Foundational Agents and Flows governance

Problem

Customers do not trust agents by default, and require finer controls on what is accessible to the users in their organizations, even if these agents are created and maintained by GitLab. This is specially true to enterprise customers. The current approach of foundational

Currently, foundational chat agents are available by default and there are no settings implemented to disable them, which is not desirable

Proposal

Allows customers to choose the following options

• Foundational agents by default. In this option they can still enable agents one by one. This options is targeted for customer that want to audit every agent before they become available (opt-in)
• Foundational agents by default. In this option they can still enable agents one by one. This options is targeted for customer that want to audit every agent before they become available (opt-out)

Details of implementation

• Opt-out is the default option unless the customer changes the configuration
• Both options are available at the instance level (for self-managed/self-hosted customers).
• Duo Agent (foundational agents number 1) is exception an exception, and it is always available if - Duo is available
• This is to be delivered within GA timelines, until then, foundational agents are released behind feature flags

Potential evolution

• Allow agents to be enabled for groups of users

Designs

Option 1: as a setting

Enabled by Default

Disabled by Default

Option 2: as part of the the agents list

Option 3: as part of the UI to configure models