fix: apply auth type from arg or env variables

packages/cli/src/config/config.ts

@@ -41,6 +41,9 @@ import { annotateActiveExtensions } from './extension.js';
 import { loadSandboxConfig } from './sandboxConfig.js';
 
 import { isWorkspaceTrusted } from './trustedFolders.js';
+import {
+  getAuthTypeFromEnv
+} from "../validateNonInterActiveAuth.js";
 
 // Simple console logger for now - replace with actual logger if available
 const logger = {
@@ -415,6 +418,10 @@ export async function loadCliConfig(
     process.env['OPENAI_API_KEY'] = argv.openaiApiKey;
   }
 
+  // Determine authType from env, falling back to settings.json selectedAuthType.
+  // If undefined, the "Get started" wizard is run to configure settings.json.
+  const authType = getAuthTypeFromEnv() || settings.security?.auth?.selectedType;
+
   // Handle OpenAI base URL from command line
   if (argv.openaiBaseUrl) {
     process.env['OPENAI_BASE_URL'] = argv.openaiBaseUrl;
@@ -647,7 +654,7 @@ export async function loadCliConfig(
           'SYSTEM_TEMPLATE:{"name":"qwen3_coder","params":{"is_git_repository":{RUNTIME_VARS_IS_GIT_REPO},"sandbox":"{RUNTIME_VARS_SANDBOX}"}}',
       },
     ]) as ConfigParameters['systemPromptMappings'],
-    authType: settings.security?.auth?.selectedType,
+    authType: authType,
     contentGenerator: settings.contentGenerator,
     cliVersion,
     tavilyApiKey:

packages/cli/src/config/settings.ts

@@ -9,6 +9,7 @@ import * as path from 'node:path';
 import { homedir, platform } from 'node:os';
 import * as dotenv from 'dotenv';
 import {
+  AuthType,
   GEMINI_CONFIG_DIR as GEMINI_DIR,
   getErrorMessage,
   Storage,
@@ -467,6 +468,7 @@ export class LoadedSettings {
   readonly errors: SettingsError[];
   readonly isTrusted: boolean;
   readonly migratedInMemorScopes: Set<SettingScope>;
+  authType: AuthType | undefined;
 
   private _merged: Settings;
 
@@ -475,13 +477,33 @@ export class LoadedSettings {
   }
 
   private computeMergedSettings(): Settings {
-    return mergeSettings(
+    let merged = mergeSettings(
       this.system.settings,
       this.systemDefaults.settings,
       this.user.settings,
       this.workspace.settings,
       this.isTrusted,
     );
+    // Overwrite from user config (arg or env or settings.json)
+    if (this.authType) {
+      merged.security ??= {};
+      merged.security.auth ??= {};
+      merged.security.auth.selectedType = this.authType;
+    }
+    return merged;
+  }
+
+  /**
+   * Apply the user configured auth type (i.e. "openai").
+   *
+   * Priority:
+   * 1. command line arg --openai-api-key "my-key" implicitly sets "openai"
+   * 2. env variables or .env file (i.e. OPENAI_API_KEY)
+   * 3. <code>{ "selectedAuthType": "openai" }</code> in settings.json
+   */
+  applyConfiguredAuthType(authType: AuthType | undefined): void {
+    this.authType = authType;
+    this._merged = this.computeMergedSettings();
   }
 
   forScope(scope: SettingScope): SettingsFile {

packages/cli/src/gemini.tsx

@@ -190,6 +190,7 @@ export async function main() {
     sessionId,
     argv,
   );
+  settings.applyConfiguredAuthType(config.getAuthType());
 
   const consolePatcher = new ConsolePatcher({
     stderr: true,

packages/cli/src/validateNonInterActiveAuth.ts

@@ -8,7 +8,7 @@ import { AuthType, type Config } from '@qwen-code/qwen-code-core';
 import { USER_SETTINGS_PATH } from './config/settings.js';
 import { validateAuthMethod } from './config/auth.js';
 
-function getAuthTypeFromEnv(): AuthType | undefined {
+export function getAuthTypeFromEnv(): AuthType | undefined {
   if (process.env['GOOGLE_GENAI_USE_GCA'] === 'true') {
     return AuthType.LOGIN_WITH_GOOGLE;
   }