fix: preserve OAuth URLs in terminal auth flows

[Aaxhirrr]

Summary

This PR fixes a high-priority auth UX bug where long OAuth login URLs were rendered through the generic info-message pipeline and became truncated or corrupted in narrow terminals. I replaced that with a dedicated auth URL display path that preserves every character across Google login, MCP OAuth, and A2A OAuth flows, and also added safe stdout fallbacks for non-interactive or pre-UI execution.

Details

• Added a structured OauthDisplayMessagePayload with heading, url, and optional footerLines.
• Added a shared core helper to build a consistent OAuth browser-display message for copy-sensitive URLs.
• Moved the active browser-based auth URL flows off the generic emitFeedback('info', ...) message path for Google browser login, MCP OAuth, and A2A OAuth.
• Added a dedicated CLI history item and AuthUrlMessage component for auth URL rendering.
• Auth URLs now render with plain wrapped Text instead of InfoMessage, markdown parsing, or styled link rendering, since the previous path could drop characters at wrap boundaries in narrow terminals.
• Added stdout fallback formatting for OAuth display events in CLI startup and non-interactive entry points so auth URLs are not lost before the UI mounts.
• Removed the MCP slash-command's ad hoc OAuth display listener so the auth URL is rendered exactly once through the shared global path.
• Added regression coverage for narrow terminal widths (60, 50, 40), long URLs with encoded parameters and repeated delimiters, exact URL reconstruction after wrapping, AppContainer event wiring, Google/MCP/A2A auth producer behavior, and MCP no-duplicate auth URL rendering.
• Validated locally with:
  • npm run build
  • npm run lint
  • npm run typecheck
  • focused auth/UI regression suites
  • repeated targeted auth stress runs
• Full local npm run test:ci on this Windows environment is still blocked by an unrelated sea/sea-launch.test.js runtime-permissions test outside the auth changes.

Related Issues

Closes #12137
Related to #23769

How to Validate

1. Run the automated validation steps:
   • From repo root: npm run build
   • From repo root: npm run lint
   • From repo root: npm run typecheck
   • From packages/core:
     npx vitest run src/utils/events.test.ts src/utils/oauthDisplay.test.ts src/code_assist/oauth2.test.ts src/mcp/oauth-provider.test.ts src/agents/auth-provider/oauth2-provider.test.ts
   • From packages/cli:
     npx vitest run src/ui/components/messages/AuthUrlMessage.test.tsx src/ui/components/HistoryItemDisplay.test.tsx src/ui/AppContainer.test.tsx src/ui/commands/mcpCommand.test.ts
2. Validate Google browser login in a narrow terminal:
   • Use a terminal around 40-60 columns wide
   • Trigger Google browser login
   • Confirm the auth URL wraps cleanly across lines without dropped characters
   • Copy the wrapped URL, paste it into a browser, and confirm authentication proceeds
3. Validate MCP OAuth:
   • Configure an OAuth-enabled MCP server
   • Run /mcp auth <server>
   • Confirm exactly one auth URL block is shown
   • Confirm the wrapped URL is complete and copyable in a narrow terminal
4. Validate A2A OAuth:
   • Trigger an A2A agent configured with oauth2
   • Confirm the same dedicated auth URL block is shown
   • Confirm the URL remains intact when wrapped
5. Check fallback behavior:
   • Confirm auth URL output still appears correctly when the UI has not mounted yet or when a non-interactive output path is used
   • Confirm browser-open failure still leaves the full auth URL visible to the user

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
  • Not needed for this change
• Added/updated tests (if needed)
• Noted breaking changes (if any)
  • No breaking changes expected
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical UX issue where long OAuth login URLs were being corrupted or truncated when rendered in narrow terminal environments. By moving these URLs off the generic feedback message path and into a dedicated, structured display component, the changes ensure that auth URLs remain intact, copyable, and correctly formatted regardless of terminal width or UI state.

Highlights

• Dedicated OAuth URL Display Path: Replaced the generic info-message pipeline for OAuth URLs with a dedicated OauthDisplayMessagePayload and AuthUrlMessage component to prevent character truncation in narrow terminals.
• Improved Reliability: Added safe stdout fallbacks for non-interactive or pre-UI execution to ensure auth URLs are never lost.
• Regression Coverage: Added comprehensive tests for narrow terminal widths, URL reconstruction, and event wiring across Google, MCP, and A2A auth flows.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a structured mechanism for handling and displaying OAuth authentication URLs across the CLI and core packages. It replaces generic informational feedback with a dedicated OauthDisplayMessage event and a corresponding AuthUrlMessage UI component, ensuring that authentication links are consistently formatted and correctly persisted in the session history. Additionally, the PR refactors history-related type definitions by introducing HistoryItemWithoutId to replace repetitive Omit patterns, improving code maintainability. I have no feedback to provide as the changes are well-implemented and include comprehensive test coverage.