Add AiTracking for Duo Vulnerability Explanation
What does this MR do and why?
Registers an explain_vulnerability internal event and fires it from the Duo Chat
ExplainVulnerability tool executor, so Duo AI vulnerability explanation lands in
ai_usage_events. Today this Duo feature emits no AiTracking event, so it is invisible
to AiUsageData, AiUserMetrics, and the Duo and SDLC Trends dashboard. This closes
the Vulnerability Explanation row of the audit at #567159.
Why the event fires in the chat-tool executor
Vulnerability Explanation runs as a Duo Chat slash command (/vulnerability_explain)
through Gitlab::Llm::Chain::Tools::ExplainVulnerability::Executor. The event is tracked
there at entry, mirroring Tools::TroubleshootJob, which is the existing precedent for a
Duo Chat tool that emits its own AiTracking event.
The legacy explainVulnerability aiAction input is not a second path to track: its
catalogue entry has no execute_method, so it is not backed by an execution. The chat
tool is the only live path.
Files
ee/config/events/explain_vulnerability.yml: the InternalEvents definition. Noextra_trackersblock, sinceGitlab::Tracking::AiTrackingis a default tracker for every EE event.ee/lib/gitlab/tracking/ai_tracking.rb: registry entry (event id 35; ids 32, 33, 34 are reserved by the in-flight !240198, !240662 (merged), !240999 (closed)).ee/app/graphql/types/analytics/ai_usage/ai_usage_event_type_enum.rb: GraphQL enum value.ee/lib/gitlab/llm/chain/tools/explain_vulnerability/executor.rb: fires the event.
Tracks #567159.
How to set up and validate locally
bundle exec rspec ee/spec/lib/gitlab/llm/chain/tools/explain_vulnerability/executor_spec.rbMR acceptance checklist
Evaluate this MR against the MR acceptance checklist.