feat(provider): add GitLab Duo Agent provider (Agent Platform)

[jiwangyihao]

What

Adds a new GitLab Duo Agent provider (gitlab-duo-agent) that connects to GitLab's Duo Agent Platform via the Duo Workflow Service WebSocket, running an inline custom ambient flow. The existing AI Gateway proxy provider keeps its id (gitlab-duo) but is renamed for display to GitLab Duo Non-Agentic, matching GitLab's official "Agentic" / "Non-Agentic" classification.

Main changes:

• New provider gitlab-duo-agent (packages/ai): full WebSocket protocol against the Duo Workflow Service, OAuth login via GitLab's official VS Code OAuth application (vscode://gitlab.gitlab-workflow/authentication paste-code callback), stream routing, and runMCPTool action bridging so OMP's local tools execute through the agent loop.
• Inline custom ambient flow (flowConfig over the WebSocket, schema v1) instead of the built-in chat flow:
  • Supplies OMP's own system prompt — no server-side jinja wrapper, and no GitLab project/namespace/instance metadata reaches the agent.
  • MCP-only agent privileges, so GitLab native gitlab_* tools stay hidden and the agent only sees OMP's MCP tools.
  • Opts into on_agent_reasoning, mapping pre-tool-call commentary (message_sub_type: "reasoning") to thinking blocks — the chain-of-thought the official Duo CLI surfaces.
  • Uses the DUO_AGENT_PLATFORM unit primitive.
• Project auto-discovery: the inline ambient flow requires a GitLab project server-side, but OMP has no project of its own. When none is configured, the provider discovers an accessible one (preferring a project under the resolved namespace group, then any membership project) and scopes direct_access, workflow creation, and WebSocket routing to it.
• Catalog discovery (packages/catalog): gitlab-duo-agent model discovery via live aiChatAvailableModels, static contextWindow resolution (Claude/Gemini → 1,000,000, default 200,000) so the context panel / usage percentage / auto-compaction work, and per-checkpoint agent_context_usage mapped onto usage.input/totalTokens. Models are marked reasoning: false because the Duo Agent Platform path exposes no client-controllable thinking knob (the underlying Anthropic model params are server-fixed), so OMP no longer shows a thinking-effort selector for them.
• Robustness: a 90s idle deadline aborts and reconnects once on the same workflowID when the WebSocket silently goes half-open (proxy/LB drops the TCP link without delivering close/error), instead of hanging until the user presses Esc.
• cwd plumbing (packages/agent): threads the working directory into provider stream options so provider-side local tool execution targets the right workspace.

Why

GitLab is steadily moving Duo onto the Agent Platform (the agentic flow stack served by duo_workflow_service), and the older non-agentic AI Gateway proxy path is being deprecated. Two concrete reasons motivate a new provider rather than extending the old one:

• Credit access: the old gitlab-duo provider goes through the AI Gateway proxy, which bills against the ai_gateway_proxy_use quota bucket. The Agent Platform path bills against duo_agent_platform_workflow_on_execute — a different entitlement. GitLab Plans grant GitLab Credits to the Agent Platform bucket, so the old proxy provider cannot consume the credits a user's plan actually provides. This was verified empirically: the same OAuth credential reaches the proxy endpoint but returns 402 USAGE_QUOTA_EXCEEDED on the proxy bucket while the Agent Platform flow runs.
• Capabilities: the Agent Platform inline flow gives a fully custom system prompt, suppression of GitLab's injected tools and project/namespace metadata, multi-step agent loops, and chain-of-thought reasoning — none of which the proxy path can offer.

The two providers are deliberately kept side by side (the old one renamed to clarify its "Non-Agentic" classification) rather than removing the proxy path, since it still serves the classic Duo Chat surface.

Testing

• packages/ai: bun run check (biome + tsgo, 465 files) clean; 49 GitLab provider tests pass.
• packages/catalog: bun run check (92 files) clean; 20 GitLab discovery tests pass.
• packages/agent and packages/coding-agent: typecheck clean.
• Live-verified end to end against the real Duo Agent Platform (OAuth, project auto-discovery, MCP tool execution via runMCPTool, reasoning→thinking blocks, per-checkpoint usage mapping, and idle-timeout reconnect).

