Audit Events for external agents

Jaydip Pansuriyarequested to merge
566901-audit-events-for-ai-catalog-external-agents into master

What does this MR do and why?

This merge request adds audit logging capabilities for AI Catalog third-party flows (external agents). The changes create a comprehensive audit trail that tracks when users create, update, delete, enable, or disable these external AI agents within GitLab projects and groups.

The implementation includes:

  • New audit event types for all third-party flow operations (create, update, delete, enable, disable)
  • A dedicated service that generates human-readable audit messages describing what changed (like "Created a new public AI external agent" or "Updated AI external agent: Changed image, Changed commands")
  • Integration with existing AI catalog services to automatically trigger audit events when operations occur
  • Documentation updates listing the new audit event types

The audit messages provide detailed information about changes, including version updates, visibility changes (public/private), and specific configuration modifications. This ensures administrators have complete visibility into how AI external agents are being managed within their GitLab instance, supporting compliance and security monitoring requirements.

References

Screenshots or screen recordings

Before After

How to set up and validate locally

  1. Enable global_ai_catalog and ai_catalog_item_project_curation Feature flag.
  2. Create an new 3P flow from Explore > Ai Catalog > Flows
  3. Go to project for which you have created agent. Let's say you created agent on Gitlab Duo > test project. Then go to Project audit event page of the project. Secure > Audit events (url: http://gdk.test:3000/gitlab-duo/test/-/audit_events). You will be able to see audit events related to this flow.
  4. Update the flow, enable this flow to group/project, remove flow from group/project, delete the flow. With this activity you will be able to see logs like below.

image image

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #566901 (closed)

Edited by Jaydip Pansuriya

Merge request reports