diff --git a/internal/runtime/executor/gitlab_executor.go b/internal/runtime/executor/gitlab_executor.go index 5b2713ae..5e219259 100644 --- a/internal/runtime/executor/gitlab_executor.go +++ b/internal/runtime/executor/gitlab_executor.go @@ -8,6 +8,7 @@ import ( "fmt" "io" "net/http" + "net/url" "strings" "time" @@ -59,6 +60,9 @@ func NewGitLabExecutor(cfg *config.Config) *GitLabExecutor { func (e *GitLabExecutor) Identifier() string { return gitLabProviderKey } func (e *GitLabExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) { + if nativeExec, nativeAuth, nativeReq, ok := e.nativeAnthropicGateway(auth, req); ok { + return nativeExec.Execute(ctx, nativeAuth, nativeReq, opts) + } baseModel := thinking.ParseSuffix(req.Model).ModelName reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) @@ -99,6 +103,9 @@ func (e *GitLabExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, r } func (e *GitLabExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (_ *cliproxyexecutor.StreamResult, err error) { + if nativeExec, nativeAuth, nativeReq, ok := e.nativeAnthropicGateway(auth, req); ok { + return nativeExec.ExecuteStream(ctx, nativeAuth, nativeReq, opts) + } baseModel := thinking.ParseSuffix(req.Model).ModelName reporter := newUsageReporter(ctx, e.Identifier(), baseModel, auth) @@ -200,6 +207,9 @@ func (e *GitLabExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) ( } func (e *GitLabExecutor) CountTokens(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error) { + if nativeExec, nativeAuth, nativeReq, ok := e.nativeAnthropicGateway(auth, req); ok { + return nativeExec.CountTokens(ctx, nativeAuth, nativeReq, opts) + } baseModel := thinking.ParseSuffix(req.Model).ModelName translated := sdktranslator.TranslateRequest(opts.SourceFormat, sdktranslator.FromString("openai"), baseModel, req.Payload, false) enc, err := tokenizerForModel(baseModel) @@ -217,6 +227,9 @@ func (e *GitLabExecutor) HttpRequest(ctx context.Context, auth *cliproxyauth.Aut if req == nil { return nil, fmt.Errorf("gitlab duo executor: request is nil") } + if nativeExec, nativeAuth := e.nativeAnthropicGatewayHTTP(auth); nativeExec != nil { + return nativeExec.HttpRequest(ctx, nativeAuth, req) + } if ctx == nil { ctx = req.Context() } @@ -232,6 +245,27 @@ func (e *GitLabExecutor) translateToOpenAI(req cliproxyexecutor.Request, opts cl return sdktranslator.TranslateRequest(opts.SourceFormat, sdktranslator.FromString("openai"), baseModel, req.Payload, opts.Stream), nil } +func (e *GitLabExecutor) nativeAnthropicGateway( + auth *cliproxyauth.Auth, + req cliproxyexecutor.Request, +) (*ClaudeExecutor, *cliproxyauth.Auth, cliproxyexecutor.Request, bool) { + nativeAuth, ok := buildGitLabAnthropicGatewayAuth(auth) + if !ok { + return nil, nil, req, false + } + nativeReq := req + nativeReq.Model = gitLabResolvedModel(auth, req.Model) + return NewClaudeExecutor(e.cfg), nativeAuth, nativeReq, true +} + +func (e *GitLabExecutor) nativeAnthropicGatewayHTTP(auth *cliproxyauth.Auth) (*ClaudeExecutor, *cliproxyauth.Auth) { + nativeAuth, ok := buildGitLabAnthropicGatewayAuth(auth) + if !ok { + return nil, nil + } + return NewClaudeExecutor(e.cfg), nativeAuth +} + func (e *GitLabExecutor) invokeText(ctx context.Context, auth *cliproxyauth.Auth, prompt gitLabPrompt) (string, error) { if text, err := e.requestChat(ctx, auth, prompt); err == nil { return text, nil @@ -949,6 +983,83 @@ func gitLabUsage(model string, translatedReq []byte, text string) (int64, int64) return promptTokens, int64(completionCount) } +func buildGitLabAnthropicGatewayAuth(auth *cliproxyauth.Auth) (*cliproxyauth.Auth, bool) { + if !gitLabUsesAnthropicGateway(auth) { + return nil, false + } + baseURL := gitLabAnthropicGatewayBaseURL(auth) + token := gitLabMetadataString(auth.Metadata, "duo_gateway_token") + if baseURL == "" || token == "" { + return nil, false + } + + nativeAuth := auth.Clone() + nativeAuth.Provider = "claude" + if nativeAuth.Attributes == nil { + nativeAuth.Attributes = make(map[string]string) + } + nativeAuth.Attributes["api_key"] = token + nativeAuth.Attributes["base_url"] = baseURL + for key, value := range gitLabGatewayHeaders(auth) { + if key == "" || value == "" { + continue + } + nativeAuth.Attributes["header:"+key] = value + } + return nativeAuth, true +} + +func gitLabUsesAnthropicGateway(auth *cliproxyauth.Auth) bool { + if auth == nil || auth.Metadata == nil { + return false + } + provider := strings.ToLower(gitLabMetadataString(auth.Metadata, "model_provider")) + if provider == "" { + modelName := strings.ToLower(gitLabMetadataString(auth.Metadata, "model_name")) + provider = inferGitLabProviderFromModel(modelName) + } + return provider == "anthropic" && + gitLabMetadataString(auth.Metadata, "duo_gateway_base_url") != "" && + gitLabMetadataString(auth.Metadata, "duo_gateway_token") != "" +} + +func inferGitLabProviderFromModel(model string) string { + model = strings.ToLower(strings.TrimSpace(model)) + switch { + case strings.Contains(model, "claude"): + return "anthropic" + case strings.Contains(model, "gpt"), strings.Contains(model, "o1"), strings.Contains(model, "o3"), strings.Contains(model, "o4"): + return "openai" + default: + return "" + } +} + +func gitLabAnthropicGatewayBaseURL(auth *cliproxyauth.Auth) string { + raw := strings.TrimSpace(gitLabMetadataString(auth.Metadata, "duo_gateway_base_url")) + if raw == "" { + return "" + } + base, err := url.Parse(raw) + if err != nil { + return strings.TrimRight(raw, "/") + } + path := strings.TrimRight(base.EscapedPath(), "/") + switch { + case strings.HasSuffix(path, "/ai/v1/proxy/anthropic"), strings.HasSuffix(path, "/v1/proxy/anthropic"): + return strings.TrimRight(base.String(), "/") + case path == "/ai": + base.Path = "/ai/v1/proxy/anthropic" + case path != "": + base.Path = strings.TrimRight(path, "/") + "/v1/proxy/anthropic" + case strings.Contains(strings.ToLower(base.Host), "gitlab.com"): + base.Path = "/ai/v1/proxy/anthropic" + default: + base.Path = "/v1/proxy/anthropic" + } + return strings.TrimRight(base.String(), "/") +} + func gitLabPrimaryToken(auth *cliproxyauth.Auth) string { if auth == nil || auth.Metadata == nil { return "" diff --git a/internal/runtime/executor/gitlab_executor_test.go b/internal/runtime/executor/gitlab_executor_test.go index 3836cd88..8334320a 100644 --- a/internal/runtime/executor/gitlab_executor_test.go +++ b/internal/runtime/executor/gitlab_executor_test.go @@ -100,6 +100,67 @@ func TestGitLabExecutorExecuteFallsBackToCodeSuggestions(t *testing.T) { } } +func TestGitLabExecutorExecuteUsesAnthropicGateway(t *testing.T) { + var gotAuthHeader, gotRealmHeader string + var gotPath string + var gotModel string + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + gotPath = r.URL.Path + gotAuthHeader = r.Header.Get("Authorization") + gotRealmHeader = r.Header.Get("X-Gitlab-Realm") + gotModel = gjson.GetBytes(readBody(t, r), "model").String() + w.Header().Set("Content-Type", "application/json") + _, _ = w.Write([]byte(`{"id":"msg_1","type":"message","role":"assistant","model":"claude-sonnet-4-5","content":[{"type":"tool_use","id":"toolu_1","name":"Bash","input":{"cmd":"ls"}}],"stop_reason":"tool_use","stop_sequence":null,"usage":{"input_tokens":11,"output_tokens":4}}`)) + })) + defer srv.Close() + + exec := NewGitLabExecutor(&config.Config{}) + auth := &cliproxyauth.Auth{ + Provider: "gitlab", + Metadata: map[string]any{ + "duo_gateway_base_url": srv.URL, + "duo_gateway_token": "gateway-token", + "duo_gateway_headers": map[string]string{"X-Gitlab-Realm": "saas"}, + "model_provider": "anthropic", + "model_name": "claude-sonnet-4-5", + }, + } + req := cliproxyexecutor.Request{ + Model: "gitlab-duo", + Payload: []byte(`{ + "model":"gitlab-duo", + "messages":[{"role":"user","content":[{"type":"text","text":"list