feat(telemetry): add keychain availability and token storage metrics

[abhipatel12]

Summary

Refactors the telemetry metrics collection for Keychain availability and token storage initialization to avoid tightly coupling these components with Config.

Details

This PR introduces telemetry logging for Token Storage providers (HybridTokenStorage and KeychainTokenStorage) utilizing the globally available coreEvents pub-sub model. This explicitly avoids threading Config deep into MCP and authentication layers just for logging.

Security Hardening: To definitively prevent any potential PII leakage from OS-level keychain error messages (e.g., from keytar), the reason field has been explicitly completely removed from the KeychainAvailabilityEvent entirely.

Related Issues

How to Validate

1. Unit tests should pass locally:
   npm run test -w packages/core -- src/telemetry
2. Preflight should execute successfully:
   npm run preflight

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello @abhipatel12, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly improves the robustness and observability of the credential management system. By refactoring telemetry collection to use a pub-sub model, it reduces tight coupling within the codebase and enhances the security posture by preventing sensitive information from being logged. The added metrics provide valuable insights into the reliability and usage patterns of keychain and token storage, which will aid in diagnosing issues and understanding user environments.

Highlights

• Telemetry Refactoring: Refactored the collection of telemetry metrics for Keychain availability and token storage initialization to decouple them from the Config object, utilizing the coreEvents pub-sub model for improved modularity.
• Security Hardening: Enhanced security by explicitly removing the reason field from the KeychainAvailabilityEvent to prevent potential PII leakage from OS-level keychain error messages.
• New Telemetry Events: Introduced new telemetry events, KeychainAvailabilityEvent and TokenStorageInitializationEvent, to provide more granular insights into how credential storage mechanisms are initialized and their availability status.
• Metrics Integration: Integrated the new telemetry events into the ClearcutLogger and OpenTelemetry metrics system, ensuring these critical data points are captured and logged.

Changelog

• packages/core/src/code_assist/oauth2.test.ts
  • Mocked HybridTokenStorage to isolate testing of oauth2 components.
• packages/core/src/mcp/token-storage/hybrid-token-storage.test.ts
  • Mocked OAuthCredentialStorage and apiKeyCredentialStorage to ensure isolated testing of HybridTokenStorage.
• packages/core/src/mcp/token-storage/hybrid-token-storage.ts
  • Imported telemetry event types and coreEvents utility.
  • Emitted TokenStorageInitializationEvent when keychain or encrypted_file storage is selected.
• packages/core/src/mcp/token-storage/keychain-token-storage.test.ts
  • Mocked coreEvents.emitTelemetryKeychainAvailability to test event emission.
• packages/core/src/mcp/token-storage/keychain-token-storage.ts
  • Imported KeychainAvailabilityEvent for telemetry.
  • Emitted KeychainAvailabilityEvent with availability status during keychain checks, explicitly omitting error details for security.
• packages/core/src/telemetry/clearcut-logger/clearcut-logger.ts
  • Imported new telemetry event types: KeychainAvailabilityEvent and TokenStorageInitializationEvent.
  • Added new EventNames for KEYCHAIN_AVAILABILITY and TOKEN_STORAGE_INITIALIZATION.
  • Implemented logKeychainAvailabilityEvent and logTokenStorageInitializationEvent methods to process and enqueue these new events.
• packages/core/src/telemetry/clearcut-logger/event-metadata-key.ts
  • Added new EventMetadataKey enums: GEMINI_CLI_KEYCHAIN_AVAILABLE, GEMINI_CLI_TOKEN_STORAGE_TYPE, and GEMINI_CLI_TOKEN_STORAGE_FORCED.
  • Updated the Next ID for event metadata keys.
• packages/core/src/telemetry/loggers.ts
  • Imported new telemetry event types and corresponding record functions from metrics.ts.
  • Added logKeychainAvailability and logTokenStorageInitialization functions to handle logging for the new events via ClearcutLogger and OpenTelemetry.
• packages/core/src/telemetry/metrics.test.ts
  • Imported new telemetry event types for testing.
  • Added mocks for recordKeychainAvailability and recordTokenStorageInitialization.
  • Included new test suites to verify the correct recording of keychain availability and token storage initialization metrics.
• packages/core/src/telemetry/metrics.ts
  • Imported new telemetry event types.
  • Defined new metric names: KEYCHAIN_AVAILABILITY_COUNT and TOKEN_STORAGE_TYPE_COUNT.
  • Added counter definitions and associated attributes for the new keychain and token storage metrics.
  • Declared new counter variables for keychainAvailabilityCounter and tokenStorageTypeCounter.
  • Implemented recordKeychainAvailability and recordTokenStorageInitialization functions to increment the new counters with relevant attributes.
• packages/core/src/telemetry/sdk.ts
  • Imported coreEvents and new telemetry loggers and types.
  • Added keychainAvailabilityListener and tokenStorageTypeListener to subscribe to new telemetry events.
  • Registered and unregistered these listeners during telemetry initialization and shutdown, respectively.
• packages/core/src/telemetry/types.ts
  • Defined the KeychainAvailabilityEvent class, including its OpenTelemetry attributes and log body generation.
  • Defined the TokenStorageInitializationEvent class, including its OpenTelemetry attributes and log body generation.
• packages/core/src/utils/events.ts
  • Imported new telemetry event types.
  • Added new CoreEvent enums: TelemetryKeychainAvailability and TelemetryTokenStorageType.
  • Updated the CoreEvents interface to include the new telemetry event types.
  • Added emitTelemetryKeychainAvailability and emitTelemetryTokenStorageType methods to CoreEventEmitter for publishing these events.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request effectively refactors the telemetry for keychain availability and token storage by introducing a pub-sub model, which successfully decouples these components from Config. The security hardening to prevent PII leakage from keychain error messages is a valuable addition. The implementation is clean and the new telemetry events are well-integrated. I have one high-severity suggestion to fully align a type definition with the security hardening goal, reinforcing the 'fail-closed' principle for security.

[github-actions]

Size Change: +7.13 kB (+0.03%)

Total Size: 24.4 MB

Filename	Size	Change
./bundle/gemini.js	24.4 MB	+7.13 kB (+0.03%)

ℹ️ View Unchanged

Filename	Size
./bundle/sandbox-macos-permissive-open.sb	890 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB
./bundle/sandbox-macos-strict-open.sb	4.82 kB
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB

_{compressed-size-action}