ShipSafe

Autonomous multi-agent MR review system. Assign ShipSafe as a reviewer. Get comprehensive security, quality, and sustainability analysis instantly. Zero configuration, maximum coverage.

Comment

ShipSafe: Autonomous Multi-Agent MR Review System

You assign a reviewer. ShipSafe ships confidence.

ShipSafe is an autonomous merge request review system built on the GitLab Duo Agent Platform. It orchestrates a team of specialized AI agents that analyze your code changes for security vulnerabilities, code quality issues, test coverage gaps, and environmental sustainability, then posts a unified, actionable review directly on your merge request.

No manual steps. No context switching. Just assign ShipSafe as a reviewer and ship with confidence.

The Problem

Modern development teams face a painful bottleneck: code review is slow, inconsistent, and incomplete.

  • Security reviews happen too late (or not at all) for most MRs
  • Code quality feedback varies wildly depending on who reviews
  • Test coverage gaps slip through because reviewers focus on logic, not coverage
  • Pipeline efficiency is never reviewed. CI/CD waste accumulates silently
  • Developers wait hours or days for reviews, blocking their flow

The result: teams choose between shipping fast and shipping safe. They shouldn't have to.

The Solution

ShipSafe eliminates this trade-off with a flow of specialized AI agents that activate automatically on every merge request:

MR Created/Updated
        |
   [Assign @ai-shipsafe-review as reviewer]
        |
   [1. Context Gatherer] - Fetches MR diffs, pipeline status, security scans
        |
   ┌────┼────┐
   |    |    |
   v    v    v
  [2a] [2b] [2c]    (Parallel analysis agents)
   |    |    |
   Security  Quality  Green
   Sentinel  Analyzer Advisor
   |    |    |
   └────┼────┘
        |
   [3. Review Compiler] - Unifies findings into one structured review note
        |
   [MR Note Posted] - Actionable, scannable, consistent review

What Each Agent Does

Agent Role Key Capabilities
Context Gatherer Collects all MR data Fetches diffs, pipeline status, security scan results, file contents
Security Sentinel Security vulnerability analysis OWASP Top 10, hardcoded secrets, injection flaws, auth issues, crypto weaknesses
Quality & Test Analyzer Code quality and test gap detection Design patterns, error handling, performance, SOLID principles, missing test cases
Green Pipeline Advisor Sustainability analysis Pipeline efficiency, compute waste, resource optimization, carbon-aware recommendations
Review Compiler Unified review output Compiles all findings into a single structured MR note with verdicts

Features

  • Fully Autonomous: Triggered by reviewer assignment or @mention (zero manual steps)
  • Multi-Agent Orchestration: 5 specialized agents working in a coordinated flow
  • Parallel Analysis: Security, quality, and sustainability checks run concurrently
  • Structured Output: Every review follows a consistent format with severity ratings and verdicts
  • Actionable Findings: Every issue includes specific remediation steps, not just descriptions
  • Green by Design: Includes sustainability scoring to help teams reduce their CI/CD carbon footprint
  • Zero Configuration: Works out of the box on any GitLab project. No setup beyond enabling the flow

Built With

  • anthropic-claude-sonnet
  • gitlab-duo-agent-platform
  • gitlab-flow-registry
  • python
  • yaml
Share this project:

Updates