MR Risk Scout

MR Risk Scout analyzes GitLab merge requests and flags high-risk changes. It uses webhook triggers, diff analysis, and rule-based scoring to generate actionable feedback for reviewers.

Comment

Inspiration

While I had spent years in school studying, I had not yet gained real-world software development experience. For this project, I wanted to build something practical that solves a real problem. This hackathon provided the opportunity to explore how GitLab workflows operate and develop a system that integrates directly into that process.

What it does

MR Risk Scout is an event-driven agent that analyzes GitLab merge requests and flags high-risk changes. It uses webhook triggers and a rule-based scoring system to evaluate changes and generate structured feedback through a commenting system.

How I built it

The system follows a structured pipeline: Webhook trigger → Flask server → Extract metadata → Fetch or simulate diffs → Risk analysis → Generate MR comment

The architecture separates responsibilities across components, with a webhook handler managing input, a risk engine performing analysis, and a formatter generating user-facing output.

Challenges I ran into

One key challenge was that GitLab webhook payloads do not include detailed file diffs by default. To address this, the system was designed to fetch merge request changes using the GitLab API in a production setting, while simulating change data during development.

Accomplishments that I'm proud of

I successfully built a working end-to-end system that receives webhook payloads, processes merge request data, and generates meaningful risk feedback. I also designed the system with real-world constraints in mind, such as handling missing diff data and structuring the project using separation of concerns.

What I learned

I successfully built a working end-to-end system that receives webhook payloads, processes merge request data, and generates meaningful risk feedback. I also designed the system with real-world constraints in mind, such as handling missing diff data and structuring the project using separation of concerns.

What’s next for MR Risk Scout

Future improvements include integrating fully with the GitLab API to fetch real merge request diffs, expanding the risk scoring system with more nuanced rules, and improving comment formatting for better readability. Longer-term, this could evolve into a more intelligent agent that learns from past merge request outcomes to refine risk predictions.

Built With

  • flask
  • gitlab-rest-api
  • gitlab-webhooks
  • powershell
  • python
  • venv
Share this project:

Updates