fix(config): skip API key validation for Vertex AI provider type

[vitali87]

Summary

• ModelConfig.validate_api_key() now skips validation when provider_type is vertex, since Vertex AI authenticates via service account files, not API keys
• Adds integration test verifying both orchestrator and cypher configs pass validation with Vertex AI and no API key

Closes #307

Test plan

• New test test_vertex_ai_skips_api_key_validation passes
• All 8 integration tests pass
• Lint and format clean

[gemini-code-assist]

Summary of Changes

Hello @vitali87, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refines the configuration validation logic to correctly handle Vertex AI as a provider. It introduces a change that bypasses API key validation for Vertex AI, acknowledging its reliance on service account files for authentication. An accompanying integration test ensures that configurations using Vertex AI with service accounts are properly validated without requiring an API key.

Highlights

• Vertex AI API Key Validation: Modified ModelConfig.validate_api_key() to skip API key validation when the provider type is Vertex AI, as it relies on service account files for authentication.
• Integration Test: Added a new integration test to confirm that both orchestrator and cypher configurations pass validation with Vertex AI when no API key is provided.

Changelog

• codebase_rag/config.py
  • Added a conditional check to validate_api_key to return early if provider_type is vertex.
• codebase_rag/tests/test_github_issues_integration.py
  • Removed a redundant docstring from test_vertex_ai_enterprise_scenario.
  • Added test_vertex_ai_skips_api_key_validation to verify API key validation is skipped for Vertex AI configurations.
• uv.lock
  • Updated the code-graph-rag package version.

Activity

• Closed issue [Bug]: Contradicting information about env setup #307.
• Verified that the new test test_vertex_ai_skips_api_key_validation passes.
• Confirmed all 8 existing integration tests pass.
• Ensured lint and format checks are clean.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[greptile-apps]

Greptile Summary

This PR fixes API key validation for Vertex AI by skipping the check when provider_type is vertex, since Vertex AI authenticates via service account files rather than API keys. The implementation correctly types provider_type fields as GoogleProviderType enum across ModelConfig, AppConfig, and ModelConfigKwargs for type safety.

Key changes:

• Modified ModelConfig.validate_api_key() to return early when provider is Google and provider_type == GoogleProviderType.VERTEX
• Extracted LOCAL_PROVIDERS constant to improve code reusability
• Updated type annotations from str | None to GoogleProviderType | None for provider_type fields
• Added comprehensive integration tests covering Vertex AI validation skip, stray GOOGLE_API_KEY handling, and GLA validation enforcement

Confidence Score: 5/5

• This PR is safe to merge with no issues found
• The implementation is clean, type-safe, and follows all project coding standards. Pydantic BaseSettings automatically converts string env vars to GoogleProviderType enums, and the validation logic correctly uses enum comparison. The StrEnum ensures string equality works correctly even if strings are passed. Comprehensive test coverage validates the fix and edge cases.
• No files require special attention

Important Files Changed

Filename	Overview
codebase_rag/config.py	Added Vertex AI skip logic to validate_api_key() and typed provider_type fields as GoogleProviderType. Created LOCAL_PROVIDERS constant for reusability.
codebase_rag/tests/test_github_issues_integration.py	Added comprehensive test coverage for Vertex AI API key validation skip, including edge cases with stray GOOGLE_API_KEY and GLA without key.
codebase_rag/types_defs.py	Updated ModelConfigKwargs TypedDict to type provider_type as `GoogleProviderType

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    Start[validate_api_key called] --> Lower[provider_lower = provider.lower]
    Lower --> CheckLocal{provider_lower in<br/>LOCAL_PROVIDERS?}
    CheckLocal -->|Yes| Skip[Return - skip validation]
    CheckLocal -->|No| CheckGoogle{provider_lower == google?}
    CheckGoogle -->|No| CheckKey[Check if api_key exists]
    CheckGoogle -->|Yes| CheckVertex{provider_type ==<br/>VERTEX?}
    CheckVertex -->|Yes| Skip
    CheckVertex -->|No| CheckKey
    CheckKey --> HasKey{api_key valid?}
    HasKey -->|Yes| Skip
    HasKey -->|No| Error[Raise ValueError]

Loading

_{Last reviewed commit: 85903b5}

[greptile-apps]

_{3 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Additional Comments (1)

codebase_rag/config.py
provider_type should be typed as cs.GoogleProviderType | None instead of str | None to match the type used in comparisons (line 119) and align with GoogleProvider class (providers/base.py:44)

    provider_type: cs.GoogleProviderType | None = None

Context Used: Rule from dashboard - ## Technical Requirements

Agentic Framework

• PydanticAI Only: This project uses PydanticAI... (source)

Prompt To Fix With AI

This is a comment left during a code review.
Path: codebase_rag/config.py
Line: 105

Comment:
`provider_type` should be typed as `cs.GoogleProviderType | None` instead of `str | None` to match the type used in comparisons (line 119) and align with `GoogleProvider` class (providers/base.py:44)

```suggestion
    provider_type: cs.GoogleProviderType | None = None
```

**Context Used:** Rule from `dashboard` - ## Technical Requirements

### Agentic Framework
- **PydanticAI Only**: This project uses PydanticAI... ([source](https://app.greptile.com/review/custom-context?memory=d4240b05-b763-467a-a6bf-94f73e8b6859))

How can I resolve this? If you propose a fix, please make it concise.

