Optimize CLI startup with lazy loading and MCP connection pooling #17497
Conversation
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
Summary of ChangesHello @Rdmorris1994, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the Gemini CLI's efficiency and responsiveness. By strategically implementing lazy loading for its user interface components, the CLI now starts much faster for command-line operations that don't require a full interactive experience. Concurrently, the integration of connection pooling for MCP servers streamlines tool interactions, leading to a more robust and performant overall system. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request aims to improve performance through lazy-loading UI components and connection pooling for MCP clients, and simplifies McpClientManager logic. However, the refactoring of McpClientManager has critically removed essential security enforcement, specifically trust verification for workspaces and global MCP server blocklists/allowlists, leading to a security regression where malicious project configurations can bypass user-defined policies. Beyond this, several functional regressions and API mismatches exist, including dependencies on an unincluded McpClient interface, incorrect constructor and method calls, a non-existent exit code reference, and an incorrect ToolRegistry method call, all of which will cause runtime errors and prevent correct CLI operation.
| main().catch((err) => { | ||
| debugLogger.error('Fatal error in CLI:', err); | ||
| // @ts-ignore | ||
| process.exit(ExitCodes?.FATAL_INTERNAL_ERROR || 1); |
There was a problem hiding this comment.
The ExitCodes enum does not contain a FATAL_INTERNAL_ERROR member. This will be undefined at runtime, causing the process to always exit with the fallback code 1. This should be corrected to use a valid exit code or a plain number.
| process.exit(ExitCodes?.FATAL_INTERNAL_ERROR || 1); | |
| process.exit(1); |
| // Simple pooling: reuse existing client if healthy | ||
| let client = this.clients.get(name); | ||
| if (client) { | ||
| try { | ||
| await client.connect(); | ||
| await client.discover(this.cliConfig); | ||
| this.eventEmitter?.emit('mcp-client-update', this.clients); | ||
| } catch (error) { | ||
| this.eventEmitter?.emit('mcp-client-update', this.clients); | ||
| // Check if this is a 401/auth error - if so, don't show as red error | ||
| // (the info message was already shown in mcp-client.ts) | ||
| if (!isAuthenticationError(error)) { | ||
| // Log the error but don't let a single failed server stop the others | ||
| const errorMessage = getErrorMessage(error); | ||
| coreEvents.emitFeedback( | ||
| 'error', | ||
| `Error during discovery for MCP server '${name}': ${errorMessage}`, | ||
| error, | ||
| ); | ||
| } | ||
| await client.ping(); | ||
| debugLogger.debug(`Reusing healthy MCP client for ${name}`); | ||
| return; | ||
| } catch (e) { | ||
| debugLogger.debug(`MCP client for ${name} is unhealthy, restarting...`); | ||
| await client.stop(); | ||
| this.clients.delete(name); | ||
| } | ||
| } catch (error) { | ||
| const errorMessage = getErrorMessage(error); | ||
| coreEvents.emitFeedback( | ||
| 'error', | ||
| `Error initializing MCP server '${name}': ${errorMessage}`, | ||
| error, | ||
| ); | ||
| } finally { | ||
| resolve(); | ||
| } | ||
| })().catch(reject); | ||
| }); | ||
|
|
||
| if (this.discoveryPromise) { | ||
| // Ensure the next discovery starts regardless of the previous one's success/failure | ||
| this.discoveryPromise = this.discoveryPromise | ||
| .catch(() => {}) | ||
| .then(() => currentDiscoveryPromise); | ||
| } else { | ||
| this.discoveryState = MCPDiscoveryState.IN_PROGRESS; | ||
| this.discoveryPromise = currentDiscoveryPromise; | ||
| } | ||
| this.eventEmitter?.emit('mcp-client-update', this.clients); | ||
| const currentPromise = this.discoveryPromise; | ||
| void currentPromise | ||
| .finally(() => { | ||
| // If we are the last recorded discoveryPromise, then we are done, reset | ||
| // the world. | ||
| if (currentPromise === this.discoveryPromise) { | ||
| this.discoveryPromise = undefined; | ||
| this.discoveryState = MCPDiscoveryState.COMPLETED; | ||
| this.eventEmitter?.emit('mcp-client-update', this.clients); | ||
| client = new McpClient(name, config, this.clientVersion, this.cliConfig); | ||
| this.clients.set(name, client); | ||
| await client.start(); | ||
|
|
||
| const tools = await client.getTools(); |
There was a problem hiding this comment.
This refactoring introduces calls to a McpClient that appears to have a different interface than the one defined in the repository.
- The constructor call
new McpClient(name, config, this.clientVersion, this.cliConfig)on line 84 does not match the expected signature frommcp-client.ts. - Methods like
ping()(line 74),stop()(line 79),start()(line 86), andgetTools()(line 88) are called on theclientinstance, but they are not defined on theMcpClientclass inpackages/core/src/tools/mcp-client.ts.
This will lead to runtime errors. It seems like related changes to mcp-client.ts might be missing from this pull request.
|
|
||
| const tools = await client.getTools(); | ||
| for (const tool of tools) { | ||
| this.toolRegistry.register(tool); |
There was a problem hiding this comment.
The method to register a tool on ToolRegistry is registerTool, not register. This will cause a TypeError at runtime.
| this.toolRegistry.register(tool); | |
| this.toolRegistry.registerTool(tool); |
| private async internalStart(): Promise<void> { | ||
| const servers = this.cliConfig.getMcpServers() || {}; | ||
| this.allServerConfigs = new Map(Object.entries(servers)); | ||
|
|
||
| // Check if blocked by admin settings (allowlist/excludelist) | ||
| if (this.isBlockedBySettings(name)) { | ||
| if (!this.blockedMcpServers.find((s) => s.name === name)) { | ||
| this.blockedMcpServers?.push({ | ||
| name, | ||
| extensionName: config.extension?.name ?? '', | ||
| }); | ||
| } | ||
| return; | ||
| } | ||
| // User-disabled servers: disconnect if running, don't start | ||
| if (await this.isDisabledByUser(name)) { | ||
| const existing = this.clients.get(name); | ||
| if (existing) { | ||
| await this.disconnectClient(name); | ||
| const promises = Object.entries(servers).map(async ([name, config]) => { | ||
| if (config.enabled === false) { | ||
| return; | ||
| } |
There was a problem hiding this comment.
The refactored internalStart method removes several critical security checks that were previously enforced before starting MCP servers. Specifically, it no longer verifies folder trust (isTrustedFolder()), nor does it enforce the global allowlist/blocklist (isBlockedBySettings) or session-based enablement callbacks (isDisabledByUser). This allows a malicious repository to bypass global security policies and execute arbitrary commands via a project-level MCP configuration. Please restore these security checks before starting any MCP client.
gemini-cli
bot
added
the
status/need-issue
|
Hi there! Thank you for your contribution to Gemini CLI. To improve our contribution process and better track changes, we now require all pull requests to be associated with an existing issue, as announced in our recent discussion and as detailed in our CONTRIBUTING.md. This pull request is being closed because it is not currently linked to an issue. Once you have updated the description of this PR to link an issue (e.g., by adding How to link an issue: Thank you for your understanding and for being a part of our community! |
1 participant
This PR introduces several key optimizations to improve Gemini CLI's performance and developer experience:
1. Lazy Loading for CLI Entry Point
bin.tsentry point.gemini -p "...").2. MCP Connection Pooling
McpClientManagerto maintain and reuse healthy MCP server connections.These changes make the CLI faster, leaner, and more robust.