fix(client): Move x-goog-user-project header to API requests only

[AdeelK93]

Description

Apologies - I believe I introduced a narrow regression in #215.
I had added x-goog-user-project header was added to build_client() headers. However, since build_client() is shared by both API calls and Discovery Document fetches, services whose APIs aren't enabled on the quota project fail at discovery with 403 Forbidden.

This fix moves the header from build_client() to build_http_request() in executor.rs.

Before: gws gmail users messages list --params '{"userId":"me"}'

{
  "error": {
    "code": 500,
    "message": "Failed to fetch Discovery Document for gmail/v1: HTTP 403 Forbidden (tried both standard and $discovery URLs)",
    "reason": "discoveryError"
  }
}

After:

{
  "error": {
    "code": 403,
    "message": "Request had insufficient authentication scopes.",
    "reason": "insufficientPermissions"
  }
}

Discovery succeeds and now you get a more meaningful auth scope issue, rather than a discovery failure.

Checklist:

• My code follows the AGENTS.md guidelines (no generated google-* crates).
• I have run cargo fmt --all to format the code perfectly.
• I have run cargo clippy -- -D warnings and resolved all warnings.
• I have added tests that prove my fix is effective or that my feature works.
• I have provided a Changeset file (e.g. via pnpx changeset) to document my changes.

[changeset-bot]

🦋 Changeset detected

Latest commit: ce4436a

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@googleworkspace/cli	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves a critical regression that caused Google API Discovery Document fetches to fail with 403 errors due to the x-goog-user-project header being prematurely applied. By moving this header to be included only during the construction of actual API requests, the system now correctly distinguishes between discovery and API calls, preventing erroneous discovery failures and providing clearer, more actionable error messages for genuine authentication issues.

Highlights

• Regression Fix: Addressed a regression introduced in a previous PR where the x-goog-user-project header was incorrectly applied to Discovery Document fetches, leading to 403 Forbidden errors.
• Header Relocation: Relocated the x-goog-user-project header from the build_client() function to the build_http_request() function in executor.rs, ensuring it is only included in actual API requests.
• Improved Error Handling: This change resolves misleading 500 "discoveryError" messages, now providing more accurate 403 "insufficientPermissions" errors when authentication scopes are genuinely insufficient.

Changelog

• .changeset/fix-quota-header-discovery.md
  • Added a new changeset file detailing the fix for the x-goog-user-project header.
• src/auth.rs
  • Modified a test case to explicitly remove the GOOGLE_APPLICATION_CREDENTIALS environment variable for consistent testing.
• src/client.rs
  • Removed the logic that added the x-goog-user-project header to the default reqwest::Client builder.
• src/executor.rs
  • Implemented logic to add the x-goog-user-project header to individual HTTP requests within the build_http_request function.

Activity

• Author confirmed adherence to AGENTS.md guidelines.
• Code formatted using cargo fmt --all.
• Clippy warnings resolved with cargo clippy -- -D warnings.
• Tests added to validate the fix.
• Changeset file provided for documentation.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Generative AI Prohibited Use Policy, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly moves the x-goog-user-project header from the default client to the API request builder, which resolves the issue with Discovery Document fetches failing for certain projects. The logic seems sound. However, I've identified a potential panic in the new implementation in executor.rs if the quota_project_id from the ADC file contains invalid characters for an HTTP header. I've suggested a change to handle this gracefully by returning an error instead of crashing.

[codecov]

Codecov Report

❌ Patch coverage is 75.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 57.70%. Comparing base (f07dd2b) to head (ce4436a).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
src/executor.rs	66.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #242      +/-   ##
==========================================
+ Coverage   57.69%   57.70%   +0.01%     
==========================================
  Files          38       38              
  Lines       14328    14327       -1     
==========================================
+ Hits         8267     8268       +1     
+ Misses       6061     6059       -2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.