gitlab-ai-provider 5.1.0 → 5.1.2

package/CHANGELOG.md

@@ -2,6 +2,17 @@
 
 All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## <small>5.1.2 (2026-03-17)</small>
+
+- fix: regenerate dists ([091d3ae](https://gitlab.com/vglafirov/gitlab-ai-provider/commit/091d3ae))
+
+## <small>5.1.1 (2026-03-17)</small>
+
+- Merge branch 'fix/builtin-fallback-security' into 'main' ([1026029](https://gitlab.com/vglafirov/gitlab-ai-provider/commit/1026029))
+- Merge branch 'vg/tools_fixes' into 'main' ([477d971](https://gitlab.com/vglafirov/gitlab-ai-provider/commit/477d971))
+- fix: add path validation and JSON error handling to executeBuiltinFallback ([a9ace75](https://gitlab.com/vglafirov/gitlab-ai-provider/commit/a9ace75))
+- fix: fixed tools calling for workflow models ([d52ec56](https://gitlab.com/vglafirov/gitlab-ai-provider/commit/d52ec56))
+
 ## 5.1.0 (2026-03-17)
 
 - Merge branch 'fix/model-config-inparams-cache-ttl' into 'main' ([a9fdfa0](https://gitlab.com/vglafirov/gitlab-ai-provider/commit/a9fdfa0))

package/dist/index.d.mts

@@ -577,6 +577,8 @@ interface GitLabWorkflowLanguageModelConfig extends GitLabWorkflowClientConfig {
 type WorkflowToolExecutor = (toolName: string, args: string, requestID: string) => Promise<{
     result: string;
     error?: string | null;
+    metadata?: Record<string, unknown>;
+    title?: string;
 }>;
 /**
  * GitLab Duo Agent Platform Language Model.

package/dist/index.d.ts

@@ -577,6 +577,8 @@ interface GitLabWorkflowLanguageModelConfig extends GitLabWorkflowClientConfig {
 type WorkflowToolExecutor = (toolName: string, args: string, requestID: string) => Promise<{
     result: string;
     error?: string | null;
+    metadata?: Record<string, unknown>;
+    title?: string;
 }>;
 /**
  * GitLab Duo Agent Platform Language Model.

package/dist/index.js

@@ -1576,7 +1576,7 @@ var GitLabOpenAILanguageModel = class {
 var import_isomorphic_ws = __toESM(require("isomorphic-ws"));
 
 // src/version.ts
-var VERSION = true ? "5.0.0" : "0.0.0-dev";
+var VERSION = true ? "5.1.1" : "0.0.0-dev";
 
