Add 'third_party_agent_token_created' audit event
What does this MR do and why?
Add 'third_party_agent_token_created' audit event:
- external agent name (Amazon Q, Claude, etc.)
- token scope and expiration in audit event
- associated workflow/session
References
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
In rails console:
user = User.first # or root user
project = Project.find(<id>) # gitlab duo enabled project
result = Ai::ThirdPartyAgents::TokenService.new(
current_user: user,
project: project,
agent_name: 'Amazon Q Developer Agent',
workflow_id: 123
).direct_access_token
AuditEvent.lastExample:
id: 20124,
author_id: 1,
entity_id: 1,
entity_type: "User",
details:
{:token_expires_at=>1773783251, :token_scopes=>["complete_code", "ai_gateway_model_provider_proxy"], :agent_name=>"Amazon Q Developer Agent", :workflow_id=>123, :project_id=>30, :namespace_id=>1000000, :event_name=>"third_party_agent_token_created", :author_name=>"Administrator", :author_class=>"User", :target_id=>1, :target_type=>"User", :target_details=>"Administrator", :custom_message=>"Generated third-party agent access token", :ip_address=>"172.16.123.1", :entity_path=>"root"},
ip_address: #<IPAddr: IPv4:172.16.123.1/255.255.255.255>,
author_name: "Administrator",
entity_path: "root",
target_details: "Administrator",
created_at: "2026-03-17 20:34:11.312341000 +0000",
target_type: "User",
target_id: 1>MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Andrew Jung