---

• bun check passes
• Tested locally
• CHANGELOG updated (if user-facing)

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 47c4dfa364

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8e5917b4b4

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[jiwangyihao]

Addressed all three Codex suggestions (force-pushed, folded into the relevant atomic commits):

• P1 — stop workflows via a non-aborted cleanup path: the stop PATCH no longer receives the request's already-aborted signal (which cancelled it before sending), and now runs from a finally block on any abort with a fresh request, also dropping the resumable session so the next turn does not reuse the closed socket.
• P1 — preserve paused sessions after action responses: the post-action resume now keeps providerSessionState.active on a pause result (matching the paused-session resume branch) instead of clearing it, so a server-side tool boundary crossed during resume no longer discards the buffered continuation. Added a regression test.
• P2 — honor project path during model discovery: catalog namespace discovery now resolves the configured project from a projectPath config field and GITLAB_DUO_PROJECT_PATH (in addition to projectId/GITLAB_DUO_PROJECT_ID). Added a regression test.

Also reverted an unrelated cursorEventEmitter rename and dropped a dead cwd param to keep the diff focused. bun run check clean for ai (465 files) + catalog (92); GitLab suites 50 + 21 pass.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 88ccafb093

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[jiwangyihao]

Follow-up on the latest Codex review (commit 88ccafb):

• P1 — clean up workflows after socket errors: valid and now fixed. The previous finally only stopped the workflow when options.signal was aborted, so a runGitLabDuoWorkflowSocket rejection (e.g. ws.onerror) skipped cleanup and left providerSessionState.active pointing at the dead socket with the remote workflow still running. The cleanup now also runs when the socket loop throws (tracked via a settledNormally flag): it drops active and issues the stop PATCH with a fresh signal on abort or abnormal exit, while still preserving active for the intentional action/pause resume path. Added a regression test that drives a socket onerror and asserts the stop PATCH fires and the session is cleared. Folded into the feat(ai) commit.

• P2 — handle GitLab API requests with HTTP, not read: acknowledged, leaving as-is for now. runHTTPRequest/gitlab_api_request are only ever emitted by the legacy chat/software_development flows; the default (and only shipped) flow is the inline ambient flow with MCP-only privileges (agent_privileges: [6]), under which the server emits only runMCPTool, so this mapping is unreachable in practice. Implementing a real GitLab HTTP request path would be net-new scope exercised by no current flow, and dropping the action could regress the legacy paths. Happy to address it if those flows become reachable.

All checks green: packages/ai bun run check clean (465 files), 49 GitLab provider tests pass.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 33a0294638

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 04111ca8f7

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[jiwangyihao]

Addressed the latest Codex review (P2, packages/catalog/src/discovery/gitlab-duo-workflow.ts): a numeric GITLAB_DUO_PROJECT_ID whose REST project payload exposes no explicit root (the normal payload only carries the immediate namespace) was blocked from the GraphQL rootAncestor fallback by the missing-slash guard, so discovery fell through to remotes/top-level groups. fetchProjectRootNamespace now keys the GraphQL fallback off the project's path_with_namespace returned in the REST payload, so numeric ids resolve the correct root. Added a regression test exercising a realistic numeric-id payload (no rootAncestor) -> GraphQL fallback by full path. The earlier P1 (resume turns hanging on non-terminal socket results) was already fixed by routing both resume paths through the shared finalizer. bun run check clean for packages/ai and packages/catalog; 48 + 22 GitLab tests pass.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5bca4f68fb

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[jiwangyihao]

Addressed the latest Codex review:

• P1 (pause per checkpoint): Fixed. GitLab checkpoints are full ui_chat_log snapshots, so a later frame replays the earlier request/tool boundary before the new agent delta; the prior logic paused on any boundary once a segment had been emitted earlier in the socket call, turning normal streaming into one pause_turn per checkpoint and eventually hitting the loop's pause-continuation cap. Pause now fires only on a boundary that follows a delta emitted in the current checkpoint. Added a regression test (does not pause on a stale boundary replayed at the head of a later checkpoint snapshot).
• P2 (relative base path): Fixed. new URL("/api/...", baseUrl) dropped a self-managed relative install path (https://host/gitlab). direct_access, workflow creation, aiChatAvailableModels, project discovery/lookup, and the non-serviceEndpoint WebSocket URL now append onto the normalized base, preserving the install path. Added a WS URL regression test.
• P2 (worktree commondir): Fixed. A linked worktree's .git points at .git/worktrees/<name> whose config holds no remotes; discovery now follows the gitdir's commondir to read the common config. Added a worktree-layout discovery test.

