gitlab-triage 1.50.0 → 1.51.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '066092d8567b3b76494b99f0c244c565d1c9b65938082e741fe955742c89e88e'
-  data.tar.gz: 3fc1d9bf0c94a47b6d6a39002014bb60fe52ac93624cb50f6a06cc2f73d11528
+  metadata.gz: 8153f61407dcda901bf6dbdeb8390a72e2af03e4562c723b770b0470951af96e
+  data.tar.gz: 97d626248297908df831d00ef897ff796db3262f42c4495f50dcc88ccb27a471
 SHA512:
-  metadata.gz: cd1f5e1088ec9cbe4e21ed6c968ce47489be3d83c95fffd07fd8e59a8eb92240ed44172f09f34390901dd43241a70320e859b5350b1afd20007550736d4bad75
-  data.tar.gz: ef7c028266e48926aba06c4fc908798eb7b9b60d3a16cfe7fe05a6134e5756374419961f52baf6c41e12a38f61b5a9c66f11c7e771b725d640619bc13db9bf04
+  metadata.gz: 39bc408dfa35b181e095c642ecf13c99d64acf1d0d0d7bc2bffd9d2a0635ade7c11e9089172375474eedc984a43aca507bd630aeeadbf363300d81ce528f1ad2
+  data.tar.gz: 8afe7f1cee9e5739d960e41e9bf1049e50f56aa6ab34010a65fd50ba52dc84211164b197875191d0efbd1e9557c758c429711243867f99bdfc6fc1ee0f1368d5

data/.rubocop_todo.yml

@@ -1,12 +1,12 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --exclude-limit 10000`
-# on 2024-06-13 12:56:53 UTC using RuboCop version 1.62.1.
+# on 2026-06-12 14:43:35 UTC using RuboCop version 1.62.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 67
+# Offense count: 78
 CodeReuse/ActiveRecord:
   Exclude:
     - 'lib/gitlab/triage/engine.rb'
@@ -25,17 +25,6 @@ CodeReuse/ActiveRecord:
     - 'spec/support/shared_examples/label_command_shared_examples.rb'
     - 'spec/support/stub_api.rb'
 
-# Offense count: 4
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: Categories, ExpectedOrder.
-# ExpectedOrder: module_inclusion, constants, public_class_methods, initializer, public_methods, protected_methods, private_methods
-Layout/ClassStructure:
-  Exclude:
-    - 'lib/gitlab/triage/filters/base_conditions_filter.rb'
-    - 'lib/gitlab/triage/filters/member_conditions_filter.rb'
-    - 'lib/gitlab/triage/graphql_queries/query_builder.rb'
-    - 'lib/gitlab/triage/limiters/base_limiter.rb'
-
 # Offense count: 1
 Lint/ToEnumArguments:
   Exclude:
@@ -49,12 +38,12 @@ Performance/MethodObjectAsBlock:
     - 'lib/gitlab/triage/expand_condition/expansion.rb'
     - 'lib/gitlab/triage/limiters/date_field_limiter.rb'
 
-# Offense count: 167
+# Offense count: 175
 # Configuration parameters: AllowSubject.
 RSpec/MultipleMemoizedHelpers:
   Max: 10
 
-# Offense count: 305
+# Offense count: 331
 # Configuration parameters: EnforcedStyle, IgnoreSharedExamples.
 # SupportedStyles: always, named_only
 RSpec/NamedSubject:

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    gitlab-triage (1.50.0)
+    gitlab-triage (1.51.0)
       activesupport (>= 5.1)
       globalid (~> 1.0, >= 1.0.1)
       graphql (< 2.1.0)

data/README.md

@@ -722,6 +722,41 @@ conditions:
 See [Ruby expression API](#ruby-expression-api) for the list of currently
 available API.
 
+##### Work item status condition
+
+**Requires GitLab 18.0 or later.** On earlier versions, the GitLab API rejects
+the request and the triage run fails with an error.
+
+Filters work items by their [status](https://docs.gitlab.com/user/work_items/status/).
