Skip to content

feat(gitlab): access, membership, and user-admin operations#5710

Merged
waleedlatif1 merged 13 commits into
stagingfrom
gitlab-access-user-admin
Jul 16, 2026
Merged

feat(gitlab): access, membership, and user-admin operations#5710
waleedlatif1 merged 13 commits into
stagingfrom
gitlab-access-user-admin

Conversation

@waleedlatif1

Copy link
Copy Markdown
Collaborator

Summary

  • Adds 27 GitLab tools for access & user administration: project/group members (list/add/update/remove), email invitations (invite/list/update/revoke), access requests (list/approve/deny), SAML group links (list/add/delete), user search, and instance user admin (create/update/delete, block/unblock, activate/deactivate, ban/unban, approve/reject signup, delete identity)
  • Includes @mzxchandra's work from feat(gitlab): add access, membership, and user-admin operations #5707 plus a full validation pass against GitLab's API docs
  • Validation fixes: documented provider param on SAML group links (required to disambiguate duplicate link names on delete), query filter wired through the block for member/invitation listings, moderation responses no longer surface {message: 'Success'} as a user object, registry entries alphabetized, type shapes aligned with documented response fields

Type of Change

  • New feature

Testing

34 gitlab tool/block tests pass; lint and typecheck clean; every endpoint cross-checked against GitLab's Members, Invitations, Access Requests, SAML, Users, and User Moderation API docs

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

mzxchandra and others added 8 commits July 16, 2026 01:51
Adds member, invitation, access-request, SAML group link, and user
administration tools to the GitLab integration. Resource-scoped ops work
against projects or groups; user-admin ops require an admin token. All tools
reuse the existing host/SSRF guard via getGitLabApiBase and add a shared
getGitLabResourcePath helper.
Adds the new operations to the block dropdown and tools access list, with a
named access-level dropdown (enum in, integer out), first-class expires_at,
a /members/all default (direct-only opt-in), resource-type selector, and
member_role_id passthrough.
Covers the access_level enum-to-integer coercion, the /members/all default vs
direct-only, the 409-duplicate-add soft success, invitation per-email error
handling, user-status-action response parsing, and getGitLabResourcePath.
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
- update_user now sends admin:false so the Administrator switch can demote
  (an untouched switch stays undefined and leaves the flag unchanged)
- expose the access-level dropdown for Update Invitation
- normalize comma-separated invite emails so spaced multi-email input works
Update Invitation now uses a dedicated dropdown that defaults to 'Leave
unchanged', so updating only the expiration no longer silently resets the
invitation's access level to Developer. The level is sent only when explicitly
chosen.
… query filter, moderation user guard, registry order
@vercel

vercel Bot commented Jul 16, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs Ready Ready Preview, Comment Jul 16, 2026 6:47pm

Request Review

@cursor

cursor Bot commented Jul 16, 2026

Copy link
Copy Markdown

PR Summary

High Risk
Adds admin-token operations that change membership, invitations, SAML links, and instance users—mistakes or over-scoped tokens can grant or revoke production access. Large surface area across block param mapping and many new endpoints increases the chance of subtle authorization or API mismatch bugs.

Overview
Extends the GitLab integration with project/group access governance and instance user administration, exposed as new workflow operations and matching API tools.

New capabilities cover listing and mutating members (including inherited vs direct members, expirations, and custom roles), email invitations and access-request approve/deny flows, SAML group link management, user search, and admin-only user lifecycle actions (create/update/delete, block/ban/moderation, identity removal). The GitLab block gains operation-specific UI (resource type/id, named access-level dropdowns with careful defaults so expiry-only edits do not reset roles), plus param coercion and validation in params mapping. Vitest coverage exercises URLs, bodies, and edge cases such as add-member 409 “already a member” as a soft success.

Existing DevOps actions are aligned with GitLab API behavior: internal notes on comments, pipeline inputs/variables and expanded status filters, MR draft via title prefix, tri-state MR updates, file/commit options, compare cross-fork/unidiff, truncation flags on large file content and job logs, and clearer projectId path docs. English integration docs (gitlab.mdx) document the new actions and updated parameters/outputs.