bun run check clean for both packages/ai (467 files) and packages/catalog (93); 50 + 23 GitLab tests pass. Rebased onto latest origin/main and folded into the 4 atomic commits.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: cd8fcec68b

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[jiwangyihao]

Addressed the 21:06 review:

• Strip relative GitLab install paths from remotes (P2): accepted. parseGitLabRemoteProjectPath now strips the install base path (e.g. /gitlab) from a remote like https://host/gitlab/group/project.git before deriving the project full path, so discovery queries /api/v4/projects/group%2Fproject rather than .../gitlab%2Fgroup%2Fproject. Added a regression test.

• Use the discovered namespace when streaming (P2): not taking this one. resolveGitLabDuoWorkflowNamespaceSelection deliberately re-discovers from the current credentials/cwd each turn instead of trusting model.gitlabDuoWorkflowRootNamespaceId, which can be stale (a prior model-refresh may have listed a different group, and cwd/env can shift between refresh and the turn). An existing contract test pins this behavior. Explicit rootNamespaceId/namespaceId options and GITLAB_DUO_NAMESPACE_ID still take precedence over discovery; discovery is deterministic for the common single-group case.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 90e8965855

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[jiwangyihao]

Addressed the broker-login P2: omp auth-broker login gitlab-duo-agent (and --via) previously hung until timeout because the provider uses GitLab's fixed vscode:// OAuth redirect, which never reaches the broker's local callback server, and runLocalLogin supplied no onManualCodeInput fallback. runLocalLogin now offers the same paste-the-redirect-URL prompt the interactive sign-in wizard uses (via the existing readline), so the code can be entered manually and credentials saved. Folded into the agent integration commit; coding-agent typecheck + biome clean.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 20e3ebdcd7

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a299e65909

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[can1357]

wtf is gitlab doing? why two seperate providers?

[jiwangyihao]

wtf is gitlab doing? why two seperate providers?

https://docs.gitlab.com/user/gitlab_duo/

Maybe you can see this. The old one already in omp is GitLab Duo Non-Agentic, and the one in this PR is GitLab Duo Agent.

These two use different credit system (in my test is), and the GitLab Ultimate Trial subscription can only access GitLab Duo Agent.

BTW, I may update a new change to this PR in hours, fix an issue I found a moment ago.

[jiwangyihao]

CI follow-up: run 28008471116 (head 4d177cf69) is red on exactly one job — Test coding-agent native/unit (TS) — with a single failing test:

(fail) executeBash :async: background retention > keeps a per-job :async: shell's background process alive across turns
 1 fail

This is a pre-existing upstream flake, not from this PR:

• It fails identically on main itself: run 28006645402 (2c3e0d79a) and 28003050043 (c6fcc155a) both fail on the same one test.
• This branch is rebased onto that same main tip and touches no bash-executor / background-process code (changes are confined to packages/ai GitLab Duo provider + tests, packages/catalog generator comment + tests, and changelogs).
• All GitLab-Duo-relevant suites are green: catalog discovery 28/28, catalog build 25/25, ai provider 65/65, ai oauth green; bun check:types clean for pi-ai/pi-catalog.

A re-run of that job (or the upstream flake fix landing on main, which this branch will pick up on the next rebase) should clear the check. Happy to re-run/rebase on your signal.

[jiwangyihao]

Addressed the remaining current Codex thread.

Fixed — Forward the live session cwd after moves (agent.ts / sdk.ts) (a0880370c)

Correct catch. Agent.#cwd was captured at construction, and /move updates SessionManager + the process cwd without reconstructing the Agent, so GitLab Duo Agent namespace/project discovery kept reading the original repo's git remote (the provider keys workspace discovery and account-state caching off cwd).