+
+Accepts a string or an array of strings, where each string is a status name
+(for example, `To do`, `In progress`, `Done`, `Won't do`, `Duplicate`). When
+an array is given, a work item matches if its status is any of the listed
+values. Matching is case-insensitive.
+
+When this condition is present, matching statuses are pre-filtered server-side
+before the main fetch, so only matching work items are loaded.
+
+This condition is distinct from the [`status` action](#status-action), which
+changes the open or closed state of a work item. Work item status is a separate
+lifecycle attribute.
+
+Example:
+
+```yml
+conditions:
+  work_item_status: In progress
+```
+
+Filtering by more than one status:
+
+```yml
+conditions:
+  work_item_status:
+    - To do
+    - In progress
+```
+
 #### Limits field
 
 Limits restrict the number of resources on which an action is carried out. They
@@ -767,6 +802,7 @@ Available action types:
 - [`labels` action](#labels-action)
 - [`remove_labels` action](#remove-labels-action)
 - [`status` action](#status-action)
+- [`work_item_status` action](#work-item-status-action)
 - [`mention` action](#mention-action)
 - [`move` action](#move-action)
 - [`comment` action](#comment-action)
@@ -817,7 +853,10 @@ actions:
 
 ##### Status action
 
-Changes the status of the resource.
+Changes the open or closed state of the resource.
+
+This sets the open or closed state, not the work item lifecycle status. To
+change work item status, see the [`work_item_status` action](#work-item-status-action).
 
 Accepts a string.
 
@@ -833,6 +872,29 @@ actions:
   status: close
 ```
 
+##### Work item status action
+
+**Requires GitLab 19.1 or later.** On earlier versions, the action emits an
+error and is skipped.
+
+Sets the [status](https://docs.gitlab.com/user/work_items/status/) of a work
+item.
+
+This is distinct from the [`status` action](#status-action), which changes the
+open or closed state. Work item status is a separate lifecycle attribute.
+
+Accepts a string, the name of the target status (for example, `In progress`).
+The name is resolved per work item against its type's own lifecycle, so the
+valid values depend on the type. If the name is not valid for a given work
+item, the automation reports an error.
+
+Example:
+
+```yml
+actions:
+  work_item_status: In progress
+```
+
 ##### Mention action
 
 Mentions a number of users.

data/lib/gitlab/triage/action/work_item_status.rb

@@ -0,0 +1,100 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+require_relative '../resource/instance_version'
+
+module Gitlab
+  module Triage
+    module Action
+      class WorkItemStatus < Base
+        MINIMUM_VERSION = '19.1'
+        class Dry < WorkItemStatus
+          def act
+            puts "The following work items would have their status updated for the rule **#{policy.name}**:\n\n"
+
+            super
+          end
+
+          private
+
+          def perform(resource, status_value)
+            puts "# #{resource[:web_url]}"
+            puts "Status would be set to: #{status_value}"
+            puts "Work Item ID: gid://gitlab/WorkItem/#{resource[:id]}\n\n"
+          end
+        end
+
+        def act
+          unless policy.type == 'issues'
+            puts Gitlab::Triage::UI.warn "Work item statuses are only available for issues. The action will NOT be performed\n\n"
+            return
+          end
+
+          unless supported_version?
+            puts Gitlab::Triage::UI.error "Setting work item status requires GitLab #{MINIMUM_VERSION} or later; " \
+              "this instance is #{instance_version.version_short}. The action will NOT be performed\n\n"
+            return
+          end
+
+          status_value = policy.actions[:work_item_status]
+          return unless status_value
+
+          policy.resources.each do |resource|
+            perform(resource, status_value)
+          end
+        end
+
+        private
+
+        def supported_version?
+          Gem::Version.new(instance_version.version_short) >= Gem::Version.new(MINIMUM_VERSION)
+        end
+
+        def instance_version
+          @instance_version ||= Gitlab::Triage::Resource::InstanceVersion.new(network: network)
+        end
+
+        def perform(resource, status_value)
+          mutation_query = <<~GRAPHQL
+            mutation($input: WorkItemUpdateInput!) {
+              workItemUpdate(input: $input) {
+                workItem {
+                  id
+                }
+                errors
+              }
+            }
+          GRAPHQL
+
+          variables = {
+            input: {
+              id: "gid://gitlab/WorkItem/#{resource[:id]}",
+              statusWidget: {
+                name: status_value
+              }
+            }
+          }
+
+          if network.options.debug
+            if policy.actions.fetch(:redact_confidential_resources, true) && resource[:confidential]
+              puts Gitlab::Triage::UI.debug "Work item status action resource: (confidential)"
+            else
+              puts Gitlab::Triage::UI.debug "Work item status action resource: #{resource.inspect}"
+            end
+          end
+
+          response = network.mutate_graphql(mutation_query, variables)
+          return puts Gitlab::Triage::UI.error "No response received for work item #{resource[:web_url]}" if response.nil?
+
+          work_item_update = response[:work_item_update]
+          return puts Gitlab::Triage::UI.error "No workItemUpdate data in response for #{resource[:web_url]}" unless work_item_update
+
+          errors = work_item_update[:errors]
+          return unless errors&.any?
+
+          puts Gitlab::Triage::UI.error "Status update failed for #{resource[:web_url]}: #{errors.join(', ')}"
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/triage/action.rb

@@ -5,6 +5,7 @@ require_relative 'action/comment'
 require_relative 'action/comment_on_summary'
 require_relative 'action/issue'
 require_relative 'action/delete'
+require_relative 'action/work_item_status'
 
 module Gitlab
   module Triage
@@ -17,7 +18,8 @@ module Gitlab
           [Comment, policy.comment?],
           [CommentOnSummary, policy.comment_on_summary?],
           [Issue, policy.issue?],
-          [Delete, policy.delete?]
+          [Delete, policy.delete?],
+          [WorkItemStatus, policy.work_item_status?]
         ].each do |action, active|
           act(action: action, policy: policy, **args) if active
         end

data/lib/gitlab/triage/engine.rb

@@ -14,6 +14,7 @@ require_relative 'filters/author_member_conditions_filter'
 require_relative 'filters/assignee_member_conditions_filter'
 require_relative 'filters/discussions_conditions_filter'
 require_relative 'filters/ruby_conditions_filter'
+require_relative 'filters/work_item_status_conditions_filter'
 require_relative 'limiters/date_field_limiter'
 require_relative 'action'
 require_relative 'policies/rule_policy'
@@ -53,7 +54,8 @@ module Gitlab
         no_additional_labels: Filters::NoAdditionalLabelsConditionsFilter,
         ruby: Filters::RubyConditionsFilter,
         votes: Filters::VotesConditionsFilter,
-        upvotes: Filters::VotesConditionsFilter
+        upvotes: Filters::VotesConditionsFilter,
+        work_item_status: Filters::WorkItemStatusConditionsFilter
       }.freeze
 
       DEFAULT_NETWORK_ADAPTER = Gitlab::Triage::NetworkAdapters::HttpartyAdapter
@@ -377,11 +379,15 @@ module Gitlab
         end
 
         ExpandCondition.perform(rule_conditions(rule_definition)) do |expanded_conditions|
+          status_pre_filtered = pre_filter_by_work_item_status!(resource_type, expanded_conditions)
+
           # retrieving the resources for every rule is inefficient
           # however, previous rules may affect those upcoming
           resources = options.resources ||
             fetch_resources(resource_type, expanded_conditions, rule_definition)
 
+          apply_work_item_status!(resource_type, expanded_conditions, rule_definition, resources, status_pre_filtered)
+
           # In some filters/actions we want to know which resource type it is
           attach_resource_type(resources, resource_type)
 
@@ -409,6 +415,8 @@ module Gitlab
           if options.resource_reference
             expanded_conditions[:iids] = options.resource_reference[1..]
             graphql_query_options[:iids] = [expanded_conditions[:iids]]
+          elsif expanded_conditions[:iids].present?
