feat(release): ship esbuild bundle in npm package

[genneth]

Summary

• Add scripts/prepare-npm-release.js that transforms the CLI package.json to ship bundle/ instead of dist/, strips all dependencies, and adds optionalDependencies for native modules (node-pty, keytar)
• Add a "Prepare bundled CLI for npm release" step in .github/actions/publish-release/action.yml, conditioned on non-GitHub registry URLs
• Result: npm package drops from 44,835 files to ~129 files (6.8 MB compressed)

Context

The npm registry publish path ships unbundled dist/ plus full node_modules/, totaling 44,835 files. On Windows, this causes ~1-2 minute cold starts because Windows Defender real-time scanning hits every file on first access.

The GitHub registry path already ships a single-file esbuild bundle via scripts/prepare-github-release.js. This PR applies the same transformation to the npm path, with one addition: optionalDependencies are preserved so platform-specific native modules (node-pty, keytar) continue to install automatically.

Closes #19169

Test plan

• Local smoke test: npm run bundle then node scripts/prepare-npm-release.js — verified packages/cli/package.json transformation and packages/cli/bundle/ contents
• Dry-run publish: npm publish --dry-run confirmed 129 files, 6.8 MB, bundle-only contents
• CI validation on the publish workflow
• End-to-end: install from published package, verify gemini --version and native module fallbacks

[gemini-code-assist]

Summary of Changes

Hello @genneth, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly optimizes the npm package release process for the CLI by transitioning from an unbundled distribution to an esbuild-generated bundle. This change addresses performance issues, particularly slow cold starts on Windows, by dramatically reducing the number of files shipped in the package while carefully preserving platform-specific optional native modules.

Highlights

• New Release Preparation Script: Introduced scripts/prepare-npm-release.js to automate the transformation of the CLI package.json for npm releases, ensuring it ships a bundled version and correctly handles optional native dependencies.
• CI Workflow Integration: Integrated the new preparation script into the .github/actions/publish-release/action.yml workflow, ensuring it runs specifically for npm registry publications, excluding GitHub registry releases.
• Package Size Reduction: The changes drastically reduce the npm package size from approximately 44,835 files to around 129 files, leading to a significant decrease in compressed size (6.8 MB) and improved cold start performance on Windows.

Changelog

• .github/actions/publish-release/action.yml
  • Added a new step to execute the prepare-npm-release.js script conditionally for npm registry publications.
• scripts/prepare-npm-release.js
  • Created a new script to copy the esbuild bundle, modify the packages/cli/package.json to reference the bundle, remove development dependencies, and re-add specific optional native module dependencies.

Activity

• The author has completed local smoke tests and a dry-run publish to verify the package.json transformation, bundle contents, and reduced file count.
• CI validation on the publish workflow and end-to-end testing (install from published package, verify gemini --version and native module fallbacks) are planned for future verification.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[gemini-code-assist]

Code Review

This pull request introduces a build script to prepare a bundled version of the CLI for npm release, which is a great improvement for reducing package size and installation time. The changes in the GitHub Actions workflow and the new script are logical. I've found one area for improvement in the new script to make it more robust and maintainable, which I've detailed in a specific comment.