Description
The validation condition in handleApiKeySubmit (packages/cli/src/ui/AppContainer.tsx) is logically contradictory and never triggers, allowing empty or whitespace-only strings to be saved as valid API keys.
Current Behavior
The current condition:
onAuthError('API key cannot be empty string with length greater than 1.');
return;
}
apiKey.length > 1 requires 2 or more characters
Combined with &&, this only matches strings of 2 or more whitespace characters. The following invalid inputs all bypass the guard:
- Empty string
"" (length 0) → saved as API key ✅ (should be rejected)
- Single space
" " (length 1) → saved as API key ✅ (should be rejected)
Expected Behavior
Any API key that is empty or contains only whitespace should be rejected with an error message before calling saveApiKey().
Steps to Reproduce
- Launch gemini-cli and reach the API key input prompt
- Enter a single space or leave the field empty
- Submit — the empty/whitespace value is accepted and saved
Proposed Fix
onAuthError('API key cannot be empty or whitespace only.');
return;
}File: packages/cli/src/ui/AppContainer.tsx line 877
Description
The validation condition in
handleApiKeySubmit(packages/cli/src/ui/AppContainer.tsx) is logically contradictory and never triggers, allowing empty or whitespace-only strings to be saved as valid API keys.Current Behavior
The current condition:
apiKey.length > 1requires 2 or more charactersCombined with
&&, this only matches strings of 2 or more whitespace characters. The following invalid inputs all bypass the guard:""(length 0) → saved as API key ✅ (should be rejected)" "(length 1) → saved as API key ✅ (should be rejected)Expected Behavior
Any API key that is empty or contains only whitespace should be rejected with an error message before calling
saveApiKey().Steps to Reproduce
Proposed Fix
File:
packages/cli/src/ui/AppContainer.tsxline 877