Fixes #16739: checks for fork or if user is repo owner to prevent 404…

[019-Abhi]

… while on /setup-github,

Summary

This PR prevents a 404 error when running the /setup-github command in Gemini cli. It ensures the CLI only attempts to open the GitHub secrets configuration URL if the local user is confirmed as the owner of the repository fork.

Details

The CLI previously assumed that if a remote named origin existed, it was safe to open the settings/secrets/actions URL. However, in IDX and other cloud environments, the origin often points to the upstream (Google) repository which the user does not have write access to, leading to a 404.

Related Issues

Closes #16739, Fixes #16739

How to Validate

Run the Gemini CLI

Run the command: /setup-github

Expected Result: If the fork owner doesn't match your local git user, the CLI should print a warning message. If verification is successful, the user should be redirected to a readme page. Before this fix, the user was redirected to a 404 page because of the verification issue

If it is your own repo, it should attempt to open the browser as normal.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello @019-Abhi, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves a 404 error encountered when the Gemini CLI's /setup-github command attempts to open the GitHub secrets page. Previously, the CLI would try to open this URL even if the origin remote pointed to an upstream repository, leading to an error for users without write access. The updated logic now intelligently determines if the local user is the legitimate owner of the repository fork, ensuring the secrets page is only accessed when appropriate and providing helpful messages otherwise.

Highlights

• Error Prevention: Introduced checks to prevent a 404 error when the Gemini CLI's /setup-github command attempts to open the GitHub secrets configuration URL, especially in cloud environments where the origin remote might point to an upstream repository.
• Ownership Verification: Implemented logic to verify if the local user is the owner of the repository fork before attempting to open the GitHub secrets page, ensuring access is only attempted when appropriate.
• Input Validation: Added a new utility function, isValidGitHubName, to validate GitHub owner and repository names, ensuring they are safe for command execution and preventing potential issues.
• Informative Feedback: Enhanced user feedback by providing clear messages when the secrets page is skipped, guiding users on potential issues like unidentifiable repository info or incorrect fork configurations.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request aims to prevent 404 errors when running /setup-github by checking if the user is the owner of the repository before attempting to open the GitHub secrets URL. The implementation introduces a check that compares the repository owner from the git remote with the local git user's configured name. It also adds validation for the repository owner and name to ensure they are safe before being used to construct a URL.

My review focuses on the new validation logic. I've identified a high-severity issue with the regular expression used for validation, as it is too permissive and could allow invalid GitHub owner or repository names, potentially leading to incorrect URL generation. The rest of the logic seems sound and effectively addresses the problem of avoiding 404 errors.

[019-Abhi]

Hey, I have added gemini's suggestions to have two separate functions to verify github username and repo name safely... could you please review and approve these changes as well... Thanks a lot!

…

On Sun, 25 Jan 2026 at 15:26, Iqbal Bhatti ***@***.***> wrote: ***@***.**** approved this pull request. — Reply to this email directly, view it on GitHub <#17478 (review)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BRD6QRDRR4NDHCCFUCL3A2T4ISHOFAVCNFSM6AAAAACSZZ2S7KVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZTOMBTGYZDKOBUHA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[gemini-code-assist]

Code Review

This pull request aims to fix a bug where the /setup-github command could lead to a 404 error by attempting to open the secrets page for a repository the user does not own. The changes introduce checks to verify repository ownership against the local git user and validate the repository owner and name before constructing the URL.

The overall approach is sound, but there is a critical issue in the implementation where it tries to access a non-existent localUser property on the repoInfo object. This will cause the ownership check to always fail. I've provided a comment with a suggested fix to correctly fetch the local git user's name and perform the comparison.

[019-Abhi]

suggestions added, aawating review

[019-Abhi]

@scidomino @bdmorgan could you review this pr please when you have the time.... thanks a lot :))

[scidomino]

@019-Abhi I'm not taking on new outside PRs right now. @bdmorgan has already reviewed it so he can continue it.

[019-Abhi]

@bdmorgan its been more than a month since ive opening this pr, PTAL

[gemini-cli]

Hi there! Thank you for your contribution to Gemini CLI. We really appreciate the time and effort you've put into this pull request.

To keep our backlog manageable and ensure we're focusing on current priorities, we are closing pull requests that haven't seen maintainer activity for 30 days. Currently, the team is prioritizing work associated with 🔒 maintainer only or help wanted issues.

If you believe this change is still critical, please feel free to comment with updated details. Otherwise, we encourage contributors to focus on open issues labeled as help wanted. Thank you for your understanding!