Fix follows the existing per-call resolver pattern (getReasoning/getServiceTier):

• Agent gains an optional cwdResolver; AgentLoopConfig gains a getCwd per-call resolver. The loop config now carries both the static cwd and getCwd.
• agent-loop computes effectiveCwd = config.getCwd?.() ?? config.cwd at the streamFunction call site, read once per LLM call, so even a mid-run /move reaches workspace-scoped provider options (falls back to the static cwd when the resolver is unset/returns undefined).
• sdk.ts passes cwdResolver: () => sessionManager.getCwd() to the main agent; SessionManager.#cwd is what /move updates, and getCwd() returns it live.

Regression tests assert the observable contract (mock streamFn records options.cwd): the resolver overrides the static cwd, falls back to the static cwd when it returns undefined, and is re-read per model call within one run (a /move mid-run is seen on the continuation request).

Verification: bun check:types clean for pi-agent-core and pi-coding-agent; agent suite 27/27 (incl. the 3 new cwd tests), agent-loop 47/47.

Still open by design

• Avoid forcing a loopback tunnel for paste-code login (registry/gitlab-duo-workflow.ts) — left open intentionally: declining as previously explained (every paste-code provider sets callbackPort; special-casing only this one would create a second convention AGENTS.md prohibits). This is a maintainer judgment call, not something I should self-resolve.

Rebased onto latest main (now af2e53e07); 18 commits replay clean, gitlab-duo-agent remains the only provider added to models.json.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a0880370c1

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[jiwangyihao]

Addressed the newest Codex thread.

Fixed — Disable the default manual-code prompt for loopback logins (auth-storage.ts) (61755d49c)

Correct catch, and it exposes that the earlier CLI-only gating was a no-op: runLocalLogin omitted onManualCodeInput for non-paste-code providers, but AuthStorage.login re-injected a default via ctrl.onManualCodeInput ?? manualCodeInput, so OAuthCallbackFlow.#waitForCallback() still started the readline-paste race against the HTTP callback for every loopback provider (and callback-server.ts keys that race solely on a truthy onManualCodeInput). A browser-callback win left the prompt dangling.

Fixed at the authoritative seam — AuthStorage.login, which every login caller funnels through:

• The default manualCodeInput is now synthesized only when PASTE_CODE_LOGIN_PROVIDERS.has(provider) (built from the registry's pasteCodeFlow flags). Loopback providers get no default → no race.
• An explicit caller-supplied onManualCodeInput is still honored for any provider (escape hatch).
• The CLI's usesManualInput gating stays as defense-in-depth; its comment now points at the storage-level gate as authoritative (correcting the "only omits here" framing).

Regression test (auth-storage-manual-code-gate.test.ts, against the storage contract): a loopback provider receives no synthesized onManualCodeInput; an explicit one is forwarded for a loopback provider; a paste-code provider (gitlab-duo-agent) gets the default synthesized (routed through onPrompt) when the caller omits it.

Verification: bun check:types clean for pi-ai and pi-coding-agent; new gate suite 3/3; callback-server-manual-input 2/2, gitlab-duo-workflow oauth + provider + provider-registry all green (79/79 across the related files). (The auth-storage-api-key-login file shows Windows-only EBUSY temp-dir teardown flakes locally — all its expect() assertions pass; CI runs on Linux.)

Still open by design

• Avoid forcing a loopback tunnel for paste-code login (registry/gitlab-duo-workflow.ts) — left open intentionally, as previously explained (every paste-code provider sets callbackPort; special-casing only this one creates a second convention AGENTS.md prohibits). Maintainer judgment call.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 61755d49c5

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[jiwangyihao]

CI follow-up: run 28013607869 (head 61755d49c) is red on one job — Test coding-agent native/unit (TS) — with a single failing test:

(fail) eval Julia prelude helpers > supports output ranges, JSON queries, metadata, and ANSI stripping [31042.02ms]
 1 fail

This is an unrelated slow-test timeout, not from this PR:

• It's a ~31s Julia prelude test that timed out on a loaded runner; this branch touches no eval/Julia/prelude files (changes are confined to packages/ai GitLab Duo provider + auth-storage, packages/agent, packages/coding-agent CLI/sdk, packages/catalog, and changelogs — git diff --name-only origin/main..HEAD lists nothing under eval/julia).
• The earlier executeBash :async: flake that previously failed this job is gone (that one cleared after rebasing onto the upstream fix); this is a different intermittent.

