Allow Duo Enterprise namespaces to route Duo Code Review through DAP

Wanderson Policarporequested to merge
602689-route-code-review-through-dap-if-enterprise-and-consented into master

What does this MR do and why?

Introduces the duo_code_review_dap_routing_consent_enabled feature flag and updates Ai::DuoCodeReview::Modes::Dap#active? so that Duo Enterprise namespaces are routed through the Duo Agent Platform (DAP) when the flag is enabled and the namespace has explicitly consented via the namespaces_consents table (introduced in !240258 (merged)).

Previously, Dap#active? short-circuited for Duo Enterprise users, routing them to Classic regardless of any Code Review Flow configuration. This change inverts the priority: when duo_code_review_dap_routing_consent_enabled is on and consent has been recorded for the namespace, DAP wins. The existing duo_code_review_dap_internal_users fast-path is preserved as an override for GitLab-internal testing.

Decision table for Duo Enterprise users

duo_code_review_dap_internal_users (user) duo_code_review_dap_routing_consent_enabled (root namespace) Namespace consented? Result
enabled any any DAP (existing override, unchanged)
disabled enabled yes DAP (new path)
disabled enabled no Classic
disabled disabled any Classic (existing behaviour, unchanged)

Non-Duo-Enterprise (Duo Pro/Core) routing is completely unchanged.

References

Screenshots or screen recordings

No UI changes — backend routing logic only.

How to set up and validate locally

Prerequisites:

  1. You will need a license with Duo Enterprise add-on enabled.
  2. A namespace with Duo Agent Platform enabled
  3. An user with a Duo Enterprise seat assigned
Internal users with `duo_code_review_dap_internal_users` enabled

Nothing changed for users with duo_code_review_dap_internal_users flag enabled.

Expectation: Duo Code Review is routed to DAP.

  1. Enable the feature flag: 
    Feature.enable(:duo_code_review_dap_internal_users)
  2. Request a review from @GitLabDuo
  3. A DAP session should start (e.g. http://gdk.test:3000/gitlab-duo/test/-/automate/agent-sessions)
Namespaces with `duo_code_review_dap_routing_consent_enabled` enabled **without** explicit consent

Expectation: Duo Code Review is routed to Classic GitLab Code Review.

  1. Disable the feature flag: 
    Feature.disable(:duo_code_review_dap_internal_users)
  2. Enable the feature flag: 
    Feature.enable(:duo_code_review_dap_routing_consent_enabled)
  3. Request a review from @GitLabDuo
  4. A DAP session should NOT start (check http://gdk.test:3000/gitlab-duo/test/-/automate/agent-sessions) and Classic Code Review should start
Namespaces with `duo_code_review_dap_routing_consent_enabled` enabled **with** explicit consent

Expectation: Duo Code Review is routed to DAP.

  1. Disable the feature flag: 
    Feature.disable(:duo_code_review_dap_internal_users)
  2. Enable the feature flag: 
    Feature.enable(:duo_code_review_dap_routing_consent_enabled)
  3. Create a consent for the root namespace: 
    group = Group.find_by_full_path('gitlab-duo')
Namespaces::Consent.create!(namespace: group, user: User.find_by_username('your-username'), feature_name: :code_review_flow_dap_routing)
  4. Request a review from @GitLabDuo
  5. A DAP session should start (check http://gdk.test:3000/gitlab-duo/test/-/automate/agent-sessions)

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Wanderson Policarpo

Merge request reports