EcoCI — MR Intelligence Suite
Inspiration
Developers don't ignore sustainability by choice — they ignore it because it's invisible. Every pipeline that runs burns compute, and compute burns energy. Meanwhile, security vulnerabilities slip through code review because reviewers are human and tired, and documentation debt accumulates silently because nobody has time.
We built EcoCI to answer three questions automatically on every merge request: Is this code safe? What did this pipeline cost the planet? Is this code understandable?
What It Does
EcoCI is a multi-agent MR intelligence suite built on the GitLab Duo Agent Platform. When a developer mentions @ai-ecoci on any merge request, four specialized AI agents activate:
- Security Scanner — Analyzes MR diffs for hardcoded secrets, SQL injection, XSS vulnerabilities, and security anti-patterns. Rates each finding CRITICAL / HIGH / MEDIUM / LOW with exact file and line references.
- Carbon Analyzer — Fetches pipeline execution data, calculates CO₂ equivalent emissions using GCP us-central1 carbon intensity figures, and scores the pipeline GREEN / AMBER / RED against defined thresholds.
- Doc Generator — Reads changed functions and generates ready-to-paste JSDoc and Python docstrings for undocumented code. Flags when the README needs updating for new features or changed APIs.
- Unified Reporter — Synthesizes all three analyses into a single structured comment posted directly on the MR, then automatically applies labels like
security::critical,carbon::green, anddocs::needed.
The entire process runs autonomously in the background while the developer continues working.
How We Built It
EcoCI is built as a GitLab Duo Agent Platform flow — a YAML-defined directed pipeline of AgentComponent nodes connected by routers. Each agent runs Claude (Anthropic) via the platform's built-in model provider.
The flow schema defines four sequential components:
security_scanner → carbon_analyzer → doc_generator → unified_reporter → end
Each agent uses a minimal, purpose-scoped toolset from GitLab's native tool library:
| Agent | Key Tools Used |
|---|---|
| Security Scanner | list_merge_request_diffs, get_repository_file, gitlab_blob_search |
| Carbon Analyzer | get_pipeline_failing_jobs, get_job_logs, get_repository_file |
| Doc Generator | list_merge_request_diffs, get_repository_file |
| Unified Reporter | create_merge_request_note, update_merge_request |
Carbon estimates use GCP us-central1 carbon intensity data (0.000490 kg CO₂e per compute-minute for shared SaaS runners). The thresholds are calibrated against typical CI workloads:
| Score | Threshold |
|---|---|
| 🟢 GREEN | < 0.005 kg CO₂e |
| 🟡 AMBER | 0.005 – 0.02 kg CO₂e |
| 🔴 RED | > 0.02 kg CO₂e |
We also ship four standalone chat agents accessible via GitLab Duo Chat for on-demand analysis outside the flow.
Challenges We Ran Into
The schema problem. The GitLab AI Catalog's YAML schema was largely undocumented at the time of building. We spent significant time reverse-engineering the correct toolset format, the required definition: wrapper, and valid tool names from validator error messages alone. The official participant template was the eventual breakthrough.
Agent context passing. Sequential agents in a flow don't automatically receive prior agents' outputs — they only receive the original trigger context. We solved this by having each agent output structured delimiter blocks that the unified reporter parses explicitly, making the handoff deterministic rather than relying on free-form reasoning.
Tool availability. Several tools we assumed existed (get_pipeline, list_pipeline_jobs) don't exist in the platform. We had to map our requirements to the actual available tool list and redesign our pipeline data collection approach around get_pipeline_failing_jobs and get_job_logs.
Accomplishments We're Proud Of
A fully working 4-agent sequential flow that triggers from a single MR mention and produces a professional structured report without any manual steps. The automated MR labeling — where the AI applies security::critical or carbon::green directly to the merge request — felt like crossing a threshold from "AI assistant" to "AI teammate."
The carbon scoring system works. Pointing EcoCI at a real pipeline and getting back a specific CO₂ figure with concrete optimization recommendations was the moment the project clicked.
What We Learned
Agents are better specialists than generalists. An early prototype tried to do everything in one agent and produced unreliable, hallucinated results. Splitting into four focused agents with minimal toolsets dramatically improved accuracy.
We also learned that prompt output format matters as much as instructions. Structured delimiter blocks between agents (<<<SECURITY_RESULTS>>>) produced consistent handoffs where free-form prose did not.
Sustainability in tech is fundamentally a data-gap problem. Simply surfacing the number — your pipeline emitted 0.00018 kg CO₂e — is often enough to motivate a developer to add caching or parallelize their tests.
What's Next for EcoCI
- Auto-remediation — Let the Security Scanner propose a commit that fixes detected vulnerabilities directly on the MR branch
- Real-time grid data — Integrate with carbon intensity APIs like WattTime for time-of-day emissions accuracy by region
- Historical trending — Track carbon score across MRs over time to surface which pipeline changes are making things worse
- IDE integration — Surface EcoCI insights in VS Code before code is even pushed
Built With
| Category | Technologies |
|---|---|
| AI Model | Claude Sonnet 4 (Anthropic) via GitLab Duo |
| Platform | GitLab Duo Agent Platform |
| Orchestration | GitLab Flow YAML (AgentComponent DAG) |
| APIs | GitLab REST API (native tools) |
| Carbon Data | GCP us-central1 carbon intensity methodology |
| Languages | YAML, JavaScript (Node.js), Python |
| License | MIT |
Built With
- anthropic-claude
- gitlab
- gitlab-ai-agent
- gitlab-ai-flow
- gitlab-duo-agent
- yaml
Log in or sign up for Devpost to join the conversation.