gemini-cli icon indicating copy to clipboard operation
gemini-cli copied to clipboard
Published 1 month ago verified publisher icon google-gemini

feat(cli): Add `/auth logout` command to clear credentials and auth state

Open CN-Scars opened this issue 2 months ago • 14 comments

Summary

Implements a /logout slash command to clear cached credentials and reset authentication state. After logout, users see the authentication selection menu instead of automatically re-authenticating, enabling easy account switching and providing a cleaner logout experience.

This addresses a common UX gap where users had to manually delete credential files or use workarounds to switch between different authentication methods or accounts.

Details

Implementation:

  1. Command Registration:

    • packages/cli/src/ui/commands/logoutCommand.ts: New slash command that clears cached credentials and resets selectedAuthType setting
    • packages/cli/src/services/BuiltinCommandLoader.ts: Registered the logout command

  2. Type System:

    • packages/cli/src/ui/commands/types.ts: Added LogoutActionReturn interface
    • packages/cli/src/ui/types.ts: Extended SlashCommandProcessorResult union type with logout

  3. State Management:

    • packages/cli/src/ui/AppContainer.tsx:
      • Added logout action to slashCommandActions
      • Clears selectedAuthType setting via settings.setValue()
      • Sets auth state to Unauthenticated
      • Clears conversation history
    • packages/cli/src/ui/hooks/slashCommandProcessor.ts: Integrated logout action handling
    • packages/cli/src/ui/hooks/useGeminiStream.ts: Added logout case handler

  4. Test Coverage:

    • packages/cli/src/ui/hooks/slashCommandProcessor.test.tsx: Added logout mock to test suite

Behavior:

  • Before logout: User is authenticated with a specific method (Google Login, API Key, or Vertex AI)
  • After /logout:
    • Cached credentials cleared
    • selectedAuthType setting removed
    • Auth selection menu displayed
    • No automatic browser launch
    • Clean state for switching accounts

Design Decisions:

  • Clear both credentials and selectedAuthType to prevent auto-login
  • Simple /logout command without parameters
  • Immediate effect without confirmation (consistent with other destructive slash commands)
  • Clears conversation history for privacy

Related Issues

How to Validate

1. Basic Logout Flow:

npm run build
npm start

# Login with any method first
# Then in Gemini CLI:
/logout

# Expected: 
# - "Get started" auth selection menu appears
# - No automatic browser launch
# - No automatic re-authentication

2. Verify Credential Clearing:

# After logout, check that credentials are cleared
# Expected: Credential cache file removed or cleared

3. Test Account Switching:

# 1. Login with Google
# 2. /logout
# 3. Login with API Key
# Expected: Successfully switches auth methods

4. Test State Reset:

# 1. Have an active conversation
# 2. /logout
# Expected: 
# - Conversation history cleared
# - Auth menu displayed
# - Clean slate for new session

5. Preflight Check:

npm run preflight
# Expected: All checks pass

6. Test Command Availability:

# In Gemini CLI:
/help

# Expected: /logout command listed in available commands

Pre-Merge Checklist

  • ✅ Updated relevant documentation and README (if needed) - N/A: Slash command is self-documenting via /help
  • ✅ Added/updated tests (if needed) - Test mocks updated in slashCommandProcessor.test.tsx
  • ✅ Noted breaking changes (if any) - No breaking changes
  • ✅ All preflight checks passed (format, lint, build, typecheck, tests)

Testing Matrix

Platform npm run npx Docker Podman Seatbelt
macOS
Windows N/A
Linux N/A

Notes:

  • This is a straightforward UX improvement with minimal complexity
  • All changes are localized to the CLI package
  • No core logic changes required
  • Fully backward compatible

CN-Scars avatar Nov 19 '25 07:11 CN-Scars

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

google-cla[bot] avatar Nov 19 '25 07:11 google-cla[bot]

Summary of Changes

Hello @CN-Scars, I'm Gemini Code Assist[^1]! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request implements a /logout slash command within the CLI, designed to streamline the user authentication experience. By clearing cached credentials, resetting the authentication type, and wiping conversation history, it provides a robust and user-friendly mechanism for users to log out and switch accounts. This enhancement addresses a significant UX gap, simplifying what was previously a manual and cumbersome process.

