Draft: Allow Guest+ to access custom agents in foreground (Agentic Chat)
What does this MR do and why?
Allow Guest+ to access custom agents in foreground (Agentic Chat)
This change loosens the permission requirement for custom agents executing in the foreground (Agentic Chat) from Developer+ to Guest+.
The read_ai_catalog_item_consumer permission is required to access custom agents in Agentic Chat. There is no technical reason preventing Guest+ access for foreground execution of custom agents.
This enables a unified "Execute foreground" permission that covers:
- Agentic Chat
- Foundational agents
- Custom agents (foreground)
- Foreground flows
Background execution (requiring CI Pipeline) will continue to require Developer+ permissions.
Issue: #582507
References
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.