Ai Repopilot Flow

Inspiration

Modern software development is still filled with friction. Developers spend hours understanding unfamiliar repositories, planning changes, writing code, reviewing it, and addressing security concerns before even opening a merge request.

We asked a simple question:

What if one system could act like an entire engineering team?

RepoPilot was inspired by the idea of compressing the developer workflow — from understanding a repo to shipping a merge request — into a single, intelligent pipeline inside GitLab.

What it does

RepoPilot is a multi-agent system inside GitLab that automates the full development lifecycle:

🧠 Understands any repository (structure, stack, risks) 🧩 Plans scoped improvements based on a task ⚙️ Generates implementation as file-level changes 🔍 Reviews the changes like a senior engineer 🔐 Analyzes security risks and CI/CD concerns 🚀 Creates a branch, commit, and merge request automatically

All of this is triggered directly from a GitLab issue using simple commands.

👉 In seconds, RepoPilot can take a messy repo and produce a production-ready merge request.

How we built it

We built RepoPilot using the GitLab Duo Agent Platform, leveraging:

Custom Agents Intake Agent → repository analysis Planning Agent → task scoping Implementation Agent → execution-ready changes Review Agent → quality & correctness checks Security Agent → risk analysis Execution Agent → commit + merge request creation Custom Flows Each agent runs as a GitLab-native flow Triggered via issue mentions (@ai-...) Uses GitLab tools like: get_project list_repository_tree get_repository_file gitlab_blob_search create_commit create_merge_request Structured JSON contracts Each agent produces structured outputs Downstream agents consume and refine them Ensures consistency and composability Execution-ready design Implementation outputs are formatted to be directly converted into GitLab commit actions

Challenges we ran into

⚠️ Flow orchestration limitations Chaining multiple agents in a single flow was tricky due to input/output constraints and token limits. ⚠️ Tool invocation issues Getting create_commit to work required restructuring outputs into exact action formats. ⚠️ Balancing safety vs automation We had to ensure agents don’t blindly modify code — introducing validation, review, and security steps. ⚠️ Token limits with large contexts Passing too much data between agents caused failures, so we redesigned flows to be modular and efficient.

Accomplishments that we're proud of

🚀 Built a full AI development pipeline, not just a chatbot 🔗 Designed a multi-agent system that mirrors a real engineering team 🛠️ Successfully generated execution-ready code changes 🔍 Implemented automated code review and security analysis 📦 Enabled automatic merge request creation inside GitLab

What we learned

AI agents are most powerful when specialized and composable, not monolithic Structured outputs (JSON contracts) are critical for chaining intelligence Real developer workflows require: planning validation review security — not just code generation The biggest value is not generating code — it’s reducing decision-making overhead

What's next for Ai Repopilot Flow

🔄 Fully automated orchestration flow (single trigger → full pipeline) 🤖 Auto-fix loop (Review → Implementation → retry until approved) 🔐 Deeper security integration (SAST, dependency scanning) 🧪 Test generation and execution 🧵 Multi-PR workflows for larger tasks 📊 Confidence scoring + rollout strategies 🌍 Support for multiple repos and cross-project changes