## Summary Users create specialized custom agents for specific workflows (release management, security triage, sprint planning), but these agents are limited to GitLab-only context. However, the reality is that users come to GitLab with access to many other tools that they want to access while interacting with GitLab data. To maximize user workflow effectiveness, agents should be able to access the user's broader ecosystem. Examples: - A "Release Manager" agent needs to check Jira for blockers and PagerDuty for incidents - A "Security Analyst" agent needs to query vulnerability databases and security scanning tools - A "Sprint Planner" agent needs to pull metrics from monitoring dashboards and project management tools Without access to third-party data, users must manually gather context from multiple systems, context-switch constantly, and copy/paste information—defeating the purpose of having a specialized agent. ### Proposal Allow users to enable custom agents with third-party MCPs so they can access third-party data during Duo Chat conversations. --- ### Key Features #### 1. Configure Third-Party Data Access for Custom Agents **User Story:** As a user creating a custom agent, I want to select which third-party MCPs it can access so the agent has comprehensive context for its domain. **What users see:** - During agent creation/editing, a section labeled "Third-Party Data Sources" - List of their enabled MCP servers (Jira, Slack, AWS, monitoring tools, etc.) - Multi-select to choose which data sources this agent needs - Description of what data each source provides - Save these selections as part of the agent configuration **Example:** Creating a "Release Manager" agent: - ✅ Jira (for issue tracking) - ✅ PagerDuty (for incidents) - ✅ DataDog (for metrics) - ⬜ Slack (not needed) - ⬜ Figma (not needed) #### 2. Agents Access Third-Party Data During Conversations **User Story:** As a user chatting with my custom agent, I want it to automatically pull data from third-party systems when needed so I get complete answers without manual data gathering. **What users experience:** - User asks question in Duo Chat with their custom agent - Agent automatically determines which third-party systems to query - Agent fetches relevant data from configured external sources - Agent synthesizes response using both GitLab and third-party data - No manual intervention needed from user #### 3. Transparency About Third-Party Data Usage **User Story:** As a user, I want to see when my agent uses third-party data so I understand the source of information and can trust the responses. **What users see:** - Real-time indicators showing which systems agent is querying ("Checking Jira...", "Fetching DataDog metrics...") - Citations or badges in responses indicating data sources - Ability to see which third-party tools agent can access (agent profile/info) - Clear error messages if third-party systems are unavailable #### 4. Administrator-Controlled MCP Enablement **User Story:** As an administrator, I need to control which external MCP servers can be used in my organization to ensure security, compliance, and cost management. Scope: - Instance/Group-level MCP allowlist: Admins configure which external MCP servers are available - Users can only select from enabled MCPs: Custom agent creation shows only admin-approved MCP servers - Enforcement: Custom agents cannot connect to non-approved MCPs (validation at creation and runtime) - Audit logging: Track which MCPs are being used by which agents/users - Governance hierarchy: Instance-level defaults, group-level overrides - View usage analytics per MCP server - Revoke MCP access (disables affected agents until reconfigured)