fix(core): append correct OTLP paths for HTTP exporters

[sebastien-prudhomme]

Summary

Fixes OTLP HTTP exporter initialization by appending the correct signal paths (/v1/traces, /v1/logs, /v1/metrics) to the base URL. It uses the native URL object for robust and secure URL construction.

Details

When using OTLP over HTTP, the OpenTelemetry exporters require the full URL for each signal endpoint, not just the base address of the collector. Previously, the code used the raw parsedEndpoint for all exporters, which would fail if the user only provided the base URL (e.g., http://localhost:4318).

This change:

1. Uses the native URL constructor to robustly append standard OTLP paths for traces, logs, and metrics.
2. Ensures proper handling of trailing slashes and base paths in the provided endpoint, avoiding manual string concatenation errors.

Related Issues

How to Validate

1. Run the updated unit tests:

   npm test -w @google/gemini-cli-core -- src/telemetry/sdk.test.ts

2. (Optional) Configure the CLI to use OTLP HTTP and verify that telemetry data is successfully received by your collector.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello @sebastien-prudhomme, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves a critical issue where OTLP HTTP exporters were failing to send telemetry data due to incorrect URL construction. The fix ensures that the OpenTelemetry SDK correctly appends the necessary signal paths (for traces, logs, and metrics) to the provided base endpoint, making the telemetry collection functional. Additionally, it improves URL parsing by gracefully handling trailing slashes in the configured endpoint.

Highlights

• OTLP HTTP Exporter Fix: Corrected the initialization of OTLP HTTP exporters by appending the required signal-specific paths ("/v1/traces", "/v1/logs", "/v1/metrics") to the base URL.
• Trailing Slash Handling: Implemented logic to robustly handle and trim trailing slashes from the configured OTLP HTTP endpoint to prevent malformed URLs.
• Unit Test Updates: Updated existing unit tests to validate that OTLP HTTP exporters are now initialized with the correctly formatted, full URLs.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly identifies the need to append OTLP signal paths to the base HTTP endpoint. However, the current implementation introduces a Server-Side Request Forgery (SSRF) vulnerability due to improper validation of the configurable OTLP endpoint, potentially allowing attackers to send requests to arbitrary internal network addresses. Furthermore, the string replacement method used for URL construction is not robust and can lead to invalid URLs if the endpoint contains query parameters.

[gemini-cli]

Hi there! Thank you for your contribution to Gemini CLI.

To improve our contribution process and better track changes, we now require all pull requests to be associated with an existing issue, as announced in our recent discussion and as detailed in our CONTRIBUTING.md.

This pull request is being closed because it is not currently linked to an issue. You can easily reopen this PR once you have linked it to an issue.

How to link an issue:
Add a keyword followed by the issue number (e.g., Fixes #123) in the description of your pull request. For more details, see the GitHub Documentation.

Thank you for your understanding and for being a part of our community!

[gemini-cli]

Hi there! Thank you for your contribution to Gemini CLI. We really appreciate the time and effort you've put into this pull request.

To keep our backlog manageable and ensure we're focusing on current priorities, we are closing pull requests that haven't seen maintainer activity for 30 days. Currently, the team is prioritizing work associated with 🔒 maintainer only or help wanted issues.

If you believe this change is still critical, please feel free to comment with updated details. Otherwise, we encourage contributors to focus on open issues labeled as help wanted. Thank you for your understanding!