feat: make Gemini flash lite models the default across tools

[google-labs-jules]

Changes Gemini model selection defaults across the repository to prioritize lite tier (or gemini-3.1-flash-lite) instead of standard flash or pro models to reduce cost. Updates the internal pickers, code/visual review clients, and raw API call endpoints in both TypeScript and Python.

---

PR created automatically by Jules for task 5137777364521997060 started by @arii

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[github-actions]

🚀 Deployment Details (Last updated: Jun 26, 2026, 3:59 PM PST)

🚀 Pushed to gh-pages; publish in progress

• Preview URL: https://arii.github.io/tech-dancer/feat/gemini-flash-lite-default-5137777364521997060/
• Preview Dashboard: https://arii.github.io/tech-dancer/previews/index.html
• Commit SHA: 346543b
• Marker File: verify here

[github-actions]

👁️ Gemini Code Review Agent

Powered by Gemini 3.x

Reviewing: PR #2990

Code Review Feedback

[ARCHITECTURE] Review

Error: failed to execute ARCHITECTURE review. Details: [GoogleGenerativeAI Error]: Error fetching from https://generativelanguage.googleapis.com/v1beta/models/gemini-3.1-flash-lite:generateContent: [429 Too Many Requests] Your project has exceeded its monthly spending cap. Please go to AI Studio at https://ai.studio/spend to manage your project spend cap. Learn more at https://ai.google.dev/gemini-api/docs/billing#project-spend-caps.

[PERFORMANCE] Review

Error: failed to execute PERFORMANCE review. Details: [GoogleGenerativeAI Error]: Error fetching from https://generativelanguage.googleapis.com/v1beta/models/gemini-3.1-flash-lite:generateContent: [429 Too Many Requests] Your project has exceeded its monthly spending cap. Please go to AI Studio at https://ai.studio/spend to manage your project spend cap. Learn more at https://ai.google.dev/gemini-api/docs/billing#project-spend-caps.

[SECURITY] Review

Error: failed to execute SECURITY review. Details: [GoogleGenerativeAI Error]: Error fetching from https://generativelanguage.googleapis.com/v1beta/models/gemini-3.1-flash-lite:generateContent: [429 Too Many Requests] Your project has exceeded its monthly spending cap. Please go to AI Studio at https://ai.studio/spend to manage your project spend cap. Learn more at https://ai.google.dev/gemini-api/docs/billing#project-spend-caps.

[STYLE] Review

Error: failed to execute STYLE review. Details: [GoogleGenerativeAI Error]: Error fetching from https://generativelanguage.googleapis.com/v1beta/models/gemini-3.1-flash-lite:generateContent: [429 Too Many Requests] Your project has exceeded its monthly spending cap. Please go to AI Studio at https://ai.studio/spend to manage your project spend cap. Learn more at https://ai.google.dev/gemini-api/docs/billing#project-spend-caps.

---

Generated by gemini-code-review

[github-actions]

🐙 GitHub Models Code Review

Powered by GitHub Models

Reviewing: PR #2990

Model: gpt-4o

Code Review Feedback

[ARCHITECTURE] Review

Review Summary

The PR introduces changes to default Gemini model selection across multiple files, prioritizing the lite tier (gemini-3.1-flash-lite) over flash or pro models. The goal is to reduce costs while maintaining functionality. The changes span Python and TypeScript files, affecting API calls, model selection logic, and client implementations.

High Severity Issues

1. Hardcoded API Key in URL Construction

   • File: src/features/ux-auditor/useUXAuditor.ts
   • Line: 273
   • Snippet:

     const response = await fetch(`https://generativelanguage.googleapis.com/v1beta/models/gemini-3.1-flash-lite:generateContent?key=${effectiveApiKey}`, {

   • Issue: The API key is directly interpolated into the URL string. This is a security risk as it could lead to accidental exposure of sensitive information in logs or error messages.
   • Fix Summary: Use the Authorization header to pass the API key instead of including it in the URL. For example:

     const response = await fetch(`https://generativelanguage.googleapis.com/v1beta/models/gemini-3.1-flash-lite:generateContent`, {
       method: 'POST',
       headers: {
         'Content-Type': 'application/json',
         'Authorization': `Bearer ${effectiveApiKey}`
       },
       body: JSON.stringify({
         contents: [{ parts }],
         systemInstruction: { parts: [{ text: systemPrompt }] },
         generationConfig: {
           responseMimeType: "application/json",
           responseSchema: {
             type: "OBJECT",
             properties: {

