fix: replace gcloud shell-out with google-auth-library for Vertex AI tokens

gcloud is not available inside the Docker container. Use google-auth-library instead, which reads credentials from the GCP metadata server (works on any GCP VM) or GOOGLE_APPLICATION_CREDENTIALS env var. Also rebuilds dist/. Made-with: Cursor
2026-02-27 19:38:07 -08:00
parent 59fe313963
commit 1dafd05371
4 changed files with 21 additions and 8 deletions
--- a/src/llm.ts
+++ b/src/llm.ts
@@ -1,4 +1,4 @@
-import { execSync } from 'child_process';
+import { GoogleAuth } from 'google-auth-library';
 import { GoogleGenAI } from '@google/genai';
 import { v4 as uuidv4 } from 'uuid';

@@ -70,10 +70,16 @@ export interface LLMClient {
 let _cachedToken = '';
 let _tokenExpiry = 0;

-function getVertexToken(): string {
+const _googleAuth = new GoogleAuth({
+    scopes: ['https://www.googleapis.com/auth/cloud-platform']
+});
+
+async function getVertexToken(): Promise<string> {
    const now = Date.now();
    if (_cachedToken && now < _tokenExpiry) return _cachedToken;
-    _cachedToken = execSync('gcloud auth print-access-token', { encoding: 'utf8' }).trim();
+    const client = await _googleAuth.getClient();
+    const tokenResponse = await client.getAccessToken();
+    _cachedToken = tokenResponse.token!;
    _tokenExpiry = now + 55 * 60 * 1000; // tokens last 1hr, refresh at 55min
    return _cachedToken;
 }
@@ -92,7 +98,7 @@ export class VertexOpenAIClient implements LLMClient {
    }

    async chat(messages: LLMMessage[], tools?: LLMTool[], maxTokens = 4096): Promise<LLMResponse> {
-        const token = getVertexToken();
+        const token = await getVertexToken();
        const base = this.region === 'global'
            ? 'https://aiplatform.googleapis.com'
            : `https://${this.region}-aiplatform.googleapis.com`;