Explain vulnerability tool use claude 3.7

moves the /explain_vulnerability tool to use claude 3.7 behind a feature flag

ee/config/feature_flags/gitlab_com_derisk/explain_vulnerability_slash_commands_claude_3_7.yml

+---
+name: explain_vulnerability_slash_commands_claude_3_7
+feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/523299
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/183573
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/523442
+milestone: '17.10'
+group: group::security insights
+type: gitlab_com_derisk
+default_enabled: false

ee/lib/gitlab/llm/chain/tools/explain_vulnerability/executor.rb

@@ -81,6 +81,14 @@ def unit_primitive
               'explain_vulnerability'
             end
 
+            override :prompt_version
+            def prompt_version
+              return '0.0.1-dev' if Feature.enabled?(:explain_vulnerability_slash_commands_claude_3_7,
+                context.current_user)
+
+              DEFAULT_PROMPT_VERSION
+            end
+
             override :command_options
             def command_options
               {

ee/spec/lib/gitlab/llm/chain/tools/explain_vulnerability/executor_spec.rb

@@ -260,6 +260,7 @@
         let(:prompt_class) { ::Gitlab::Llm::Chain::Tools::ExplainVulnerability::Prompts::Anthropic }
         let(:unit_primitive) { 'explain_vulnerability' }
         let(:default_unit_primitive) { unit_primitive }
+        let(:prompt_version) { '0.0.1-dev' }
       end
     end
 
@@ -289,5 +290,48 @@
           .to eq('You already have the answer from ExplainVulnerability tool, read carefully.')
       end
     end
+
+    context 'when using claude 3.7 FF' do
+      include_context 'with stubbed LLM authorizer', allowed: true
+
+      before do
+        allow(Ability).to receive(:allowed?).with(user, :explain_vulnerability_with_ai, resource).and_return(true)
+        allow(tool).to receive(:provider_prompt_class).and_return(prompt_class)
+        allow(Gitlab::Llm::Chain::Requests::AiGateway).to receive(:new).with(user, {
+          service_name: :explain_vulnerability,
+          tracking_context: { request_id: nil, action: 'explain_vulnerability' }
+        }).and_return(ai_request_double)
+      end
+
+      context 'when FF is enabled' do
+        before do
+          stub_feature_flags(explain_vulnerability_slash_commands_claude_3_7: true)
+        end
+
+        it 'receives the new prompt version' do
+          expect(ai_request_double).to receive(:request).with(
+            hash_including(options: hash_including(prompt_version: '0.0.1-dev')),
+            unit_primitive: 'explain_vulnerability'
+          )
+
+          tool.execute
+        end
+      end
+
+      context 'when FF disabled' do
+        before do
+          stub_feature_flags(explain_vulnerability_slash_commands_claude_3_7: false)
+        end
+
+        it 'uses the old prompt version' do
+          expect(ai_request_double).to receive(:request).with(
+            hash_including(options: hash_including(prompt_version: '^1.0.0')),
+            unit_primitive: 'explain_vulnerability'
+          )
+
+          tool.execute
+        end
+      end
+    end
   end
 end