+            graphql_query_options[:iids] = expanded_conditions[:iids]
           end
 
           graphql_query = build_graphql_query(resource_type, expanded_conditions, true)
@@ -418,8 +426,14 @@ module Gitlab
           # FIXME: Epics listing endpoint doesn't support filtering by `iids`, so instead we
           # get a single epic when `--resource-reference` is given for epics.
           # Because of that, the query could return a single epic, so we make sure we get an array.
+          pre_filter_iids = expanded_conditions.delete(:iids)
+
           resources = Array(network.query_api(build_get_url(resource_type, expanded_conditions)))
 
+          # When pre-filtered IIDs are present (from work_item_status server-side
+          # filtering), narrow the REST results to only those IIDs before decoration.
+          resources = resources.select { |r| pre_filter_iids.include?(r['iid'].to_s) } if pre_filter_iids.present?
+
           iids = resources.pluck('iid').map(&:to_s)
           expanded_conditions[:iids] = iids
 
@@ -650,6 +664,161 @@ module Gitlab
         APIQueryBuilders::SingleQueryParamBuilder.new('wip', wip)
       end
 
+      # When filtering by work_item_status, query workItems with server-side
+      # status filtering first to narrow the IID set before the main fetch.
+      # This avoids fetching all resources just to discard most of them.
+      def pre_filter_by_work_item_status!(resource_type, expanded_conditions)
+        return false unless resource_type == 'issues' && expanded_conditions.key?(:work_item_status)
+
+        pre_filter_iids = fetch_work_item_iids_by_status(expanded_conditions[:work_item_status])
+
+        expanded_conditions[:iids] =
+          if expanded_conditions[:iids].present?
+            Array(expanded_conditions[:iids]).map(&:to_s) & pre_filter_iids
+          else
+            pre_filter_iids
+          end
+
+        true
+      end
+
+      def apply_work_item_status!(resource_type, expanded_conditions, rule_definition, resources, status_pre_filtered)
+        return unless resource_type == 'issues' && needs_work_item_status?(expanded_conditions, rule_definition)
+
+        status_values = Array(expanded_conditions[:work_item_status])
+
+        if status_pre_filtered && status_values.size == 1
+          resources.each { |r| r[:work_item_status] = status_values.first }
+        else
+          decorate_resources_with_work_item_status(resources)
+        end
+      end
+
+      def needs_work_item_status?(conditions, _rule_definition)
+        conditions.key?(:work_item_status)
+      end
+
+      # Pre-filter: query workItems with server-side status filtering to get only
+      # the IIDs that match, avoiding fetching the full resource set when most
+      # items won't pass the status filter.
+      def fetch_work_item_iids_by_status(status_condition)
+        status_names = Array(status_condition)
+        all_iids = []
+
+        status_names.each do |status_name|
+          query = <<~GRAPHQL
+            query($source: ID!, $after: String, $statusName: String!) {
+              #{options.source.singularize}(fullPath: $source) {
+                workItems(status: { name: $statusName }, after: $after, first: 100) {
+                  pageInfo {
+                    hasNextPage
+                    endCursor
+                  }
+                  nodes {
+                    iid
+                  }
+                }
+              }
+            }
+          GRAPHQL
+
+          after_cursor = nil
+
+          loop do
+            response = graphql_network.adapter.query_raw(
+              query,
+              resource_path: [options.source.singularize, 'workItems'],
+              variables: { source: source_full_path, after: after_cursor, statusName: status_name }
+            )
+
+            work_items = Array.wrap(response[:results])
+            work_items.each do |wi|
+              iid = wi.is_a?(Hash) ? (wi['iid'] || wi[:iid]) : wi.try(:iid)
+              all_iids << iid.to_s if iid
+            end
+
+            break unless response[:more_pages]
+
+            after_cursor = response[:end_cursor]
+          end
+        end
+
+        all_iids.uniq
+      end
+
+      # Status is a work item capability not available on the IssueType GraphQL type
+      # or the REST API. We fetch it via a separate workItems query and merge it back
+      # by IID, similar to how decorate_resources_with_graphql_data works for other fields.
