Inspiration
Most AI tools today are "passive observers"—they can explain a bug or suggest a snippet, but they don't act. In a high-velocity DevOps environment, security is often the bottleneck. We were inspired by the concept of a "Digital Teammate": an agent that doesn't just talk, but actually picks up a shovel and starts digging. We wanted to build a system that could "self-heal" a repository by bridging the gap between high-speed static analysis and autonomous orchestration.
What it does
Duo Architecture Guardian is a high-performance, autonomous security orchestrator built to eliminate the "bottleneck of security" in the modern DevOps lifecycle. It functions as a proactive member of your development team within the GitLab Duo Agent Platform.
Ultra-High-Speed AST Scanning Unlike traditional scanners that take minutes to run, our engine is built in Rust. It can "chew" through massive codebases (like the 45,000+ files of GitLabHQ) in under 200ms, identifying critical vulnerabilities like hardcoded secrets (CWE-798) and insecure configurations before they hit production.
Autonomous "Auto-Healing" (The GitLab API Actor) The Guardian doesn't just report problems; it solves them. When a vulnerability is detected, the system uses the GitLab REST API to:
Automatically create a new fix-branch.
Generate and commit a precise AST-patch.
Open a Merge Request (MR) with a full explanation of the risk.
Trigger a CI/CD Pipeline to verify the fix.
Native GitLab Duo Integration It is built specifically for the GitLab Duo Agent Platform. It utilizes custom agents and flows to react to system triggers. This means security isn't a manual step anymore—it’s an automated reaction to code changes.
Interactive "Red Team" Visualization We’ve replaced static logs with a dynamic Red Team Dashboard hosted on GitLab Pages. This provides an interactive map of the "Blast Radius," allowing security leads to see exactly where vulnerabilities are located, their CVSS scores, and the status of the automated remediation efforts.
"Green Agent" Performance Because the core engine is a compiled 15MB Rust binary, it consumes a fraction of the CPU and memory of traditional Python-based AI chains. This makes it a sustainable, "Green" solution for high-frequency CI/CD environments where every millisecond and watt counts.
How we built it
Gemini said This is a critical part of your Devpost submission. To stand out to the judges, your story needs to be both technical and narrative.
Here is a professionally formatted Markdown draft for your "About the Project" section, incorporating the specific wins we've discussed.
🛡️ Duo Architecture Guardian Self-healing security at the speed of Rust. 💡 Inspiration Most AI tools today are "passive observers"—they can explain a bug or suggest a snippet, but they don't act. In a high-velocity DevOps environment, security is often the bottleneck. We were inspired by the concept of a "Digital Teammate": an agent that doesn't just talk, but actually picks up a shovel and starts digging. We wanted to build a system that could "self-heal" a repository by bridging the gap between high-speed static analysis and autonomous orchestration.
🛠️ How We Built It The core of Duo Architecture Guardian is a high-performance engine written in Rust. We chose Rust not just for its memory safety, but for its unparalleled execution speed and ability to generate small, "Green" binaries.
The Orchestrator: Built on the GitLab Duo Agent Platform, using a multi-agent pipeline to handle complex security workflows.
The Actor System: We implemented a custom GitLab API Actor in Rust (src/actors/gitlab.rs) that handles everything from creating fix-branches to opening Merge Requests.
The Scanner: A custom AST-based scanner capable of processing massive codebases in milliseconds.
The Visualization: A React-based Red Team Dashboard hosted via GitLab Pages, providing a real-time "Blast Radius" map of vulnerabilities.
📊 Performance Metrics To quantify our efficiency, we calculated our processing throughput R where N is the number of files and T is the total scan time in seconds:
R= N/T
For the GitLabHQ codebase (N=45,193 files) and a scan time of T≈0.185 seconds:
R≈244,286 files/second This level of performance ensures that security is a gate, not a wait.
Challenges we ran into
The biggest hurdle was the "Context Explosion." Scanning the entire GitLabHQ repository generated a massive amount of AST data. Our initial JSON converter failed to include specific fields required by the UI (like system_score.level and duration_ms), leading to "silent errors" in the dashboard.
We had to refactor our data pipeline to ensure that the raw output from our Rust engine mapped perfectly to our Red Team UI without losing the granularity of the CWE-798 (hardcoded secrets) detections. Another challenge was keeping the binary under 15MB to qualify for the Green Agent Prize while still packing in a full REST client and orchestration logic.
Accomplishments that we're proud of
This is the section where you really get to "flex" for the judges. Given the high-stakes nature of scanning the actual GitLabHQ codebase, you have some incredible wins to highlight.Here is a drafted Markdown section for your "Accomplishments that we're proud of":🏆 Accomplishments that we're proud of1. The "GitLabHQ" Stress TestWe didn't just build a prototype; we stress-tested it against a massive, real-world target: the GitLabHQ source code. Successfully identifying 394 critical vulnerabilities (including hardcoded OpenAI keys and Personal Access Tokens) in one of the most secure codebases in the world was a massive validation of our core logic.2. Extreme Performance at ScaleBuilding a security tool that doesn't slow down the developer is a "Holy Grail" in DevOps. We are incredibly proud of our Rust-based engine's performance. Achieving a processing rate $R$ of over 244,000 files per second means that Duo Architecture Guardian can scan an entire enterprise-grade repository in the blink of an eye.3. Closing the Loop: From "Chat" to "Act"We successfully moved beyond the "Chatbot" paradigm. By integrating the GitLab REST API directly into our Duo Agent Flow, we created a truly autonomous "Digital Teammate." Seeing the system automatically detect a leak, generate an AST-patch, and open a formatted Merge Request without human intervention was our biggest "Aha!" moment.4. Zero-Bloat "Green" EngineeringIn an era of massive, resource-heavy AI models, we managed to pack a full orchestration engine, a high-speed scanner, and a REST client into a single 15MB binary. We stayed committed to the Green Agent philosophy, ensuring that our tool provides maximum security with a minimal carbon footprint.5. Seamless Dashboard IntegrationWe successfully deployed a complex, React-based Red Team Dashboard via GitLab Pages. This bridges the gap between raw security data and actionable insights, allowing users to visualize the "Blast Radius" of threats in real-time.
What we learned
Rust is a Game-Changer for AI Agents: By moving orchestration logic into a compiled language, we reduced latency by orders of magnitude compared to traditional Python-based agent chains.
The Power of the GitLab Ecosystem: Integrating directly with the GitLab Duo Agent Platform allowed us to turn a simple scanner into a proactive teammate.
Real-World Proof Matters: Pointing our tool at the GitLabHQ codebase and finding 394 critical vulnerabilities (including live API keys) was a "drop the mic" moment that proved our core thesis: Autonomous defense is no longer optional.
What's next for Duo Architecture Guardian
This is your "Vision" section. It tells the judges that Duo Architecture Guardian isn't just a hackathon project, but a foundation for the future of secure DevOps.
Here is a forward-looking Markdown draft for your "What's next" section:
🔮 What's next for Duo Architecture Guardian The hackathon is just the beginning. Our vision is to turn Duo Architecture Guardian into the standard "Immune System" for every GitLab repository.
Expanding the "Auto-healing" Library Currently, our AST-patching engine excels at remediating hardcoded secrets (CWE-798). Our next step is to expand our library of automated fixes to include more complex vulnerabilities, such as SQL injection, broken access control, and insecure dependency configurations.
Multi-Model Intelligence (Anthropic & Google Cloud) We plan to leverage the flexibility of the GitLab Duo Agent Platform to integrate a "Judge-Model" workflow. By running Anthropic’s Claude for high-reasoning patch validation and Google Cloud’s Vertex AI for infrastructure-level threat modeling, we can increase the accuracy of our autonomous Merge Requests.
Real-Time "Guardian Mode" Beyond CI/CD gates, we want to implement a real-time monitoring mode. Using GitLab Webhooks, the Guardian could react instantly to every git push, performing sub-second scans and alerting the developer through GitLab Duo Chat before the code even reaches the Review stage.
Enterprise-Grade "Blast Radius" Analytics We aim to evolve our Red Team Dashboard into a comprehensive risk-management suite. This includes historical trend analysis, compliance reporting (SOC2/ISO 27001), and cross-project vulnerability mapping to help security leads visualize the health of an entire organization at a glance.
Community-Driven AST Patterns We intend to open-source our Rust-based AST scanning logic to the wider GitLab community. By allowing developers to contribute their own security "Guardrails" as simple YAML templates, we can create a crowd-sourced shield against emerging 0-day threats.
Built With
- gitlab
- rust
- typescript
Log in or sign up for Devpost to join the conversation.