Add AiTracking for Duo Vulnerability Resolution
What does this MR do and why?
Adds track_internal_event('request_duo_vulnerability_resolution', ...) to
Llm::ResolveVulnerabilityService and registers a corresponding
request_duo_vulnerability_resolution internal event, so Duo AI vulnerability
resolution lands in ai_usage_events.
Today this Duo feature fires no AiTracking event, so it is invisible to
AiUsageData, AiUserMetrics, and the Duo and SDLC Trends dashboard. This
closes the Vulnerability Resolution row of the audit at #567159.
A note on the event name
resolve_vulnerability was the obvious name, but that action already exists:
it is the non-AI event fired when a vulnerability is marked resolved
(Vulnerabilities::ResolveService). I found the collision while wiring this up.
For the Duo AI request I followed the established precedent for a Duo request
tracked at entry, request_duo_chat_response, giving
request_duo_vulnerability_resolution. The registry embeds duo in several
event names to scope Duo features (request_duo_chat_response,
*_duo_code_review_*), so this stays consistent.
The product aiAction is unchanged (:resolve_vulnerability); only the
InternalEvents event is added.
The event is registered the current way:
ee/config/events/request_duo_vulnerability_resolution.yml: the InternalEvents definition. Noextra_trackersblock, sinceGitlab::Tracking::AiTrackingis injected as a default tracker for every EE event.ee/lib/gitlab/tracking/ai_tracking.rb: registry entry (event id 34; ids 32 and 33 are reserved by the in-flight !240198 and !240662 (merged)).ee/app/graphql/types/analytics/ai_usage/ai_usage_event_type_enum.rb: GraphQL enum value.
The service schedules completion asynchronously, so the event is tracked at
entry, mirroring Llm::ChatService#perform.
Tracks #567159.
How to set up and validate locally
- Self-managed GitLab (PostgreSQL is enough to see the row).
bundle exec rspec ee/spec/services/llm/resolve_vulnerability_service_spec.rb
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist.