chore(compiler): Enable strict property access TS compiler flag. (#6255)

Co-authored-by: Jacob Richman <jacob314@gmail.com>

packages/core/src/code_assist/oauth2.test.ts

@@ -57,9 +57,7 @@ describe('oauth2', () => {
     fs.rmSync(tempHomeDir, { recursive: true, force: true });
     vi.clearAllMocks();
     resetOauthClientForTesting();
-    delete process.env.CLOUD_SHELL;
-    delete process.env.GOOGLE_GENAI_USE_GCA;
-    delete process.env.GOOGLE_CLOUD_ACCESS_TOKEN;
+    vi.unstubAllEnvs();
   });
 
   it('should perform a web login', async () => {
@@ -328,8 +326,8 @@ describe('oauth2', () => {
 
   describe('with GCP environment variables', () => {
     it('should use GOOGLE_CLOUD_ACCESS_TOKEN when GOOGLE_GENAI_USE_GCA is true', async () => {
-      process.env.GOOGLE_GENAI_USE_GCA = 'true';
-      process.env.GOOGLE_CLOUD_ACCESS_TOKEN = 'gcp-access-token';
+      vi.stubEnv('GOOGLE_GENAI_USE_GCA', 'true');
+      vi.stubEnv('GOOGLE_CLOUD_ACCESS_TOKEN', 'gcp-access-token');
 
       const mockSetCredentials = vi.fn();
       const mockGetAccessToken = vi
@@ -387,7 +385,7 @@ describe('oauth2', () => {
     });
 
     it('should not use GCP token if GOOGLE_CLOUD_ACCESS_TOKEN is not set', async () => {
-      process.env.GOOGLE_GENAI_USE_GCA = 'true';
+      vi.stubEnv('GOOGLE_GENAI_USE_GCA', 'true');
 
       const mockSetCredentials = vi.fn();
       const mockGetAccessToken = vi
@@ -418,7 +416,7 @@ describe('oauth2', () => {
     });
 
     it('should not use GCP token if GOOGLE_GENAI_USE_GCA is not set', async () => {
-      process.env.GOOGLE_CLOUD_ACCESS_TOKEN = 'gcp-access-token';
+      vi.stubEnv('GOOGLE_CLOUD_ACCESS_TOKEN', 'gcp-access-token');
 
       const mockSetCredentials = vi.fn();
       const mockGetAccessToken = vi

packages/core/src/code_assist/oauth2.ts

@@ -81,11 +81,11 @@ async function initOauthClient(
   });
 
   if (
-    process.env.GOOGLE_GENAI_USE_GCA &&
-    process.env.GOOGLE_CLOUD_ACCESS_TOKEN
+    process.env['GOOGLE_GENAI_USE_GCA'] &&
+    process.env['GOOGLE_CLOUD_ACCESS_TOKEN']
   ) {
     client.setCredentials({
-      access_token: process.env.GOOGLE_CLOUD_ACCESS_TOKEN,
+      access_token: process.env['GOOGLE_CLOUD_ACCESS_TOKEN'],
     });
     await fetchAndCacheUserInfo(client);
     return client;
@@ -248,7 +248,7 @@ async function authWithUserCode(client: OAuth2Client): Promise<boolean> {
 async function authWithWeb(client: OAuth2Client): Promise<OauthWebLogin> {
   const port = await getAvailablePort();
   // The hostname used for the HTTP server binding (e.g., '0.0.0.0' in Docker).
-  const host = process.env.OAUTH_CALLBACK_HOST || 'localhost';
+  const host = process.env['OAUTH_CALLBACK_HOST'] || 'localhost';
   // The `redirectUri` sent to Google's authorization server MUST use a loopback IP literal
   // (i.e., 'localhost' or '127.0.0.1'). This is a strict security policy for credentials of
   // type 'Desktop app' or 'Web application' (when using loopback flow) to mitigate
@@ -323,7 +323,7 @@ export function getAvailablePort(): Promise<number> {
   return new Promise((resolve, reject) => {
     let port = 0;
     try {
-      const portStr = process.env.OAUTH_CALLBACK_PORT;
+      const portStr = process.env['OAUTH_CALLBACK_PORT'];
       if (portStr) {
         port = parseInt(portStr, 10);
         if (isNaN(port) || port <= 0 || port > 65535) {
@@ -353,7 +353,8 @@ export function getAvailablePort(): Promise<number> {
 async function loadCachedCredentials(client: OAuth2Client): Promise<boolean> {
   try {
     const keyFile =
-      process.env.GOOGLE_APPLICATION_CREDENTIALS || getCachedCredentialPath();
+      process.env['GOOGLE_APPLICATION_CREDENTIALS'] ||
+      getCachedCredentialPath();
 
     const creds = await fs.readFile(keyFile, 'utf-8');
     client.setCredentials(JSON.parse(creds));

