Enable Guest+ users to execute custom agents in the IDE
What does this MR do and why?
Part of Allow Guest+ to execute custom agents in foregr... (#582507 - closed)
Updates the read_ai_catalog_item_consumer permission in ProjectPolicy from Developer+ to Guest+ access level, enabling foreground execution of custom agents in the IDE for Guest+ users.
Currently custom agents in the IDE require Developer+ access. This change is a prerequisite for creating a unified "foreground execution" role-based permission that will control foreground execution of both agents and flows. Before introducing that permission, we need to lower the existing requirements for custom agent execution in the IDE to Guest+ access.
To enable Guest+ roles to use custom agents for foreground execution we need to implement:
| Environment | |
|---|---|
| foreground execution from an IDE | This MR |
| foreground execution from the WebUI | Enable Guest+ users to execute custom agents in... (!214918 - merged) |
References
- Allow Guest+ to execute custom agents in foregr... (#582507 - closed)
- [Spike] Split-up permission - execute backgroun... (#582055 - closed)
- #582055 (comment 2923454451)
- #582055 (comment 2923254307)
Screenshots or screen recordings
| role in Project | Before | After |
|---|---|---|
| Guest with Duo seat assignment |
|
|
| Planner |
|
|
How to set up and validate locally
- Run Duo Agent Platform in your local IDE
- Check out this branch
- Open your IDE with the
gitlab-duo/testproject- Verify that a Guest with a Duo seat can execute custom agents in Agentic chat
- Verify that all other roles (Planner+) can execute custom agents in Agentic chat, Duo seat assignment is not necessary
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.