Inspiration
Code review is one of the most important parts of the SDLC, but it is also one of the noisiest. Developers often have to sort through low-value comments, unclear risks, and merge requests that hide one critical issue among many harmless changes.
We wanted to build something that cuts through that noise.
Instead of acting like a generic review bot that comments on everything, we built GitLab AI Code Review Agent to focus on the single highest-risk issue in a merge request, suggest the smallest safe remediation, and provide a clear review note directly inside GitLab. The inspiration was simple: make code review more focused, more useful, and more actionable.
What it does
GitLab AI Code Review Agent is an AI-powered GitLab agent and flow that reviews merge requests and identifies the top merge blocker.
It: gathers merge request context analyzes the most important risk in the change estimates confidence chooses an action mode suggests a minimal patch recommends focused regression tests posts a high-signal review note in GitLab
Rather than overwhelming developers with a long list of minor comments, it prioritizes the issue that matters most for merge safety.
How we built it
We built the project on the GitLab Duo Agent Platform using a custom agent and flow.
The flow was designed to keep the system focused and practical:
gather merge request context inspect merge request details inspect pipeline errors when relevant identify the top risk generate a concise remediation path post the result as a GitLab review note
We also created supporting Python utilities to:
analyze changed files score risk generate minimal patch suggestions generate focused test suggestions format the final review artifact
We structured the repository so the project is easy to understand, test, and demo, with agent definitions, flow definitions, prompts, helper scripts, and demo assets all clearly separated.
Challenges we ran into
One of the biggest challenges was resisting the urge to make the agent do too much.
Early on, it was tempting to make it behave like a broad review assistant that commented on everything. That made the output noisier and less useful. We had to narrow the system so it focused on one top issue, one confidence estimate, and one action mode.
Another challenge was working through flow and schema setup details on the GitLab platform. Getting the YAML structure, tools, and project configuration aligned took iteration.
We also had to think carefully about what should be done by the actual AI agent versus what should be handled by local support scripts. That forced us to design a cleaner separation between:
AI reasoning and GitLab workflow behavior supporting utilities for formatting and local testing Accomplishments that were proud of
We are proud that the project feels like a real SDLC tool rather than just a prompt demo.
In particular, we are proud that:
the agent is focused and intentional the flow is built around a real GitLab workflow the output is concise, structured, and actionable the system emphasizes remediation, not just detection the project is easy to understand from the repo itself
We are also proud of the decision to focus on top-issue prioritization instead of generic code review spam. That made the project more distinctive and more practical.
What we learned
We learned that strong AI agents are not just about good prompts. They also depend on:
clear workflow design strong scope boundaries high-quality context useful output structure integration into a real developer workflow
We also learned that in the SDLC, precision matters more than volume. A smaller number of higher-value recommendations is often much more useful than a large number of shallow comments.
Most importantly, we learned that the best AI review experiences are the ones that help developers take action quickly.
Whats next for GitLab AI Code Review Agent
The next step is to make the agent even more autonomous and repository-aware.
Future improvements include:
automatically creating commits for high-confidence remediations deeper multi-file reasoning stronger repository-specific behavior through AGENTS.md smarter correlation between merge request changes and pipeline failures broader support for additional risky SDLC scenarios improved team-level customization for review policies and coding standards
Long term, we see this becoming a more complete merge request hardening assistant that helps teams move faster while reducing risk.
Built With
- duo
- python
Log in or sign up for Devpost to join the conversation.