Duo Chat access not controlled by Member Access Configuration
Summary
Duo Classic Chat is accessible to users who are not assigned to any Duo access control group via Admin > GitLab Duo > Configuration > Member Access. The access control correctly restricts DAP features (agentic toggle, model selector, foundational agents, Automate menu) and Code Suggestions, but does not restrict Classic Chat.
Environment
- GitLab Version: 18.8.0
- Instance Type: GitLab Dedicated
- License: Ultimate with Duo Enterprise add-on
Steps to reproduce
- Go to Admin > GitLab Duo > Configuration
- Set "GitLab Duo availability" to "On by default"
- Enable "GitLab Duo Agent Platform"
- Configure Member Access with specific groups:
- Group A: Duo Classic = No, Duo Agent Platform = Yes
- Group B: Duo Classic = Yes, Duo Agent Platform = No
- Create a test user NOT in any of these access control groups
- Log in as that user and navigate to any project
- Open Duo Chat panel
- Send a chat message (e.g., "What is GitLab?")
What is the current bug behavior?
User can use Duo Chat normally despite not being in any Duo access control group. The chat responds with AI-generated content.
Additionally, the RCS (Root Cause Summary) feature on failed pipelines also works for users without Duo access.
What is the expected correct behavior?
User should either:
- Not see the Duo Chat panel at all, OR
- Receive an access denied error when attempting to use Chat
Features correctly restricted (proving access control is partially working)
| Feature | Restricted by Member Access | Status |
|---|---|---|
| Agentic Chat toggle | Yes | Hidden for non-DAP users |
| Model selector | Yes | Hidden for non-DAP users |
| Automate menu | Yes | Hidden for non-DAP users |
| Foundational Agents | Yes | 404 when accessing directly |
| Code Suggestions | Yes | Error shown in IDE for non-Classic users |
| Agentic tool calls | Yes | Classic-only users cannot execute tools |
Features NOT restricted (bug)
| Feature | Should Be Restricted | Current State |
|---|---|---|
| Duo Classic Chat | Yes (for non-Classic users) | Accessible to all users |
| RCS (Root Cause Summary) | Yes (for non-Duo users) | Accessible to all users |
Impact
- License compliance: Users without Duo seat assignment can consume AI features
- Governance: Organizations cannot restrict Chat access to approved users only
- Inconsistent behavior: Code Suggestions respects access control, but Chat does not
Possible fixes
Chat access should check user's Duo Classic access (similar to how Code Suggestions checks access) before allowing usage.