feat: simplify sast vr (!3489) · Merge requests · GitLab.org / ModelOps / AI Assisted (formerly Applied ML) / Code Suggestions / AI Gateway · GitLab

What does this merge request do and why?

To simplify the existing SAST VR Flow to:

Make it faster (removing test creation step, focus on specific vulnerability being passed.)
Combine the planning + execution step

It also exports a context/final answer of the merge request URL and 'readiness' score.

How to set up and validate locally

!3171 (merged)
To check the final answer:

In gitlab gdk rails console:


workflow = Ai::DuoWorkflows::Workflow.last
checkpoint = workflow.checkpoints.last
state = checkpoint.checkpoint['channel_values']
puts state['context']['evaluate_merge_request']['final_answer']

=> 
{
  "merge_request_url": "http://gdk.test:3000/gitlab-duo/archer/-/merge_requests/822",
  "readiness_detection_score": "0.90"
}

-->

Merge request checklist

Tests added for new functionality. If not, please raise an issue to follow up.
Documentation added/updated, if needed.
If this change requires executor implementation: verified that issues/MRs exist for both Go executor and Node executor or confirmed that changes are backward-compatible and don't break existing executor functionality.

Edited Oct 01, 2025 by Andrew Jung