Allow instance admins to hard-delete AI items

Luke Duncalferequested to merge
575127-allow-admin-hard-deletion into master

What does this MR do and why?

Provides a forceHardDelete argument for AI Catalog item mutations that can only be used by an instance admin. It will always hard-delete the item, and never soft-delete. This is a measure of security in the case where something must be deleted and any active uses of the item must also be deleted.

Part of https://gitlab.com/gitlab-org/gitlab/-/issues/575127

References

Screenshots or screen recordings

Before After

How to set up and validate locally

Enable the global_ai_catalog flag.

(Optional). Path your local to allow any project to create AI Catalog items.

diff --git a/ee/app/models/ee/project.rb b/ee/app/models/ee/project.rb
index dc8c5541fcea..c6ac444489ec 100644
--- a/ee/app/models/ee/project.rb
+++ b/ee/app/models/ee/project.rb
@@ -622,6 +622,7 @@ def suggested_reviewers_available?
       end

       def ai_catalog_available?
+        return true
         duo_features_enabled && ::Gitlab::Llm::StageCheck.available?(self, :ai_catalog)
       end
       strong_memoize_attr :ai_catalog_available?

Visit http://gdk.test:3000/explore/ai-catalog/agents/ and create a public agent https://docs.gitlab.com/user/duo_agent_platform/agents/#create-an-agent.

Add the agent to 2 projects https://docs.gitlab.com/user/duo_agent_platform/agents/#enable-an-agent.

As an instance admin, delete the agent using the new forceHardDelete argument. Replace <ID> with the ID of the agent you created (visible in the URL when viewing the agent in the catalog).

mutation {
  aiCatalogAgentDelete(input: {
    id: "gid://gitlab/Ai::Catalog::Item/195",
    forceHardDelete: true
  }) {
    errors
    success
  }
}

Now, on the Rails console, confirm the agent has been deleted:

Ai::Catalog::Item.find(<ID>)

Now, if you do the same steps, but this time delete the agent through the UI, the item would be soft-deleted.

On the Rails console, confirm the agent still exists:

Ai::Catalog::Item.find(<ID>)

You can now hard-delete the soft-deleted agent through the mutation as an admin.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #575127

Edited by Luke Duncalfe

Merge request reports