feat: add documentation and automation for GCP project recreation (gemini-cli-extensions#165)

* feat: add documentation and automation for GCP project recreation

- Add docs/GCP-RECREATION.md with step-by-step setup guide
- Add scripts/setup-gcp.sh to automate API enablement and infrastructure deployment
- Refactor AuthManager to support configurable CLIENT_ID and CLOUD_FUNCTION_URL via environment variables
- Update README.md with deployment section

* Apply suggestion from @gemini-code-assist[bot]

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

* Apply suggestion from @gemini-code-assist[bot]

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

* style: fix prettier formatting in docs

* Update scripts/setup-gcp.sh

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

* fix: restructure setup-gcp.sh to eliminate circular dependency

Reorder the script to deploy the Cloud Function first, then prompt
the user to create OAuth credentials using the deployed URL. This
fixes the chicken-and-egg problem identified in code review.

Update GCP-RECREATION.md to match the new linear flow.

* Update scripts/setup-gcp.sh

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

* fix: resolve setup script issues found during end-to-end testing

- Move env var validation from module-load to request-time in cloud
  function so initial deploy (without OAuth config) can start
- Fix trailing newline in stored secret (echo -> echo -n) that caused
  invalid_client errors during token exchange
- Add run.googleapis.com and artifactregistry.googleapis.com APIs
  required by gen2 Cloud Functions
- Make script idempotent: skip initial deploy if function already exists
- Integrate OAuth consent screen setup into script flow with browser
  auto-open, scopes list, and test users reminder
- Open Credentials page in browser during OAuth client step
- Upgrade Cloud Function runtime from nodejs20 to nodejs22
- Generate package-lock.json for cloud function

* style: fix prettier formatting in cloud function

* chore: update copyright year to 2026

* Updating lint config to support both 2025 and 2026 years in the license header.

* Updating deps for new eslint-plugin-headers package.

* format fix

---------

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

Author: allenhutchison

README.md

@@ -54,6 +54,11 @@ Shows your schedule for today or a specified date.
 
 Searches your Google Drive for files matching the given query.
 
+## Deployment
+
+If you want to host your own version of this extension's infrastructure, see the
+[GCP Recreation Guide](docs/GCP-RECREATION.md).
+
 ## Resources
 
 - [Documentation](docs/index.md): Detailed documentation on all the available

cloud_function/index.js

@@ -11,18 +11,13 @@ const axios = require('axios');
 const { URL } = require('node:url');
 
 // --- Configuration loaded from Environment Variables ---
-// These are set in the Google Cloud Function's configuration
+// These are set in the Google Cloud Function's configuration.
+// They may be absent on the initial deploy (before OAuth credentials exist)
+// and are set on the final deploy. Validation happens at request time.
 const CLIENT_ID = process.env.CLIENT_ID;
 const SECRET_NAME = process.env.SECRET_NAME;
 const REDIRECT_URI = process.env.REDIRECT_URI;
 
-// Fail fast if required environment variables are missing
-if (!CLIENT_ID || !SECRET_NAME || !REDIRECT_URI) {
-  throw new Error(
-    'Missing required environment variables: CLIENT_ID, SECRET_NAME, and REDIRECT_URI must be set.',
-  );
-}
-
 // --- Configuration for local storage (used in instructions) ---
 const KEYCHAIN_SERVICE_NAME = 'gemini-cli-workspace-oauth';
 const KEYCHAIN_ACCOUNT_NAME = 'main-account';
@@ -340,6 +335,15 @@ async function handleRefreshToken(req, res) {
  * Routes requests to either the callback handler or the refresh handler.
  */
 functions.http('oauthHandler', async (req, res) => {
+  // Validate required environment variables at request time
+  if (!CLIENT_ID || !SECRET_NAME || !REDIRECT_URI) {
+    return res
+      .status(503)
+      .send(
+        'Function not yet configured. Missing required environment variables: CLIENT_ID, SECRET_NAME, REDIRECT_URI.',
+      );
+  }
+
   // Route to refresh handler if path ends with /refresh or /refreshToken or it's a POST with refresh_token
   if (
     ['/refresh', '/refreshToken'].includes(req.path) ||