Summary
The GitLab integration backend is substantially complete, but several gaps remain before it's production-ready. The primary blocker is web authentication — there's no GitLab OAuth flow, so users can't log in to a GitLab-configured deployment.
What's Done
- Provider abstraction —
SourceControlProvider interface, factory, config resolver all support GitLab
- GitLab provider (
gitlab-provider.ts) — fully implemented with PAT auth: repos, branches, merge requests, push auth, clone URLs
- Tests — comprehensive test coverage for all provider methods + state mapping
- Modal data plane — clone token routing and VCS env var injection handle
SCM_PROVIDER=gitlab
- Sandbox runtime — uses generic
VCS_HOST/VCS_CLONE_USERNAME/VCS_CLONE_TOKEN, works for GitLab automatically
- Web URL utilities —
getScmRepoUrl/getScmBranchUrl are provider-aware
- Documentation — ADR, provider checklist, env var docs all in place
- Route wiring —
GITLAB_ACCESS_TOKEN and GITLAB_NAMESPACE read from env and passed to provider
Remaining Gaps
Blocking
Cosmetic / Minor
Feature Gaps
Operational Gaps
Suggested Priority
- GitLab OAuth login + provider-aware sign-in UI (unblocks GitLab deployments)
- Cosmetic fixes ("View in GitHub", avatars, JWT field names)
- Terraform variable support
- Decouple Modal from GitHub App secrets requirement
- Self-hosted GitLab + reviewer assignment (future enhancements)
Summary
The GitLab integration backend is substantially complete, but several gaps remain before it's production-ready. The primary blocker is web authentication — there's no GitLab OAuth flow, so users can't log in to a GitLab-configured deployment.
What's Done
SourceControlProviderinterface, factory, config resolver all support GitLabgitlab-provider.ts) — fully implemented with PAT auth: repos, branches, merge requests, push auth, clone URLsSCM_PROVIDER=gitlabVCS_HOST/VCS_CLONE_USERNAME/VCS_CLONE_TOKEN, works for GitLab automaticallygetScmRepoUrl/getScmBranchUrlare provider-awareGITLAB_ACCESS_TOKENandGITLAB_NAMESPACEread from env and passed to providerRemaining Gaps
Blocking
packages/web/src/lib/auth.tsis hardcoded toGitHubProviderfrom next-auth. Need to add a GitLab OAuth provider and make the login flow provider-aware.packages/web/src/components/sidebar-layout.tsxhassignIn("github")hardcoded. Login button text and provider must be dynamic based onNEXT_PUBLIC_SCM_PROVIDER.Cosmetic / Minor
packages/web/src/components/action-bar.tsxstill shows GitHub-specific text in the PR dropdown.packages/control-plane/src/session/participant-service.tsgetAvatarUrl()returnsundefinedfor GitLab users (only generates GitHub avatar URLs).auth.tsusesgithubUserId/githubLoginfield names in the JWT, which is misleading for GitLab deployments.Feature Gaps
gitlab-provider.tslogs aconsole.warnbecause GitLab requires numericreviewer_ids(username→ID resolution not implemented).GITLAB_API_BASEis hardcoded tohttps://gitlab.com/api/v4. No support for self-hosted instances.Operational Gaps
GITLAB_ACCESS_TOKEN,GITLAB_NAMESPACE, orSCM_PROVIDERvariables interraform/environments/production/. Must be set manually in Modal secrets.packages/modal-infra/src/app.pyhasgithub_app_secretsas a required Modal secret even for GitLab-only deployments. GitLab deployments need dummy GitHub App secrets to pass validation.Suggested Priority