Skip to content

Add XRay internal API endpoint

Mikołaj Wawrzyniak requested to merge mwaw/add_x_ray_endpoint into master

What does this MR do and why?

gitlab-org/modelops/applied-ml/code-suggestions/ai-assist#347 (closed)

It adds endpoint to internal API that is going to be used by https://gitlab.com/gitlab-org/code-creation/repository-x-ray scanner binary that is going to be executed as CI Job. A new endpoint will proxy requests to AI Gateway to provide LLM powered insights into codebase.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

  1. Make sure that AI Gateway is working on your local env
  2. Select Ci::Build from namespace with code suggestions add on purchased
  3. Update build state to running
  4. Set build token to any value eg: secret 
project = Project.find 2
build = project.builds.first
build.set_token 'secret'
build.status = "running"
build.save

Use build id and token to make curl request to API endpoint

 curl -v -X POST -H "Content-Type: Application/json"  http://gdk.test:3000/api/v4/internal/jobs/1/x_ray/scan --data '{
  "token": "tajnyToken",
  "prompt_components": [
     {
       "type":"x_ray_package_file_prompt",
       "payload":{
         "prompt": "Human: Parse following content of {file_name}. Respond using only valid JSON with list of libraries available to use and their short description\n\n{file_name} content:\n\n```\n{content}\n```\n\n Assistant: {{\n\"libraries\":[{{\"name\": \"",
         "provider": "anthropic",
         "model": "claude-2.0"
       },
       "metadata": { "scannerVersion": "0.0.1" }
     }
  ]
 }'

Parameter has to be complicent with https://gitlab.com/gitlab-org/modelops/applied-ml/code-suggestions/ai-assist#xray-libraries, the only additional param to the one allowed in AI Gateway docs is token that is designed to pass CI_JOB_TOKEN from https://docs.gitlab.com/ee/ci/variables/predefined_variables.html

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Vitali Tatarintev

Merge request reports