fix(control-plane): use full namespace path as GitLab repo owner

[duboff]

Summary

• The GitLab provider mapped namespace.path — the last path segment only — into the repository owner in getRepository, checkRepositoryAccess, and listRepositories. For nested-group projects (group/subgroup/project) this produced owner=subgroup, so owner/name pairs handed to consumers couldn't be resolved back to a project: lookups reconstructed subgroup/project and GitLab returned 404 (surfaced as "Repository is not installed for the GitHub App" at session creation).
• Switch to namespace.full_path, which carries the whole group hierarchy and is identical to namespace.path for top-level groups, so flat-namespace deployments are unaffected.

Related: #733 fixes the same nested-group class of bug on the linear-bot side.

Test plan

• New unit tests asserting owner is the full namespace path for nested-group projects across all three methods
• Existing mocks extended with full_path (always present in real GitLab API responses)
• npm test -w @open-inspect/control-plane — 1291 tests pass
• tsc --noEmit clean

Summary by CodeRabbit

• Bug Fixes
  • Improved GitLab support for nested-group projects by using the complete group path for repository ownership identification, ensuring repositories nested within multiple group levels are correctly handled and accessible.

[coderabbitai]

📝 Walkthrough

Walkthrough

GitLab provider methods are updated to reconstruct repository ownership using namespace.full_path instead of namespace.path. Three methods (getRepository, checkRepositoryAccess, listRepositories) and their tests are modified to support nested-group projects with hierarchical paths (e.g., acme/backend).

Changes

GitLab nested-group namespace handling

Layer / File(s)	Summary
Provider implementation: full_path namespace reconstruction packages/control-plane/src/source-control/providers/gitlab-provider.ts	getRepository derives owner from data.namespace.full_path; checkRepositoryAccess derives repoOwner from data.namespace.full_path.toLowerCase(); listRepositories derives owner from project.namespace.full_path. API response typings updated to reflect full_path field.
Test coverage: nested-group and existing test updates packages/control-plane/src/source-control/providers/gitlab-provider.test.ts	Existing tests updated to include full_path in mocked namespace objects. New test cases added for each of the three methods verifying nested-group projects are correctly mapped using full_path (e.g., acme/backend).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A path grows nested, branches deep,
Full names through GitLab channels seep,
From acme/backend we now see,
Groups stacked proudly in hierarchy! 🌳

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: using full namespace path instead of partial path for GitLab repository owner mapping, directly addressing the nested-group bug described in the PR objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint install failed due to a network error.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

packages/control-plane/src/source-control/providers/gitlab-provider.test.ts (1)

62-83: ⚡ Quick win

Add one nested-group regression test for manual MR URL construction.

You now validate nested owners in fetch/mapping flows, but not in buildManualPullRequestUrl. Add a test with owner: "acme/backend" to ensure the URL path stays .../acme/backend/web/... (not %2F-collapsed).

Also applies to: 385-400, 477-498

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/control-plane/src/source-control/providers/gitlab-provider.test.ts`
around lines 62 - 83, Add a regression test in
packages/control-plane/src/source-control/providers/gitlab-provider.test.ts that
constructs a GitLabSourceControlProvider (new
GitLabSourceControlProvider(fakeConfig)) and calls buildManualPullRequestUrl (or
the public method that returns the manual MR URL) for a nested-group repo with
owner "acme/backend" and name "web" using a PAT auth object; assert the returned
URL path contains the un-encoded nested path segment "/acme/backend/web/" (e.g.
ends/contains "/acme/backend/web/merge_requests/new") to ensure slashes are not
percent-encoded. Ensure the test mirrors the existing nested-group getRepository
test setup and uses mockFetch where needed.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/control-plane/src/source-control/providers/gitlab-provider.ts`:
- Around line 112-116: The change setting owner to data.namespace.full_path
causes owner to include '/' for nested groups, which breaks
buildManualPullRequestUrl because it URL-encodes the whole owner as one segment;
update the URL construction to preserve path separators by splitting owner on
'/' and encode each segment separately (e.g.,
owner.split('/').map(encodeURIComponent).join('/')) and encode the project name
with encodeURIComponent when building the manual MR URL; locate the owner
assignment in gitlab-provider.ts (owner: data.namespace.full_path) and update
buildManualPullRequestUrl to apply per-segment encoding so nested-group paths
produce valid GitLab project URLs.

---

Nitpick comments:
In `@packages/control-plane/src/source-control/providers/gitlab-provider.test.ts`:
- Around line 62-83: Add a regression test in
packages/control-plane/src/source-control/providers/gitlab-provider.test.ts that
constructs a GitLabSourceControlProvider (new
GitLabSourceControlProvider(fakeConfig)) and calls buildManualPullRequestUrl (or
the public method that returns the manual MR URL) for a nested-group repo with
owner "acme/backend" and name "web" using a PAT auth object; assert the returned
URL path contains the un-encoded nested path segment "/acme/backend/web/" (e.g.
ends/contains "/acme/backend/web/merge_requests/new") to ensure slashes are not
percent-encoded. Ensure the test mirrors the existing nested-group getRepository
test setup and uses mockFetch where needed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 154a1d97-115c-4497-a9bf-3aa6a7e48327

📥 Commits

Reviewing files that changed from the base of the PR and between 4ae4dcb and 3e7fc8e.

📒 Files selected for processing (2)

• packages/control-plane/src/source-control/providers/gitlab-provider.test.ts
• packages/control-plane/src/source-control/providers/gitlab-provider.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Nested-group owner now breaks manual MR URL path composition.

Switching owner to namespace.full_path is correct, but this makes owner contain / for nested groups. buildManualPullRequestUrl currently URL-encodes owner as a single segment, which produces an invalid GitLab project path for nested owners.

💡 Proposed fix

   buildManualPullRequestUrl(config: BuildManualPullRequestUrlConfig): string {
-    const encodedOwner = encodeURIComponent(config.owner);
+    const encodedOwner = config.owner
+      .split("/")
+      .map((segment) => encodeURIComponent(segment))
+      .join("/");
     const encodedName = encodeURIComponent(config.name);
     const encodedSource = encodeURIComponent(config.sourceBranch);
     const encodedTarget = encodeURIComponent(config.targetBranch);
     return (
       `https://gitlab.com/${encodedOwner}/${encodedName}/-/merge_requests/new` +
       `?merge_request[source_branch]=${encodedSource}` +
       `&merge_request[target_branch]=${encodedTarget}`
     );
   }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/control-plane/src/source-control/providers/gitlab-provider.ts`
around lines 112 - 116, The change setting owner to data.namespace.full_path
causes owner to include '/' for nested groups, which breaks
buildManualPullRequestUrl because it URL-encodes the whole owner as one segment;
update the URL construction to preserve path separators by splitting owner on
'/' and encode each segment separately (e.g.,
owner.split('/').map(encodeURIComponent).join('/')) and encode the project name
with encodeURIComponent when building the manual MR URL; locate the owner
assignment in gitlab-provider.ts (owner: data.namespace.full_path) and update
buildManualPullRequestUrl to apply per-segment encoding so nested-group paths
produce valid GitLab project URLs.