[gemini-code-assist]

Code Review

This pull request correctly addresses an issue where API key validation was incorrectly applied to Vertex AI configurations, which use service accounts for authentication. The fix in codebase_rag/config.py is straightforward and effective. The accompanying integration test, test_vertex_ai_skips_api_key_validation, is well-written and provides good coverage by verifying the behavior for both orchestrator and cypher model configurations. The change is solid. I have one minor suggestion to make the code slightly more concise, while also considering consistency with existing patterns.

[vitali87]

@greptile

[vitali87]

/gemini review

[gemini-code-assist]

Code Review

This pull request correctly implements the logic to skip API key validation for the Vertex AI provider, which uses service accounts for authentication. The added integration test effectively verifies this new behavior. The changes also include beneficial type hint improvements for provider_type.

I've suggested one improvement to make the validation logic more robust by ensuring the Vertex AI check is only applied when the provider is set to 'google', preventing potential misconfigurations with other providers.

[greptile-apps]

_{4 files reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Additional Comments (1)

codebase_rag/tests/test_github_issues_integration.py
Missing import for GoogleProviderType - needed to properly compare typed enum values in assertions

import os
from unittest.mock import patch

from codebase_rag import constants as cs
from codebase_rag.config import AppConfig

Prompt To Fix With AI

This is a comment left during a code review.
Path: codebase_rag/tests/test_github_issues_integration.py
Line: 1-4

Comment:
Missing import for `GoogleProviderType` - needed to properly compare typed enum values in assertions

```suggestion
import os
from unittest.mock import patch

from codebase_rag import constants as cs
from codebase_rag.config import AppConfig
```

How can I resolve this? If you propose a fix, please make it concise.

[vitali87]

/gemini review

[vitali87]

@greptile

[gemini-code-assist]

Code Review

This pull request correctly skips API key validation for the Vertex AI provider, which uses service accounts for authentication. The change introduces the GoogleProviderType enum for better type safety, which is a good improvement. The new integration test effectively verifies the fix. I've added one comment suggesting an improvement to fully propagate the new enum type into the AppConfig class for better type consistency across the configuration objects.

[greptile-apps]

_{4 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Additional Comments (2)

codebase_rag/config.py
Should be cs.GoogleProviderType | None instead of str | None - Pydantic BaseSettings auto-converts env var strings to enums

    ORCHESTRATOR_PROVIDER_TYPE: cs.GoogleProviderType | None = None

Prompt To Fix With AI

This is a comment left during a code review.
Path: codebase_rag/config.py
Line: 156

Comment:
Should be `cs.GoogleProviderType | None` instead of `str | None` - Pydantic BaseSettings auto-converts env var strings to enums

```suggestion
    ORCHESTRATOR_PROVIDER_TYPE: cs.GoogleProviderType | None = None
```

How can I resolve this? If you propose a fix, please make it concise.

---

codebase_rag/config.py
Should be cs.GoogleProviderType | None instead of str | None

    CYPHER_PROVIDER_TYPE: cs.GoogleProviderType | None = None

Prompt To Fix With AI

This is a comment left during a code review.
Path: codebase_rag/config.py
Line: 166

Comment:
Should be `cs.GoogleProviderType | None` instead of `str | None`

```suggestion
    CYPHER_PROVIDER_TYPE: cs.GoogleProviderType | None = None
```

How can I resolve this? If you propose a fix, please make it concise.

[vitali87]

@greptile

[vitali87]

/gemini review

[gemini-code-assist]

Code Review

The pull request correctly implements the logic to skip API key validation for the Vertex AI provider type, as it uses service account files for authentication. The changes include updating type hints to use the GoogleProviderType enum and adding comprehensive integration tests to verify the new behavior and ensure no regressions for other Google provider types (like GLA).

[vitali87]

/gemini review

[vitali87]

@greptile

[gemini-code-assist]

Code Review

The pull request correctly addresses the issue where API key validation was incorrectly enforced for Vertex AI, which uses service account files for authentication. The changes include updating the validation logic in ModelConfig, introducing type safety with the GoogleProviderType enum, and adding comprehensive integration tests. My feedback focuses on maintaining the generic nature of the ModelConfig dataclass by using more flexible type hints for the provider_type field, while still leveraging the benefits of the new enum for validation.

[gemini-code-assist]

The ModelConfig dataclass is intended to be a generic container for various providers. Typing provider_type strictly as cs.GoogleProviderType makes this field Google-specific. If other providers (e.g., AWS Bedrock) were to use this field in the future, it would require updating this enum. Consider keeping this as str | None for flexibility, while still using the enum for comparison in the validation logic.

Suggested change

	provider_type: cs.GoogleProviderType | None = None
	provider_type: str | None = None

[gemini-code-assist]

Similar to the change in ModelConfig, keeping provider_type as str | None in ModelConfigKwargs ensures that the type remains generic and extensible for other providers.

Suggested change

	provider_type: GoogleProviderType | None
	provider_type: str | None