fix(core): validate GCP project ID format and prevent alias extraction in memory

[Shlok148Dev]

What does this PR do?

Fixes GCP project ID validation to prevent auto-memory from storing invalid display names/aliases, which caused 403 and CONSUMER_INVALID errors in subsequent sessions.

Why this change matters

Prevents confusing API failures for users who have GCP project display names with spaces or uppercase letters.

Breaking changes

None

Summary

This PR resolves issue #27911 where the auto-memory agent incorrectly extracted and stored GCP project display names/aliases (e.g. including spaces or uppercase letters) as actual project IDs. When subsequent sessions or /auth commands loaded this invalid project ID, all Google Cloud API calls failed with confusing 403 and CONSUMER_INVALID errors.

To address this, we added early regex-based validation for Google Cloud Project IDs during configuration setup and updated the memory extraction prompt to prevent storing invalid display names/aliases as project IDs.

Details

1. GCP Project ID Format Validation:
   • Added InvalidProjectIdFormatError in setup.ts.
   • Implemented separate validation regexes for standard and domain-scoped project IDs:
     • Standard: /^[a-z][a-z0-9-]{4,28}[a-z0-9]$/ (6–30 characters, starting with a lowercase letter, containing only lowercase alphanumeric and hyphens).
     • Domain-scoped: /^[a-z0-9\-.]+\:[a-z][a-z0-9-]{4,28}[a-z0-9]$/ (up to 100 characters with domain prefix followed by colon).
2. Auto Memory Prompts Update:
   • Enhanced the system prompt builder in skill-extraction-agent.ts to explicitly prohibit the agent from extracting and storing project aliases, display names, or formatted titles as GCP project IDs.
   • Instructed the agent to prefer project IDs coming from configuration or authentication over user natural language.
3. Tests & Compatibility:
   • Added tests in setup.test.ts covering standard IDs starting with numbers or exceeding 30 characters being rejected, happy paths (valid and domain-scoped), and error paths (spaces, uppercase, underscores, trailing hyphens).
   • Corrected legacy caching tests using short mock project IDs (p1 and p2) to use valid formats (project-1 and project-2) to keep checking behaviors consistent.

Related Issues

Closes #27911

How to Validate

1. Verify targeted tests run and pass:

   npx vitest run src/code_assist/setup.test.ts
   npx vitest run src/agents/skill-extraction-agent.test.ts

2. Confirm the build compiles and linters run cleanly:

   npm run build
   npm run typecheck
   npm run lint

Pre-Merge Checklist

• Updated relevant documentation and README (not needed)
• Added/updated tests (added detailed format-validation tests)
• Noted breaking changes (None)
• Validated on required platforms/methods (Windows-only for this validation change):
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses issues where the auto-memory agent incorrectly stored GCP project display names or aliases as project IDs, leading to authentication and API errors. By enforcing strict format validation during setup and refining the agent's extraction logic, the system now ensures that only valid project identifiers are processed, improving overall reliability and preventing downstream API failures.

Highlights

• GCP Project ID Validation: Implemented strict regex-based validation for Google Cloud Project IDs to ensure they adhere to standard formatting rules, preventing the use of invalid display names or aliases.
• Memory Extraction Agent Update: Enhanced the system prompt for the skill extraction agent to explicitly prohibit the storage of project aliases and display names as project IDs.
• Error Handling: Introduced a new InvalidProjectIdFormatError to provide clear feedback when an incorrectly formatted project ID is encountered.
• Test Suite Improvements: Added comprehensive unit tests for project ID validation and updated legacy tests to use valid project ID formats.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

📊 PR Size: size/M

• Lines changed: 91
• Additions: +85
• Deletions: -6
• Files changed: 3

[gemini-code-assist]

Code Review

This pull request introduces stricter validation for Google Cloud Project IDs during setup, adding an InvalidProjectIdFormatError and format checks, alongside corresponding unit tests and system prompt updates. The reviewer feedback recommends refining the validation regex to strictly distinguish between standard GCP project IDs (which must start with a lowercase letter and be 6 to 30 characters long) and domain-scoped project IDs, as well as adding additional test cases to verify these stricter boundaries.

[gemini-code-assist]

The current regular expression /^[a-z0-9][a-z0-9\-.:]{4,98}[a-z0-9]$/ is too permissive for standard GCP project IDs:

1. It allows standard project IDs to start with a number (e.g., 1-project), whereas GCP standard project IDs must start with a lowercase letter.
2. It allows standard project IDs to be up to 100 characters long, whereas GCP limits standard project IDs to 30 characters.

To prevent confusing API failures (which this PR aims to solve), we should validate standard and domain-scoped project IDs more precisely.

Here is a suggested improvement that separates the validation logic:

• Standard project IDs: 6 to 30 characters, starts with a lowercase letter, ends with a lowercase letter or number, contains only lowercase letters, numbers, and hyphens.
• Domain-scoped project IDs: up to 100 characters, contains a domain prefix followed by a colon and a standard project ID.

    const isDomainScoped = projectId.includes(':');
    const isValid = isDomainScoped
      ? projectId.length <= 100 && /^[a-z0-9\-.]+\:[a-z][a-z0-9-]{4,28}[a-z0-9]$/.test(projectId)
      : /^[a-z][a-z0-9-]{4,28}[a-z0-9]$/.test(projectId);
    if (!isValid) {
      throw new InvalidProjectIdFormatError(projectId);
    }

References

1. When handling user input, prefer to be strict and throw an error for invalid or ambiguous cases rather than adding complex logic to support them.

[Shlok148Dev]

Hi team,

I have addressed all the feedback raised by the Gemini Code Assist review:

1. Precise Project ID Validation: Updated the regex logic in setup.ts to strictly separate standard project IDs (6–30 characters, starting with a lowercase letter, containing only lowercase alphanumeric characters and hyphens) from domain-scoped project IDs (up to 100 characters).
2. Added Test Cases: Added test coverage in setup.test.ts to verify standard project IDs starting with numbers (like 1-project) and IDs exceeding 30 characters are correctly blocked.
3. Commit Authorship & CLA: Resolved the CLA issue by rebasing all commits under my verified email address (shlok11@somaiya.edu), which is covered under the Google CLA. The CLA check is now green and passing.
4. Local Verification: Verified locally that all 28 targeted unit tests, typescript builds (typecheck), and linters (eslint) pass with 0 warnings or errors.

Could a maintainer please approve the workflow run so the CI checks can execute? Ready for review. Thank you!