 // src/gitlab-workflow-types.ts
 var WorkflowType = /* @__PURE__ */ ((WorkflowType2) => {
@@ -1913,7 +1913,8 @@ function sanitizeErrorMessage(message) {
   if (!message) return "";
   return message.replace(/\bBearer\s+[A-Za-z0-9\-_.~+/]+=*/gi, "Bearer [REDACTED]").replace(/\bgl(?:pat|oat|cbt|dt|oas|rt|soat|ffct|sapat)-[A-Za-z0-9_-]+/g, "[REDACTED]").replace(/([?&](?:private_token|access_token|token)=)[^&\s"']*/gi, "$1[REDACTED]").replace(/:\/\/([^:@/\s]+):([^@/\s]+)@/g, "://$1:[REDACTED]@");
 }
-function mapBuiltinTool(dwsToolName, data) {
+function mapBuiltinTool(dwsToolName, data, availableTools) {
+  const has = (name) => !availableTools || availableTools.has(name);
   switch (dwsToolName) {
     case "runReadFile":
       return { toolName: "read", args: { filePath: data.filepath } };
@@ -1927,20 +1928,51 @@ function mapBuiltinTool(dwsToolName, data) {
         args: { filePaths: paths }
       };
     }
-    case "runWriteFile":
-      return {
-        toolName: "write",
-        args: { filePath: data.filepath, content: data.contents }
-      };
-    case "runEditFile":
-      return {
-        toolName: "edit",
-        args: {
-          filePath: data.filepath,
-          oldString: data.oldString ?? data.old_string,
-          newString: data.newString ?? data.new_string
-        }
-      };
+    case "runWriteFile": {
+      if (has("write")) {
+        return {
+          toolName: "write",
+          args: { filePath: data.filepath, content: data.contents }
+        };
+      }
+      const filePath = String(data.filepath ?? "");
+      const content = String(data.contents ?? "");
+      const patchLines = [
+        "*** Begin Patch",
+        `*** Add File: ${filePath}`,
+        ...content.split("\n").map((l) => `+${l}`),
+        "*** End Patch"
+      ].join("\n");
+      return { toolName: "apply_patch", args: { patchText: patchLines } };
+    }
+    case "runEditFile": {
+      const editOldString = String(data.oldString ?? data.old_string ?? "");
+      const editNewString = String(data.newString ?? data.new_string ?? "");
+      if (has("edit")) {
+        return {
+          toolName: "edit",
+          args: {
+            filePath: data.filepath,
+            oldString: editOldString,
+            newString: editNewString
+          }
+        };
+      }
+      const editPath = String(data.filepath ?? "");
+      const oldStr = editOldString;
+      const newStr = editNewString;
+      const oldLines = oldStr.split("\n");
+      const newLines = newStr.split("\n");
+      const patchContent = [
+        "*** Begin Patch",
+        `*** Update File: ${editPath}`,
+        "@@",
+        ...oldLines.map((l) => `-${l}`),
+        ...newLines.map((l) => `+${l}`),
+        "*** End Patch"
+      ].join("\n");
+      return { toolName: "apply_patch", args: { patchText: patchContent } };
+    }
     case "runShellCommand": {
       const command = data.command;
       if (!command || typeof command !== "string") {
@@ -2063,6 +2095,87 @@ function mapBuiltinTool(dwsToolName, data) {
       return { toolName: dwsToolName, args: data };
   }
 }
+function validateSafePath(filePath) {
+  if (!filePath) {
+    throw new Error("filePath is required");
+  }
+  if (filePath.includes("\0")) {
+    throw new Error("filePath contains null bytes");
+  }
+  const path5 = require("path");
+  const resolved = path5.resolve(filePath);
+  const cwd = process.cwd();
+  if (!resolved.startsWith(cwd + path5.sep) && resolved !== cwd) {
+    throw new Error(`filePath resolves outside the working directory: ${filePath}`);
+  }
+  return resolved;
+}
+function executeBuiltinFallback(toolName, argsJson) {
+  if (toolName !== "edit" && toolName !== "write") {
+    return null;
+  }
+  const fs4 = require("fs");
+  let args;
+  try {
+    args = JSON.parse(argsJson);
+  } catch {
+    return { result: "", error: `${toolName} fallback: invalid JSON arguments` };
+  }
+  try {
+    if (toolName === "write") {
+      const filePath2 = String(args.filePath ?? "");
+      if (!filePath2) {
+        return { result: "", error: "write fallback: filePath is required" };
+      }
+      const safePath2 = validateSafePath(filePath2);
+      const content2 = String(args.content ?? "");
+      fs4.writeFileSync(safePath2, content2, "utf-8");
+      return {
+        result: "File written successfully.",
+        title: filePath2,
+        metadata: { output: "File written successfully." }
+      };
+    }
+    const filePath = String(args.filePath ?? "");
+    const oldString = String(args.oldString ?? "");
+    const newString = String(args.newString ?? "");
+    if (!filePath) {
+      return { result: "", error: "edit fallback: filePath is required" };
+    }
+    if (!oldString && !newString) {
+      return { result: "", error: "edit fallback: oldString and newString are both empty" };
+    }
+    const safePath = validateSafePath(filePath);
+    let content;
+    try {
+      content = fs4.readFileSync(safePath, "utf-8");
+    } catch {
+      content = "";
+    }
+    if (oldString === "") {
+      fs4.writeFileSync(safePath, newString, "utf-8");
+      return {
+        result: "Edit applied successfully.",
+        title: filePath,
+        metadata: { output: "Edit applied successfully." }
+      };
+    }
+    const idx = content.indexOf(oldString);
+    if (idx === -1) {
+      return { result: "", error: `edit fallback: could not find oldString in ${filePath}` };
+    }
+    const newContent = content.substring(0, idx) + newString + content.substring(idx + oldString.length);
+    fs4.writeFileSync(safePath, newContent, "utf-8");
+    return {
+      result: "Edit applied successfully.",
+      title: filePath,
+      metadata: { output: "Edit applied successfully." }
+    };
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    return { result: "", error: sanitizeErrorMessage(msg) };
+  }
+}
 
