feat(gemini): add Google Gemini CLI OAuth inference provider

[teknium1]

Summary

Adds google-gemini-cli as a first-class inference provider with Google OAuth authentication and Cloud Code Assist integration.

Users pick "Google Gemini (OAuth)" in hermes model, sign in with Google in the browser, and Hermes handles project provisioning on first request.

Supersedes #6745, #10176, #10779 (closed with credit on merge).

Quick start

hermes model
# → pick "Google Gemini (OAuth)"
# → see policy warning, confirm
# → browser opens to accounts.google.com, sign in

hermes chat                       # uses Gemini via Code Assist backend
/gquota                           # see remaining daily quota with progress bars

For org-backed accounts: set HERMES_GEMINI_PROJECT_ID to your GCP project.

Architecture

Three new modules under agent/:

agent/google_oauth.py (~700 LOC) — PKCE flow + credential lifecycle

• Authorization Code + PKCE (S256) against accounts.google.com
• Env-var overrides: HERMES_GEMINI_CLIENT_ID / HERMES_GEMINI_CLIENT_SECRET for users who want their own GCP client
• Fallback resolution path for environments where the default isn't available
• Cross-process file lock (fcntl POSIX / msvcrt Windows) with thread-local re-entrancy counter
• Packed refresh format refresh_token|project_id|managed_project_id on disk (matches opencode-gemini-auth storage contract)
• In-flight refresh deduplication — concurrent requests never double-refresh
• invalid_grant → wipe credentials, prompt re-login
• Headless detection (SSH, HERMES_HEADLESS) → paste-mode fallback
• Refresh 60 s before expiry, atomic write with fsync + replace

agent/google_code_assist.py (~350 LOC) — Code Assist control plane

• load_code_assist(): POST /v1internal:loadCodeAssist with prod → daily-sandbox → autopush-sandbox failover
• onboard_user(): POST /v1internal:onboardUser with LRO polling up to ~60 s
• retrieve_user_quota(): POST /v1internal:retrieveUserQuota → QuotaBucket list
• VPC-SC graceful degradation (SECURITY_POLICY_VIOLATED → force standard-tier so corporate accounts still work)
• resolve_project_context(): env → config → discovered → onboarded priority
• User-Agent and Client-Metadata match Google's gemini-cli exactly

agent/gemini_cloudcode_adapter.py (~640 LOC) — OpenAI ↔ Gemini translation

• GeminiCloudCodeClient mimics openai.OpenAI interface (.chat.completions.create())
• Full message translation: system → systemInstruction, tool_calls ↔ functionCall parts with sentinel thoughtSignature, tool-role messages → functionResponse
• Tools → tools[].functionDeclarations, tool_choice → toolConfig modes (AUTO/ANY/NONE + allowedFunctionNames)
• generationConfig pass-through (temperature, max_tokens, top_p, stop)
• Thinking config normalization (thinkingBudget, thinkingLevel, includeThoughts + snake_case aliases)
• Request envelope {project, model, user_prompt_id, request}
• Streaming: SSE (?alt=sse) with thought-part → reasoning stream separation
• Response unwrapping (Code Assist wraps Gemini response inside response field)
• finishReason mapping to OpenAI convention (STOP→stop, MAX_TOKENS→length, SAFETY→content_filter)

Provider registration — all 9 touchpoints

File	Change
hermes_cli/auth.py	PROVIDER_REGISTRY, aliases, resolver, status fn, dispatch
hermes_cli/models.py	_PROVIDER_MODELS, CANONICAL_PROVIDERS, aliases
hermes_cli/providers.py	HermesOverlay, ALIASES
hermes_cli/config.py	OPTIONAL_ENV_VARS (HERMES_GEMINI_CLIENT_ID/_SECRET/_PROJECT_ID)
hermes_cli/runtime_provider.py	dispatch branch + pool-entry branch
hermes_cli/main.py	_model_flow_google_gemini_cli + upfront policy warning
hermes_cli/auth_commands.py	pool handler, _OAUTH_CAPABLE_PROVIDERS (no regression on existing providers)
hermes_cli/doctor.py	health check
run_agent.py	single dispatch branch in _create_openai_client

/gquota slash command

Shows Code Assist quota buckets with 20-char progress bars:

Gemini Code Assist quota  (project: my-proj-123)

  gemini-2.5-pro                      ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓░░░░   85%
  gemini-2.5-flash [input]            ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓░░   92%

Attribution

Project	Contribution
jenslys/opencode-gemini-auth (MIT)	Request envelope shape, storage contract, retry semantics
clawdbot/extensions/google	VPC-SC graceful degradation, Code Assist project discovery reference
PR #10176 (@sliverp)	PKCE module structure and dual-path design
PR #10779 (@newarthur)	Cross-process fcntl/msvcrt file locking pattern with thread-local re-entrancy counter

Policy warning

Google considers using the gemini-cli OAuth client with third-party software a policy violation. Some users have reported account restrictions. The interactive flow shows a clear warning and requires explicit y confirmation before OAuth begins. Documented prominently in website/docs/integrations/providers.md.

