Audit Events for agents and flows
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
About
We want to capture GitLab Audit Events when for the following changes:
- Agent/flow created
- Agent/flow updated
- Agent/flow made public
- Agent/flow made private
- Agent/flow draft version created
- Agent/flow version released
- Agent/flow deleted
- Agent/flow added to project
- Agent/flow removed from project
Note some of the above "made public", "version released" will happen at the same time as "created" or "updated" - this means we create multiple audit events in those situations.
For example, if someone creates a private agent with a released version, they would generate 2 events:
- "Created private AI agent"
- "Released version 1.0.0 of AI agent"
If someone updated an agent switching it from private to public, with a new released version, they would generate 3 events:
- "Updated AI agent"
- "Made AI agent public"
- "Released version 1.1.0 of AI agent"
This will allow customers to have an audit trail of these events.
See:
- Customer docs https://docs.gitlab.com/user/compliance/audit_events/
- Developer docs https://docs.gitlab.com/development/audit_event_guide/
Proposal
Define audit events (see development docs).
Events will be scoped by the project and have the target as the flow or agent.
Update documentation https://docs.gitlab.com/user/compliance/audit_event_types/.
Agents
Event names:
- Name:
create_ai_catalog_agent- Messages:
- One of:
"Created a new public AI agent""Created a new private AI agent"
- One of:
-
"Created new draft version 1.0.0 of AI agent"(when version is in draft) -
"Released version 1.0.0 of AI agent"(when version is being released)
-
- One of:
- Messages:
- Name:
update_ai_catalog_agent- Messages:
-
"Updated AI agent"(always generated) -
"Made AI agent public"(when changes include private -> public) -
"Made AI agent private"(when changes include public -> private) -
"Created new draft version n.n.n of AI agent"(when latest version is new record and in draft) -
"Released version n.n.n of AI agent"(when latest version changes from draft -> released, regardless of new record or old record)
-
- Messages:
-
delete_ai_catalog_agent- Messages:
-
"Deleted AI agent"(always generated)
-
- Messages:
-
enable_ai_catalog_agent- Messages:
-
"Added AI agent to project"(always generated)
-
- Messages:
-
disable_ai_catalog_agent- Messages:
-
"Removed AI agent from project"(always generated)
-
- Messages:
Examples
Creating public agent with draft version:
audit_context = {
name: 'create_ai_catalog_agent',
author: current_user,
scope: project,
target: agent,
message: 'Created a new public AI agent'
}
Gitlab::Audit::Auditor.audit(audit_context)
audit_context = {
name: 'create_ai_catalog_agent',
author: current_user,
scope: project,
target: agent,
message: 'Created new draft version 1.0.0 of AI agent'
}
Gitlab::Audit::Auditor.audit(audit_context)Updating agent to be public:
audit_context = {
name: 'update_ai_catalog_agent',
author: current_user,
scope: project,
target: agent,
message: 'Updated AI agent'
}
Gitlab::Audit::Auditor.audit(audit_context)
audit_context = {
name: 'update_ai_catalog_agent',
author: current_user,
scope: project,
target: agent,
message: 'Made AI agent public'
}
Gitlab::Audit::Auditor.audit(audit_context)Enabling agent:
audit_context = {
name: 'enable_ai_catalog_agent',
author: current_user,
scope: project,
target: agent,
message: 'Added AI agent to project'
}
Gitlab::Audit::Auditor.audit(audit_context)Flows
create_ai_catalog_flowupdate_ai_catalog_flowdelete_ai_catalog_flowenable_ai_catalog_flowdisable_ai_catalog_flow
Identical logic to agents.