Add api and ai_workflows scopes to Ascp types to support Business Context flow
What does this MR do and why?
Adds scopes: [:api, :read_api, :ai_workflows to many of the Ascp types in order to support Business Context and Security Guidelines Foundational Flow.
References
https://gitlab.com/gitlab-org/gitlab/-/work_items/596623+s
How to validate locally
-
Fetch the
mtolpin-ascp-flowbranch from Draft: feat: add Business Context and Security ... (gitlab-org/modelops/applied-ml/code-suggestions/ai-assist!5294) • Adam Cohen -
Make the following changes to your local gitlab code:
-
Add the
ASCP Business Contextworkflow to the list of available Duo Chat Agents in ee/lib/ai/foundational_chat_agents_definitions.rb:diff --git a/ee/lib/ai/foundational_chat_agents_definitions.rb b/ee/lib/ai/foundational_chat_agents_definitions.rb index d34ca92b1c53..913d66d05188 100644 --- a/ee/lib/ai/foundational_chat_agents_definitions.rb +++ b/ee/lib/ai/foundational_chat_agents_definitions.rb @@ -107,6 +107,20 @@ module FoundationalChatAgentsDefinitions description: <<~DESCRIPTION Get help with selecting permissions for fine-grained access tokens, applying the principle of least privilege. DESCRIPTION + }, + { + id: 8, + reference: 'business_context_security_guidelines', + version: 'v1', + name: 'ASCP Business Context', + global_catalog_id: nil, + avatar: 'gitlab-duo-agent.png', + # TODO: TESTING ONLY — remove this entire entry from FoundationalChatAgentsDefinitions + # before production. The flow will be triggered programmatically, not via Duo Chat. + description: <<~DESCRIPTION + Analyze your project to discover business components and generate security guidelines + using the Application Security Context Platform (ASCP). Requires Ultimate tier. + DESCRIPTION } ].freeze end -
Disable the
require_gitlab_workhorse!lines from ee/lib/api/ai/duo_workflows/workflows_internal.rb:diff --git a/ee/lib/api/ai/duo_workflows/workflows_internal.rb b/ee/lib/api/ai/duo_workflows/workflows_internal.rb index 174226d186b8..48e9e367cd06 100644 --- a/ee/lib/api/ai/duo_workflows/workflows_internal.rb +++ b/ee/lib/api/ai/duo_workflows/workflows_internal.rb @@ -101,7 +101,7 @@ def uncompress_checkpoint(compressed_data) requires :id, type: Integer, desc: 'The ID of the workflow', documentation: { example: 1 } end get do - require_gitlab_workhorse! + # require_gitlab_workhorse! workflow = find_workflow!(params[:id]) push_ai_gateway_headers(scope: workflow.resource_parent) @@ -132,9 +132,9 @@ def uncompress_checkpoint(compressed_data) end namespace :checkpoints do - before do - require_gitlab_workhorse! - end + # before do + # require_gitlab_workhorse! + # end desc 'Create workflow checkpoint' do tags %w[gitlab_duo_workflows internal_operations] end @@ -212,9 +212,9 @@ def uncompress_checkpoint(compressed_data) end namespace :checkpoint_writes_batch do - before do - require_gitlab_workhorse! - end + # before do + # require_gitlab_workhorse! + # end desc 'Create multiple workflow checkpoint writes' do tags %w[gitlab_duo_workflows internal_operations]
-
-
Navigate to a project you want to analyze, for example:
http://gdk.test:3000/gitlab-duo/test3 -
Create a new Duo Chat session, making sure to select
ASCP Business Context
-
Instruct the
ASCP Business Contextchat toanalyze the projectand wait for the results:
