GitLab Duo 'Resolve with AI' fails when project has push rules for branch names and commit messages

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Summary

The “Resolve with AI” feature fails with a generic error message when the project has push rules that restrict branch naming patterns or commit message formats. The AI-generated branch names and commit messages don't comply with project governance rules, causing the push to be rejected.

Steps to reproduce

  1. Configure a project with push rules for branch naming (e.g., branches must start with feature/ or match a specific regex pattern)
  2. Configure commit message requirements (e.g., must include specific format or ticket numbers)
  3. Navigate to a vulnerability in the Security → Vulnerability Report
  4. Click “Resolve with AI” on any vulnerability
  5. Observe the failure

Example Project

What is the current bug behavior?

Error message displayed to user:
“Something went wrong while attempting to apply the AI resolution to a merge request.”

The AI generates branch names and commit messages that violate project push rules, causing the entire operation to fail with an unhelpful error message.

What is the expected correct behavior?

  • The AI should detect and comply with existing project push rules for branch naming
  • The AI should generate commit messages that meet project requirements
  • The vulnerability resolution should complete successfully and create a merge request
  • OR at minimum, provide a clear error message explaining the specific push rule violation

Relevant logs and/or screenshots

image.png

Output of checks

Results of GitLab environment info

  • GitLab version: 18.3.2 (Self-Managed)
  • Subscription tier: GitLab Ultimate
  • Feature: GitLab Duo “Resolve with AI”
  • Browser: [If relevant]

Results of GitLab application Check

Expand for output related to the GitLab application check 

(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:check SANITIZE=true`)

(For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true`)

(we will only investigate if the tests are passing)

Possible fixes

Additional context

  • This affects customers with governance and compliance requirements who use push rules
  • The feature works fine in projects without push rules
  • This is blocking adoption of AI-powered vulnerability resolution in regulated environments
  • Customer reported via ZenDesk ticket: 662720
  • Customer Environment: GitLab 18.3.2 Self-Managed with Ultimate license
  • Confirmed feature availability: GitLab Duo Vulnerability Resolution is GA since 17.11, so this should be fully available in 18.3.2

Patch release information for backports

If the bug fix needs to be backported in a patch release to a version under the maintenance policy, please follow the steps on the patch release runbook for GitLab engineers.

Refer to the internal “Release Information” dashboard for information about the next patch release, including the targeted versions, expected release date, and current status.

High-severity bug remediation

To remediate high-severity issues requiring an internal release for single-tenant SaaS instances, refer to the internal release process for engineers.

Edited by 🤖 GitLab Bot 🤖