<!--- Please read this! Before opening a new issue, make sure to search for keywords in the issues filtered by the "regression" or "type::bug" label: - https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=regression - https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=type::bug and verify the issue you're about to submit isn't a duplicate. ---> ### Summary <!-- Summarize the bug encountered concisely. --> [Flows](https://docs.gitlab.com/user/duo_agent_platform/flows/) that modify the repository fail with `fatal: unable to get password from user` when the job image is using a newer Git version. The specific Git version hasn't been narrowed down yet, but Git 2.43.7 (the default we provide) works. Git 2.45 had changes to credentials that may be causing this issue. Workaround: do not use a Git version that is newer than 2.43 in the images that run these flows. This came up during investigation into a [Support ticket (internal)](https://gitlab.zendesk.com/agent/tickets/688966) that was opened by a large, ~"GitLab Ultimate" customer. ### Steps to reproduce <!-- Describe how one can reproduce the issue - this is very important. Please use an ordered list. --> 1. Create `agent-config.yml` in `.gitlab/duo` to define the following custom config (which uses a newer Git version): ``` image: python:3.11-alpine setup_script: - apk add --update git nodejs npm ``` 1. Try to run a flow, such as **Issue to MR**, that tries to create something within the project. 1. Observe the error in the job output. ### Example Project <!-- If possible, please create an example project here on GitLab.com that exhibits the problematic behavior, and link to it here in the bug report. If you are using an older version of GitLab, this will also determine whether the bug is fixed in a more recent version. --> ### What is the current *bug* behavior? <!-- Describe what actually happens. --> When using newer Git versions, flows that modify the repository fail. ### What is the expected *correct* behavior? <!-- Describe what you should see instead. --> Flows should succeed when attempting to modify the repository, regardless of (reasonable) Git client version. ### Relevant logs and/or screenshots <!-- Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's tough to read otherwise. --> The job log will show a failure that looks like this: ``` 2026-01-28T01:07:29:245 [debug]: [RunGitCommandActionHandler] Git command failed with exit code 128 Error: {"error":"fatal: unable to get password from user\n"} at brA (file:///usr/local/lib/node_modules/@gitlab/duo-cli/dist/index.js:1130:91096) at #D (file:///usr/local/lib/node_modules/@gitlab/duo-cli/dist/index.js:1131:211) at OK.debug (file:///usr/local/lib/node_modules/@gitlab/duo-cli/dist/index.js:1134:93) at D.<computed> [as debug] (file:///usr/local/lib/node_modules/@gitlab/duo-cli/dist/index.js:1130:89614) at ChildProcess.<anonymous> (file:///usr/local/lib/node_modules/@gitlab/duo-cli/dist/index.js:1607:1115) at ChildProcess.emit (node:events:508:28) at maybeClose (node:internal/child_process:1101:16) at ChildProcess._handle.onexit (node:internal/child_process:305:5) 2026-01-28T01:07:29:246 [error]: [RunGitCommandActionHandler] Git command execution error Error: git command failed with exit code 128: fatal: unable to get password from user at ChildProcess.<anonymous> (file:///usr/local/lib/node_modules/@gitlab/duo-cli/dist/index.js:1607:1175) at ChildProcess.emit (node:events:508:28) at maybeClose (node:internal/child_process:1101:16) at ChildProcess._handle.onexit (node:internal/child_process:305:5) ``` ### Output of checks <!-- If you are reporting a bug on GitLab.com, uncomment below --> <!-- This bug happens on GitLab.com --> <!-- and uncomment below if you have /label privileges --> <!-- /label ~"reproduced on GitLab.com" --> <!-- or follow up with an issue comment of `@gitlab-bot label ~"reproduced on GitLab.com"` if you do not --> #### Results of GitLab environment info <!-- Input any relevant GitLab environment information if needed. --> <details> <summary>Expand for output related to GitLab environment info</summary> <pre> (For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`) </pre> </details> #### Results of GitLab application Check <!-- Input any relevant GitLab application check information if needed. --> <details> <summary>Expand for output related to the GitLab application check</summary> <pre> (For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:check SANITIZE=true`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true`) (we will only investigate if the tests are passing) </pre> </details> ### Possible fixes <!-- If you can, link to the line of code that might be responsible for the problem. --> ### Patch release information for backports If the bug fix needs to be backported in a [patch release](https://handbook.gitlab.com/handbook/engineering/releases/patch-releases) to a version under [the maintenance policy](https://docs.gitlab.com/policy/maintenance/), please follow the steps on the [patch release runbook for GitLab engineers](https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/patch/engineers.md). Refer to the [internal "Release Information" dashboard](https://dashboards.gitlab.net/d/delivery-release_info/delivery3a-release-information?orgId=1) for information about the next patch release, including the targeted versions, expected release date, and current status. #### High-severity bug remediation To remediate high-severity issues requiring an [internal release](https://handbook.gitlab.com/handbook/engineering/releases/internal-releases/) for single-tenant SaaS instances, refer to the [internal release process for engineers](https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/internal-releases/engineers.md?ref_type=heads). <!-- If you don't have /label privileges, follow up with an issue comment of `@gitlab-bot label ~"type::bug"` -->