这是indexloc提供的服务,不要输入任何密码

Add agent_privileges to workflow create/read

Dylan Griffithrequested to merge
144-workflow-agent-privileges into master

What does this MR do and why?

Related to gitlab-org/duo-workflow/duo-workflow-service#144 (closed)

This MR updates a couple of APIs to allow setting a new column agent_privileges on the duo_workflows_workflows table. It also adds some model level validations.

The Duo Workflow feature in GitLab is a VS Code extension feature which allows you to have an AI agent edit files and run commands in your local environment. It runs these commands inside a Docker container. This Docker container provides some isolation but there are still risks with allowing the AI agent to run commands. Furthermore we've found that Duo Workflow can already offer a lot of value if it just edits multiple files in a workflow. For this reason we want the Duo Workflow feature to default to only editing files and making read-only API calls to GitLab. Since we want to provide a way for some users (especially in our internal testing) to opt in to allowing more privileges we've made this configurable with a list of enum values which the user wants the agent to be able to do.

These privileges are going to be enforced in the Duo Workflow Service itself in gitlab-org/duo-workflow/duo-workflow-service!158 (merged) but it needs to know what privileges the user has allowed. So we persist these settings when we create the workflow and then the Duo Workflow Service will load these later from the workflows/:id endpoint to know what is allowed.

Additionally we introduced a new workflows/agent_privileges endpoint to help us build the UI in the VS Code extension. It needs to know the list of values as well as the descriptions of them in order to render a UI of checkboxes to allow the user to select the privileges.

References

Please include cross links to any resources that are relevant to this MR This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Edited by Dylan Griffith

Merge request reports