From a40c4ee828d0595b563fcf5f3612ee39268623e4 Mon Sep 17 00:00:00 2001 From: Chaim Date: Sun, 14 Jun 2026 20:33:15 +0000 Subject: [PATCH] =?UTF-8?q?fix(metadata):=20accept=20GOOGLE=5FGEMINI=5FAPI?= =?UTF-8?q?=5FKEY=20(canonical)=20in=20gemini=5Fsession=20=E2=80=94=20host?= =?UTF-8?q?=20metadata=20extraction=20broke?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit _api_key() read ONLY `GEMINI_API_KEY`, but the canonical secret (host ~/.env and Infisical SoT nautilus:/external-apis/gemini) is `GOOGLE_GEMINI_API_KEY`. The key was present but under the canonical name → `_api_key()` raised "GEMINI_API_KEY אינו מוגדר" on every call → ALL host precedent-metadata extraction via Gemini failed silently (186 such errors in the legal-metadata-drain err log, latest 2026-06-14). Fix: read GEMINI_API_KEY if set, else fall back to GOOGLE_GEMINI_API_KEY. No new secret, no duplication — aligns the code to the existing SoT name (G1: fix at source). Verified live: _api_key() resolves (len=53) and a real gemini query_json call returns {"ok": true}. Invariants: G1 (fix at source — code reads the canonical secret name, not a parallel/duplicated env var) · X10 (deploy-env-secrets: single SoT name honored). Co-Authored-By: Claude Opus 4.8 (1M context) --- .../src/legal_mcp/services/gemini_session.py | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/mcp-server/src/legal_mcp/services/gemini_session.py b/mcp-server/src/legal_mcp/services/gemini_session.py index 088a9bb..da8e9a5 100644 --- a/mcp-server/src/legal_mcp/services/gemini_session.py +++ b/mcp-server/src/legal_mcp/services/gemini_session.py @@ -14,8 +14,9 @@ sensitive work — decision writing, analysis, halacha extraction — stays on ``claude_session`` (Daphna's subscription, zero API cost). This is a deliberate per-task provider choice, not a wholesale move off Claude. -Key: ``GEMINI_API_KEY`` (host ~/.env; SoT Infisical nautilus:/external-apis/gemini -as ``GOOGLE_GEMINI_API_KEY``). Model: ``GEMINI_MODEL`` (default gemini-2.5-flash). +Key: ``GOOGLE_GEMINI_API_KEY`` (the canonical host ~/.env / Infisical name, SoT +nautilus:/external-apis/gemini); ``GEMINI_API_KEY`` is also accepted as an alias. +Model: ``GEMINI_MODEL`` (default gemini-2.5-flash). Direct REST via httpx — no extra SDK dependency. """ @@ -39,11 +40,19 @@ class GeminiError(RuntimeError): def _api_key() -> str: - key = os.environ.get("GEMINI_API_KEY", "").strip() + # Accept BOTH names: the canonical Infisical / host-~/.env secret is + # ``GOOGLE_GEMINI_API_KEY`` (SoT nautilus:/external-apis/gemini), while older + # call sites / container envs may export ``GEMINI_API_KEY``. Reading only the + # latter silently broke ALL host metadata extraction (the key is present but + # under the canonical name). Prefer GEMINI_API_KEY if set, else the SoT name. + key = ( + os.environ.get("GEMINI_API_KEY", "").strip() + or os.environ.get("GOOGLE_GEMINI_API_KEY", "").strip() + ) if not key: raise GeminiError( - "GEMINI_API_KEY אינו מוגדר (host ~/.env / Infisical " - "nautilus:/external-apis/gemini)." + "GEMINI_API_KEY/GOOGLE_GEMINI_API_KEY אינו מוגדר (host ~/.env / " + "Infisical nautilus:/external-apis/gemini)." ) return key -- 2.49.1