+      # We use widgets (not features) for backward compatibility with GitLab versions
+      # before the features field was introduced in 18.9.
+      def decorate_resources_with_work_item_status(resources)
+        return if resources.empty?
+
+        iids = resources.filter_map { |r| (r['iid'] || r[:iid])&.to_s }
+        return if iids.empty?
+
+        status_by_iid = fetch_work_item_statuses_by_iid(iids)
+
+        resources.each do |resource|
+          iid = (resource['iid'] || resource[:iid]).to_s
+          resource[:work_item_status] = status_by_iid[iid]
+        end
+      end
+
+      # The workItems connection caps `first` at 100, so we request the status
+      # for the given IIDs in batches and paginate within each batch.
+      def fetch_work_item_statuses_by_iid(iids)
+        query = <<~GRAPHQL
+          query($source: ID!, $iids: [String!], $after: String) {
+            #{options.source.singularize}(fullPath: $source) {
+              workItems(iids: $iids, after: $after, first: 100) {
+                pageInfo {
+                  hasNextPage
+                  endCursor
+                }
+                nodes {
+                  iid
+                  widgets(onlyTypes: [STATUS]) {
+                    ... on WorkItemWidgetStatus {
+                      status {
+                        id
+                        name
+                      }
+                    }
+                  }
+                }
+              }
+            }
+          }
+        GRAPHQL
+
+        status_by_iid = {}
+
+        iids.each_slice(100) do |iids_batch|
+          after_cursor = nil
+
+          loop do
+            response = graphql_network.adapter.query_raw(
+              query,
+              resource_path: [options.source.singularize, 'workItems'],
+              variables: { source: source_full_path, iids: iids_batch, after: after_cursor }
+            )
+
+            Array.wrap(response[:results]).each do |wi|
+              wi = wi.deep_transform_keys(&:underscore).with_indifferent_access
+              status_widget = Array.wrap(wi[:widgets]).find { |w| w[:status].present? }
+              status_by_iid[wi[:iid].to_s] = status_widget.dig(:status, :name) if status_widget
+            end
+
+            break unless response[:more_pages]
+
+            after_cursor = response[:end_cursor]
+          end
+        end
+
+        status_by_iid
+      end
+
       def build_graphql_query(resource_type, conditions, graphql_only = false)
         Gitlab::Triage::GraphqlQueries::QueryBuilder
           .new(options.source, resource_type, conditions, graphql_only: graphql_only)

data/lib/gitlab/triage/filters/base_conditions_filter.rb

@@ -7,16 +7,6 @@ module Gitlab
   module Triage
     module Filters
       class BaseConditionsFilter
-        def initialize(resource, condition)
-          @resource = resource
-          validate_condition(condition)
-          initialize_variables(condition)
-        end
-
-        def calculate
-          raise NotImplementedError
-        end
-
         def self.filter_parameters
           []
         end
@@ -45,6 +35,16 @@ module Gitlab
           end
         end
 
+        def initialize(resource, condition)
+          @resource = resource
+          validate_condition(condition)
+          initialize_variables(condition)
+        end
+
+        def calculate
+          raise NotImplementedError
+        end
+
         private
 
         def validate_condition(condition)

data/lib/gitlab/triage/filters/member_conditions_filter.rb

@@ -10,11 +10,6 @@ module Gitlab
         SOURCES = %w[project group].freeze
         CONDITIONS = %w[member_of not_member_of].freeze
 
-        def initialize(resource, condition, network = nil)
-          @network = network
-          super(resource, condition)
-        end
-
         def self.filter_parameters
           [
             {
@@ -34,6 +29,11 @@ module Gitlab
           ]
         end
 
+        def initialize(resource, condition, network = nil)
+          @network = network
+          super(resource, condition)
+        end
+
         def initialize_variables(condition)
           @source = condition[:source].to_sym
           @condition = condition[:condition].to_sym

data/lib/gitlab/triage/filters/work_item_status_conditions_filter.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require_relative 'base_conditions_filter'
+
+module Gitlab
+  module Triage
+    module Filters
+      class WorkItemStatusConditionsFilter < BaseConditionsFilter
+        def initialize_variables(condition)
+          @expected_statuses = Array(condition).map(&:downcase)
+        end
+
+        def calculate
+          return false unless @resource[:work_item_status]
+
+          @expected_statuses.include?(@resource[:work_item_status].downcase)
+        end
+      end
+    end
+  end
+end

data/lib/gitlab/triage/graphql_network.rb

@@ -49,6 +49,26 @@ module Gitlab
           .map { |resource| normalize(resource) }
       end
 
+      def mutate(graphql_mutation, variables = {})
+        return if graphql_mutation.blank?
