fix(tui): allow localPassword-only management auth for standalone mode#2253
fix(tui): allow localPassword-only management auth for standalone mode#2253arjaygg wants to merge 3 commits intorouter-for-me:mainfrom
Conversation
When no RemoteManagement.SecretKey and no MANAGEMENT_PASSWORD env var are set, the middleware previously rejected all requests before reaching the localPassword check. This caused TUI standalone mode to fail with "embedded server is not ready" after all 30 polling retries received 403. Fix adds `&& h.localPassword == ""` to the forbidden guard so that standalone TUI sessions (which rely solely on the auto-generated localPassword) can authenticate successfully. Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request enhances the management authentication process by allowing local password-only access in standalone mode. It also improves model fallback reporting in the Gemini CLI Executor and adds tracking for model fallback events in usage statistics, providing more detailed insights into model usage. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
The pull request introduces comprehensive changes to support model failover tracking and enhances management authentication for standalone mode. Key updates include adding RequestedModel and ActualModel fields to usage reporting structures, implementing logic to record model fallbacks, and updating the management middleware to accept localPassword for localhost-only access. The changes are well-integrated across multiple files, ensuring that usage statistics accurately reflect model fallbacks and that the management interface is secure yet flexible for TUI standalone deployments. The modifications to cliPreviewFallbackOrder also reflect updated model fallback sequences, which is a data-driven improvement.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: dff3e67aee
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| return []string{ | ||
| // "gemini-2.5-pro-preview-05-06", | ||
| // "gemini-2.5-pro-preview-06-05", | ||
| "gemini-2.0-pro-exp-02-05", | ||
| "gemini-2.0-flash", | ||
| "gemini-1.5-pro", | ||
| } |
There was a problem hiding this comment.
Adding extra candidates here makes GeminiCLIExecutor.CountTokens start retrying on 429, but that function still loops with for range models and builds every request from baseModel instead of the fallback entry. For throttled gemini-2.5-* count-tokens calls, this will now resend the same upstream request 3-4 times, increasing latency and quota pressure while still failing instead of ever trying gemini-2.0-*/1.5-*.
Useful? React with 👍 / 👎.
| if attemptModel != baseModel { | ||
| reporter.setActualModel(attemptModel) | ||
| } |
There was a problem hiding this comment.
This only updates actualModel for ExecuteStream. The non-stream Execute path uses the same 429 fallback loop but still publishes usage with RequestedModel == ActualModel and returns upstream headers unchanged, so regular chat/completions requests that fall back from gemini-2.5-* to 2.0/1.5 are invisible to both clients and the new total_failovers accounting. The reporting now depends on whether the caller set stream=true.
Useful? React with 👍 / 👎.
1 participant
Summary
Testing