 // src/gitlab-workflow-token-client.ts
 var TOKEN_CACHE_DURATION_MS = 25 * 60 * 1e3;
@@ -3153,6 +3266,7 @@ var GitLabWorkflowLanguageModel = class _GitLabWorkflowLanguageModel {
     const preapprovedTools = this.workflowOptions.preapprovedTools ?? mcpTools.map((t) => t.name);
     const additionalContext = this.buildAdditionalContext(options.prompt);
     const toolExecutor = this.toolExecutor ?? null;
+    const availableToolNames = new Set(options.tools?.map((t) => t.name) ?? []);
     await this.tokenClient.getToken(
       this.workflowOptions.workflowDefinition ?? DEFAULT_WORKFLOW_DEFINITION,
       this.workflowOptions.rootNamespaceId
@@ -3213,7 +3327,8 @@ var GitLabWorkflowLanguageModel = class _GitLabWorkflowLanguageModel {
                 controller,
                 wsClient,
                 toolExecutor,
-                () => `text-${textBlockCounter++}`
+                () => `text-${textBlockCounter++}`,
+                availableToolNames
               );
             }
           );
@@ -3294,7 +3409,7 @@ var GitLabWorkflowLanguageModel = class _GitLabWorkflowLanguageModel {
   // ---------------------------------------------------------------------------
   // Event handling
   // ---------------------------------------------------------------------------
-  handleWorkflowEvent(ss, event, controller, wsClient, toolExecutor, nextTextId) {
+  handleWorkflowEvent(ss, event, controller, wsClient, toolExecutor, nextTextId, availableToolNames) {
     if (ss.streamClosed) {
       return;
     }
@@ -3351,7 +3466,7 @@ var GitLabWorkflowLanguageModel = class _GitLabWorkflowLanguageModel {
         break;
       }
       case "builtin-tool-request": {
-        const mapped = mapBuiltinTool(event.toolName, event.data);
+        const mapped = mapBuiltinTool(event.toolName, event.data, availableToolNames);
         const mappedArgs = JSON.stringify(mapped.args);
         if (ss.activeTextBlockId) {
           controller.enqueue({ type: "text-end", id: ss.activeTextBlockId });
@@ -3551,37 +3666,19 @@ var GitLabWorkflowLanguageModel = class _GitLabWorkflowLanguageModel {
     };
     try {
       if (toolExecutor) {
-        const result = await toolExecutor(toolName, argsJson, requestID);
+        let result = await toolExecutor(toolName, argsJson, requestID);
+        if (result.error && /^Unknown tool:/.test(result.error)) {
+          const fallback = executeBuiltinFallback(toolName, argsJson);
+          if (fallback) {
+            result = fallback;
+          }
+        }
         wsClient.sendActionResponse(requestID, result.result, result.error);
         ss.streamedInputChars += argsJson.length;
         ss.streamedOutputChars += result.result.length;
-        let toolOutput = result.result;
-        let toolTitle = `${toolName} result`;
-        let toolMetadata = { output: result.result };
-        try {
-          const parsed = JSON.parse(result.result);
-          if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
-            if (typeof parsed.output === "string") {
-              toolOutput = parsed.output;
-            } else if (parsed.output != null) {
-              toolOutput = JSON.stringify(parsed.output);
-            }
-            if (typeof parsed.title === "string") toolTitle = parsed.title;
-            if (parsed.metadata && typeof parsed.metadata === "object") {
-              toolMetadata = {};
-              for (const [k, v] of Object.entries(parsed.metadata)) {
-                toolMetadata[k] = typeof v === "string" ? v : JSON.stringify(v);
-              }
-              if (!("output" in toolMetadata)) {
-                toolMetadata.output = toolOutput;
-              }
-            }
-          } else if (Array.isArray(parsed)) {
-            toolOutput = JSON.stringify(parsed);
-            toolMetadata = { output: toolOutput };
-          }
-        } catch {
-        }
+        const toolOutput = result.result;
+        const toolTitle = result.title ?? `${toolName} result`;
+        const toolMetadata = result.metadata ?? { output: result.result };
         if (result.error) {
           let errorText;
           if (typeof result.error === "string") {
@@ -3591,16 +3688,11 @@ var GitLabWorkflowLanguageModel = class _GitLabWorkflowLanguageModel {
           } else {
             errorText = String(result.error);
           }
-          const errorOutput = toolOutput || errorText;
           safeEnqueue({
             type: "tool-result",
             toolCallId: requestID,
             toolName,
-            result: {
-              output: errorOutput,
-              title: toolTitle,
-              metadata: { ...toolMetadata, error: errorText }
-            },
+            result: errorText,
             isError: true,
             providerExecuted: true
           });
@@ -3625,11 +3717,7 @@ var GitLabWorkflowLanguageModel = class _GitLabWorkflowLanguageModel {
           type: "tool-result",
           toolCallId: requestID,
           toolName,
-          result: {
-            output: errorMsg,
-            title: `${toolName} error`,
-            metadata: { output: errorMsg }
-          },
+          result: errorMsg,
           isError: true,
           providerExecuted: true
         });
@@ -3642,11 +3730,7 @@ var GitLabWorkflowLanguageModel = class _GitLabWorkflowLanguageModel {
         type: "tool-result",
         toolCallId: requestID,
         toolName,
-        result: {
-          output: errorMsg,
-          title: `${toolName} error`,
-          metadata: { output: errorMsg }
-        },
+        result: errorMsg,
         isError: true,
         providerExecuted: true
       });