feat(cli): Add /auth logout command to clear credentials and auth state

[CN-Scars]

Summary

Implements a /logout slash command to clear cached credentials and reset authentication state. After logout, users see the authentication selection menu instead of automatically re-authenticating, enabling easy account switching and providing a cleaner logout experience.

This addresses a common UX gap where users had to manually delete credential files or use workarounds to switch between different authentication methods or accounts.

Details

Implementation:

1. Command Registration:

   • packages/cli/src/ui/commands/logoutCommand.ts: New slash command that clears cached credentials and resets selectedAuthType setting
   • packages/cli/src/services/BuiltinCommandLoader.ts: Registered the logout command

2. Type System:

   • packages/cli/src/ui/commands/types.ts: Added LogoutActionReturn interface
   • packages/cli/src/ui/types.ts: Extended SlashCommandProcessorResult union type with logout

3. State Management:

   • packages/cli/src/ui/AppContainer.tsx:
     • Added logout action to slashCommandActions
     • Clears selectedAuthType setting via settings.setValue()
     • Sets auth state to Unauthenticated
     • Clears conversation history
   • packages/cli/src/ui/hooks/slashCommandProcessor.ts: Integrated logout action handling
   • packages/cli/src/ui/hooks/useGeminiStream.ts: Added logout case handler

4. Test Coverage:

   • packages/cli/src/ui/hooks/slashCommandProcessor.test.tsx: Added logout mock to test suite

Behavior:

• Before logout: User is authenticated with a specific method (Google Login, API Key, or Vertex AI)
• After /logout:
  • Cached credentials cleared
  • selectedAuthType setting removed
  • Auth selection menu displayed
  • No automatic browser launch
  • Clean state for switching accounts

Design Decisions:

• Clear both credentials and selectedAuthType to prevent auto-login
• Simple /logout command without parameters
• Immediate effect without confirmation (consistent with other destructive slash commands)
• Clears conversation history for privacy

Related Issues

How to Validate

1. Basic Logout Flow:

npm run build
npm start

# Login with any method first
# Then in Gemini CLI:
/logout

# Expected: 
# - "Get started" auth selection menu appears
# - No automatic browser launch
# - No automatic re-authentication

2. Verify Credential Clearing:

# After logout, check that credentials are cleared
# Expected: Credential cache file removed or cleared

3. Test Account Switching:

# 1. Login with Google
# 2. /logout
# 3. Login with API Key
# Expected: Successfully switches auth methods

4. Test State Reset:

# 1. Have an active conversation
# 2. /logout
# Expected: 
# - Conversation history cleared
# - Auth menu displayed
# - Clean slate for new session

5. Preflight Check:

npm run preflight
# Expected: All checks pass

6. Test Command Availability:

# In Gemini CLI:
/help

# Expected: /logout command listed in available commands

Pre-Merge Checklist

• ✅ Updated relevant documentation and README (if needed) - N/A: Slash command is self-documenting via /help
• ✅ Added/updated tests (if needed) - Test mocks updated in slashCommandProcessor.test.tsx
• ✅ Noted breaking changes (if any) - No breaking changes
• ✅ All preflight checks passed (format, lint, build, typecheck, tests)

Testing Matrix

Platform	npm run	npx	Docker	Podman	Seatbelt
macOS	❓	❓	❓	❓	❓
Windows	❓	❓	❓	❓	N/A
Linux	✅	❓	❓	❓	N/A

---

Notes:

• This is a straightforward UX improvement with minimal complexity
• All changes are localized to the CLI package
• No core logic changes required
• Fully backward compatible

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[gemini-code-assist]

Summary of Changes

Hello @CN-Scars, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request implements a /logout slash command within the CLI, designed to streamline the user authentication experience. By clearing cached credentials, resetting the authentication type, and wiping conversation history, it provides a robust and user-friendly mechanism for users to log out and switch accounts. This enhancement addresses a significant UX gap, simplifying what was previously a manual and cumbersome process.

Highlights

• New /logout Command: Introduces a new /logout slash command to the CLI, allowing users to easily clear cached credentials and reset their authentication state.
• Enhanced User Experience: Improves the user experience by enabling seamless account switching and providing a clean logout process, eliminating the need for manual credential file deletion.
• State Management & Cleanup: The command clears the "selectedAuthType" setting, sets the authentication state to "Unauthenticated", and automatically clears conversation history for privacy.
• Command Integration: The new command is registered with the BuiltinCommandLoader and integrated into the AppContainer and slashCommandProcessor for proper handling and state updates.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a /logout command to clear credentials and authentication state, which is a valuable UX improvement. The implementation is well-structured, correctly registering the new command and handling the state changes across different parts of the application. My review identifies a point of duplicated logic where the authentication setting is cleared in two different places. I've provided suggestions to centralize this logic, which will improve code maintainability and clarity. Overall, this is a solid contribution.

[joshualitt]

@CN-Scars , thank you for the PR! This is indeed a good idea, and it looks like it's going in the right direction. I left some feedback already, but at a high level one big change will be needed. Specifically, lets rename this slash command /auth logout to avoid polluting the global namespace.

