From: Stephen Hemminger <stephen@networkplumber.org>
To: David Marchand <david.marchand@redhat.com>
Cc: dev@dpdk.org, thomas@monjalon.net, Aaron Conole <aconole@redhat.com>
Subject: Re: [PATCH v2] devtools: add Vertex AI to review scripts
Date: Tue, 16 Jun 2026 15:44:11 -0700 [thread overview]
Message-ID: <20260616154411.6b9fd576@phoenix.local> (raw)
In-Reply-To: <20260602064406.1230601-1-david.marchand@redhat.com>
On Tue, 2 Jun 2026 08:44:06 +0200
David Marchand <david.marchand@redhat.com> wrote:
> OpenAI, xAI) can now use Vertex AI with Application Default Credentials.
>
> This requires a python dependency google-auth but it is left as
> optional.
>
> Key features:
> - Auto-detection of authentication method based on environment
> - Manual override via --auth flag (auto, direct, vertex)
> - Automatic model name translation for Vertex format
> - Support for both global and regional Vertex endpoints
> - Proper error handling for Vertex API responses
>
> Provider-specific implementations:
> - Anthropic: Uses /publishers/anthropic/models/{model}:rawPredict
> with model name format claude-sonnet-4-5@20250929
> - Google: Uses /publishers/google/models/{model}:generateContent
> - OpenAI/xAI: Use /endpoints/openapi/chat/completions
> with publisher prefix (e.g., openai/gpt-oss-120b-maas)
>
> Authentication detection logic:
> - Vertex: Requires google-auth library and ADC configured
> - Direct: Falls back to API key from environment variables
>
> Available models on Vertex AI:
> - Anthropic: All Claude models
> - Google: All Gemini models
> - OpenAI: gpt-oss-120b-maas, gpt-oss-20b-maas (open-weight only)
> - xAI: grok-4.20-*, grok-4.1-fast-* variants
>
> Signed-off-by: David Marchand <david.marchand@redhat.com>
> ---
I have no direct knowledge of Vertex pro/con.
AI review with better model had some insights.
On the whole the refactor is sound: moving "model" insertion into
_build_request_meta and threading an auth string instead of api_key is
consistent across _common.py, review-patch.py and review-doc.py, and the
build_*_request signature changes match their only callers. Two issues and
a couple of minor notes.
Warning: project-id resolution is split and the early error is unreachable-
proof in the wrong direction.
get_vertex_credentials() does:
credentials, project = google_auth_default()
...
if not project:
error("Could not detect GCP project. Set GOOGLE_CLOUD_PROJECT ...")
return credentials.token, project
but the caller then applies its own fallback:
access_token, project_id = get_vertex_credentials()
project_id = os.environ.get("GOOGLE_CLOUD_PROJECT") \
or os.environ.get("GCP_PROJECT") or project_id
If ADC resolves no project, get_vertex_credentials() calls error() and
exits before the GCP_PROJECT fallback can run. google.auth.default()
honors GOOGLE_CLOUD_PROJECT itself, but not GCP_PROJECT, so the
GCP_PROJECT branch here is dead in exactly the case it exists for, and
the error message tells the user to set a variable that wouldn't have
helped. Resolve the project in one place: drop the "if not project"
error from get_vertex_credentials() and check after the env fallback,
or move the env lookups into get_vertex_credentials().
Warning: several added lines exceed the 100-column limit.
_common.py: error("Could not detect GCP project...") 137 cols
_common.py: error("Vertex AI support requires...") 108 cols
_common.py: project_id = os.environ.get(...) or ... 102 cols
_common.py: vertex_base = f"https://aiplatform..." 104 cols
_common.py: vertex_base = f"https://{location}-..." 115 cols
pycodestyle/flake8 will flag all five; the project_id line is also
black-splittable so "black --check" fails on it. Wrap the f-strings and
split the message strings.
Info: detect_auth_method() catches bare Exception around
google_auth_default(). Acceptable for best-effort autodetection, but
narrowing it (or a "# noqa"/pylint disable with a reason) documents intent.
Info: the HTTPError path now does error_data[0].get('error', ...) after
unwrapping a list. If a Vertex error body is a list of non-dicts this
raises AttributeError outside the JSONDecodeError guard. Low risk, but a
type check would harden it.
Info: --auth is wired into review-patch.py and review-doc.py but
compare-patch-reviews.sh has no passthrough, so Vertex can't be selected
when comparing providers. May be intentional for this patch.
prev parent reply other threads:[~2026-06-16 22:44 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-01 13:24 [PATCH] devtools: add Vertex AI to review scripts David Marchand
2026-06-01 14:21 ` Thomas Monjalon
2026-06-01 14:39 ` David Marchand
2026-06-01 15:11 ` Stephen Hemminger
2026-06-02 6:44 ` [PATCH v2] " David Marchand
2026-06-16 22:44 ` Stephen Hemminger [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260616154411.6b9fd576@phoenix.local \
--to=stephen@networkplumber.org \
--cc=aconole@redhat.com \
--cc=david.marchand@redhat.com \
--cc=dev@dpdk.org \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox