Duro

Inspiration

Open-source maintainers are drowning. With the rise of AI coding tools, projects are seeing an explosion of low-quality, AI-generated merge requests that demand maintainer attention but provide little value. Maintainers spend hours reviewing slop—generic variable names, hallucinated imports, and changes that don't actually solve real issues—instead of focusing on meaningful contributions and project direction.

We built Duro to be the gatekeeper that maintainers desperately need. Named after the Yoruba word meaning "wait," Duro pauses low-effort contributions and ensures only quality changes reach human reviewers. It's not about blocking contributions—it's about protecting maintainer time and maintaining project quality. What it does

Duro is an automated MR quality review agent that runs within GitLab Duo workflows. When a merge request is opened, Duro:

Builds complete context by analyzing the MR, linked issues, and CI pipeline status

Detects AI slop patterns using a comprehensive detection framework (generic naming, hallucinated code, disproportionate scope, missing tests, vague commits)

Verifies issue linkage and ensures changes actually address the stated problem

Scores each MR with one of three verdicts:

    ✅ PASS — Quality contribution that addresses the issue

    ⚠️ NEEDS WORK — Genuine effort but requires specific, actionable improvements

    🚫 FLAGGED — Low-quality AI slop, flagged with labels and detailed reasoning

Leaves structured feedback with clear, actionable instructions that help contributors improve

Duro acts as a 24/7 first-line reviewer, giving maintainers back their time while educating contributors on quality standards. How we built it

We built Duro as a GitLab Duo AI Flow, leveraging GitLab's AI components and toolset:

Flow Definition: Configured using the ai-catalog-sync schema with proper definition structure, name, description, and public visibility

Agent Component: Implemented a custom agent (duro_reviewer) with specialized tools:

    build_review_merge_request_context for MR analysis

    list_merge_request_diffs for code change inspection

    list_issues/get_issue for issue verification

    get_pipeline_errors for CI health checks

    get_repository_file for codebase context

    create_merge_request_note for feedback posting

    update_merge_request for label management

Prompt Engineering: Designed a comprehensive system prompt with structured review process, slop detection criteria, and output format guidelines

Validation: Used GitLab's CI/CD pipeline with schema validation to ensure flow correctness

Testing: Validated against real MRs across multiple OSS projects to refine detection accuracy

Challenges we ran into

Schema Validation Headaches: The initial pipeline failure was caused by missing the definition wrapper in our flow.yml. The error message pointed to "missing required property 'definition'" but didn't explicitly show the correct structure. We had to dig through working examples and documentation to understand the proper format with name, description, public, and nested definition fields.

Balancing Strictness vs. Supportiveness: Designing the scoring system required careful thought—we wanted Duro to be rigorous enough to stop slop but supportive enough to not discourage genuine contributors. The NEEDS WORK category was crucial here, providing constructive feedback for good-faith efforts.

Slop Detection Accuracy: Distinguishing AI slop from beginner code or legitimate simple changes is subtle. We iterated on detection patterns to reduce false positives while catching common AI-generation signatures.

Tool Availability: Not all tools were available in the environment we expected. We had to adapt the toolset to match what's actually accessible in GitLab Duo flows. Accomplishments that we're proud of

Successfully built a production-ready AI flow that integrates with GitLab's CI/CD and can run automatically on every MR

Comprehensive slop detection system with 9 specific patterns that catch AI-generated contributions without punishing legitimate developers

Maintainer-friendly feedback format that's actionable, educational, and maintains a supportive tone

Zero-config operation — works out of the box with GitLab's existing tooling and MR structure

Passed schema validation and pipeline checks after resolving the initial structure issues

What we learned

GitLab Duo AI Flows require a specific structure — top-level metadata (name, description, public) wraps the actual definition, which contains the flow logic

Schema validation is your friend — even though the initial error was cryptic, it caught a real structural issue that would have broken runtime behavior

Prompt engineering for agents is a balancing act — too vague and the agent underperforms, too rigid and it can't handle edge cases

Context is everything — an MR review tool needs to understand the full picture: diffs, issues, pipeline status, and codebase context to make good judgments

AI detection requires nuance — the difference between AI slop and beginner code often comes down to intent and context, which requires careful prompt design

What's next for Duro

Enhanced Detection: Add more sophisticated patterns for detecting AI-generated code, including stylistic analysis and consistency checking across multiple files.

Learning Mode: Implement feedback mechanisms where maintainers can correct Duro's classifications, helping it learn project-specific standards and preferences.

Visual Dashboard: Create a maintainer dashboard showing flagged MRs, common slop patterns detected, and contributor quality metrics over time.

Customizable Thresholds: Allow project maintainers to adjust slop detection sensitivity and scoring rules based on their project's needs.

Multi-Platform Support: Extend beyond GitLab to support GitHub Actions and other CI/CD platforms while maintaining the same core review logic.

Community Guidelines Integration: Pull in project-specific contribution guidelines and code of conduct to tailor feedback to each project's standards.

Continuous Learning: Use successful human reviews to improve the agent's detection capabilities over time, making it smarter with every MR it processes.

Built With

• gitlab