ARIA: Autonomous Incident Response Agent

Stop production incidents before users are affected. ARIA automatically analyzes pipeline failures, proposes fixes, and generates compliance evidence all in under 5 minutes, with human approval.

Comment

Inspiration

Production incidents are expensive. Teams spend 30–120 minutes diagnosing failures while users see downtime. We built ARIA Gatekeeper to compress that window: pipeline fails → analysis → fix proposed in under 5 minutes, with zero manual log-reading and full compliance audit trails baked in.

What it does

ARIA Gatekeeper is a multi-agent flow that automatically:

  1. Triages pipeline failures in 10 seconds
  2. Analyzes repository + logs (read-only) in 90 seconds
  3. Proposes fixes as draft MRs with full reasoning
  4. Generates SOC2/ISO27001 compliance evidence automatically
  5. Tracks environmental impact (CO₂ footprint of failed deploys)

All MRs require human review. No auto-merge. No touched protected branches.

Proof: <45 seconds from webhook to draft MR. Tested end-to-end.

How I built it

  • Flow: YAML-based GitLab Agent Platform orchestration (Triage → Reader → Writer agents)
  • Safety: Separated read and write operations across agents; confidence thresholds (85%+ auto-draft, <85% escalate)

Challenges I ran into

  1. No Maintainer access → Worked around with CI on_failure jobs instead of native webhooks
  2. Signal vs. noise in logs → Agents forced to quote specific error lines before proposing diagnosis
  3. When to auto-execute vs. escalate → Tuned confidence thresholds per error type
  4. Webhook idempotency → Added composite keys (pipeline ID + commit SHA) to prevent duplicate MRs

Accomplishments that I'm proud of

End-to-end automation: Webhook → Draft MR in <45 seconds
Audit-ready by default: SOC2 trails generated automatically
Multi-agent safety: Reader agents are read-only; writers execute only approved steps

What I learned

  • Agent specialization > monolithic agent — Three focused agents = fewer hallucinations
  • Confidence thresholds matter more than speed — Safe escalation > fast but risky auto-fixes
  • Untrusted input = agent sabotage — Strict validation prevents prompt injection from webhook payloads
  • Compliance is a feature — Teams care about audit trails as much as speed

What's next

  1. Cross-project correlation: Link failures across repos automatically
  2. Feedback loop: Track accepted vs. rejected recommendations; auto-improve prompts

Built With

  • gitlab-agent-platform
  • gitlab-ci/cd
  • yaml
Share this project:

Updates