[go: up one dir, main page]
Skip to content

[VS Code] Slash Commands Not Disabled When Duo Features are Disabled for a Project

Summary

Context: user has duo features enabled and has a project with duo_features_enabled set to false open in the Web IDE.

What I see: Slash commands are available for the project.

What I expect to see: Slash commands are not available for the project.

Background on Duo Chat access

The duo_features_enabled setting controls all AI features for a project. If the project has duo_features_enabled set to false, any resources that belong to that project (code, issues, epics) cannot be sent to Duo.

There is sometimes confusion about how this relates to a user's access to Duo features. A user has access to Duo features via a group membership (and later, this will be a licensed seat like code suggestions).

This Chat access means that the user can always use Chat for general questions, such as how to use GitLab and programming questions. But, groups and projects can specify that Duo features are disabled for resources that belong to the group or project by setting duo_features_enabled: false. This includes code that belongs to the project, and code from the project is sent when a Slash command is used.

So, in the context of a project in the IDE, 2 checks are needed to determine Chat/Slash command access:

  1. Does the user have access to Chat? (graphql query: currentUser { duoChatAvailable })
  2. Does the project have Duo features enabled? (graphql query: project(fullPath:"$FULL_PATH") { duoFeaturesEnabled })

Currently, the project setting is not being respected in the Web IDE, and as a result the Slash commands are still available.

Root cause of bug

On the backend, if Duo Chat is asked a question about a GitLab resource with duo_features_enabeld: false, we will raise an error. But for these Slash commands, no project identifier is being sent with the request. As a result, the backend is not checking if duo features are enabled or disabled for the project.

First step for groupeditor extensions to mitigate this bug:

The Slash command should send the resource_id of the current project with the Slash command GraphQL request to GitLab. Once we start doing this, an error will be raised on the backend letting the user know that Duo features are disabled for the project.

Next, we should do 2 things:

  1. The IDE should proactively hide the Slash commands menu if duoFeaturesEnabled is false for the current project. (task for groupeditor extensions )
  2. The GraphQL API should require a resource_id be present for all Slash commands, so this bug does not re-emerge. (task for groupduo chat )
Edited by Jessie Young