Increase default privileges for flows
What does this MR do and why?
Increases default privileges for flows. This change is being made because flows can already restrict which tools are available for them, which is flow-dependent. Therefore we are changing the default behavior give access to all tools the flow requires, and flows can restrict permissions as needed. See comment here.
In this MR, the current behavior of specifying the privileges to [] is preserved (that is, no privileges are given). The only thing that is changed is the privileges given when none are specified.
Default privileges are defined in the database defaults, which were originally defined in !187680 (merged) and !171872 (merged), and in workflow.rb.
References
Issue: gitlab-org/modelops/applied-ml/code-suggestions/ai-assist#1603
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
Create a flow via curl command with no privileges passed:
curl --location 'http://gdk.test:3000/api/v4/ai/duo_workflows/workflows' \
--header 'Content-Type: application/json' \
--header "PRIVATE-TOKEN: $GITLAB_PAT" \
--data '{
"project_id": "PROJECT_ID",
"goal": "PIPELINE_ID",
"workflow_definition": "fix_pipeline/v1",
"start_workflow": true,
"source_branch": "branch",
"additional_context": [{"Category": "merge_request", "Content": "{\"url\": \"http://gdk.test:3000/gitlab-duo/ai-assist/-/merge_requests/32\"}"}, {"Category": "pipeline", "Content": "{\"source_branch\": \"add-capwords\"}"}]
}'
{"id":1339,"project_id":22,"namespace_id":null,"agent_privileges":[1,2,3,4,5,6],"agent_privileges_names":["read_write_files","read_only_gitlab","read_write_gitlab","run_commands","use_git","run_mcp_tools"],"pre_approved_agent_privileges":[1,2,3,4,5,6],"pre_approved_agent_privileges_names":["read_write_files","read_only_gitlab","read_write_gitlab","run_commands","use_git","run_mcp_tools"],"workflow_definition":"fix_pipeline/v1","status":"created","allow_agent_to_request_user":true,"image":null,"environment":null,"ai_catalog_item_version_id":null,"workload":{"id":827,"message":null},"mcp_enabled":false,"gitlab_url":"http://gdk.test:3000"}%Note the privileges returned.
Additional confirmation: Note the ID field above and check the privileges in the rails console:
[1] pry(main)> Ai::DuoWorkflows::Workflow.find 1339
Ai::DuoWorkflows::Workflow Load (0.8ms) SELECT "duo_workflows_workflows".* FROM "duo_workflows_workflows" WHERE "duo_workflows_workflows"."id" = 1339 LIMIT 1 /*application:console,db_config_database:gitlabhq_development,db_config_name:main,console_hostname:reisner--20250227-0XX53,console_username:reisner,line:(pry):1:in `__pry__'*/
=> #<Ai::DuoWorkflows::Workflow:0x000000014315e0c0
id: 1339,
user_id: 1,
project_id: 22,
created_at: Fri, 14 Nov 2025 17:51:28.152306000 UTC +00:00,
updated_at: Fri, 14 Nov 2025 17:52:16.044756000 UTC +00:00,
status: 1,
goal: "http://gdk.test:3000/gitlab-duo/ai-assist/-/pipelines/1781",
agent_privileges: [1, 2, 3, 4, 5, 6],
workflow_definition: "fix_pipeline/v1",
allow_agent_to_request_user: true,
pre_approved_agent_privileges: [1, 2, 3, 4, 5, 6],
image: nil,
namespace_id: nil,
environment: nil,
ai_catalog_item_version_id: nil,
issue_id: nil,
merge_request_id: nil>
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.