feat(extension): resolve environment variables in extension configuration

[skal88]

TLDR

Resolve environment variables in extension configurations. Previously, variables like $API_KEY or ${DATABASE_URL} in gemini-extension.json files were not being substituted with their actual values from .env files, while the main settings.json files had this functionality working correctly.

Dive Deeper

This change extends the existing environment variable resolution mechanism to work consistently across both settings and extension configurations.

What was the problem?

• Environment variables (e.g., $API_TOKEN, ${DB_URL}) in extension gemini-extension.json files were not being resolved
• This inconsistency meant users couldn't use .env files for extension configurations like they could for main settings
• Led to hardcoded credentials and poor separation of configuration from secrets

How was it solved?

1. Refactored shared logic: Extracted environment variable resolution functions into a dedicated utility module (utils/envVarResolver.ts)
2. Applied DRY principle: Both settings.ts and extension.ts now use the same underlying resolution logic
3. Maintained backwards compatibility: Existing configurations without environment variables continue to work unchanged
4. Added comprehensive testing: Created dedicated tests for the utility functions plus integration tests in existing extension tests

Technical implementation:

• Created packages/cli/src/utils/envVarResolver.ts with resolveEnvVarsInString and resolveEnvVarsInObject functions
• Updated packages/cli/src/config/settings.ts to use the shared utility (removing duplicate code)
• Updated packages/cli/src/config/extension.ts to apply environment variable resolution during extension loading
• Supports both $VAR_NAME and ${VAR_NAME} syntax consistently
• Gracefully handles undefined variables by leaving them unchanged

Reviewer Test Plan

1. Test extension environment variable resolution:

Create test extension:

mkdir -p .gemini/extensions/test-env-ext

Create .gemini/extensions/test-env-ext/gemini-extension.json:

{
  "name": "test-env-ext",
  "version": "1.0.0",
  "mcpServers": {
    "test-server": {
      "command": "echo",
      "args": ["Hello from $USER_NAME"],
      "env": {
        "API_KEY": "$TEST_API_KEY",
        "DATABASE_URL": "${TEST_DB_URL}",
        "STATIC_VALUE": "no-substitution-needed"
      }
    }
  }
}

Create .env file in project root:

TEST_API_KEY=secret-token-12345
TEST_DB_URL=postgresql://user:pass@localhost:5432/testdb
USER_NAME=TestUser

Verify resolution:

Run gemini and use /mcp command
Verify in the output that:
API_KEY shows secret-token-12345 (not $TEST_API_KEY)
shows postgresql://user:pass@localhost:5432/testdb (not ${TEST_DB_URL})

• DATABASE_URL shows postgresql://user:pass@localhost:5432/testdb (not ${TEST_DB_URL})
• STATIC_VALUE remains no-substitution-needed
• Args show ["Hello from TestUser"] (not ["Hello from $USER_NAME"])

2. Test backwards compatibility:

Create extension without environment variables:

Verify: Extension loads normally and values remain unchanged.

3. Test undefined variables:
   Add to test extension:

Verify: Undefined variables remain as-is (not replaced with empty strings).

Testing Matrix

	🍏	🪟	🐧
npm run	✅	❓	❓
npx	✅	❓	❓
Docker	✅	❓	❓
Podman	❓	-	-
Seatbelt	❓	-	-

Linked issues / bugs

Fixes #4473

[gemini-code-assist]

Summary of Changes

Hello @skal88, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces the capability to resolve environment variables within extension configurations, mirroring the existing functionality for main settings. This enhancement allows users to leverage .env files for sensitive or dynamic values in gemini-extension.json files, improving security and configuration management. The change involved refactoring the environment variable resolution logic into a shared utility, ensuring consistency and maintainability across the codebase. It maintains backwards compatibility and includes robust testing to cover various use cases.

Highlights

• Environment Variable Resolution for Extensions: The core change enables environment variables (e.g., $API_KEY, ${DATABASE_URL}) to be resolved within gemini-extension.json files, bringing consistency with how settings.json handles them. This allows for more flexible and secure configuration of extensions.
• Code Refactoring and Shared Utility: The common logic for resolving environment variables has been extracted into a new, dedicated utility module (packages/cli/src/utils/envVarResolver.ts). This promotes the DRY (Don't Repeat Yourself) principle, as both settings and extension configuration loading now utilize this shared, robust mechanism.
• Backwards Compatibility and Graceful Handling: The implementation ensures that existing extension configurations without environment variables continue to function as before. Additionally, it gracefully handles cases where referenced environment variables are undefined, leaving their placeholders unchanged rather than replacing them with empty strings.
• Enhanced Test Coverage: Comprehensive unit tests have been added for the new envVarResolver utility, covering various string and object resolution scenarios. Furthermore, integration tests were added to extension.test.ts to validate the end-to-end functionality of environment variable resolution within extension configurations.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request effectively refactors environment variable resolution into a shared utility and applies it to extension configurations, which is a great improvement for consistency. The changes are well-tested. However, I've found a critical robustness issue in the new utility that could lead to a stack overflow with certain inputs, and a high-severity issue regarding the use of an outdated keyword (var) that should be updated to let for better scoping and maintainability.

[skal88]

Hello @scidomino

Thank you for reaching out on my earlier #4521 . I still believe this functionality would be a great addition to the project, so I've decided to reopen it to see if we can get it included in a future version.

It seems I don't have the permissions to add you as a reviewer, so I'm mentioning you here. If you have some time, I'd be grateful for your review.

Thank you for your guidance!

[jacob314]

[scidomino]

You just need to run npm run preflight to fix your lint errors.

[skal88]

You just need to run npm run preflight to fix your lint errors.

Done! 😃 Thanks @scidomino !