I can't re-run the job (fork PR, no admin rights on the base repo). A maintainer re-run, or the next rebase/push, should clear it. All GitLab-Duo-relevant suites are green: ai gate/oauth/provider/provider-registry 79/79, catalog discovery 28/28, agent 27/27; bun check:types clean for pi-ai/pi-catalog/pi-agent-core/pi-coding-agent.

[jiwangyihao]

Addressed the two newest Codex threads in b7ab4b65a.

Fixed — Scope checkpoint dedupe to replayed message identity (gitlab-duo-workflow.ts)

Correct catch. The content-signature fallback (which suppresses replayed agent text when GitLab renames a message_id across a shrunk snapshot — see the agent-a→agent-b "Working" repro) keyed on global text equality, so a genuinely new later message whose text equalled an earlier turn (two turns both "Done", repeated reasoning) hit previousContent === undefined + a global signature match and emitted no delta — the second message was lost.

Fix scopes the signature to turn position — the request/tool boundary count within the snapshot (<turnIndex>\0<kind>\0<content>):

• A replayed message reappearing at the same turn position is still deduped (the rename case: both at turn 0 → suppressed).
• A new message at a later turn (after an extra boundary) gets a distinct signature → emits.

Verified against all three existing tests (rename-shrink suppression, same-key non-prefix rewrite, pause/resume into a separate message) plus a new regression test: two agent turns separated by a tool boundary both saying "Done" now yield "DoneDone" (previously the second was swallowed). Provider suite 66/66.

Fixed — Move the broker login note to Unreleased (coding-agent/CHANGELOG.md)

Correct. The omp auth-broker login gitlab-duo-agent note had been added under the already-released ## [16.1.16] section; per AGENTS.md released sections are immutable. Moved it verbatim to the ## [Unreleased] ### Fixed section.

Verification: bun check:types clean for pi-ai; provider suite 66/66 (incl. the new dedupe regression test).

Still open by design

• Avoid forcing a loopback tunnel for paste-code login (registry/gitlab-duo-workflow.ts) — left open intentionally, as previously explained (every paste-code provider sets callbackPort; special-casing only this one creates a second convention AGENTS.md prohibits). Maintainer judgment call.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b7ab4b65a3

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Resolve path-valued projectId before WebSocket routing

When callers set projectId/GITLAB_DUO_PROJECT_ID to a full path such as group/project—which namespace discovery explicitly accepts by carrying projectId.includes("/") as a project path—this assignment still treats that path as the numeric project id. The projectPath branch below resolves paths to a numeric id for WebSocket routing, while REST direct_access/create can keep using the path; skipping that lookup sends project_id=group/project on the WebSocket and can fail project-scoped Duo routing. Split path-valued configuredProjectId into the path flow before computing webSocketProjectId.

Useful? React with 👍 / 👎.

[jiwangyihao]

CI follow-up: run 28016855306 (head b7ab4b65a) is red on one job — Test coding-agent native/unit (TS) — with the same single failing test as the prior run:

(fail) eval Julia prelude helpers > supports output ranges, JSON queries, metadata, and ANSI stripping [31033.21ms]
 1 fail

This is an unrelated ~31s Julia prelude slow-test timing out on a loaded runner, not from this PR:

• This branch touches no eval/Julia/prelude files (git diff --name-only origin/main..HEAD lists nothing under eval/julia/prelude).
• It is intermittent on the base branch too — recent main CI runs (af2e53e07, 2c3e0d79a, c6fcc155a) are red on the same Test coding-agent native/unit (TS) job family.

I can't re-run the job (fork PR, no admin rights on the base repo). A maintainer re-run, or the next rebase/push, should clear it. All GitLab-Duo-relevant suites are green: ai provider 66/66 (incl. the new dedupe regression test), and bun check:types is clean for pi-ai.