Reviewed by Cursor Bugbot for commit 6249394. Configure here.

Comment thread apps/sim/blocks/blocks/gitlab.ts
@greptile-apps

greptile-apps Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR expands the GitLab integration with access and user administration tools. The main changes are:

  • Project and group membership, invitation, and access-request operations.
  • SAML group-link management with provider-aware deletion.
  • Instance user creation, updates, moderation, and deletion.
  • Updated block wiring, registry entries, documentation, types, and tests.

Confidence Score: 5/5

This looks safe to merge.

  • Explicit expiration clearing now reaches the GitLab request body.
  • User creation validates that a provisioning method is selected.
  • SAML deletion forwards the provider when supplied and fails safely when an ambiguous provider is omitted.
  • No blocking issues were found in the updated code.

Important Files Changed

Filename Overview
apps/sim/blocks/blocks/gitlab.ts Adds block fields, validation, and parameter mapping for the new GitLab operations.
apps/sim/tools/gitlab/update_member.ts Preserves explicit empty expiration values so existing membership expiration dates can be cleared.
apps/sim/tools/gitlab/update_invitation.ts Supports updating or explicitly clearing invitation expiration dates.
apps/sim/tools/gitlab/create_user.ts Adds GitLab instance-user creation with password, reset-link, and random-password options.
apps/sim/tools/gitlab/delete_saml_group_link.ts Adds provider-aware SAML group-link deletion through the documented query parameter.

Reviews (4): Last reviewed commit: "fix(gitlab): tri-state controls for upda..." | Re-trigger Greptile

Comment thread apps/sim/tools/gitlab/update_member.ts Outdated
Comment thread apps/sim/blocks/blocks/gitlab.ts
Comment thread apps/sim/blocks/blocks/gitlab.ts
- MR draft flag now applied via Draft: title prefix (GitLab has no draft body param)
- update_user only sends admin when a real boolean (untouched switch serialized null and could demote admins)
- add_member 409 soft-success now verified against the conflict body
- auto_merge sent alongside deprecated merge_when_pipeline_succeeds
- job log capped at 200k chars, file content at 1M chars, with truncated outputs
- MR diffs signal hasMore beyond 100 files
- wire dropped params: update_issue milestoneId, MR milestone/squash/removeSourceBranch, pipelines ref, tree ref, branches search, commits since/until/path/author, update_file lastCommitId, jobs includeRetried, create_user forceRandomPassword
- complete pipeline/job status enums, access-level enums, widen stale type unions
- guards: update_invitation requires a change; create_user requires a password strategy
- fix double-encoding trap in path descriptions; doc-accuracy touch-ups
…pdate member, expiration clearing via explicit empty string
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

Comment thread apps/sim/blocks/blocks/gitlab.ts Outdated
Comment thread apps/sim/blocks/blocks/gitlab.ts Outdated
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 8fb2dec. Configure here.

- membership: add-by-username, remove-member cleanup flags, list-member filters (user_ids/state/seat info), invite_source
- listings: search/visibility/owned/membership, assignee/milestone filters, source/target branch filters, per-domain order-by + sort direction
- CI: pipeline variables + spec:inputs, manual-job variables
- repo: commit authoring (start branch, author, execute flag), release tag message + asset links, cross-fork compare + unidiff, internal notes
- catalog: access-governance template + member-provisioning and access-request-audit skills
- hardening from 3-agent validation: declared release params, tolerate single-object asset links, NaN guard on assignee filter, null/scalar JSON rejection
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

Comment thread apps/sim/blocks/blocks/gitlab.ts Outdated
Comment thread apps/sim/blocks/blocks/gitlab.ts Outdated
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 6249394. Configure here.

@waleedlatif1
waleedlatif1 merged commit 8adeaab into staging Jul 16, 2026
20 checks passed
@waleedlatif1
waleedlatif1 deleted the gitlab-access-user-admin branch July 16, 2026 19:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants