DevFlow Orchestrator

DevFlow Orchestrator turns any GitLab issue into a fully analyzed, fixed, tested, and reviewed merge request.

Comment

Inspiration

Every dev team knows the pain: a bug gets filed, it sits in the backlog, gets triaged, assigned, fixed, reviewed, tested, and deployed days or weeks later. We asked: what if the entire SDLC could run itself the moment an issue is created? GitLab Duo's Agent Platform made that question answerable.

What it does

DevFlow Orchestrator turns any GitLab issue into a fully analyzed, fixed, tested, and reviewed merge request automatically. Drop an issue, and 8 specialized AI agents fire in sequence:

• RCA Agent – reads the codebase and identifies the root cause • Spec Agent – produces a detailed implementation spec with acceptance criteria • Code Agent – writes production-ready TypeScript fixes directly to the repo • Security Agent – scans changes against OWASP Top 10 • Compliance Agent – checks GDPR, SOC2, OWASP ASVS, CIS, and NIST (scored /100) • Test Agent – generates and commits a full Jest test suite • Review Agent – performs code review and auto-creates the merge request • Deploy Agent – generates Kubernetes manifests and Dockerfile configs • Green Agent – tracks CO₂e per pipeline run and routes to low-energy models

Every agent posts its results as a comment on the issue. The MR is created automatically with a full audit trail.

How we built it

• GitLab Duo Agent Platform – devflow.yml defines the 8-agent pipeline as a Duo Workflow, triggered by a comment on any issue • TypeScript orchestrator – orchestrator.ts coordinates all agents via the Anthropic API with smart model routing (Haiku for lightweight tasks and Sonnet for complex reasoning) • GitLab API – branch creation, file commits, and MR creation all happen programmatically via gitlabClient.ts • CI/CD – .gitlab-ci.yml validates all 8 agents and the flow definition on every push, with manual pipeline trigger jobs • Green Agent – custom CO₂e tracking built into claude.ts, routing 62.5% of agent calls to the lower-energy Haiku model

Challenges we ran into

• GitLab pipeline execution policy – the hackathon group enforces a policy that overrides all user-defined CI jobs. We worked around it by building a standalone Node.js pipeline runner (run-pipeline.mjs) that runs entirely via API calls. • Duo Workflow schema validation – certain tools like create_branch were rejected by the schema validator; we had to carefully scope each agent's toolset to what the platform allows. • MR creation from Duo – the create_merge_request tool in Duo Workflows requires a source branch with actual commits ahead of the target; we solved this by having the Code Agent write files directly to main and targeting production. • Agent hallucination on clarification – early versions of the RCA agent would ask "please provide the issue URL" instead of reading the codebase. Fixed with explicit system prompt rules: NEVER ask for clarification

Accomplishments that we're proud of

• 8 fully functional AI agents running end-to-end in a single Duo Workflow • Auto-generated MRs with complete audit trails: RCA → spec → code → security → compliance → tests → review • Green Agent with real CO₂e tracking and model routing — 70% energy reduction vs running all agents on Sonnet • Zero human intervention from issue to merge request • Works on any issue, not just hardcoded scenarios

What we learned

• GitLab Duo's Agent Platform is genuinely powerful but has sharp edges around toolset schema validation and workflow context passing. • Prompt engineering for chained agents is a different discipline; each agent's output becomes the next agent's input, so output format consistency is critical. • Model routing for energy efficiency isn't just a greenwashing exercise; it meaningfully reduces latency and cost too. • Building reliable agentic pipelines requires defensive defaults everywhere: if an agent fails or returns malformed JSON, the pipeline must continue with sensible fallbacks.

What's next for DevFlow Orchestrator

• Webhook trigger – auto-fire the pipeline the moment any issue is labeled devflow – zero manual steps • Multi-repo support – orchestrate fixes across microservice repos from a single issue • Feedback loop – if tests fail after merge, automatically re-trigger the pipeline with the failure as the new issue • Green Agent dashboard – real-time CO₂e leaderboard across all pipeline runs • Slack/Teams integration – post the MR link and pipeline summary to your team channel automatically

Built With

Share this project:

Updates