packages/core/src/code_assist/server.ts

@@ -214,7 +214,8 @@ export class CodeAssistServer implements ContentGenerator {
   }
 
   getMethodUrl(method: string): string {
-    const endpoint = process.env.CODE_ASSIST_ENDPOINT ?? CODE_ASSIST_ENDPOINT;
+    const endpoint =
+      process.env['CODE_ASSIST_ENDPOINT'] ?? CODE_ASSIST_ENDPOINT;
     return `${endpoint}/${CODE_ASSIST_API_VERSION}:${method}`;
   }
 }

packages/core/src/code_assist/setup.test.ts

@@ -4,7 +4,7 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
 import { setupUser, ProjectIdRequiredError } from './setup.js';
 import { CodeAssistServer } from '../code_assist/server.js';
 import { OAuth2Client } from 'google-auth-library';
@@ -50,8 +50,12 @@ describe('setupUser for existing user', () => {
     );
   });
 
+  afterEach(() => {
+    vi.unstubAllEnvs();
+  });
+
   it('should use GOOGLE_CLOUD_PROJECT when set and project from server is undefined', async () => {
-    process.env.GOOGLE_CLOUD_PROJECT = 'test-project';
+    vi.stubEnv('GOOGLE_CLOUD_PROJECT', 'test-project');
     mockLoad.mockResolvedValue({
       currentTier: mockPaidTier,
     });
@@ -66,7 +70,7 @@ describe('setupUser for existing user', () => {
   });
 
   it('should ignore GOOGLE_CLOUD_PROJECT when project from server is set', async () => {
-    process.env.GOOGLE_CLOUD_PROJECT = 'test-project';
+    vi.stubEnv('GOOGLE_CLOUD_PROJECT', 'test-project');
     mockLoad.mockResolvedValue({
       cloudaicompanionProject: 'server-project',
       currentTier: mockPaidTier,
@@ -86,7 +90,7 @@ describe('setupUser for existing user', () => {
   });
 
   it('should throw ProjectIdRequiredError when no project ID is available', async () => {
-    delete process.env.GOOGLE_CLOUD_PROJECT;
+    vi.stubEnv('GOOGLE_CLOUD_PROJECT', '');
     // And the server itself requires a project ID internally
     vi.mocked(CodeAssistServer).mockImplementation(() => {
       throw new ProjectIdRequiredError();
@@ -122,8 +126,12 @@ describe('setupUser for new user', () => {
     );
   });
 
+  afterEach(() => {
+    vi.unstubAllEnvs();
+  });
+
   it('should use GOOGLE_CLOUD_PROJECT when set and onboard a new paid user', async () => {
-    process.env.GOOGLE_CLOUD_PROJECT = 'test-project';
+    vi.stubEnv('GOOGLE_CLOUD_PROJECT', 'test-project');
     mockLoad.mockResolvedValue({
       allowedTiers: [mockPaidTier],
     });
@@ -153,7 +161,7 @@ describe('setupUser for new user', () => {
   });
 
   it('should onboard a new free user when GOOGLE_CLOUD_PROJECT is not set', async () => {
-    delete process.env.GOOGLE_CLOUD_PROJECT;
+    vi.stubEnv('GOOGLE_CLOUD_PROJECT', '');
     mockLoad.mockResolvedValue({
       allowedTiers: [mockFreeTier],
     });
@@ -182,7 +190,7 @@ describe('setupUser for new user', () => {
   });
 
   it('should use GOOGLE_CLOUD_PROJECT when onboard response has no project ID', async () => {
-    process.env.GOOGLE_CLOUD_PROJECT = 'test-project';
+    vi.stubEnv('GOOGLE_CLOUD_PROJECT', 'test-project');
     mockLoad.mockResolvedValue({
       allowedTiers: [mockPaidTier],
     });
@@ -200,7 +208,7 @@ describe('setupUser for new user', () => {
   });
 
   it('should throw ProjectIdRequiredError when no project ID is available', async () => {
-    delete process.env.GOOGLE_CLOUD_PROJECT;
+    vi.stubEnv('GOOGLE_CLOUD_PROJECT', '');
     mockLoad.mockResolvedValue({
       allowedTiers: [mockPaidTier],
     });

packages/core/src/code_assist/setup.ts

@@ -33,7 +33,7 @@ export interface UserData {
  * @returns the user's actual project id
  */
 export async function setupUser(client: OAuth2Client): Promise<UserData> {
-  const projectId = process.env.GOOGLE_CLOUD_PROJECT || undefined;
+  const projectId = process.env['GOOGLE_CLOUD_PROJECT'] || undefined;
   const caServer = new CodeAssistServer(client, projectId, {}, '', undefined);
   const coreClientMetadata: ClientMetadata = {
     ideType: 'IDE_UNSPECIFIED',