Add AiTracking for Duo Vulnerability Explanation

What does this MR do and why?

Registers an explain_vulnerability internal event and fires it from the Duo Chat ExplainVulnerability tool executor, so Duo AI vulnerability explanation lands in ai_usage_events. Today this Duo feature emits no AiTracking event, so it is invisible to AiUsageData, AiUserMetrics, and the Duo and SDLC Trends dashboard. This closes the Vulnerability Explanation row of the audit at #567159.

Why the event fires in the chat-tool executor

Vulnerability Explanation runs as a Duo Chat slash command (/vulnerability_explain) through Gitlab::Llm::Chain::Tools::ExplainVulnerability::Executor. The event is tracked there at entry, mirroring Tools::TroubleshootJob, which is the existing precedent for a Duo Chat tool that emits its own AiTracking event.

The legacy explainVulnerability aiAction input is not a second path to track: its catalogue entry has no execute_method, so it is not backed by an execution. The chat tool is the only live path.

Files

  • ee/config/events/explain_vulnerability.yml: the InternalEvents definition. No extra_trackers block, since Gitlab::Tracking::AiTracking is a default tracker for every EE event.
  • ee/lib/gitlab/tracking/ai_tracking.rb: registry entry (event id 35; ids 32, 33, 34 are reserved by the in-flight !240198, !240662 (merged), !240999 (closed)).
  • ee/app/graphql/types/analytics/ai_usage/ai_usage_event_type_enum.rb: GraphQL enum value.
  • ee/lib/gitlab/llm/chain/tools/explain_vulnerability/executor.rb: fires the event.

Tracks #567159.

How to set up and validate locally

bundle exec rspec ee/spec/lib/gitlab/llm/chain/tools/explain_vulnerability/executor_spec.rb

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist.

Edited by Andrew Dunn

Merge request reports

Loading