Gate ultimate-only DAP flows and agents for free-tier namespaces
What does this MR do and why?
Gates ultimate-only DAP foundational flows and agents for free-tier namespaces, and enforces this via policies and the catalog finder.
- foundational_flow.rb / foundational_chat_agent.rb — adds ultimate_only attribute to flows and agents
- foundational_chat_agents_definitions.rb — marks the Security Analyst agent as ultimate-only
- item_consumers_finder.rb — fixes FLOW_TYPE filtering to cover both custom and foundational flows
- item_consumer_policy.rb — adds ultimate_only_item and premium_or_higher_license_available conditions to prevent execution and reading of ultimate-only items on free tier
- group_policy.rb — blocks free/no-subscription namespaces from certain Duo workflow conditions
MR series
This change cannot be fully tested in isolation. End-to-end behaviour is only visible once all parts are merged.
- !226462 (merged) — Backend core access gate
-
!226470 (merged) — Gating, policies, and catalog finder
⬅️ you are here - !226475 (merged)— Frontend and settings helpers
References
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
This MR can't be tested in isolation, a full working PoC is available in this MR
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Fred de Gier