Test plan

79 new tests in tests/agent/test_gemini_cloudcode.py:

• PKCE S256 roundtrip + uniqueness
• Packed refresh format parse/format/roundtrip
• Credential I/O (0o600 perms, atomic write, packed on-disk representation)
• Token lifecycle (fresh/expiring/force-refresh/invalid_grant wipe/rotation preservation)
• Project ID env resolution (3 env vars, priority order, empty default)
• Headless detection (SSH variants + HERMES_HEADLESS)
• VPC-SC detection (JSON-nested + text match + non-match)
• load_code_assist parsing + VPC-SC → standard-tier fallback
• onboard_user: free-tier allows empty project, paid requires it, LRO polling
• retrieve_user_quota bucket parsing
• resolve_project_context: config/env short-circuits + discovery + onboarding
• build_gemini_request: messages → contents, system separation, tool_calls, tool_results, tools[], tool_choice (auto/required/specific), generationConfig, thinkingConfig normalization
• Code Assist envelope wrap shape
• Response translation: text, functionCall, thought → reasoning, unwrapped response, empty candidates, finish_reason mapping
• GeminiCloudCodeClient end-to-end with mocked HTTP (verifies correct URL, request body, auth header)
• HTTP error codes mapped (401 → code_assist_unauthorized, 429 → code_assist_rate_limited)
• Provider registration: registry entry, 3 alias forms, no-regression on google-gemini → gemini API-key, models catalog, determine_api_mode, _OAUTH_CAPABLE_PROVIDERS preservation, config env vars
• Auth status dispatch (logged-in + not, reports email + project)
• /gquota command registration
• run_gemini_oauth_login_pure pool-dict shape

All 79 pass. 349 total tests pass across directly-touched areas — existing test_api_key_providers, test_auth_qwen_provider, test_gemini_provider, test_cli_init, test_cli_provider_resolution, test_registry all still green.

Coexistence with existing gemini API-key provider

The existing gemini API-key provider is completely untouched. Its alias google-gemini still resolves to gemini, not google-gemini-cli. Users can have both configured simultaneously; hermes model shows both as separate options.

Regression test included: test_google_gemini_alias_still_goes_to_api_key_gemini.

Diff stats

17 files changed: +3,461 / -4

New modules	3 files, ~1,690 LOC
Test file	1 file, ~900 LOC (79 tests)
Existing files modified	13 files, ~400 LOC
Docs	+120 LOC in providers.md and environment-variables.md

[github-actions]

⚠️ Supply Chain Risk Detected

This PR contains patterns commonly associated with supply chain attacks. This does not mean the PR is malicious — but these patterns require careful human review before merging.

⚠️ WARNING: Outbound network calls (POST/PUT)

Outbound POST/PUT requests in new code could be data exfiltration. Verify the destination URLs are legitimate.

Matches (first 10):

898:+        with urllib.request.urlopen(request, timeout=timeout) as response:
1728:+        with urllib.request.urlopen(request, timeout=timeout) as response:
1808:+        with urllib.request.urlopen(request, timeout=timeout) as response:

---

Automated scan triggered by supply-chain-audit. If this is a false positive, a maintainer can approve after manual review.

[github-actions]

⚠️ Supply Chain Risk Detected

This PR contains patterns commonly associated with supply chain attacks. This does not mean the PR is malicious — but these patterns require careful human review before merging.

⚠️ WARNING: Outbound network calls (POST/PUT)

Outbound POST/PUT requests in new code could be data exfiltration. Verify the destination URLs are legitimate.

Matches (first 10):

898:+        with urllib.request.urlopen(request, timeout=timeout) as response:
1740:+        with urllib.request.urlopen(request, timeout=timeout) as response:
1820:+        with urllib.request.urlopen(request, timeout=timeout) as response:

---

Automated scan triggered by supply-chain-audit. If this is a false positive, a maintainer can approve after manual review.

[sliverp]

@teknium1 Thank you for the mention. I’d like to ask whether it would be possible for me to become a Maintainer and help maintain the repository together with the team.

I’m from the Tencent team. Hermes has been deployed on thousands of machines within Tencent, and we can bring a lot of real-world frontline user feedback back to the developers. I also have experience building Agents as well as managing large community projects. Hermes is gaining more and more traction, and many community issues now need additional help with triage and maintenance.

Also, if there are more plans coming up in the future, feel free to hand them to me — I’d be happy to help implement them.