💡 Inspiration
Merge request reviews are broken. Reviewers approve changes without knowing what else in the codebase depends on the modified code. A single function change can silently break 10 downstream services — and nobody finds out until production.
We asked: what if an AI agent could instantly show reviewers the blast radius of every change, before they hit approve?
🔍 What It Does
Orbit MR Reviewer is a GitLab Duo agent that automatically analyzes every merge request using GitLab Orbit's knowledge graph.
When an MR is opened, the agent:
- Reads the MR diff to identify changed files, functions, and symbols
- Queries GitLab Orbit to map dependencies and affected components
- Checks pipeline status
- Assesses risk level — HIGH / MEDIUM / LOW
- Adds a risk label directly to the MR (
orbit::high-risk, etc.) - Posts a structured review comment with dependency map, suggested reviewers, and recommended actions
- Asks the reviewer for confirmation before marking approval
Reviewers get instant codebase context — without digging through hundreds of files manually.
🛠️ How We Built It
Built entirely on the GitLab Duo Agent Platform using:
- GitLab Orbit (
Orbit: Get Graph Schema) for knowledge graph queries - Build Review Merge Request Context to assemble the full review package
- Get Merge Request Diffs to read exact code changes
- Get Merge Request Pipelines for CI/CD status
- Update Merge Request to apply risk labels automatically
- Create Merge Request Note to post structured analysis comments
The agent is triggered via GitLab Duo Chat on any MR and runs entirely within GitLab — no external infrastructure required.
🚧 Challenges We Faced
- Orbit is powerful but new — learning to reason about the knowledge graph schema and map it to real dependency risks took careful prompt engineering
- Human-in-the-loop design — balancing automation with responsible AI (never auto-approving without explicit confirmation)
- Structured output consistency — ensuring the agent always posts in the exact comment format regardless of MR complexity
✅ What Changes for Developers
Before: Reviewers approve MRs blindly, hoping nothing breaks downstream.
After: Every MR comes with an instant Orbit-powered dependency map, risk label, and suggested reviewers — making reviews faster, safer, and smarter.
Built With
- agent
- ci/cd
- duo
- gitlab
- orbit
- platform
Log in or sign up for Devpost to join the conversation.