+
+        print '.'
+
+        parsed_mutation = adapter.parse(graphql_mutation)
+
+        response = adapter.mutate(
+          parsed_mutation,
+          variables: variables
+        )
+
+        rate_limit_debug(response) if options.debug
+        rate_limit_wait(response)
+
+        response.delete(:results)
+          &.deep_transform_keys(&:underscore)
+          &.with_indifferent_access
+      end
+
       private
 
       def normalize(resource)
@@ -75,8 +95,11 @@ module Gitlab
       def rate_limit_wait(response)
         return unless response.delete(:ratelimit_remaining) < MINIMUM_RATE_LIMIT
 
-        puts Gitlab::Triage::UI.debug "Rate limit almost exceeded, sleeping for #{response[:ratelimit_reset_at] - Time.now} seconds" if options.debug
-        sleep(1) until Time.now >= response[:ratelimit_reset_at]
+        reset_at = response[:ratelimit_reset_at]
+        return unless reset_at
+
+        puts Gitlab::Triage::UI.debug "Rate limit almost exceeded, sleeping for #{reset_at - Time.now} seconds" if options.debug
+        sleep(1) until Time.now >= reset_at
       end
     end
   end

data/lib/gitlab/triage/graphql_queries/query_builder.rb

@@ -8,6 +8,23 @@ module Gitlab
   module Triage
     module GraphqlQueries
       class QueryBuilder
+        BASE_QUERY = <<~GRAPHQL
+          query(%{resource_declarations}) {
+            %{source_type}(fullPath: $source) {
+              id
+              %{resource_type}(after: $after%{resource_query}) {
+                pageInfo {
+                  hasNextPage
+                  endCursor
+                }
+                nodes {
+                  id iid title updatedAt createdAt webUrl projectId %{resource_fields}
+                }
+              }
+            }
+          }
+        GRAPHQL
+
         def initialize(source_type, resource_type, conditions, graphql_only: false)
           @source_type = source_type.to_s.singularize
           @resource_type = resource_type
@@ -45,23 +62,6 @@ module Gitlab
 
         attr_reader :source_type, :resource_type, :conditions, :graphql_only, :resource_declarations
 
-        BASE_QUERY = <<~GRAPHQL
-          query(%{resource_declarations}) {
-            %{source_type}(fullPath: $source) {
-              id
-              %{resource_type}(after: $after%{resource_query}) {
-                pageInfo {
-                  hasNextPage
-                  endCursor
-                }
-                nodes {
-                  id iid title updatedAt createdAt webUrl projectId %{resource_fields}
-                }
-              }
-            }
-          }
-        GRAPHQL
-
         def vote_attribute
           @vote_attribute ||= (conditions.dig(:votes, :attribute) || conditions.dig(:upvotes, :attribute)).to_s
         end

data/lib/gitlab/triage/limiters/base_limiter.rb

@@ -6,6 +6,10 @@ module Gitlab
   module Triage
     module Limiters
       class BaseLimiter
+        def self.limiter_parameters
+          []
+        end
+
         def initialize(resources, limit)
           @resources = initialize_resources(resources)
           validate_limit(limit)
@@ -16,10 +20,6 @@ module Gitlab
           raise NotImplementedError
         end
 
-        def self.limiter_parameters
-          []
-        end
-
         private
 
         def initialize_variables(limit); end

data/lib/gitlab/triage/network.rb

@@ -14,6 +14,10 @@ module Gitlab
         graphql.query(...)
       end
 
+      def mutate_graphql(...)
