Final cleanup of attributes for work items DAP (!214681) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

This MR performs a final cleanup of GraphQL field authorization scopes for work items in the Duo Agent Platform (DAP). It ensures consistent and correct scope definitions across work item types and widgets.

Key changes:

Removes :ai_workflows scope from fields that don't require AI-specific access:
- id in TypeType, LabelType, and MilestoneType
- confidential, imported, and archived in WorkItemType
- Various milestone state fields (state, expired, upcoming)

This cleanup ensures that only fields genuinely needed by AI workflows have the :ai_workflows scope, improving security and clarity of the authorization model.

References

Connected to gitlab-org/modelops/applied-ml/code-suggestions/ai-assist!4043 (merged)

Screenshots or screen recordings

Before	After

How to set up and validate locally

In the GitLab UI we need to create agent that uses all work item tools. Then ask the agent to list issues (for example: list issues with label X, tell me more about http://gdk.test:3000/gitlab-duo/test/-/work_items/1).

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Dec 10, 2025 by Gosia Ksionek

Final cleanup of attributes for work items DAP

What does this MR do and why?

References

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports