Bien/validate auth files

[nhatbien]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello @nhatbien, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the management of authentication files by introducing a dedicated validation mechanism. It provides both an explicit API endpoint and an optional query parameter for listing auth files to check token validity. This ensures that authentication statuses are accurately reflected and allows for proactive identification of expired or invalid credentials. Concurrently, it refines the internal handling of tool definitions in API request translations and improves the fairness of authentication provider selection.

Highlights

• New Auth File Validation Endpoint: A new API endpoint, POST /v0/management/auth-files/validate, has been introduced to allow on-demand validation of authentication files. This endpoint supports filtering by index, name, or provider, and can force a token refresh check.
• Enhanced Token Refresh Logic: The token refresh functions now accept a 'forceRefresh' parameter, enabling explicit control over whether a token refresh should occur, even if the existing token appears valid. This is utilized by the new validation features.
• Improved Tool Handling in OpenAI Translators: The OpenAI request translators for Antigravity, Gemini-CLI, and Gemini have been updated to correctly handle multiple tool entries (function declarations and Google Search tools) by creating separate entries in the request's tools array, rather than combining them into a single entry.
• Deterministic Auth Selection: The authentication manager now sorts candidate auth files deterministically before selection, ensuring fair round-robin distribution and preventing the same auth from being repeatedly chosen due to random map iteration order.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a valuable feature for validating authentication files, both through an option in the existing ListAuthFiles endpoint and a new, more powerful ValidateAuthFiles endpoint. The implementation includes structured error handling with tokenRefreshError, concurrent validation processing, and logic to update authentication status based on the results. Additionally, it contains important fixes for correctly translating multiple tools in OpenAI-compatible requests and ensuring fair, deterministic round-robin selection of authentication candidates.

Overall, the changes are well-implemented. My review focuses on a critical issue regarding ignored errors during state persistence, which could lead to inconsistencies, and a couple of medium-severity suggestions to improve performance and reduce code duplication.

[gemini-code-assist]

The error returned by h.authManager.Update(ctx, auth) is being ignored. If updating the auth record fails (e.g., due to file permission issues), the in-memory state of the auth object will be inconsistent with the persisted state. This could lead to unexpected behavior, as subsequent operations might use stale data. This error should be handled, at least by logging it.

if _, errUpdate := h.authManager.Update(ctx, auth); errUpdate != nil {
			log.Warnf("Failed to update auth %s after successful login check: %v", auth.ID, errUpdate)
		}

[gemini-code-assist]

The error returned by h.authManager.Update(ctx, auth) is being ignored. If updating the auth record fails (e.g., due to file permission issues), the in-memory state of the auth object will be inconsistent with the persisted state. This could lead to unexpected behavior, as subsequent operations might use stale data. This error should be handled, at least by logging it.

	if _, errUpdate := h.authManager.Update(ctx, auth); errUpdate != nil {
		log.Warnf("Failed to update auth %s after failed login check: %v", auth.ID, errUpdate)
	}

[gemini-code-assist]

This condition to check for a 'truthy' query parameter is complex and similar logic is used for the force and all parameters in ValidateAuthFiles. To improve readability and maintainability, consider extracting this into a helper function.

For example:

func isTruthy(s string) bool {
	s := strings.ToLower(strings.TrimSpace(s))
	return s != "" && s != "0" && s != "false" && s != "no" && s != "off"
}

This would simplify the condition to if isTruthy(validateRaw).

[gemini-code-assist]

The validation of auth files in this loop is performed sequentially. If there are many authentications to validate, this could lead to a slow API response. The new /v0/management/auth-files/validate endpoint implements concurrent validation using goroutines and a semaphore, which is a more performant approach. Consider applying a similar concurrent pattern here to improve the performance of ListAuthFiles when validation is requested.