+        graphql.mutate(...)
+      end
+
       def query_api_cached(url)
         restapi.query_api_cached(url)
       end

data/lib/gitlab/triage/network_adapters/graphql_adapter.rb

@@ -13,34 +13,118 @@ module Gitlab
       class GraphqlAdapter < BaseAdapter
         Client = GraphQL::Client
 
+        RawDocument = Struct.new(:query_string) do
+          def to_query_string
+            query_string
+          end
+        end
+
         def query(graphql_query, resource_path: [], variables: {})
           response = client.query(graphql_query, variables: variables, context: { token: options.token })
 
           raise_on_error!(response)
 
-          parsed_response = parse_response(response, resource_path)
           headers = response.extensions.fetch('headers', {})
+          node = plain_node(parse_response(response, resource_path))
 
-          graphql_response = {
-            ratelimit_remaining: headers['ratelimit-remaining'].to_i,
-            ratelimit_reset_at: Time.at(headers['ratelimit-reset'].to_i)
-          }
-
-          return graphql_response.merge(results: {}) if parsed_response.nil?
-          return graphql_response.merge(results: parsed_response.map(&:to_h)) if parsed_response.is_a?(Client::List)
-          return graphql_response.merge(results: parsed_response.to_h) unless parsed_response.nodes?
+          build_graphql_response(node, headers)
+        end
 
-          graphql_response.merge(
-            more_pages: parsed_response.page_info.has_next_page,
-            end_cursor: parsed_response.page_info.end_cursor,
-            results: parsed_response.nodes.map(&:to_h)
+        # Executes a raw query string directly through the HTTP layer, skipping
+        # GraphQL::Client schema validation (client.parse). Required for queries
+        # that reference experiment-tagged fields/arguments: GitLab hides those
+        # from introspection but executes them at runtime, so the client-side
+        # validator would otherwise reject a perfectly valid query.
+        #
+        # Returns the same shape as #query so callers can be source-agnostic.
+        def query_raw(query_string, resource_path: [], variables: {})
+          raw = http_client.execute(
+            document: RawDocument.new(query_string),
+            variables: variables,
+            context: { token: options.token }
           )
+
+          errors = raw['errors']
+          raise "There was an error: #{errors.to_json}" if errors.present?
+
+          headers = raw.dig('extensions', 'headers') || {}
+          node = resource_path.reduce(raw['data']) { |data, segment| data&.fetch(segment, nil) }
+
+          build_graphql_response(node, headers)
+        end
+
+        def mutate(graphql_mutation, variables: {})
+          response = client.query(graphql_mutation, variables: variables, context: { token: options.token })
+
+          raise_on_error!(response)
+
+          parsed_response = response.data
+          headers = response.extensions.fetch('headers', {})
+
+          {
+            ratelimit_remaining: headers['ratelimit-remaining'].to_i,
+            ratelimit_reset_at: Time.at(headers['ratelimit-reset'].to_i),
+            results: parsed_response.to_h
+          }
         end
 
         delegate :parse, to: :client
 
         private
 
+        # Shared response assembly for both #query and #mutate (parsed path) and
+        # #query_raw (raw path). Takes a plain-Ruby node (Hash/Array/nil) and the
+        # rate-limit headers, and produces the canonical response shape:
+        # { ratelimit_*, [more_pages, end_cursor], results }.
+        def build_graphql_response(node, headers)
+          response = {
+            ratelimit_remaining: rate_limit_remaining(headers),
+            ratelimit_reset_at: rate_limit_reset_at(headers)
+          }
+
+          return response.merge(results: {}) if node.nil?
