You must log in to access that page

Naviguide for Berry-Mappemonde

NAVIGUIDE — NavSecOps and Route-as-Code NavSecOps: maritime route GeoJSON reviewed like code—GitLab CI + Duo agent call Gemini/Claude on MRs; GCP-hosted API, decision support on merge gates.

Comment

Inspiration

Berry-Mappemonde is a real circumnavigation. Planning a safe offshore route is already hard; coordinating that plan across sailors, shore team, and evolving GeoJSON “route-as-code” in GitLab is harder. We wanted the same engineering discipline we use for software—review, traceability, and automation—applied to maritime legs, without pretending an LLM can replace the captain.

What we built (NavSecOps — complete)

NavSecOps integrates maritime route intelligence into the GitLab merge-request workflow:

GitLab Duo custom agent (agents/agent.yml) and flow (flows/flow.yml) with MR-oriented triggers and read-only tools (read_file, read_files) to surface context and narrative alongside automation. GitLab CI (.gitlab-ci.yml + helper script): on MRs that change route GeoJSON, the pipeline calls POST /api/v1/navsecops/analyze on our HTTPS API (Bearer NAVSECOPS_INGEST_SECRET), then posts a markdown Intelligence Report to the MR via the GitLab API. The job fails only on technical errors (auth, timeouts, 4xx/5xx, malformed JSON)—not on “bad weather” in the briefing. That matches our product stance: inform, don’t gate on LLM judgment. Single-pass analysis API: one request runs validation and risk (Google Gemini) and a skipper briefing (Anthropic Claude), with a structured contract: complete / partial / failed, per-stage errors, and structured logging. Persistence: POST /api/v1/navsecops/sync-report stores report history (SQLite for demos; Cloud SQL or GCS where durability matters); GET /api/v1/navsecops/reports exposes sanitized history for auditors and UI. Proxy: proxy_server.py routes /duo/* and /api/v1/navsecops/* to the FastAPI backend so judges can exercise one origin during demos. Deployment: Google Cloud (e.g. Cloud Run) with GitLab CI → GCP and secrets in Secret Manager + masked CI variables—no secrets in the repo. The public expedition app remains at naviguide.fr; the hackathon submission is the GitLab AI Hackathon repository with the agent, CI, and API contract documented under docs/.

What we learned

Duo’s catalog doesn’t replace a trusted authenticated HTTP path for our API: CI is the reliable bridge; Duo provides the “agent on GitLab” experience and context. Partial failure is normal in multi-LLM pipelines—explicit JSON errors beat silent drops. Ephemeral filesystem on Cloud Run forces honest choices about SQLite vs managed storage for anything beyond a demo window.

Challenges

Wiring GeoJSON from MR diffs safely into JSON bodies (jq, conventions, timeouts). Keeping secrets out of logs and artifacts while still giving judges reproducible test instructions. Aligning hackathon rules (working agent/flow, video, public repo, MIT) with a real expedition stack (Copernicus, offline maps, etc.).

Links

API contract & curl: docs/NAVSECOPS_PR_MATRIX.md Technical roadmap (phases): docs/NAVSECOPS_TECHNICAL_ROADMAP.md GitLab project (hackathon): see “Try it out” below.

Built With

  • anthropic-claude
  • cloud-run
  • cloudflare
  • copernicus-marine-service
  • fastapi
  • geojson
  • gitlab-ci-cd
  • gitlab-duo-agent-platform
  • google-cloud
  • google-gemini-api
  • maplibre-gl
  • python
  • react
  • secret-manager
  • supervisord
  • tailwind-css
  • vite
Share this project:

Updates