Audit Events for flows

Jaydip Pansuriyarequested to merge
566901-audit-events-for-ai-catalog-flows into master

What does this MR do and why?

This code change adds audit logging capabilities for AI Catalog flows. Previously, the system only tracked audit events (security logs) for AI agents, but now it also monitors when users create, update, delete, enable, or disable AI flows within projects and groups.

The implementation creates a new audit message service specifically for flows that generates detailed descriptions of what changed - such as which tools, prompts, routes, or components were added or removed. It also improves the existing agent audit service by making scope information (project vs group) more specific and handling cases where agents have no tools configured.

The changes include updating documentation to list the new audit event types, adding configuration files that define these events for GitLab version 18.6, and modifying the underlying services to trigger audit logging when flow operations occur. This ensures administrators have complete visibility into AI catalog activities for compliance and security monitoring purposes.

Reference Issues - #566901 (closed) & #580582 (closed)

References

Screenshots or screen recordings

Before After

How to set up and validate locally

  1. Enable global_ai_catalog and ai_catalog_item_project_curation Feature flag.
  2. Create an new flow from Explore > Ai Catalog > Flows
  3. Go to project for which you have created agent. Let's say you created agent on Gitlab Duo > test project. Then go to Project audit event page of the project. Secure > Audit events (url: http://gdk.test:3000/gitlab-duo/test/-/audit_events)
  4. You will be able to see 2 audit event for creation as showing in below image.

Create_Flow

  1. Go to flow and enable it to group (Gitlab Duo)
  2. Then go to Gitlab Duo group > Secure > Audit events, you will see below event

Enable_Flow_to_Group

  1. Now go to test project (on Gitlab Duo group) and then Automate > Flow > enable flow > enable above created flow to this project
  2. Go to Project level audit logs

Enable_flow_to_project

  1. Now remove flow from the project

Removed_flow_from_project

  1. Remove flow from the group

Remove_flow_from_group

  1. Go to Explore > Flow > Your Flow > Edit. Now update flow yaml, visibility of the flow etc. Then see audit logs

Update_flow_tools Multiple_update_on_flow_

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #566901 (closed)

Edited by Jaydip Pansuriya

Merge request reports