Highlights

  • New /logout Command: Introduces a new /logout slash command to the CLI, allowing users to easily clear cached credentials and reset their authentication state.
  • Enhanced User Experience: Improves the user experience by enabling seamless account switching and providing a clean logout process, eliminating the need for manual credential file deletion.
  • State Management & Cleanup: The command clears the "selectedAuthType" setting, sets the authentication state to "Unauthenticated", and automatically clears conversation history for privacy.
  • Command Integration: The new command is registered with the BuiltinCommandLoader and integrated into the AppContainer and slashCommandProcessor for proper handling and state updates.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with :thumbsup: and :thumbsdown: on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

[^1]: Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot] avatar Nov 19 '25 07:11 gemini-code-assist[bot]

@CN-Scars , thank you for the PR! This is indeed a good idea, and it looks like it's going in the right direction. I left some feedback already, but at a high level one big change will be needed. Specifically, lets rename this slash command /auth logout to avoid polluting the global namespace.

Please incorporate these changes, and then I will be happy to take a second look!

joshualitt avatar Nov 19 '25 17:11 joshualitt

@CN-Scars , thank you for the PR! This is indeed a good idea, and it looks like it's going in the right direction. I left some feedback already, but at a high level one big change will be needed. Specifically, lets rename this slash command /auth logout to avoid polluting the global namespace.

Please incorporate these changes, and then I will be happy to take a second look!

Thanks for the review! I've updated the PR with the following changes:

  1. Renamed the command to /auth logout to avoid namespace pollution.
  2. Refactored the AppContainer logic to remove redundancy.
  3. Updated the history handling to stripThoughtsFromHistory() instead of clearing everything.
  4. Cleaned up the return types in slashCommandProcessor.
  5. Added tests for the new functionality.

Ready for another look!

CN-Scars avatar Nov 20 '25 07:11 CN-Scars

@CN-Scars , thanks! This PR is looking very close, just one comment to work through and I think we'll be there.

joshualitt avatar Nov 20 '25 17:11 joshualitt

@CN-Scars , thanks! This PR is looking very close, just one comment to work through and I think we'll be there.

Thank you for pointing that out. There shouldn't be any problems now!

CN-Scars avatar Nov 21 '25 15:11 CN-Scars

@joshualitt I have completed these changes, please check them again.

CN-Scars avatar Nov 23 '25 03:11 CN-Scars

@CN-Scars , thanks for your patience! This looks great now, modulo my question on logout, which I think is the last detail to sort out, and we'll be ready to merge this.

joshualitt avatar Nov 24 '25 17:11 joshualitt

@joshualitt , thank you for your review. I have now resolved the issue. Please review it again to see if there are any other problems and test it again.

CN-Scars avatar Nov 25 '25 02:11 CN-Scars

@joshualitt, I used an alternative approach, you can consider whether it's suitable.: I added a dialog box after the user executes /auth logout. After logout:

  1. Credentials and settings are cleared (via authLogoutCommand)
  2. A confirmation dialog appears with two options:
  • Login: Opens the auth dialog for immediate re-authentication
  • Exit: Runs cleanup and exits the application

This gives users clear confirmation of their logged-out state and explicit control over their next action, rather than automatically opening the login menu.

CN-Scars avatar Dec 04 '25 05:12 CN-Scars

Overall approach is great. Thank you for adding this! UX feedback: You need to fix the width of the logout box it exceeds the width of the terminal. image

The border color for the logout box is a but loud right now. Can you use the border color for other dialogs? I would suggest making pressing escape trigger option 2 (exit) with wording consistent with out radio buttons in the app where pressing esc exits.

jacob314 avatar Dec 05 '25 21:12 jacob314

@jacob314 Thanks for the UX feedback! I've addressed all points:

  1. Fixed border color - uses theme.border.focused (matches "Get started" dialog)
  2. Added hint text - "(Use Enter to select, Esc to close)"
  3. Escape key now triggers Exit

CN-Scars avatar Dec 08 '25 03:12 CN-Scars

@CN-Scars , hmm, I think we may want to add a right margin or somethin? image

The right edge of the box seems to touch the scrollbar.

joshualitt avatar Dec 12 '25 20:12 joshualitt

@joshualitt I've added right margin to logout dialog, and it should look perfect now!

CN-Scars avatar Dec 15 '25 09:12 CN-Scars

We'll need to cleanup the margin after this lands. Notice the margins are better but not quite right. while there is a margin 1 on the right side it is not rendering as there is an issue in the width calculation. This is fine to land and I'll cleanup with a quick followup PR to make the UI the correct width. Easiest way to fix is to look at what other dialogs do and align with their styles. the root of the problem is that width 100% shouldn't be used quite like this in Ink and there is an extra layer of boxes adding complexity.

jacob314 avatar Dec 17 '25 16:12 jacob314