Inspiration
Modern microservices and large monolithic repositories suffer from the same fundamental problem: context isolation. A developer modifies a seemingly harmless utility file (e.g., utils.py), tests it locally, and opens a Merge Request. Because they lack architectural visibility, they don't realize the billing and authentication services deeply depend on that function. The code merges, and production breaks.
We were inspired by GitLab Orbit because standard AI code assistants only look at text syntax—they lack the structural dependency context of the repository. We wanted to build an agent that provides immediate structural awareness to developers before they merge.
What it does
Blast Radius Reviewer Assigner is an ambient AI agent that natively evaluates the structural impact of code changes. When a developer opens a Merge Request, the agent automatically:
- Triggers Ambiently: It wakes up in the background via GitLab Duo's event system.
- Analyzes Scope: It identifies exactly which files were modified in the MR.
- Calculates Blast Radius: It simulates a traversal of the repository's dependency graph (representing a GitLab Orbit query) to find hidden downstream dependents.
- Enforces Quality: It natively posts a "💥 Blast Radius Analysis" report as a public comment, explicitly warning the developer about affected downstream services and suggesting that the specific code owners of those components be added as reviewers.
How we built it
We prioritized building a 100% native integration using the GitLab Duo Agent Platform rather than a detached, independent webhook service.
- We architected a Custom Flow using the platform's experimental YAML schema (
version: "v1"). - We defined an
AgentComponentconfigured for anambientenvironment, allowing it to run securely on GitLab's managed compute infrastructure. - We routed the flow to trigger on
Merge request readyandAssign reviewerevents. - We engineered a strictly compliant
prompt_templatethat dynamically injects the MR{{goal}}context and leverages the platform's nativeui_log_eventsand toolsets to output the report.
Challenges we ran into
Building on an experimental platform meant dealing with undocumented, highly strict YAML schema validations. We spent a significant amount of time reverse-engineering the compilation engine's expectations for components, routers, unit_primitives, and toolsets.
Additionally, we encountered the platform's impressive internal safety guardrails! When we initially prompted the agent to output a hardcoded simulation of an Orbit graph traversal with fake file names, the LLM actively refused to execute the prompt, recognizing it as an instruction to fabricate misleading technical data. We had to carefully redesign our prompt engineering to generate compliant, generalized structural warnings that maintained architectural integrity.
Accomplishments that we're proud of
We are incredibly proud that we didn't just build a standalone API script; we successfully navigated the strict internal schemas of the GitLab Duo Agent Platform to deploy a native, serverless AI workflow. We successfully proved the end-to-end architecture: from event trigger, to ambient agent reasoning, to native UI output.
What we learned
We gained a profound understanding of the Duo Agent Platform's compilation pipeline and internal routing mechanisms. More importantly, we learned that giving AI structural context (how files relate to each other) is infinitely more valuable for enterprise code review than just giving it textual context (what the code says).
What's next for Blast Radius
For this hackathon MVP, we constructed the agent to output a simulated structural warning. Our immediate next step is to replace the simulated prompt logic with a direct, live API hook into the GitLab Orbit Knowledge Graph. This will allow the agent to dynamically query the live AST and dependency trees, map the exact file paths in real-time, and automatically tag the actual @codeowners of those downstream services as required reviewers.



Log in or sign up for Devpost to join the conversation.