fix: remove authType fallback option for cold start case

packages/cli/src/gemini.tsx

@@ -256,12 +256,16 @@ export async function main() {
         // Validate authentication here because the sandbox will interfere with the Oauth2 web redirect.
         try {
           const authType = partialConfig.modelsConfig.getCurrentAuthType();
-          const err = validateAuthMethod(authType, partialConfig);
-          if (err) {
-            throw new Error(err);
-          }
+          // Fresh users may not have selected/persisted an authType yet.
+          // In that case, defer auth prompting/selection to the main interactive flow.
+          if (authType) {
+            const err = validateAuthMethod(authType, partialConfig);
+            if (err) {
+              throw new Error(err);
+            }
 
-          await partialConfig.refreshAuth(authType);
+            await partialConfig.refreshAuth(authType);
+          }
         } catch (err) {
           console.error('Error authenticating:', err);
           process.exit(1);

packages/cli/src/ui/AppContainer.tsx

@@ -370,29 +370,30 @@ export const AppContainer = (props: AppContainerProps) => {
   // Check for enforced auth type mismatch
   useEffect(() => {
     // Check for initialization error first
+    const currentAuthType = config.modelsConfig.getCurrentAuthType();
 
     if (
       settings.merged.security?.auth?.enforcedType &&
-      config.modelsConfig.getCurrentAuthType() &&
-      settings.merged.security?.auth.enforcedType !==
-        config.modelsConfig.getCurrentAuthType()
+      currentAuthType &&
+      settings.merged.security?.auth.enforcedType !== currentAuthType
     ) {
       onAuthError(
         t(
           'Authentication is enforced to be {{enforcedType}}, but you are currently using {{currentType}}.',
           {
-            enforcedType: settings.merged.security?.auth.enforcedType,
-            currentType: config.modelsConfig.getCurrentAuthType(),
+            enforcedType: String(settings.merged.security?.auth.enforcedType),
+            currentType: String(currentAuthType),
           },
         ),
       );
     } else if (!settings.merged.security?.auth?.useExternal) {
-      const error = validateAuthMethod(
-        config.modelsConfig.getCurrentAuthType(),
-        config,
-      );
-      if (error) {
-        onAuthError(error);
+      // If no authType is selected yet, allow the auth UI flow to prompt the user.
+      // Only validate credentials once a concrete authType exists.
+      if (currentAuthType) {
+        const error = validateAuthMethod(currentAuthType, config);
+        if (error) {
+          onAuthError(error);
+        }
       }
     }
   }, [

packages/cli/src/ui/components/ModelDialog.tsx

@@ -146,7 +146,7 @@ export function ModelDialog({ onClose }: ModelDialogProps): React.JSX.Element {
   // Local error state for displaying errors within the dialog
   const [errorMessage, setErrorMessage] = useState<string | null>(null);
 
-  const authType = config?.getAuthType() ?? AuthType.QWEN_OAUTH;
+  const authType = config?.getAuthType();
   const effectiveConfig =
     (config?.getContentGeneratorConfig?.() as
       | ContentGeneratorConfig
@@ -208,7 +208,7 @@ export function ModelDialog({ onClose }: ModelDialogProps): React.JSX.Element {
   );
 
   const preferredModelId = config?.getModel() || MAINLINE_CODER;
-  const preferredKey = `${authType}::${preferredModelId}`;
+  const preferredKey = authType ? `${authType}::${preferredModelId}` : '';
 
   useKeypress(
     (key) => {
@@ -339,7 +339,7 @@ export function ModelDialog({ onClose }: ModelDialogProps): React.JSX.Element {
             {t(
               'No models available for the current authentication type ({{authType}}).',
               {
-                authType,
+                authType: authType ? String(authType) : t('(none)'),
               },
             )}
           </Text>

packages/cli/src/utils/modelConfigUtils.ts

@@ -79,7 +79,7 @@ export function resolveCliGenerationConfig(
   const { argv, settings, selectedAuthType } = inputs;
   const env = inputs.env ?? (process.env as Record<string, string | undefined>);
 
-  const authType = selectedAuthType ?? AuthType.QWEN_OAUTH;
+  const authType = selectedAuthType;
 
   const configSources: ModelConfigSourcesInput = {
     authType,

packages/cli/src/validateNonInterActiveAuth.ts

@@ -20,21 +20,27 @@ export async function validateNonInteractiveAuth(
   try {
     // Get the actual authType from config which has already resolved CLI args, env vars, and settings
     const authType = nonInteractiveConfig.modelsConfig.getCurrentAuthType();
+    if (!authType) {
+      throw new Error(
+        'No auth type is selected. Please configure an auth type (e.g. via settings) before running in non-interactive mode.',
+      );
+    }
+    const resolvedAuthType: NonNullable<typeof authType> = authType;
 
     const enforcedType = settings.merged.security?.auth?.enforcedType;
-    if (enforcedType && enforcedType !== authType) {
-      const message = `The configured auth type is ${enforcedType}, but the current auth type is ${authType}. Please re-authenticate with the correct type.`;
+    if (enforcedType && enforcedType !== resolvedAuthType) {
+      const message = `The configured auth type is ${enforcedType}, but the current auth type is ${resolvedAuthType}. Please re-authenticate with the correct type.`;
       throw new Error(message);
     }
 
     if (!useExternalAuth) {
-      const err = validateAuthMethod(authType, nonInteractiveConfig);
+      const err = validateAuthMethod(resolvedAuthType, nonInteractiveConfig);
       if (err != null) {
         throw new Error(err);
       }
     }
 
-    await nonInteractiveConfig.refreshAuth(authType);
+    await nonInteractiveConfig.refreshAuth(resolvedAuthType);
     return nonInteractiveConfig;
   } catch (error) {
     const outputFormat = nonInteractiveConfig.getOutputFormat();