2. Potential Model Selection Logic Issue

   • File: scripts/lib/modelPicker.ts
   • Line: 116
   • Snippet:

     const tier = estimatedInputTokens > 200000 ? 'flash' : 'lite';

   • Issue: The logic for selecting the tier based on estimatedInputTokens appears to be inverted. If the input tokens exceed 200,000, the tier is set to flash, which contradicts the stated goal of prioritizing the lite tier for cost reduction.
   • Fix Summary: Confirm the intended behavior. If the goal is to prioritize lite for cost savings, the condition should be reversed:

     const tier = estimatedInputTokens > 200000 ? 'lite' : 'flash';

3. Inconsistent Model Fallback

   • File: scripts/clients/geminiCodeReviewClient.ts
   • Line: 34
   • Snippet:

     console.error('Failed to pick Gemini model, falling back to gemini-3.1-flash-lite:', err);
     modelName = 'gemini-3.1-flash-lite';

   • Issue: The fallback model is hardcoded as gemini-3.1-flash-lite, which may not be suitable for all use cases, especially if the input token count exceeds the model's capacity. This could lead to runtime errors or degraded performance.
   • Fix Summary: Implement a more robust fallback mechanism that considers the input token count and selects an appropriate model dynamically. For example:

     modelName = await pickGeminiModel('flash', estimatedInputTokens);

Questions

1. Testing Coverage

   • Are there automated tests in place to verify the new model selection logic and API call behavior? If not, this should be addressed to ensure the changes work as intended.

2. Error Handling

   • In several places, errors are logged but not propagated or handled (e.g., console.error('Failed to pick Gemini model...')). Should these errors trigger retries or fallback mechanisms?

3. Environment Variable Validation

   • Is there a centralized mechanism to validate the presence and correctness of environment variables like GEMINI_API_KEY? If not, consider adding one to avoid runtime errors.

Nitpicks

1. Comment Update

   • File: scripts/clients/geminiCodeReviewClient.ts
   • Line: 32
   • Snippet:

     // For code review, we prefer Flash if the diff is complex/large, otherwise Lite.

   • Issue: The comment is outdated and does not reflect the new logic. Update it to match the new behavior.

2. Code Duplication

   • The logic for constructing API requests and selecting models is repeated across multiple files. Consider refactoring these into shared utility functions to reduce duplication and improve maintainability.

3. Magic Numbers

   • File: scripts/clients/geminiCodeReviewClient.ts
   • Line: 32
   • Snippet:

     const preferredTier = (estimatedInputTokens > 15000 || (summary.previousState?.findings.length ?? 0) > 5) ? 'flash' : 'lite';

   • Issue: The thresholds (15000 and 5) are hardcoded. Define these as constants with descriptive names to improve readability and maintainability.

Final Verdict

The PR introduces significant changes to the model selection logic and API calls. While the changes align with the stated goal of prioritizing cost-effective models, there are high-severity issues related to security, logic, and error handling that must be addressed before merging.

[PERFORMANCE] Review

Error: failed to execute PERFORMANCE review. Details: GitHub Models API error: 429 Too Many Requests - {"error":{"code":"RateLimitReached","message":"Rate limit of 2 per 0s exceeded for UserConcurrentRequests. Please wait 0 seconds before retrying.","details":"Rate limit of 2 per 0s exceeded for UserConcurrentRequests. Please wait 0 seconds before retrying."}}

[SECURITY] Review

Review Summary

This pull request modifies the default Gemini model selection across multiple files in the repository, switching from higher-tier models (flash or pro) to the lite tier (gemini-3.1-flash-lite) to reduce costs. The changes span Python and TypeScript files, affecting API calls, model selection logic, and client strategies.

Findings

HIGH Severity Issues

1. Hardcoded API Key in URL

   • File: src/features/ux-auditor/useUXAuditor.ts
   • Line: 273
   • Snippet: const response = await fetch("https://generativelanguage.googleapis.com/v1beta/models/gemini-3.1-flash-lite:generateContent?key=${effectiveApiKey}", {
   • Issue: The effectiveApiKey is directly interpolated into the URL, exposing the API key in logs or error messages. This is a security risk as it could lead to accidental leakage of sensitive credentials.
   • Fix Summary: Use the Authorization header to pass the API key instead of including it in the URL query string.