files"}]}], + "tools":[{"name":"Bash","description":"run bash","input_schema":{"type":"object","properties":{"cmd":{"type":"string"}},"required":["cmd"]}}], + "max_tokens":128 + }`), + } + + resp, err := exec.Execute(context.Background(), auth, req, cliproxyexecutor.Options{ + SourceFormat: sdktranslator.FromString("claude"), + }) + if err != nil { + t.Fatalf("Execute() error = %v", err) + } + if gotPath != "/v1/proxy/anthropic/v1/messages" { + t.Fatalf("Path = %q, want %q", gotPath, "/v1/proxy/anthropic/v1/messages") + } + if gotAuthHeader != "Bearer gateway-token" { + t.Fatalf("Authorization = %q, want Bearer gateway-token", gotAuthHeader) + } + if gotRealmHeader != "saas" { + t.Fatalf("X-Gitlab-Realm = %q, want saas", gotRealmHeader) + } + if gotModel != "claude-sonnet-4-5" { + t.Fatalf("model = %q, want claude-sonnet-4-5", gotModel) + } + if got := gjson.GetBytes(resp.Payload, "content.0.type").String(); got != "tool_use" { + t.Fatalf("expected tool_use response, got %q", got) + } + if got := gjson.GetBytes(resp.Payload, "content.0.name").String(); got != "Bash" { + t.Fatalf("expected tool name Bash, got %q", got) + } +} + func TestGitLabExecutorRefreshUpdatesMetadata(t *testing.T) { srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { switch r.URL.Path { @@ -278,6 +339,56 @@ func TestGitLabExecutorExecuteStreamFallsBackToSyntheticChat(t *testing.T) { } } +func TestGitLabExecutorExecuteStreamUsesAnthropicGateway(t *testing.T) { + var gotPath string + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + gotPath = r.URL.Path + w.Header().Set("Content-Type", "text/event-stream") + _, _ = w.Write([]byte("event: message_start\n")) + _, _ = w.Write([]byte("data: {\"type\":\"message_start\",\"message\":{\"id\":\"msg_1\",\"type\":\"message\",\"role\":\"assistant\",\"model\":\"claude-sonnet-4-5\",\"content\":[],\"stop_reason\":null,\"stop_sequence\":null,\"usage\":{\"input_tokens\":0,\"output_tokens\":0}}}\n\n")) + _, _ = w.Write([]byte("event: content_block_start\n")) + _, _ = w.Write([]byte("data: {\"type\":\"content_block_start\",\"index\":0,\"content_block\":{\"type\":\"text\",\"text\":\"\"}}\n\n")) + _, _ = w.Write([]byte("event: content_block_delta\n")) + _, _ = w.Write([]byte("data: {\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"hello from gateway\"}}\n\n")) + _, _ = w.Write([]byte("event: message_delta\n")) + _, _ = w.Write([]byte("data: {\"type\":\"message_delta\",\"delta\":{\"stop_reason\":\"end_turn\",\"stop_sequence\":null},\"usage\":{\"input_tokens\":10,\"output_tokens\":3}}\n\n")) + _, _ = w.Write([]byte("event: message_stop\n")) + _, _ = w.Write([]byte("data: {\"type\":\"message_stop\"}\n\n")) + })) + defer srv.Close() + + exec := NewGitLabExecutor(&config.Config{}) + auth := &cliproxyauth.Auth{ + Provider: "gitlab", + Metadata: map[string]any{ + "duo_gateway_base_url": srv.URL, + "duo_gateway_token": "gateway-token", + "duo_gateway_headers": map[string]string{"X-Gitlab-Realm": "saas"}, + "model_provider": "anthropic", + "model_name": "claude-sonnet-4-5", + }, + } + req := cliproxyexecutor.Request{ + Model: "gitlab-duo", + Payload: []byte(`{"model":"gitlab-duo","messages":[{"role":"user","content":[{"type":"text","text":"hello"}]}],"max_tokens":64}`), + } + + result, err := exec.ExecuteStream(context.Background(), auth, req, cliproxyexecutor.Options{ + SourceFormat: sdktranslator.FromString("claude"), + }) + if err != nil { + t.Fatalf("ExecuteStream() error = %v", err) + } + + lines := collectStreamLines(t, result) + if gotPath != "/v1/proxy/anthropic/v1/messages" { + t.Fatalf("Path = %q, want %q", gotPath, "/v1/proxy/anthropic/v1/messages") + } + if !strings.Contains(strings.Join(lines, "\n"), "hello from gateway") { + t.Fatalf("expected anthropic gateway stream, got %q", strings.Join(lines, "\n")) + } +} + func collectStreamLines(t *testing.T, result *cliproxyexecutor.StreamResult) []string { t.Helper() lines := make([]string, 0, 8)