ArcGuard

ArcGuard turns every merge request into a confidence report - catching architecture drift, flaky-test risk, rollback hazards, and review bottlenecks before bad changes reach production.

Comment

Inspiration

Software teams are not blocked by writing code anymore. They are blocked by trust.

A merge request can pass tests and still be dangerous. It can quietly introduce architecture drift, increase review complexity, break rollback safety, hide flaky behavior, or make the system harder to reason about later. Most teams only discover that too late — during review churn, release delays, or production incidents.

I built ArcGuard to solve that gap.

Instead of creating another AI chatbot for developers, I wanted to build something that acts inside the real software delivery workflow: a system that reacts to merge requests, inspects risk from multiple angles, and produces a clear confidence verdict backed by evidence. The goal was simple: help teams ship changes with proof, not hope.

What it does

ArcGuard is an AI-powered merge confidence system for GitLab Duo flows.

When a merge request is triggered for analysis, ArcGuard generates a structured Merge Confidence Report that helps developers and reviewers understand whether the change is actually safe to merge.

ArcGuard analyzes the merge request across multiple dimensions:

  • Architecture Drift — detects boundary violations, risky coupling, and structural regression
  • Review Minimap — groups changed files into semantic review zones so reviewers can focus faster
  • Intent Contracts — checks whether the intended change matches the code, tests, and documentation
  • Flake Witness — surfaces flaky-test evidence and explains reproducibility risk
  • Rollback Reality — evaluates whether the change is truly reversible or only appears safe
  • CI Waste / Sustainability — estimates avoidable CI work and highlights operational waste
  • Final Confidence Verdict — returns a clear outcome such as Safe to Merge, Needs Fixes, or Blocked

The result is a calmer, more inspectable review process with evidence instead of guesswork.

How I built it

I built ArcGuard as a GitLab Duo flow backed by a shared deterministic analysis engine and a polished interactive demo interface.

The project has two main parts:

  1. A GitLab-native flow

    • reacts to merge request-related triggers
    • runs analysis logic on seeded merge request scenarios
    • produces a structured confidence-style output

  2. A companion web experience

    • visualizes the same analysis engine in a clean, high-end interface
    • lets users switch between low-, medium-, and high-risk scenarios
    • exposes the evidence behind each verdict for demo and inspection

On the technical side, I used a modern TypeScript stack and built the project around:

  • a shared scoring engine
  • structured seeded merge request data
  • reusable analysis rules
  • responsive UI components
  • data visualizations for confidence scoring
  • accessible, premium front-end design
  • a dark, cinematic design language to make the product feel like a serious devtools platform

A key part of the implementation was making sure the verdicts were not just hardcoded labels. The confidence score is driven by actual scenario inputs and weighted analysis across architecture, reviewability, intent alignment, flake risk, rollback safety, and CI waste.

Challenges I ran into

One of the hardest challenges was avoiding the trap of building “just another AI reviewer.”

It is easy to generate lots of comments. It is much harder to generate high-value signals that developers would actually trust. I had to think carefully about how to compress complexity into something actionable instead of noisy.

Another challenge was product scope. ArcGuard touches several pain points at once — architecture, testing, rollback, review complexity, and sustainability — so the real difficulty was turning those into one cohesive story instead of a collection of disconnected checks.

The front-end was also a major challenge. I wanted the product to feel premium and memorable, not like a typical hackathon dashboard. That meant iterating heavily on typography, spacing, hierarchy, motion, section composition, and responsiveness across multiple screen sizes.

Finally, I had to balance realism with demo clarity. The system needed to feel credible and technical, while still being understandable enough to show in a short demo.

Accomplishments that I'm proud of

I’m most proud that ArcGuard feels like a real product, not just a concept.

Specifically, I’m proud that:

  • it frames the problem around merge confidence, which is a strong and practical product concept
  • it goes beyond chatbot behavior and focuses on triggered workflow analysis
  • it combines multiple risk dimensions into one readable confidence report
  • it has a polished, premium interface that makes the product easy to understand quickly
  • it treats CI waste and sustainability as part of software delivery quality, not an afterthought
  • it keeps the experience interactive and evidence-driven instead of static

I’m also proud that ArcGuard is highly demoable: a user can load a scenario, run the analysis, inspect the reasoning, and immediately understand why a merge should pass, be fixed, or be blocked.

What I learned

This project reinforced a big lesson for me: the most useful AI systems in software engineering are not the ones that generate the most code — they are the ones that reduce uncertainty.

I also learned that good developer tooling is as much about product design as it is about engineering. A technically smart system is not enough if the outputs are noisy, hard to trust, or hard to read.

From a technical perspective, I learned a lot about:

  • designing deterministic scoring systems
  • turning structured data into believable risk analysis
  • building a cohesive UI around complex engineering signals
  • balancing dense information with clarity and usability
  • making a project feel product-grade through polish, consistency, and restraint

Most importantly, I learned how powerful it is to design around a real workflow bottleneck instead of a flashy feature.

What's next for ArcGuard

ArcGuard’s next step is becoming a fuller merge governance layer for modern software teams.

Planned improvements include:

  • real repository integration for deeper MR and file analysis
  • auto-remediation suggestions for detected issues
  • team-specific policy packs for monoliths, microservices, and regulated environments
  • smarter reviewer guidance based on ownership and risk concentration
  • historical confidence trends across merge requests over time
  • deployment-aware analysis that connects MR risk to release risk
  • stronger sustainability insights for reducing CI waste and engineering energy cost

The long-term vision for ArcGuard is to answer one critical question before code reaches production:

Can this change truly be trusted enough to ship?

Built With

  • framer-motion
  • gitlab-custom-flows
  • gitlab-duo-agent-platform
  • lucide-icons
  • next.js
  • node.js
  • pnpm
  • react
  • recharts
  • shadcn/ui
  • tailwind-css
  • typescript
  • vercel
  • zod
Share this project:

Updates