@Joey_Khabie & @nateweinshenker can you please do initial reviews here?

SAM FIGUEROA (757f33ba) at 19 Mar 11:25

SAM FIGUEROA (893cf531) at 18 Mar 11:42

I've added a related change to ai-gateway to match this change on the source side: gitlab-org/modelops/applied-ml/code-suggestions/ai-assist!4928

Approving!

What does this MR do and why?

This MR implements Phase 1 of #593773 by introducing a new origin constant for Secret Detection FP flags and creating an AI_MANAGED_ORIGINS array to handle all AI-managed flag types in a maintainable way.

Context: Currently, both SAST and Secret Detection FP flags use the same origin (ai_sast_fp_detection) because the DWS sends a detection_type parameter that isn't honored by the Rails API. This works but makes it impossible to distinguish between the two types of flags.

Backward Compatibility

This is a backward-compatible change. Secret Detection FP will continue to work with the default SAST origin until the DWS side is updated to send the new origin parameter (Phase 2).

The ingestion logic now preserves flags with either origin, so when DWS starts sending the new origin value, the flags will be properly preserved without any additional changes needed.

Related Issues

• Closes #593773
• Follow-up from #591391

Yes this is the origin (no pun intended) of this change. https://gitlab.com/gitlab-org/gitlab/-/work_items/593773

SAM FIGUEROA (72387a73) at 18 Mar 11:15

... and 148 more commits

SAM FIGUEROA (8ffbaace) at 18 Mar 11:15

What does this merge request do and why?

fix: Correct origin param for vuln flag on secret_fp

• Use correct parameter name and change origin string to match recent changes expected on gitlab monolith.

• Refs: https://gitlab.com/gitlab-org/gitlab/-/work_items/593773

Changelog: fixed

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Merge request checklist

• Tests added for new functionality. If not, please raise an issue to follow up.
• Documentation added/updated, if needed.
• If this change requires executor implementation: verified that issues/MRs exist for both Go executor and Node executor or confirmed that changes are backward-compatible and don't break existing executor functionality.

What does this merge request do and why?

fix: Correct origin param for vuln flag on secret_fp

• Use correct parameter name and change origin string to match recent changes expected on gitlab monolith.

• Refs: https://gitlab.com/gitlab-org/gitlab/-/work_items/593773

Changelog: fixed

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Merge request checklist

• Tests added for new functionality. If not, please raise an issue to follow up.
• Documentation added/updated, if needed.
• If this change requires executor implementation: verified that issues/MRs exist for both Go executor and Node executor or confirmed that changes are backward-compatible and don't break existing executor functionality.

SAM FIGUEROA (9f78d483) at 18 Mar 11:08

SAM FIGUEROA (c0498d89) at 17 Mar 08:23

I agree with Duo here. This is a user provided input, so let's make sure it's a safely escaped string and truncate it to 250 chars.