fix: replace gcloud shell-out with google-auth-library for Vertex AI tokens

gcloud is not available inside the Docker container. Use google-auth-library
instead, which reads credentials from the GCP metadata server (works on any
GCP VM) or GOOGLE_APPLICATION_CREDENTIALS env var. Also rebuilds dist/.

Made-with: Cursor

dist/llm.js

@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.GeminiClient = exports.VertexOpenAIClient = void 0;
 exports.createLLM = createLLM;
 exports.toOAITools = toOAITools;
-const child_process_1 = require("child_process");
+const google_auth_library_1 = require("google-auth-library");
 const genai_1 = require("@google/genai");
 const uuid_1 = require("uuid");
 // ---------------------------------------------------------------------------
@@ -12,11 +12,16 @@ const uuid_1 = require("uuid");
 // ---------------------------------------------------------------------------
 let _cachedToken = '';
 let _tokenExpiry = 0;
-function getVertexToken() {
+const _googleAuth = new google_auth_library_1.GoogleAuth({
+    scopes: ['https://www.googleapis.com/auth/cloud-platform']
+});
+async function getVertexToken() {
     const now = Date.now();
     if (_cachedToken && now < _tokenExpiry)
         return _cachedToken;
-    _cachedToken = (0, child_process_1.execSync)('gcloud auth print-access-token', { encoding: 'utf8' }).trim();
+    const client = await _googleAuth.getClient();
+    const tokenResponse = await client.getAccessToken();
+    _cachedToken = tokenResponse.token;
     _tokenExpiry = now + 55 * 60 * 1000; // tokens last 1hr, refresh at 55min
     return _cachedToken;
 }
@@ -28,7 +33,7 @@ class VertexOpenAIClient {
         this.temperature = opts?.temperature ?? 0.3;
     }
     async chat(messages, tools, maxTokens = 4096) {
-        const token = getVertexToken();
+        const token = await getVertexToken();
         const base = this.region === 'global'
             ? 'https://aiplatform.googleapis.com'
             : `https://${this.region}-aiplatform.googleapis.com`;

package-lock.json

@@ -11,6 +11,7 @@
         "@google/genai": "^1.0.0",
         "cors": "^2.8.5",
         "express": "^4.19.2",
+        "google-auth-library": "^10.6.1",
         "minimatch": "^9.0.5",
         "uuid": "^9.0.1"
       },

package.json

@@ -13,6 +13,7 @@
     "@google/genai": "^1.0.0",
     "cors": "^2.8.5",
     "express": "^4.19.2",
+    "google-auth-library": "^10.6.1",
     "minimatch": "^9.0.5",
     "uuid": "^9.0.1"
   },

src/llm.ts

@@ -1,4 +1,4 @@
-import { execSync } from 'child_process';
+import { GoogleAuth } from 'google-auth-library';
 import { GoogleGenAI } from '@google/genai';
 import { v4 as uuidv4 } from 'uuid';
 
@@ -70,10 +70,16 @@ export interface LLMClient {
 let _cachedToken = '';
 let _tokenExpiry = 0;
 
-function getVertexToken(): string {
+const _googleAuth = new GoogleAuth({
+    scopes: ['https://www.googleapis.com/auth/cloud-platform']
+});
+
+async function getVertexToken(): Promise<string> {
     const now = Date.now();
     if (_cachedToken && now < _tokenExpiry) return _cachedToken;
-    _cachedToken = execSync('gcloud auth print-access-token', { encoding: 'utf8' }).trim();
+    const client = await _googleAuth.getClient();
+    const tokenResponse = await client.getAccessToken();
+    _cachedToken = tokenResponse.token!;
     _tokenExpiry = now + 55 * 60 * 1000; // tokens last 1hr, refresh at 55min
     return _cachedToken;
 }
@@ -92,7 +98,7 @@ export class VertexOpenAIClient implements LLMClient {
     }
 
     async chat(messages: LLMMessage[], tools?: LLMTool[], maxTokens = 4096): Promise<LLMResponse> {
-        const token = getVertexToken();
+        const token = await getVertexToken();
         const base = this.region === 'global'
             ? 'https://aiplatform.googleapis.com'
             : `https://${this.region}-aiplatform.googleapis.com`;