Inspiration
As AI agents and automated workflows become more integrated into the software development lifecycle, I realized that governance and validation are often overlooked. A small misconfiguration in an AI flow file can silently break automation or introduce instability into a project. I was inspired to build a solution that removes this risk by enforcing structured validation before AI workflows are merged. The idea was simple: if we can automate code testing, why not automate AI workflow validation as well?
What it does
AI Flow Guardian automatically validates AI flow configurations during every Merge Request. Whenever a developer modifies a file inside the flows/ directory and opens a Merge Request, a policy-enforced CI pipeline runs schema validation using GitLab Duo’s Agent Platform. If the configuration is valid, the pipeline passes and the merge proceeds. If it is invalid, the pipeline fails and blocks the merge. This ensures that only compliant, well-structured AI workflows reach the main branch.
How we built it
The project was built using GitLab Duo’s Flow Catalog and policy-enforced CI pipelines. I started by customizing the provided flow template and implementing a public AI flow configuration inside the flows/ directory. Then, I leveraged the built-in validation mechanism triggered by the hackathon’s CI policy. Each time a Merge Request is created, the ai-catalog validation job checks the schema structure of the flow file. I iteratively refined the YAML configuration until it passed validation successfully. The entire workflow was developed and tested using GitLab’s Web IDE and Merge Request system.
Challenges we ran into
One of the biggest challenges was understanding how policy-enforced pipelines work, since there was no .gitlab-ci.yml file in the repository. Initially, it was confusing why pipelines were running automatically. I had to carefully analyze the logs to understand that validation was being triggered by a project-level policy. Another challenge was debugging schema validation errors when the flow configuration didn’t match the required format. Through trial, error, and log inspection, I learned how the schema enforcement mechanism works internally.
Accomplishments that we're proud of
I am proud of successfully implementing automated AI flow governance using GitLab Duo without modifying the underlying CI configuration. The solution cleanly integrates validation into the development workflow and demonstrates how AI workflows can be governed in a structured and scalable way. Most importantly, the system prevents invalid AI configurations from being merged, which aligns perfectly with the hackathon goal of removing friction from the software development lifecycle.
What we learned
This project deepened my understanding of GitLab Duo’s Agent Platform, flow schemas, and policy-based CI enforcement. I learned how Merge Request triggers, validation components, and catalog publishing mechanisms work together. It also reinforced the importance of automation in governance — especially as AI agents become more common in production environments. Even small configuration-level automation can significantly improve reliability and developer confidence.
What's next for AI Flow Guardian – Automated MR Validation with GitLab Duo
The next step is to enhance the solution beyond schema validation. Future improvements could include severity-based classification of flow misconfigurations, automatic Merge Request comments explaining validation failures, dependency risk scanning, and AI-driven suggestions for fixing configuration errors. Expanding this concept into a full AI governance framework could help teams safely scale AI automation across larger and more complex projects.
Built With
- ci/cd
- gitlab
- gitlab-duo-agents
Log in or sign up for Devpost to join the conversation.