PatchCascade

A GitLab proof layer that blocks unsafe agent patches until Orbit evidence, diff review, and verifier checks are visible.

Comment

Inspiration

Coding agents are fast at making patches. Maintainers still need proof: which repo was touched, why that file mattered, whether the diff applied, whether checks passed, and whether the run should be blocked before it reaches review.

PatchCascade is built for that trust gap.

What it does

PatchCascade turns a CVE request into a GitLab remediation run. It loads registered repositories, asks Orbit Remote or Orbit Local for call-path and definition evidence when available, falls back honestly to repo metadata when graph proof is missing, ranks blast radius, drafts a remediation diff, then gates GitLab merge request creation behind apply/lint/test verification.

The dashboard shows the decision in one place: run state, changed diff, proof source, verifier result, blocker, and submit/hold state.

How we built it

The backend is TypeScript/Express with Prisma, Postgres, Redis/BullMQ, GitLab API calls, and an Orbit client. The frontend is React/Vite with a no-key public demo path for judges. The GitLab-native surface is a published Duo Agent Platform flow: PatchCascade Remediator v1.0.1 in the official GitLab AI Catalog project.

Challenges

The hard part was not generating a patch. The hard part was making the product honest when evidence is partial.

Orbit can be Remote, Local, or unavailable, so the proof trace says which path was used. Patch application is conservative too: PatchCascade can create a GitLab merge request, but only after verifier checks pass. Failed proof blocks submission.

Accomplishments

The live demo runs from /dashboard without an API key. Testers can queue the scan, inspect the blast-radius graph, see the generated remediation draft, and see why the patch is accepted or blocked.

The repo also has product verification checks, browser proof from the deployed EC2 instance, and a public README that tells testers exactly where to find the proof.

What's next

More GitLab namespace indexing, richer Orbit queries for contributor and merge-request history, and tighter verifier recipes per language so PatchCascade can become a normal pre-review gate for agent-generated remediation.

Built With

Share this project:

Updates