Add error note when custom flow or external agent trigger fails

Jaydip Pansuriyarequested to merge
fix-ai-flow-validation-error-note into master

What does this MR do and why?

While working on this issue !233394 (merged), I notice that when an external agent or custom flow is triggered on an issue or merge request, validation errors (such as insufficient permissions or non-human user restrictions) were returned silently without creating a note. This left users unaware of whether the flow was triggered or why it failed.

For custom flows, validation happens inside the execute service, which already goes through the note creation path. However, for external agents (third-party flows), validation happens earlier and returns before the note service is called, so the user sees no feedback.

This MR moves the validation check so it flows through the existing note creation path for both custom flows and external agents. When validation fails on a Noteable resource (issue or merge request), an error note is now created showing the user what went wrong. When the resource is not Noteable (e.g., pipeline hooks), the error is returned directly without creating a note.

References

Screenshots or screen recordings

Before After
Screenshot_2026-04-29_at_6.12.21_PM Screenshot_2026-04-29_at_6.10.07_PM
Screenshot_2026-04-29_at_6.12.36_PM Screenshot_2026-04-29_at_6.12.51_PM

How to set up and validate locally

Step 0: Switch to master branch

Step 1: Apply below diff

Click to expand 
diff --git a/ee/app/services/ai/flow_triggers/run_service.rb b/ee/app/services/ai/flow_triggers/run_service.rb
index d21c3564f2ce..94c8199e22d3 100644
--- a/ee/app/services/ai/flow_triggers/run_service.rb
+++ b/ee/app/services/ai/flow_triggers/run_service.rb
@@ -48,8 +48,8 @@ def execute_flow(params)
       strong_memoize_attr def validation_error
         return ServiceResponse.error(message: 'cannot be triggered by non-human users') unless current_user.human?
 
-        return unless catalog_item&.third_party_flow? &&
-          !Ability.allowed?(current_user, :execute_ai_catalog_item, catalog_consumer)
+        # return unless catalog_item&.third_party_flow? &&
+        #   !Ability.allowed?(current_user, :execute_ai_catalog_item, catalog_consumer)
 
         ServiceResponse.error(message: 'current user not permitted to execute external agent')
       end

Steps 2: Trigger Any External Agent from Issue or MR

you will see no error response

Screenshot_2026-04-29_at_6.12.21_PM

Screenshot_2026-04-29_at_6.12.36_PM

Steps 3: Switch to this MR's branch, and apply diff from Step1

Steps 4: Restart Rails server

Steps 5: Trigger Any External Agent from Issue or MR

You will se below note with error response

Screenshot_2026-04-29_at_6.10.07_PM

Screenshot_2026-04-29_at_6.12.51_PM

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Merge request reports