Sixth Sense & Code Quality Guardian agents

A suite of 2 AI agents: Sixth Sense detects MR risk using 9 structural signals from git history with per-file risk tables and auto-labeling, and Code Quality Guardian tracks tech debt and dead code.

Comment

Inspiration

Every merge request carries hidden risk. A file that caused last month's outage gets modified again. Two files that always change together, but only one is in this MR. A function with 4 recent bug fixes gets touched without extra testing. Engineers rely on tribal knowledge to catch these patterns, and it doesn't scale.

We built Sixth Sense to answer one question on every MR: "What might this break?". Using evidence from git history, not guesses. Then we expanded into a full Code Guardian suite covering code quality as well.

What it does

Code Guardian is a suite of 2 specialized AI agents on GitLab Duo, each with its own multi-step flow:

Sixth Sense (MR Risk Analysis): The flagship agent. Gathers MR diffs, per-file commit history, closed bug/incident issues, and post-mortem documents, then computes 9 structural risk signals:

  1. Hotspot Detection — files with high commit frequency
  2. Co-Change Patterns — files that historically change together (flags missing companions)
  3. Dependency Fan-Out — how spread out the changes are
  4. Code Churn — lines added/removed with time-based decay weighting
  5. Bug-Fix Proximity — recent bug fixes weighted by recency (14d=3x, 30d=2x)
  6. Incident History — files involved in past production incidents
  7. Author Familiarity — whether the MR author has previously committed to each file
  8. Review Fatigue — large MRs (>500 lines, >10 files) where reviewer attention degrades
  9. Test Coverage — changed files without corresponding test files

Posts a per-file risk table with confidence indicators, auto-applies risk labels (risk::elevated/risk::moderate/risk::low), and compares MR complexity against a 30-day baseline.

Code Quality Guardian: Scans for tech debt (TODOs, deprecated APIs), dead code (exports with zero imports), and consistency violations. Auto-fixes safe issues and creates a prioritized epic with health score.

How we built it

Built entirely on the GitLab Duo Agent Platform using YAML configuration, no custom backend code. Each agent is available as both a multi-step flow (with tool separation per step) and a standalone agent.

Sixth Sense uses a 3-step flow (gather → analyze → comment_and_label) with gitlab_api_get to fetch per-file commit history, author attribution, and incident data. It applies time-based decay weighting (recent events score 3x), builds per-file risk tables with confidence indicators, compares against a 30-day MR baseline, and auto-applies risk labels via update_merge_request. The suite uses 25+ unique GitLab tools across all agents.

The key architectural decision was strict tool separation per flow step, the data gatherer can't post comments, the analyzer has no tools (pure reasoning), and the commenter can't read code. This mirrors real security best practices.

Challenges we ran into

  • Designing the 9-signal risk methodology to produce meaningful scores without false alarms, calibrating thresholds (e.g., >10 commits = hotspot, weighted bug-fix score >= 3 = fragile) and time-based decay weights required iteration.
  • Structuring the data handoff across Sixth Sense's 3-step pipeline. The JSON payload needs author familiarity scores, test coverage mapping, co-change companions, and baseline data while staying concise enough for context.

Accomplishments that we're proud of

  • Sixth Sense's 9-signal methodology with per-file risk tables, confidence indicators, baseline comparison, and auto-labeling provides genuinely useful risk insights backed by git history evidence, not vague AI opinions.
  • The suite covers 2 key SDLC stages (MR review and code quality) in one project.
  • 25+ GitLab tools used across agents.
  • Every agent produces actionable GitLab artifacts (epics, issues, MRs, comments).

What we learned

  • Git history is a goldmine for risk prediction — co-change patterns and bug-fix proximity are surprisingly strong signals for identifying fragile code.
  • The GitLab Duo Agent Platform's tool catalog is deeper than most people realize — tools like gitlab_api_get unlock arbitrary API access for custom analysis.
  • Prompt engineering for multi-step flows requires careful output formatting so each agent can parse the previous agent's results.

What's next for Code Guardian

  • Auto-trigger Sixth Sense on every MR via webhooks.
  • Historical trending: Dashboard to track risk scores and code health over time.
  • Team-aware routing: Automatically assign issues based on code ownership.

Built With

  • claude
  • gitlab-duo-agent-platform
  • prompt
  • yaml
Share this project:

Updates