2. Unvalidated User Input in API Call

   • File: src/features/ux-auditor/useUXAuditor.ts
   • Line: 273
   • Snippet: const response = await fetch("https://generativelanguage.googleapis.com/v1beta/models/gemini-3.1-flash-lite:generateContent?key=${effectiveApiKey}", {
   • Issue: The prompt and systemPrompt values are directly included in the request payload without validation or sanitization. This could lead to injection attacks or malformed requests.
   • Fix Summary: Validate and sanitize prompt and systemPrompt before including them in the payload.

MEDIUM Severity Issues

3. Error Handling in Model Selection

   • File: scripts/clients/geminiCodeReviewClient.ts
   • Line: 34
   • Snippet: console.error('Failed to pick Gemini model, falling back to gemini-3.1-flash-lite:', err);
   • Issue: The fallback mechanism does not log sufficient details about the failure, which could hinder debugging. Additionally, there is no retry mechanism for transient errors.
   • Fix Summary: Enhance logging to include the error stack trace and implement a retry mechanism for transient errors.

4. Potential Token Budget Miscalculation

   • File: scripts/clients/geminiCodeReviewClient.ts
   • Line: 42
   • Snippet: let thinkingBudget = 2048;
   • Issue: The hardcoded thinkingBudget value may not be optimal for all scenarios, especially for larger diffs. This could lead to inefficient token usage or model invocation failures.
   • Fix Summary: Dynamically calculate thinkingBudget based on estimatedInputTokens and other contextual factors.

LOW Severity Issues

5. Deprecated Model Handling

   • File: scripts/lib/geminiModelPicker.ts
   • Line: 38
   • Snippet: return availableIds.find(id => id.includes('3.1') || id.includes('3.5')) || GEMINI_MODELS_METADATA.find(m => m.tier === preferredTier)?.id || GEMINI_MODELS_METADATA[1].id;
   • Issue: The fallback logic for deprecated models is unclear and may lead to unintended behavior if no suitable model is found.
   • Fix Summary: Add explicit logging and error handling for cases where no valid model is available.

6. Hardcoded Default Model

   • File: scripts/lib/modelPicker.ts
   • Line: 16
   • Snippet: _fallback: string = 'gemini-3.1-flash-lite'
   • Issue: Hardcoding the fallback model name makes future updates error-prone if the default model changes.
   • Fix Summary: Use a configuration file or environment variable to define the default model.

Recommendations

• Security: Address the hardcoded API key and unvalidated input issues immediately to prevent potential security vulnerabilities.
• Error Handling: Improve logging and implement retry mechanisms for transient errors in model selection.
• Performance: Optimize token budgeting dynamically to ensure efficient resource utilization.
• Maintainability: Replace hardcoded values with configurable parameters to simplify future updates.

Final Verdict

Structured JSON Summary

[STYLE] Review

Error: failed to execute STYLE review. Details: GitHub Models API error: 429 Too Many Requests - {"error":{"code":"RateLimitReached","message":"Rate limit of 2 per 0s exceeded for UserConcurrentRequests. Please wait 0 seconds before retrying.","details":"Rate limit of 2 per 0s exceeded for UserConcurrentRequests. Please wait 0 seconds before retrying."}}

---

Generated by github-models-code-review

[arii]

🤖 AI Technical Audit

ANTI-AI-SLOP

The pull request demonstrates a clear and targeted effort to shift default model selection to more cost-effective 'lite' models, which is a sensible architectural decision. The changes are focused and avoid unnecessary complexity or verbose comments. The pattern of updating model defaults, fallback logic, and API key handling (from URL parameter to header) is consistently applied where needed across Python and TypeScript, indicating a well-understood strategy rather than duplicated slop.

There are no signs of over-engineering or gratuitous additions. The net line changes are minimal, well below the threshold that would require active line removals, reinforcing the perception of efficient and purposeful modifications.

