💡 Inspiration

Merge request reviews are broken. Reviewers approve changes without knowing what else in the codebase depends on the modified code. A single function change can silently break 10 downstream services — and nobody finds out until production.

We asked: what if an AI agent could instantly show reviewers the blast radius of every change, before they hit approve?

🔍 What It Does

Orbit MR Reviewer is a GitLab Duo agent that automatically analyzes every merge request using GitLab Orbit's knowledge graph.

When an MR is opened, the agent:

  1. Reads the MR diff to identify changed files, functions, and symbols
  2. Queries GitLab Orbit to map dependencies and affected components
  3. Checks pipeline status
  4. Assesses risk level — HIGH / MEDIUM / LOW
  5. Adds a risk label directly to the MR (orbit::high-risk, etc.)
  6. Posts a structured review comment with dependency map, suggested reviewers, and recommended actions
  7. Asks the reviewer for confirmation before marking approval

Reviewers get instant codebase context — without digging through hundreds of files manually.

🛠️ How We Built It

Built entirely on the GitLab Duo Agent Platform using:

  • GitLab Orbit (Orbit: Get Graph Schema) for knowledge graph queries
  • Build Review Merge Request Context to assemble the full review package
  • Get Merge Request Diffs to read exact code changes
  • Get Merge Request Pipelines for CI/CD status
  • Update Merge Request to apply risk labels automatically
  • Create Merge Request Note to post structured analysis comments

The agent is triggered via GitLab Duo Chat on any MR and runs entirely within GitLab — no external infrastructure required.

🚧 Challenges We Faced

  • Orbit is powerful but new — learning to reason about the knowledge graph schema and map it to real dependency risks took careful prompt engineering
  • Human-in-the-loop design — balancing automation with responsible AI (never auto-approving without explicit confirmation)
  • Structured output consistency — ensuring the agent always posts in the exact comment format regardless of MR complexity

✅ What Changes for Developers

Before: Reviewers approve MRs blindly, hoping nothing breaks downstream.

After: Every MR comes with an instant Orbit-powered dependency map, risk label, and suggested reviewers — making reviews faster, safer, and smarter.

Built With

  • agent
  • ci/cd
  • duo
  • gitlab
  • orbit
  • platform
Share this project:

Updates