[Frontend] Role-based permissions for Agentic Chat (Web/IDE)
Summary
Integrate frontend permission checks for Agentic Chat (including foundational and custom agents) based on minimum_access_level_execute permission.
Background
Agentic Chat is a foreground feature accessible in Web UI and IDEs. Users should only access chat and agents if they have the appropriate execute permission (Guest+ by default).
Requirements
Web UI:
-
Hide/disable GitLab Duo sidebar chat when user lacks permission -
Check permission in all contexts (project, group, non-namespace) -
Show appropriate message when permission is denied
IDE:
-
Hide/disable Chat tab when user lacks permission -
Check permission in GitLab Duo Agent Platform panel -
Ensure UI updates reflect permission state across all IDE extensions
Locations
Web UI:
- GitLab Duo sidebar > New/Current GitLab Duo Chat (all contexts)
- Agentic mode toggle and agent dropdown
IDEs:
- VS Code: GitLab Duo Agent Platform (Beta) > Chat tab
- JetBrains: GitLab Duo Agent Platform (Beta) > Chat tab
- Visual Studio: GitLab Duo Agent Platform (Beta) > Chat tab
Acceptance Criteria
-
Chat hidden/disabled for users without Guest+ role or custom permission -
Permission check respects instance and namespace-level settings -
Clear messaging when access is denied -
Works consistently in Web UI and across all IDE extensions -
Agent dropdown reflects available agents based on permissions
Related
Edited by 🤖 GitLab Bot 🤖