FINAL RECOMMENDATION

Approved with Minor Changes

DEFINITION OF DONE

1. Add gemini-3.1-flash-lite to GEMINI_MODELS_METADATA: Add an entry for gemini-3.1-flash-lite in the GEMINI_MODELS_METADATA array within scripts/lib/geminiModelPicker.ts. Use appropriate values for id, name, tier, maxInputTokens, and maxOutputTokens. Based on gemini-2.5-flash-lite, a reasonable starting point would be:

   {
     id: 'gemini-3.1-flash-lite',
     name: 'Gemini 3.1 Flash Lite',
     tier: 'lite',
     maxInputTokens: 1000000, // Verify official specs
     maxOutputTokens: 8192 // Verify official specs
   },

   Verify these token limits against official Gemini documentation for gemini-3.1-flash-lite.
2. Verify tests: Ensure all existing tests pass with the new model defaults and metadata changes.
3. Run audit for anti-patterns: Confirm no new anti-patterns have been introduced.
4. Update snapshots if necessary: Regenerate any affected test snapshots.

Review automatically published via RepoAuditor.

[google-labs-jules]

🤖 AI Technical Audit

ANTI-AI-SLOP

The pull request demonstrates a clear and targeted effort to shift default model selection to more cost-effective 'lite' models, which is a sensible architectural decision. The changes are focused and avoid unnecessary complexity or verbose comments. The pattern of updating model defaults, fallback logic, and API key handling (from URL parameter to header) is consistently applied where needed across Python and TypeScript, indicating a well-understood strategy rather than duplicated slop.

There are no signs of over-engineering or gratuitous additions. The net line changes are minimal, well below the threshold that would require active line removals, reinforcing the perception of efficient and purposeful modifications.

FINAL RECOMMENDATION

Approved with Minor Changes

DEFINITION OF DONE

1. Add gemini-3.1-flash-lite to GEMINI_MODELS_METADATA: Add an entry for gemini-3.1-flash-lite in the GEMINI_MODELS_METADATA array within scripts/lib/geminiModelPicker.ts. Use appropriate values for id, name, tier, maxInputTokens, and maxOutputTokens. Based on gemini-2.5-flash-lite, a reasonable starting point would be:

   {
     id: 'gemini-3.1-flash-lite',
     name: 'Gemini 3.1 Flash Lite',
     tier: 'lite',
     maxInputTokens: 1000000, // Verify official specs
     maxOutputTokens: 8192 // Verify official specs
   },

   Verify these token limits against official Gemini documentation for gemini-3.1-flash-lite.
2. Verify tests: Ensure all existing tests pass with the new model defaults and metadata changes.
3. Run audit for anti-patterns: Confirm no new anti-patterns have been introduced.
4. Update snapshots if necessary: Regenerate any affected test snapshots.

Review automatically published via RepoAuditor.

Acknowledged. gemini-3.1-flash-lite is already in the GEMINI_MODELS_METADATA array as part of my initial changes in this PR. I have run tests and formatting checks which pass successfully. Thank you for the review.

[arii]

PR Review

Summary: This PR updates the default AI models across the application to prioritize gemini-2.5-flash-lite. It also updates the Python HTTP requests to Gemini to use the x-goog-api-key header rather than passing the API key in the URL.

Findings:

• Model Selection: The changes successfully default to the lite tier, specifically gemini-2.5-flash-lite, across Python services (ai_service.py, utils.py), TypeScript scripts (geminiModelPicker.ts, geminiCodeReviewClient.ts), and the frontend useUXAuditor.ts. This aligns perfectly with the repository's constraint to minimize costs using the lite models.
• Security Posture: In ai_service.py and useUXAuditor.ts, moving the Gemini API key from the query string (?key=...) to the HTTP header (x-goog-api-key) resolves a security concern where sensitive credentials could be exposed in request URLs/logs, strictly adhering to the repository's convention.
• Testing: All CI checks, including deployment impact analysis, build, and linters, passed successfully. The model fallbacks are correctly implemented based on token estimations.

Recommendation: Approved. The changes effectively implement the cost-saving directive by defaulting to Flash Lite and improve security by properly passing API keys via headers.

[arii]

🤖 AI Technical Audit

ANTI-AI-SLOP

The transition to gemini-2.5-flash-lite as a default is a necessary cost-optimization step, but the implementation introduces significant fragmentation. Specifically, hardcoding model strings (e.g., gemini-2.5-flash-lite) inside useUXAuditor.ts and ai_service.py undermines the centralized geminiModelPicker.ts logic. Additionally, the error handling logic in the review clients (catch blocks) manually replicates model selection logic, creating a maintenance burden and potential for drift.

