MergiFi

A head-less Web3 agent living in GitLab that autonomously audits code via AI and instantly executes crypto bounty payouts to open-source contributors.

Comment

Inspiration

Open-source bounty systems are broken. Bureaucracy, manual code reviews, and delayed fiat payments kill contributor momentum. We realized that if code quality could be evaluated deterministically, the financial reward should be instantaneous. We wanted to eliminate the middleman and build a system where the code itself triggers the payout without human intervention.

What it does

MergiFi bridges Web2 developer infrastructure with Web3 execution. When a developer submits a Merge Request on GitLab and includes their EVM wallet address, our Node.js agent intercepts the webhook. It extracts the raw git diff and feeds it to DeepSeek AI for a strict, context-aware evaluation against the project's README objectives.

If the AI scores the contribution at 80 or above, the agent assumes financial agency. It signs a transaction using Ethers.js to a custom Vault Smart Contract on Base Sepolia, instantly disbursing the crypto bounty to the developer. Finally, it logs the cryptographic proof to an edge database and posts the TxHash directly back into the GitLab thread. Code goes in, money comes out.

How we built it

The architecture is split into three highly specialized, decoupled layers:

The Brain (Node.js/Express on Render): A 24/7 webhook listener that acts as the core orchestrator. It handles GitLab API data extraction and forces the DeepSeek AI to return strict JSON formats for programmatic decision-making.

The Vault (Solidity on Base Sepolia): A smart contract designed specifically for automated bounty disbursement, securing funds and verifying that only the authorized AI Agent can trigger payouts.

The Ledger (Next.js on Vercel + Turso): A real-time transparency dashboard. It aggressively polls our LibSQL (Turso) edge database to display successful payouts and immutable TxHashes to the public, proving the agent's work without requiring a complex backend state.

Challenges we ran into

Bridging asynchronous Web2 AI evaluation with deterministic Web3 execution is dangerous. We had to enforce absolute strictness on the AI prompts to prevent hallucinated evaluations from crashing the transaction pipeline.

We also fought heavy architectural battles. Moving from ephemeral local storage to a robust Edge SQLite database (Turso) was critical to ensure our Open Ledger never lost a transaction record when the cloud server cycled. Synchronizing the state between the stateless webhook server and the Next.js frontend without locking the database required precise engineering.

Accomplishments that we're proud of

We built a true "Autonomous Agent." It is not just an LLM chatbot summarizing code; it has actual financial agency. Successfully executing a cross-domain pipeline: from a Git push, to an AI prompt, to a confirmed EVM smart contract transaction, without a single human click, is a massive engineering win.

What we learned

We learned the critical difference between a local script and a production-ready cloud architecture. Moving from a monolithic local setup to a distributed system forced us to think like systems architects. We learned how to secure smart contract execution against unauthorized callers and how to manage environment variables securely across multiple cloud platforms.

What's next for MergiFi

We will expand webhook support to GitHub, implement multi-signature requirements for massive enterprise bounties, and integrate fine-tuned models specifically trained for smart contract security auditing. The ultimate goal is for MergiFi to become the standard, trustless protocol for decentralized open-source funding.

Built With

Share this project:

Updates