Cascade Flows down when enabled but not added to project

Summary

Note: Implementation greatly depends on changes in !213631 (closed)

When foundational flows are enabled by default in namespace settings but haven't been onboarded (no service accounts or item consumers created), attempting to trigger a flow will fail. The system needs to automatically onboard flows when they're first used.

Problem

With foundational flows enabled via cascading settings:

  1. Database shows flows as enabled (via enabled_foundational_flow_ids in namespace/project settings)
  2. DuoWorkflowAction component displays the trigger button
  3. Service accounts and item consumers may not exist yet (unless cascading service has run)
  4. Flow execution fails if infrastructure doesn't exist

This can happen during:

  • Initial rollout before cascading service runs on all namespaces
  • Manual setting changes that haven't propagated yet
  • Edge cases where cascading service failed

Current State

The SyncFoundationalFlowsService handles creating/removing flows based on settings, but it only runs:

  • When settings are explicitly changed (via Groups::UpdateService or Projects::UpdateService)
  • When cascading is triggered by ancestor changes (via CascadeDuoSettingsWorker)

It doesn't run on-demand when a user attempts to trigger a flow.

Proposed Solution

Add a check in the workflow trigger flow (likely in API::Ai::DuoWorkflows::Workflows) that ensures foundational flows are onboarded before execution:

  1. Before starting a workflow with a foundational flow workflow_definition
  2. Check if the corresponding ItemConsumer exists for the project/group
  3. If missing, call SyncFoundationalFlowsService to create it
  4. Then proceed with workflow execution

This makes the system self-healing - flows get onboarded automatically on first use rather than requiring the cascading service to have run everywhere first.

Implementation Approach

In the API endpoint (around the workflow creation/start logic):

# Pseudo-code
if foundational_flow_definition?(params[:workflow_definition])
  ensure_foundational_flow_onboarded(container, params[:workflow_definition])
end

The ensure_foundational_flow_onboarded method would:

  1. Check for existing ItemConsumer
  2. If missing, invoke Ai::Catalog::Flows::SyncFoundationalFlowsService
  3. Handle any errors gracefully

Benefits

  • Seamless first-use experience
  • Self-healing system that doesn't rely solely on cascading
  • Handles edge cases where cascading service hasn't run
  • No need for expensive background migration to onboard all flows upfront

Relevant Code

  • ee/lib/api/ai/duo_workflows/workflows.rb (workflow trigger endpoint, lines with start_workflow_params)
  • ee/app/services/ai/catalog/flows/sync_foundational_flows_service.rb (existing onboarding service)
  • ee/app/services/ai/catalog/item_consumers/create_service.rb (already handles reusing existing service accounts, line 95)
  • ee/lib/ai/foundational_flow_definitions.rb (definitions to check against)
Edited by 🤖 GitLab Bot 🤖