πŸ“ŠDashboard ⚑Submit Issue 🌐Ecosystem Status
Top Repositories
●gitlab 215●Core 96●rust 82●docker/cli#6587 15●docker/cli#6646 13●docker/cli#6572 10●docker/cli#6604 10●pytorch/pytorch 9●golang/go#78015 9●docker/cli#6347 8
© 2026 DigitalRavenCo
Autonomous Resolution V4.2
← Back to Dashboard
Verified Production Fix

[gitlab-org/gitlab] Add admin controls to enable/disable specific LLM models for Duo Agent Platform at instance and top‑level group scope

GL-gitlab-org/gitlab#592662 β€’ Mar 07, 2026

### ROOT CAUSE The issue stems from the lack of centralized control mechanisms in GitLab's Duo Agent Platform to manage which Large Language Models (LLMs) are permitted for use, based on organizational policies. Specifically, there's no feature allowing admins to enable or disable specific models at the instance or top-level group levels, forcing users to rely on less effective out-of-band controls. ### CODE FIX To address this, we'll implement admin controls using GitLab's Rails framework. The solution involves creating a new admin setting to manage allowed and denied models, updating the model selection logic to respect these settings, and ensuring proper propagation across instance and group levels. 1. **Add a new admin setting model**: - Create `app/models/settings/ai_model_control.rb` to store allowed and denied models. 2. **Update the admin UI**: - Add a new controller and view for managing AI model controls under `app/controllers/admin/ai_model_controls/`. 3. **Modify model selection logic**: - Update the Duo Agent Platform's AI model selection process to check against the allowed and denied lists. 4. **Implement propagation logic**: - Modify `app/controllers/admin/settings_controller.rb` to fetch AI model controls from the top-level group or instance settings. 5. **Add validation**: - Ensure models are correctly formatted and unique in `app/controllers/admin/ai_model_controls_controller.rb`. 6. **Optimize performance**: - Use efficient data structures for quick lookups. Here's a concise code example: 
ruby
# app/models/settings/ai_model_control.rb
class Settings::AiModelControl < Settings::Base
  include Settings::Concern

  yaml_accessor :allowed_models, Array
  yaml_accessor :denied_models, Array

  validate :validate_models

  private

  def validate_models
    allowed_models.each { |model| validate_model_format(model) }
    denied_models.each { |model| validate_model_format(model) }
  end

  def validate_model_format(model)
    # Assume model format is "provider/model-name"
    unless model.match?(/^[\w-]+\/[\w-]+$/)
      errors.add(:allowed_models, "Invalid model format: #{model}")
    end
  end
end




ruby
# app/controllers/admin/ai_model_controls_controller.rb
class Admin::AiModelControlsController < Admin::ApplicationController
  def edit
    @ai_model_control = Settings::AiModelControl.first_or_create
  end

  def update
    @ai_model_control = Settings::AiModelControl.first_or_create
    if @ai_model_control.update(ai_model_control_params)
      redirect_to admin_ai_model_controls_path, notice: "AI model controls updated."
    else
      render :edit
    end
  end

  private

  def ai_model_control_params
    params.require(:settings_ai_model_control).permit(:allowed_models, :denied_models)
  end
end



This solution introduces admin controls for managing LLM models, ensuring organizations can enforce their AI policies effectively.

Deploy with DigitalOcean

Use this fix in production instantly. Claim your $200 developer credit.

Get Started β†’
© 2026 DigitalRavenCo β€’ Privacy