Expose ai_settings in the groups API response

Luke Duncalferequested to merge
600095-expose-ai_settings-attributes into master

What does this MR do and why?

Exposes ai_settings in the groups API response.

The missing response was identified as an oversight in !233914 (merged) and tracked in #600095 (closed).

References

Follow-up: Add missing REST API ai_settings sup... (#600095 - closed)

How to set up and validate locally

GET the group via the REST API. Replace <group full path> with your group's full path.

curl --location --request GET 'http://gdk.test:3000/api/v4/groups/<group full path>' \
--header 'Authorization: Bearer MYPAT' \
--header 'Content-Type: application/json'
}'

View the response, it should contain an ai_settings field with AI settings properties.

Note, some fields are only present when dap_group_network_access_controls or dap_group_customizable_permissions feature flags are enabled.

Example response:

{
    "id": 240,
    // ...
    "ai_settings": {
        "duo_agent_platform_enabled": true,
        "duo_workflow_mcp_enabled": false,
        "foundational_agents_default_enabled": true,
        "ai_catalog_restricted_to_group_hierarchy": false,
        "ai_usage_data_collection_enabled": false,
        "prompt_injection_protection_level": "log_only",
        "include_recommended_allowed": false,
        "allow_all_unix_sockets": false,
        "allow_project_extension": true,
        "minimum_access_level_execute": null,
        "minimum_access_level_execute_async": null,
        "minimum_access_level_manage": null,
        "minimum_access_level_enable_on_projects": null
    },
    // ...
}

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #600095 (closed)

Edited by Luke Duncalfe

Merge request reports