DuoVaccine — AI-Powered Incident Immunity Agent

💉 DuoVaccine — The AI Immune System for Your Codebase

🌟 Inspiration

It was 3 AM. Production was down. Four engineers scrambled through hundreds of commits, merge requests, and pipeline logs trying to find what broke. Four hours later, we found it — a single MR that removed query optimizations.

Cost? $\$50{,}000$ in downtime. Engineer morale? Destroyed.

The worst part? Three months later, the exact same type of bug hit us again.

That's when it clicked. We have Covishield and Covaxin to protect humans from viruses. Why doesn't our codebase have a vaccine? Not just a scanner that says "you have a bug" — but a full immune system that:

• 🔬 Diagnoses the root cause like a doctor
• 💊 Treats it by auto-generating fixes
• 🧬 Extracts the Incident DNA — a genetic fingerprint of the failure
• 💉 Vaccinates your CI/CD pipeline so the same class of bug never reaches production again

Your production breaks once. Never the same way twice. 💉

---

🏗️ How We Built It

DuoVaccine is built entirely on GitLab's Duo Agent Platform using Anthropic Claude as the reasoning engine.

Architecture

┌─────────────────────────────────────────────┐
│            DuoVaccine Agent                 │
│         (Anthropic Claude 4.0)              │
│                                             │
│  8-Phase Clinical Pipeline:                 │
│  DETECT → REWIND → DIAGNOSE → RESPOND      │
│  LEARN → IMMUNIZE → IMPACT → RADAR         │
│                                             │
│  21 GitLab-Native Tools                     │
│  1 Agent + 2 Flows                          │
└─────────────────────────────────────────────┘
         │                    │
         ▼                    ▼
┌─────────────────┐  ┌──────────────────────┐
│  Flow 1:        │  │  Flow 2:             │
│  Incident       │  │  Pre-Merge           │
│  Immunity       │  │  Immunity Check      │
│  (Reactive)     │  │  (Preventive)        │
└─────────────────┘  └──────────────────────┘

The 8-Phase Clinical Pipeline

Phase	Name	Biology Analogy	What It Does
1	DETECT	ER Triage	Reads incident from GitLab, classifies severity
2	REWIND	Patient History	Time-travels through commits, MRs, diffs
3	DIAGNOSE	Lab Analysis	Claude reasons through causal chain with confidence $\geq 90\%$
4	RESPOND	Surgery	Auto-generates fix commit + merge request
5	LEARN	DNA Extraction	Extracts 6-gene Incident DNA fingerprint
6	IMMUNIZE	Vaccination	Generates CI/CD rules blocking this bug class
7	IMPACT	Discharge Report	Calculates $\Delta T_{saved}$ and $\$_{protected}$
8	RADAR	Outbreak Scan	Scans codebase for similar vulnerabilities

Incident DNA™ — Our Core Innovation

Every incident has a unique 6-gene fingerprint:

$$DNA_{incident} = {G_{trigger}, G_{rootcause}, G_{blast}, G_{detection}, G_{layer}, G_{change}}$$

Where:

• $G_{trigger}$ — What activated the failure
• $G_{rootcause}$ — Category (N+1 query, memory leak, race condition)
• $G_{blast}$ — Blast radius (services and users affected)
• $G_{detection}$ — How it was discovered
• $G_{layer}$ — System layer (database, API, frontend, infra)
• $G_{change}$ — Change type (removal, addition, modification)

Immunity Score

$$S_{immunity} = \frac{\sum_{i=1}^{n} V_{applied}(i)}{T_{known}} \times 100$$

Where $V_{applied}$ = vaccine rules deployed, $T_{known}$ = total known DNA patterns. A score of $100\%$ means full immunity.

Impact Calculation

$$Impact = T_{industry} - T_{vaccine} \times C_{hourly}$$

$$= (252\text{ min} - 3\text{ min}) \times \frac{\$200}{\text{min}} = \$49{,}800\text{ saved per incident}$$

That's an $84\times$ speedup over industry average MTTR.

---

🧠 What We Learned

1. Anthropic Claude's reasoning is incredible — it doesn't just pattern-match, it actually traces causal chains across multiple files and commits. Giving it real GitLab diffs and asking "what caused this outage?" produces genuinely insightful root cause analysis with confidence scoring $\geq 94\%$.

2. The Duo Agent Platform is powerful but opinionated — the YAML schema for agents and flows has specific requirements (routers, entry_point, unit_primitives) that took 6 failed pipeline attempts to get right.

3. The medical metaphor unlocked creativity — once we framed incidents as "infections" and fixes as "vaccines", the entire architecture fell into place naturally.

4. Speed optimization matters — we reduced from $n = 20+$ tool calls to $n \approx 10$, and from 8 approval prompts to just 2, achieving sub-3-minute full investigation.

---

🚧 Challenges We Faced

• Catalog sync failures — stale filename references in .ai-catalog-mapping.json caused 4 consecutive tag failures
• Platform approval prompts — GitLab requires user approval for write operations. We minimized write calls: $8 \rightarrow 2$
• Flow YAML schema — routers and flow.entry_point fields are required but undocumented. Significant trial and error needed
• Balancing depth vs speed — full 8-phase pipeline with rich output completing in $T < 180$ seconds

---

🏆 What Makes DuoVaccine Unique

Feature	DuoVaccine	Other Tools
Investigates production incidents	✅	❌ Most only scan code
Identifies Patient Zero (exact MR)	✅	❌
Auto-generates fix MR	✅	❌ Most only suggest
Incident DNA™ fingerprinting	✅	❌ Nobody else has this
CI/CD vaccine rule generation	✅	❌
Business impact in $\$$	✅	❌
Vaccination Certificate 📜	✅	❌
Reactive + Preventive flows	✅	❌ One or the other
Medical metaphor	✅	❌

DuoVaccine doesn't just find bugs — it creates immunity. Every incident makes your codebase stronger. 💉

Built With

• anthropic-claude
• gitlab-api
• gitlab-ci/cd
• gitlab-duo-agent-platform
• python
• yaml