DuoOrbit FinOps

Cloud architecture moves fast, but hidden deployment costs, tech debt and inefficient CI/CD pipelines move faster. DuoOrbit FinOps is an agent that acts as a proactive guardrail for your cloud spend.

Comment

Inspiration

As engineering organizations rapidly adopt infrastructure-as-code (IaC) and multi-cloud data pipelines, deployment costs are decided long before code ever hits production. Unfortunately, traditional FinOps tools operate re actively - alerting engineering management only after an expensive Terraform apply or an unoptimized multi-stage CI/CD pipeline has already blown the budget. We wanted to build a truly proactive guardrail that empowers developers to see the exact financial and operational footprint of their cloud configurations directly inside their native workflow before clicking merge.

What it does

DuoOrbit FinOps is an autonomous, pre-merge FinOps agent built entirely on the GitLab Duo Agent Platform that shifts cloud cost-optimization all the way left into the Merge Request (MR) pipeline.

Whenever a developer opens or updates an MR that modifies IaC files (such as Terraform or CloudFormation scripts) or shifts resource-intensive GitLab CI/CD matrix setups, the agent intercepts the event. It uses GitLab Orbit to instantly map out the system context—tracing downstream architecture dependencies, multi-environment blast radiuses, and affected service graphs. The agent simulates these configurations against real-world cloud cost APIs to compute a precision financial delta. If it catches over-provisioned infrastructure, inefficient processing steps, or missing lifecycle policies, it goes beyond static linting: it leverages a custom Duo skill to autonomously generate optimized configuration rewrites and posts precision, line-by-line interactive recommendations directly back to the MR.

How we built it

We constructed a native, zero-footprint architecture utilizing the foundational layers of the GitLab AI ecosystem:

  1. Orchestration: Built on the GitLab Duo Agent Platform, driving an autonomous reasoning loop triggered by system webhooks watching key repository paths.
  2. Context Engine: Leveraged GitLab Orbit's knowledge graph natively via Model Context Protocol (MCP) tools to analyze the systemic blast radius of code modifications without executing expensive, multi-hop external data fetching.
  3. Reasoning & Tooling: Authored a custom Duo Agent Skill that parses complex cloud resource schemas, combined with a deterministic tool execution block that handles mathematical financial delta calculations using live pricing data.
  4. Integration: Hooked directly into developer workflows via the GitLab CLI, allowing the agent to function as a unified peer reviewer capable of injecting structural code improvements.

Challenges we ran into

Balancing large language model reasoning with precise cloud-pricing mathematics was our toughest hurdle. If left to guess infrastructure pricing tiers or compute resource deltas entirely via text generation, LLMs inevitably introduce variance and hallucinations. We solved this by treating the LLM strictly as a semantic extraction and validation layer. The agent normalizes varied IaC schemas into structured JSON data packets, which are then passed into deterministic mathematical engines and strict financial calculator tools to ensure flawless pricing accuracy.

Accomplishments that we're proud of

We successfully built a secure, closed-loop engineering assistant that moves past passive notification. DuoOrbit FinOps doesn't just inform a team that their newly configured architecture is expensive; it actively calculates the exact cost variance, analyzes the full lifecycle dependencies across GitLab Orbit, and explicitly writes the code required to optimize it.

What we learned

We discovered how transformative a unified software lifecycle knowledge graph like GitLab Orbit is for autonomous developer tools. Having instant access to structural code relationships, project ownership metadata, and historical pipeline structures natively in a single graph completely eliminates the data fragmentation issues that typically limit standard AI agent workflows.

What's next for DuoOrbit FinOps

We intend to expand the agent's capabilities to handle real-time auto-remediation of live Kubernetes cluster cost anomalies and introduce team-wide predictive cost forecasting directly mapped against active development branches and repository merge velocities.

Built With

  • gitlab-cli
  • gitlab-duo-agent-platform
  • gitlab-orbit
  • infracost-api
  • model-context-protocol-(mcp)
  • python
Share this project:

Updates