MutationGuard — Blast Radius Analyzer

Know what your code change will break — before you push. MutationGuard ranks a change's blast radius via the GitLab Orbit knowledge graph and prepares the merge request automatically.

Comment

Inspiration

I spent two years building SigMap — "given a query, find the relevant code." MutationGuard is the inverse: "given code I'm about to change, what's relevant to worry about — and what should happen automatically?" Every developer changes existing code; almost none have a tool that shows the blast radius before the pipeline fails at 2am. GitLab Orbit finally makes it queryable.

What it does

Point it at a file or function. It reverse-traverses Orbit's CALLS/IMPORTS graph (depth 1–3) to find everything that could break, ranks each impacted file HIGH/MEDIUM/LOW (distance × coupling × git recency), lists the tests that touch the impacted code, and then TAKES AN ACTION: posts a pre-flight checklist and annotates the merge request. It ships as a published GitLab Duo agent on the AI Catalog, plus a CLI and a CI job.

How we built it

Orbit Local (DuckDB) and the Orbit Query DSL for the graph; verified the real ontology from source (nodes File/Definition/ImportedSymbol/Directory; edges CALLS/IMPORTS/DEFINES/CONTAINS/EXTENDS). Blast radius = reverse traversal of incoming CALLS/IMPORTS edges; coupling = an honest fan-in edge count; recency/ownership from git + CODEOWNERS. Impact score = (1/distance) × min(fan_in/20, 1) × (1.5 if modified ≤30d else 1.0). Packaged as a Duo AI Catalog agent (Orbit: Query Graph / Get Graph Schema / Invoke Command + Create Work Item Note / Update Work Item). Python, stdlib only, unit-tested, MIT.

Challenges we ran into

Grounding everything in Orbit's real interface instead of assumed APIs. A multi-repo graph leaked a foreign blast radius until I scoped every query by project_id. Identifying tests without an is_test flag (path conventions + edge references).

Accomplishments that we're proud of

Proven end-to-end on the real GitLab Orbit codebase (16,496 definitions): changing compile() surfaces 29 impacted files — 22 critical — 193 callers across 12 modules, with the exact calling functions and the tests that touch them. Honest by design: if Orbit is unavailable, it stops rather than guess.

What we learned

Orbit's graph is rich enough to turn "guess what might break" into a queryable, scored, actionable answer — and the win is the synthesis + action on top of the graph, not the query itself.

What's next for MutationGuard

Cross-repo blast radius for monorepos (Orbit Remote); an architecture-health view of high-fan-in hotspots; native MR-description decoration when an MR-write tool lands.

Built With

  • ai-catalog
  • duckdb
  • git
  • gitlab-duo-agent-platform
  • gitlab-knowledge-graph
  • gitlab-orbit
  • python
Share this project:

Updates