+
+          if node.is_a?(Hash) && node.key?('nodes')
+            page_info = node['pageInfo'] || {}
+            response.merge(
+              more_pages: page_info['hasNextPage'] || false,
+              end_cursor: page_info['endCursor'],
+              results: node['nodes']
+            )
+          else
+            response.merge(results: node)
+          end
+        end
+
+        # When the rate-limit headers are absent (e.g. a server that doesn't send
+        # them), treat the limit as not-a-concern rather than coercing a missing
+        # header to 0/1970, which would otherwise trip rate_limit_wait.
+        def rate_limit_remaining(headers)
+          value = headers['ratelimit-remaining']
+          value.present? ? value.to_i : Float::INFINITY
+        end
+
+        def rate_limit_reset_at(headers)
+          value = headers['ratelimit-reset']
+          Time.at(value.to_i) if value.present?
+        end
+
+        # Converts a parsed GraphQL::Client response node into plain Ruby so the
+        # shared builder only ever deals with Hash/Array, never client objects.
+        def plain_node(parsed_response)
+          return if parsed_response.nil?
+          return parsed_response.map(&:to_h) if parsed_response.is_a?(Client::List)
+          return parsed_response.to_h unless parsed_response.nodes?
+
+          {
+            'nodes' => parsed_response.nodes.map(&:to_h),
+            'pageInfo' => {
+              'hasNextPage' => parsed_response.page_info.has_next_page,
+              'endCursor' => parsed_response.page_info.end_cursor
+            }
+          }
+        end
+
         def parse_response(response, resource_path)
           resource_path.reduce(response.data) { |data, resource| data&.send(resource) } # rubocop:disable GitlabSecurity/PublicSend
         end

data/lib/gitlab/triage/policies/base_policy.rb

@@ -56,7 +56,7 @@ module Gitlab
 
         def comment?
           # The actual keys are strings
-          (actions.keys.map(&:to_sym) - [:summarize, :comment_on_summary, :delete, :issue]).any?
+          (actions.keys.map(&:to_sym) - [:summarize, :comment_on_summary, :delete, :issue, :work_item_status]).any?
         end
 
         def issue?
@@ -67,6 +67,10 @@ module Gitlab
           actions.key?(:delete) && actions[:delete]
         end
 
+        def work_item_status?
+          actions.key?(:work_item_status)
+        end
+
         def build_issue
           raise NotImplementedError
         end

data/lib/gitlab/triage/version.rb

@@ -2,6 +2,6 @@
 
 module Gitlab
   module Triage
-    VERSION = '1.50.0'
+    VERSION = '1.51.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-triage
 version: !ruby/object:Gem::Version
-  version: 1.50.0
+  version: 1.51.0
 platform: ruby
 authors:
 - GitLab
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-03-27 00:00:00.000000000 Z
+date: 2026-06-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -239,6 +239,7 @@ files:
 - lib/gitlab/triage/action/delete.rb
 - lib/gitlab/triage/action/issue.rb
 - lib/gitlab/triage/action/summarize.rb
+- lib/gitlab/triage/action/work_item_status.rb
 - lib/gitlab/triage/api_query_builders/base_query_param_builder.rb
 - lib/gitlab/triage/api_query_builders/date_query_param_builder.rb
 - lib/gitlab/triage/api_query_builders/multi_query_param_builder.rb
@@ -273,6 +274,7 @@ files:
 - lib/gitlab/triage/filters/no_additional_labels_conditions_filter.rb
 - lib/gitlab/triage/filters/ruby_conditions_filter.rb
 - lib/gitlab/triage/filters/votes_conditions_filter.rb
+- lib/gitlab/triage/filters/work_item_status_conditions_filter.rb
 - lib/gitlab/triage/graphql_network.rb
 - lib/gitlab/triage/graphql_queries/query_builder.rb
 - lib/gitlab/triage/graphql_queries/query_param_builders/array_param_builder.rb