Manoj M J [OOO] (e9071313) at 18 Mar 19:28

Manoj M J [OOO] (51a0af57) at 18 Mar 19:28

... and 1 more commit

What does this MR do?

Long-term quarantine for a flaky system spec.

Field	Value
File	ee/spec/features/projects/new_project_spec.rb:183
Test	New project CI/CD for external repositories when licensed "Import project" tab creates projects with features enabled
Flaky test issue	https://gitlab.com/gitlab-org/quality/test-failure-issues/-/issues/19506
Fast quarantine MR	gitlab-org/quality/engineering-productivity/fast-quarantine!511

Manoj M J [OOO] (09562e10) at 18 Mar 12:59

... and 1 more commit

Manoj M J [OOO] (7d0aae6b) at 18 Mar 12:59

What does this MR do and why?

Adds a before_save hook to Ai::SelfHostedModel that automatically sets the provider that it infers from the model identifier prefix. The hook runs on every record creation and on save if the identifier has changed. This is only temporary until the UI supports direct provider selection.

⚠️ Merge dependency: !226211

Context:

We want to grow our roster of provider options and need to start storing that information in the backend on the self-hosted model record. Currently that information is inferred by the frontend using the stored model identifier, but this is a brittle approach that doesn't scale well.

References

Issue: #507967

Screenshots or screen recordings

Before	After

How to set up and validate locally

Pre-requisites:

An active Ultimate license.

1. Start GDK in self-managed mode GITLAB_SIMULATE_SAAS=0 gdk start
2. Run the Duo setup rake task GITLAB_SIMULATE_SAAS=0 bundle exec 'rake gitlab:duo:setup' to seed instance with necessary Duo data
3. Navigate to the self-hosted models page http://gdk.test:3000/admin/gitlab_duo/model_selection/models and create a bedrock model. Validate the hook worked by opening the Rails console (rails c) and running Ai::SelfHostedModel.last.provider. The value should be bedrock.
4. Edit the model created in step 3 and save as a Vertex model and run Ai::SelfHostedModel.last.provider again. The provider should now be vertex_ai

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

I've approved, LGTM 👍

Summary

Documents the AIGW_SELF_SIGNED_JWT__SIGNING_KEY and AIGW_SELF_SIGNED_JWT__VALIDATION_KEY environment variables in the customer-facing AI Gateway installation guide.

These variables are required for the AI Gateway to issue short-lived user JWT tokens, used by features like Duo Chat. Without them, self-managed customers encounter a "Token creation failed" error caused by a JWK key deserialization failure.

Changes

1. Prerequisites: Added key generation steps for aigw_signing.key and aigw_validation.key alongside the existing duo_workflow_jwt.key.
2. Docker run command: Added -e AIGW_SELF_SIGNED_JWT__SIGNING_KEY and -e AIGW_SELF_SIGNED_JWT__VALIDATION_KEY flags.
3. .env file creation (SSL/Docker Compose section): Added the new variables.
4. Helm chart install command: Added the new --set extraEnvironmentVariables entries.
5. Troubleshooting: Added a "Token creation failed" section explaining the root cause and resolution, including clarification of the relationship between AIGW_SELF_SIGNED_JWT__* and DUO_WORKFLOW_SELF_SIGNED_JWT__SIGNING_KEY.

Related issues

• gitlab-org/modelops/applied-ml/code-suggestions/ai-assist#2012
• Original RFH: https://gitlab.com/gitlab-com/request-for-help/-/work_items/4283
• MR that introduced the setting: gitlab-org/modelops/applied-ml/code-suggestions/ai-assist!884
• MR that documented JWT key rotation internally: gitlab-org/modelops/applied-ml/code-suggestions/ai-assist!976

@jpcyiza would be best equipped to review this one.

@cindy-halim this is a great find. I am in agreement with your approach. The plan is to the run tests the same way, but we also add in a test matrix based on license checks?

What does this MR do?

Long-term quarantine for a flaky system spec.

Field	Value
File	ee/spec/features/projects/new_project_spec.rb:183
Test	New project CI/CD for external repositories when licensed "Import project" tab creates projects with features enabled
Flaky test issue	https://gitlab.com/gitlab-org/quality/test-failure-issues/-/issues/19506
Fast quarantine MR	gitlab-org/quality/engineering-productivity/fast-quarantine!511

What does this MR do and why?

Update agentic chat feature to use duo_chat UT

Remove feature flag check to determine duo_chat/duo_classic_chat because those UT's scope should be enough to determine accessibility.

References

Screenshots or screen recordings

Before	After

How to set up and validate locally

1. ensure both chat works as expected
2. disable classic chat in a group's feature setting and see it disappear from the UI.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #581229

Manoj M J [OOO] (f74bceaf) at 17 Mar 10:02

... and 1 more commit

Manoj M J [OOO] (507ddf95) at 17 Mar 10:02

What does this MR do and why?

Self-managed GitLab instances using the hosted AI Gateway (rather than a self-hosted one) were unable to control extended logging for Duo Workflow via the instance admin setting. The enable_extended_logging? method only checked for a self_hosted_url to determine whether to use the enabled_instance_verbose_ai_logs instance setting, instances without a custom AI Gateway URL fell through to the SaaS-oriented feature flag and namespace-level checks instead.

This MR fixes that by also checking whether the instance is self-managed. For any self-managed instance, regardless of whether they use a self-hosted or cloud-hosted AI Gateway, logging is now controlled by the enabled_instance_verbose_ai_logs instance setting, as intended.

References

Screenshots or screen recordings

Before	After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #587976