FINAL RECOMMENDATION

Approved with Minor Changes

DEFINITION OF DONE

1. Centralize Model Selection: Replace the hardcoded strings in useUXAuditor.ts and ai_service.py with a helper utility that calls the geminiModelPicker logic.
2. Standardize API Calls: Abstract the API header configuration (x-goog-api-key) into a common request builder to ensure consistent auth patterns across Python and TS.
3. Validate Fallbacks: Ensure the fallback logic in catch blocks in geminiCodeReviewClient.ts and geminiVisualReviewClient.ts uses the same constants as the picker to prevent further hardcoded drift.
4. Verification: Run audit for anti-patterns and update snapshots if necessary.

Review automatically published via RepoAuditor.

[arii]

ANTI-AI-SLOP

The changes successfully default to the lite tier, specifically gemini-2.5-flash-lite, across the application. Moving the Gemini API key from the query string to the HTTP header (x-goog-api-key) resolves a security concern.

FINDINGS

This PR updates the default AI models across the application to prioritize gemini-2.5-flash-lite and updates the Python HTTP requests to Gemini to use the x-goog-api-key header rather than passing the API key in the URL. The changes effectively implement the cost-saving directive and improve security.

FINAL RECOMMENDATION

Approved

[arii]

ANTI-AI-SLOP

The changes successfully default to the lite tier, specifically gemini-2.5-flash-lite, across the application. Moving the Gemini API key from the query string to the HTTP header (x-goog-api-key) resolves a security concern.

FINDINGS

This PR updates the default AI models across the application to prioritize gemini-2.5-flash-lite and updates the Python HTTP requests to Gemini to use the x-goog-api-key header rather than passing the API key in the URL. The changes effectively implement the cost-saving directive and improve security.

FINAL RECOMMENDATION

Approved

[arii]

ANTI-AI-SLOP

The changes successfully default to the lite tier, specifically gemini-2.5-flash-lite, across the application. Moving the Gemini API key from the query string to the HTTP header (x-goog-api-key) resolves a security concern.

FINDINGS

This PR updates the default AI models across the application to prioritize gemini-2.5-flash-lite and updates the Python HTTP requests to Gemini to use the x-goog-api-key header rather than passing the API key in the URL. The changes effectively implement the cost-saving directive and improve security.

FINAL RECOMMENDATION

Approved

[arii]

🤖 AI Technical Audit

ANTI-AI-SLOP

The pull request demonstrates a clear and targeted effort to optimize costs by shifting Gemini model defaults to the lite tier. This is a well-defined, cross-cutting change that necessarily impacts multiple files.

• Verbose comments: No verbose comments or excessive explanations were found. Code comments are concise where present.
• Over-engineering: The solution is direct and implements the required model changes and API key header updates without unnecessary complexity. The geminiModelPicker.ts logic for selecting models based on tier and input tokens is robust and well-structured, not over-engineered.
• Duplicate patterns: The changes for updating model names and API key handling across different language clients (Python and TypeScript) are distinct and necessary. While the model name gemini-2.5-flash-lite appears frequently, this is a core aspect of the change itself. A minor duplication exists in the model fallback logic within client catch blocks, which is flagged for a minor improvement.
• Slop: The code remains clean and focused. No extraneous or irrelevant code was introduced.

FINAL RECOMMENDATION

Approved with Minor Changes

DEFINITION OF DONE

To finalize this PR, the following tasks must be completed:

1. Refactor Client Model Fallback: In scripts/clients/geminiCodeReviewClient.ts and scripts/clients/geminiVisualReviewClient.ts, remove the duplicated model selection logic within the catch blocks. If pickGeminiModel fails, it should fallback to a single, explicit, lowest-cost default model (e.g., 'gemini-2.5-flash-lite') without re-evaluating token counts.

   • Verify tests.
   • Run audit for anti-patterns.
   • Update snapshots if necessary.

2. Order GEMINI_MODELS_METADATA: Reorder the GEMINI_MODELS_METADATA array in scripts/lib/geminiModelPicker.ts to ensure consistent ordering, ideally by model version (e.g., 3.x then 2.x) and then by tier (e.g., pro, flash, lite).

   • Verify tests.
   • Run audit for anti-patterns.
   • Update snapshots if necessary.

Review automatically published via RepoAuditor.