Gemini CLI

An open-source AI agent that brings the power of Gemini directly into your terminal.

The Gemini CLI is a command-line AI workflow tool developed by Google that connects to various tools and accelerates workflows. It allows users to query and edit large codebases, generate new applications from PDFs or sketches, and utilize Gemini's multimodal capabilities. The CLI operates using a reason and act (ReAct) loop, enabling efficient interaction directly in the terminal. Additionally, it is designed for developers, helping automate tasks and understand code effectively.

前置条件

• Node.js 18 版本以上已经安装

安装

选择进行全局安装：

npm install -g @google/gemini-cli

完成安装之后，工具包在 Windows 11 上的所在位置：

C:\Users\Lenovo\AppData\Roaming\npm

运行

因为 Gemini CLI 是 Google 的服务，由于众所周知的原因，需要有科学上网环境才能使用。首次运行，直接在命令行终端敲入：

gemini

主题

选择主题：随便选一个。

登录验证

选择登录验证方式：

Select Auth Method
│ ● Login with Google
│ ○ Gemini API Key
│ ○ Vertex AI

配置

选择第二种登录方式，需要设置 GEMINI_API_KEY 的环境变量。运行 code $Profile 或 nvim $Profile 打开用户配置文件 ~\Documents\PowerShell\Microsoft.PowerShell_profile.ps1，在 PowerShell 的用户配置文件内添加环境变量：

# Enviromental Variables
$env:GEMINI_API_KEY="YOUR_GEMINI_API_KEY"

办公室里拥有科学上网环境。运行 gemini 之后重新输入 prompt 信息，出现报错信息，提示用户地域不支持 API 调用：

✕ [API Error: User location is not supported for the API use. (Status: FAILED_PRECONDITION)]

初步猜测，这应该是 Google 屏蔽了来自中国大陆 IP 地址的访问请求。

Has Gemini CLI been denied for access for user IPs from mainland China?

Based on the search results, it appears that direct access to the Google Gemini CLI is unavailable in mainland China. This is due to the broader restrictions on Google services imposed by the government.

The official documentation for the Gemini API and Google AI Studio does not list mainland China as a supported region. While workarounds like VPNs might be possible, they are not officially supported and may have legal and stability issues.

Therefore, users with IPs from mainland China are likely to be denied access to the Gemini CLI.

尝试 1

尝试配置代理，继续在 PowerShell 的用户配置文件内添加环境变量：

$env:HTTPS_PROXY="http://127.0.0.1:7890/"
$env:HTTP_PROXY="http://127.0.0.1:7890/"
$env:ALL_PROXY="socks5://127.0.0.1:7890/"

尝试在对话框内输入 prompt 信息，仍然返回报错信息：

✕ [API Error: exception TypeError: fetch failed sending request]

这下好像更糟糕了，连网络请求都是发送失败！

设置代理之后，还会出现一个不好的副作用，就是往 GitHub 远程仓库的代码都无法正常推送了。网络连接都没有了吗？

查询一下，什么是 127.0.0.1 地址？

127.0.0.1 是一个非常著名的 回送地址，通常用于网络测试和本地服务运行。它指向本地计算机，允许程序与自己进行通信。以下是关于 127.0.0.1 的一些要点：

• 回送地址：它是本机的 IP 地址，主要用于测试和进程间通信。
• 连接问题：如果遇到“127.0.0.1 拒绝连接”的问题，可能是因为它被解析为 IPv6 地址而不是 IPv4 地址。
• 使用场景：系统管理员和开发人员常用它来测试应用程序。
• 重要性：在网络中，127.0.0.1 是一个保留地址，确保本地服务的正常运行。

为什么要设定使用 回送地址 配置代理呢？这里的工作原理不是特别明白。只是如此设置之后，不但没有解决当前问题，反又引入了新问题，只好取消上述配置代理的相关代码。

网络上的讨论贴里，有人建议把 npm 的安装路径添加进系统环境变量，默认是在用户环境变量里面。添加后仍然存在同样的报错。

尝试 2

选择将 https://oauth2.googleapis.com/ 这个地址的登录位置更改为美国。同样报错：

✕ [API Error: User location is not supported for the API use. (Status: FAILED_PRECONDITION)]

尝试 3 — 解决方案

选择将 https://generativelanguage.googleapis.com/ 这个地址的登录位置更改为美国。成功返回信息！

网络上的讨论贴里，有人把尝试 2 和 3 里介绍的这种使用代理的方式称之为“Tunnel 模式”。

What does the term "tunnel" mean when used in a network proxy environment?

In the context of network proxies, a "tunnel" refers to a secure and direct connection established through the proxy server to a destination server. This creates a private pathway for your internet traffic, effectively shielding it from the proxy's inspection and from eavesdroppers on the network.

Here's a breakdown of how it works and why it's important:

How it Works: The HTTP CONNECT Method

The most common method for creating a tunnel is the HTTP CONNECT method.

1. Request: Your client (e.g., your web browser) sends a CONNECT request to the proxy. This request specifies the destination server and port you want to connect to (e.g., a secure website on port 443 for HTTPS).
2. Tunnel Establishment: If the proxy allows it, it establishes a TCP connection to the destination server you requested.
3. Confirmation: The proxy sends a "200 OK" response to your client, signaling that the tunnel is open.
4. Secure Communication: From this point on, the proxy simply relays the encrypted data between your client and the destination server. The proxy cannot read the content of this traffic because it's encrypted.

Key Purposes and Benefits

• Enhanced Security: By creating an encrypted tunnel, these proxies ensure that sensitive information remains confidential. The proxy facilitates the connection but doesn't interfere with the end-to-end encryption.
• Bypassing Firewalls: Tunneling can be used to circumvent network restrictions. For example, if a firewall only allows web traffic on standard ports (like 80 and 443), a tunnel can carry other types of traffic (like SSH or FTP) by encapsulating it within an allowed protocol like HTTP.
• Accessing Secure Sites (HTTPS): When you access a secure website (using HTTPS) through a forward proxy, a tunnel is essential. It allows the end-to-end encryption between your browser and the website's server to remain intact.

In short, a tunnel in a network proxy is a powerful feature that transforms a simple intermediary into a secure gateway, enabling private and unrestricted communication.