Improve GitLab Duo gateway compatibility

[LuxVTZ]

Summary

• add a stable built-in GitLab Duo model catalog, including Sonnet 4.6 and Opus 4.6 variants
• route GitLab Duo traffic by the requested Duo model so OpenAI and Anthropic gateway paths are selected correctly
• apply GitLab-specific transport defaults for gateway requests, including a dedicated User-Agent and context-1m beta handling
• stop persisting the GitLab OAuth client secret into auth metadata files

Why

• keeps the management panel and runtime aligned on the GitLab Duo models users can actually select
• fixes unknown-provider and wrong-gateway cases when the requested Duo model differs from stale auth metadata
• reduces secret sprawl by avoiding OAuth client secret persistence in saved auth files

Verification

• go test ./internal/api/handlers/management ./internal/runtime/executor ./sdk/auth
• live local checks:
  • GET /management.html
  • GET /v0/management/auth-files
  • POST /v0/management/gitlab-auth-url
  • GET /v1/models
  • POST /v1/chat/completions with duo-chat-opus-4-6

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the compatibility and security of the GitLab Duo integration. It introduces a robust model catalog and intelligent routing mechanisms to ensure that AI model requests are accurately directed to the appropriate backend services. Furthermore, it streamlines authentication practices by preventing the storage of sensitive client secrets, thereby bolstering the overall security posture of the system.

Highlights

• GitLab Duo Model Catalog: A stable, built-in catalog of GitLab Duo models, including Sonnet 4.6 and Opus 4.6 variants, has been added to ensure alignment between the management panel and runtime for available models.
• Intelligent Gateway Routing: GitLab Duo traffic is now routed based on the requested model, ensuring that requests are correctly directed to either OpenAI or Anthropic gateway paths, fixing issues with unknown providers or incorrect gateways due to stale authentication metadata.
• GitLab-Specific Transport Defaults: Dedicated transport defaults for GitLab Duo gateway requests have been applied, including a specific User-Agent header and handling for the context-1m beta feature.
• Enhanced Security for OAuth: The persistence of the GitLab OAuth client secret into authentication metadata files has been stopped, reducing secret sprawl and improving security.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• internal/api/handlers/management/auth_files.go
  • Removed the logic that persisted the oauth_client_secret into authentication metadata.
• internal/runtime/executor/claude_executor.go
  • Added a check to force the context-1m beta header for Anthropic requests if specified in GitLab Duo attributes.
• internal/runtime/executor/gitlab_executor.go
  • Defined new constants gitLabContext1MBeta and gitLabNativeUserAgent.
  • Introduced gitLabCatalogModel struct and gitLabAgenticCatalog variable to define a built-in list of GitLab Duo models.
  • Added gitLabModelAliases map for model name mapping.
  • Modified nativeGateway and nativeGatewayHTTP functions to pass the requestedModel to the buildGitLabAnthropicGatewayAuth and buildGitLabOpenAIGatewayAuth functions for model-aware routing.
  • Updated gitLabGatewayHeaders to accept a targetProvider parameter and to set default User-Agent and anthropic-beta headers if not already present.
  • Modified buildGitLabAnthropicGatewayAuth and buildGitLabOpenAIGatewayAuth to accept requestedModel and pass the target provider to gitLabGatewayHeaders.
  • Introduced gitLabGatewayProvider function to determine the gateway provider based on the requested model and authentication metadata.
  • Updated gitLabResolvedModel to apply model aliases before resolving the model name.
  • Modified GitLabModelsFromAuth to include models from the gitLabAgenticCatalog and their aliases in the list of available models.
• internal/runtime/executor/gitlab_executor_test.go
  • Added TestGitLabExecutorExecuteUsesRequestedModelToSelectOpenAIGateway to verify that the requested model correctly influences gateway selection.
  • Removed oauth_client_secret from test authentication metadata to align with the new security practice.
  • Updated TestGitLabExecutorExecuteStreamUsesAnthropicGateway to assert the presence and value of the Anthropic-Beta and User-Agent headers.
• sdk/auth/gitlab.go
  • Removed the conditional logic that stored the oauth_client_secret in GitLab authentication metadata.
• sdk/cliproxy/service_gitlab_models_test.go
  • Added TestRegisterModelsForAuth_GitLabIncludesAgenticCatalog to confirm that the built-in agentic model catalog is correctly registered and available.

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request significantly improves GitLab Duo compatibility by adding a built-in model catalog, enhancing routing logic to select gateways based on the requested model, and applying specific transport defaults. A key security enhancement is the removal of OAuth client secret persistence in authentication files. The changes are well-implemented and accompanied by thorough tests for the new functionality. I have a couple of suggestions to remove some redundant code, which will improve code clarity and maintainability.

[gemini-code-assist]

This nil check for auth and auth.Metadata is redundant. The gitLabGatewayProvider function called on the next line already handles this case by returning an empty provider string, which will cause the provider == "anthropic" check to fail correctly. Removing this check will simplify the code and avoid logic duplication.

[gemini-code-assist]

Similar to gitLabUsesAnthropicGateway, this nil check for auth and auth.Metadata is redundant. The gitLabGatewayProvider function handles the nil case, making this check unnecessary. Removing it improves code clarity and reduces duplication.