Please incorporate these changes, and then I will be happy to take a second look!

[CN-Scars]

@CN-Scars , thank you for the PR! This is indeed a good idea, and it looks like it's going in the right direction. I left some feedback already, but at a high level one big change will be needed. Specifically, lets rename this slash command /auth logout to avoid polluting the global namespace.

Please incorporate these changes, and then I will be happy to take a second look!

Thanks for the review! I've updated the PR with the following changes:

1. Renamed the command to /auth logout to avoid namespace pollution.
2. Refactored the AppContainer logic to remove redundancy.
3. Updated the history handling to stripThoughtsFromHistory() instead of clearing everything.
4. Cleaned up the return types in slashCommandProcessor.
5. Added tests for the new functionality.

Ready for another look!

[joshualitt]

@CN-Scars , thanks! This PR is looking very close, just one comment to work through and I think we'll be there.

[CN-Scars]

@CN-Scars , thanks! This PR is looking very close, just one comment to work through and I think we'll be there.

Thank you for pointing that out. There shouldn't be any problems now!

[CN-Scars]

@joshualitt I have completed these changes, please check them again.

[joshualitt]

are we missing context.commands.logout() here? I just realized the existing logout command is deadcode perhaps?

If so, let's update this, update the tests, and then I think this looks good.

[CN-Scars]

You're right - that was dead code. I've removed it.

[joshualitt]

Hmm, but now who is doing this setAuthState(AuthState.Unauthenticated);? The code may work fine, but regardless, I think it's good for the logout command to explicitly set the state to unauthenticated?

[CN-Scars]

I've refactored the flow: the command now returns { type: 'logout' }, which the processor handles by calling actions.logout() (explicitly sets AuthState.Unauthenticated) then actions.openAuthDialog(). This keeps the state transition explicit while eliminating the dead code issue. Tests updated accordingly.

[joshualitt]

@CN-Scars , thanks for your patience! This looks great now, modulo my question on logout, which I think is the last detail to sort out, and we'll be ready to merge this.

[CN-Scars]

@joshualitt , thank you for your review. I have now resolved the issue. Please review it again to see if there are any other problems and test it again.

[joshualitt]

Apologies for the delay, I have been testing this, and so far it does work which is great!

However, I'm not sure we want to open the auth dialog automatically when a user logs out? While it does seem very likely this is what the user will do after logging out, alternatively they may exit or wish to confirm they are in fact logged out. Unfortunately, they cannot do this if they are forced back into the login menu. Another problem is that this makes /auth logout look the exact same as /auth login and /auth, and then why have 3 ways to do the same thing?

Taking a step back, I think the value of this command is that it logs you out. It's good for troubleshooting, yes, but users may also wish to logout in contexts when their next action is to quit, i.e. using Gemini CLI in semi-trusted environments, where you never know who is on the computer next.

Another option is to have logout print "You are now logged out, login again to continue using Gemini CLI." or some variant thereof. Thoughts? Also @jacob314 who may have some insights.

[CN-Scars]

It's alright, a slight delay won't have any impact.

Now, after thinking about it, I tend to agree with your point of view. @jacob314 Any thoughts on this approach before I make the change?

[CN-Scars]

@joshualitt, I used an alternative approach, you can consider whether it's suitable.: I added a dialog box after the user executes /auth logout. After logout:

1. Credentials and settings are cleared (via authLogoutCommand)
2. A confirmation dialog appears with two options:

• Login: Opens the auth dialog for immediate re-authentication
• Exit: Runs cleanup and exits the application

This gives users clear confirmation of their logged-out state and explicit control over their next action, rather than automatically opening the login menu.

[jacob314]

Overall approach is great. Thank you for adding this!
UX feedback:
You need to fix the width of the logout box it exceeds the width of the terminal.

The border color for the logout box is a but loud right now. Can you use the border color for other dialogs?
I would suggest making pressing escape trigger option 2 (exit) with wording consistent with out radio buttons in the app where pressing esc exits.

[CN-Scars]

@jacob314 Thanks for the UX feedback! I've addressed all points:

1. Fixed border color - uses theme.border.focused (matches "Get started" dialog)
2. Added hint text - "(Use Enter to select, Esc to close)"
3. Escape key now triggers Exit

[joshualitt]

@CN-Scars , hmm, I think we may want to add a right margin or somethin?

The right edge of the box seems to touch the scrollbar.

[CN-Scars]

@joshualitt I've added right margin to logout dialog, and it should look perfect now!

[jacob314]

We'll need to cleanup the margin after this lands. Notice the margins are better but not quite right. while there is a margin 1 on the right side it is not rendering as there is an issue in the width calculation. This is fine to land and I'll cleanup with a quick followup PR to make the UI the correct width. Easiest way to fix is to look at what other dialogs do and align with their styles. the root of the problem is that width 100% shouldn't be used quite like this in Ink and there is an extra layer of boxes adding complexity.

[jacob314]

[joshualitt]

Thanks, looks great now!!