues.

I have one suggestion to further improve maintainability by consolidating the repeated error handling logic into a helper function, which will reduce duplication and make future updates easier.

[gemini-code-assist]

This change is a great improvement for error reporting. I've noticed that the pattern of calling log.Errorf followed by SetOAuthSessionError with a similar message is repeated for multiple error conditions in this function (e.g., lines 1314, 1323, 1334, 1346, 1359).

To make the code more concise and improve maintainability, you could extract this logic into a helper function.

For example:

// logAndSetError logs an error and sets it on the OAuth session.
func logAndSetError(state, msg string, err error) {
    log.Errorf("%s: %v", msg, err)
    SetOAuthSessionError(state, fmt.Sprintf("%s: %v", msg, err))
}

// ... then, the call site becomes:
if errAll != nil {
    logAndSetError(state, "Failed to complete Gemini CLI onboarding", errAll)
    return
}

This would consolidate the duplicated logic and strings, making the error handling blocks cleaner.