MR Risk Sentinel — Hackathon Story

The Problem

Merge Requests are where risk hides. Reviewers spend time scanning diffs and pipeline results to decide what needs attention. That slows teams down and creates blind spots when risky changes slip through without focused review.

The Solution

MR Risk Sentinel is a GitLab Duo agent + flow that automatically evaluates risk on every MR update. It gathers MR diffs and pipeline failure signals, assigns a clear risk score, and posts a structured summary directly in the MR. If risk is high, it opens a follow‑up issue so the team never loses track of what needs extra scrutiny.

How It Works

The flow uses two agents:

• A reader agent fetches MR metadata, diffs, and failing pipeline jobs using GitLab tools and computes a risk score.
• A writer agent posts the summary in the MR and creates a risk-review issue when the score crosses the threshold.

The system is event‑driven. A flow trigger runs when the service account is mentioned or assigned in an MR, so the agent takes action as part of the workflow.

Standout Features

• Evidence‑backed risk summary (lockfiles, sensitive files, failing jobs)
• Automated issue creation for high‑risk MRs
• Fast setup using GitLab’s built‑in agent/flow templates

Impact

• Faster triage for code reviews
• Clear, repeatable risk signals
• Automated follow‑up when risk is high
• Less time spent scanning, more time reviewing what matters

Tech Stack

• GitLab Duo custom agent
• GitLab Duo custom flow
• GitLab built‑in tools for MR and pipeline data

How to Use

1. Create the flow using flows/flow.yml and set it to Public.
2. Enable the flow for your project.
3. Mention the flow service account in an MR or create a trigger in Automate → Triggers.
4. Open or update an MR to see the risk summary and issue.

What’s Next

• Expand signals with security findings and approvals
• Add customization for team‑specific risk policies

Built With

• agent
• flow
• gitlab