Peggy PQC + Green Carbon Agent for Gitlab

Peggy PQC Agent: Auto-finds, fixes, diagram-visualizes quantum-vulnerable crypto into PQC NIST standards. Rationalizes actual pqc carbon impact like % of CO₂e. PQC-ready fixes with GreenOps insight.

Comment

Peggy - PQC + GreenOps Agent

What Peggy Does

Peggy is an AI agent built on GitLab Duo that reports, rationalizes and acts to solve PQC + greenOps problem.

  1. Scans your codebase for quantum-vulnerable cryptographic patterns . Generates production-ready fixes aligned to NIST 2024 standards (ML-KEM-768, ML-DSA-65, SLH-DSA)
  2. Ships the work , creates a branch, commits the fix, opens an MR, and annotates it with a Mermaid before/after threat diagram
  3. Measures the carbon delta , calculates real CO₂e using @tgwf/co2, counting actual network bytes and CPU cycles before and after each fix
  4. Visualizes the diagram (mermaid ) delta and dependencies before vs after
  5. Escalates when it matters , a "final-boss protocol" bypasses middleware entirely and places a direct AI voice call to the decision-maker via local MCP Suarify integration

🌟 Inspiration

Having attended several DevOps conferences , I’ve seen the growing momentum behind shifting left on both Post-Quantum Cryptography (PQC) and GreenOps. This hackathon is my first real handson into merging these two world with real ai gitlab ci agent. I also wanted to create a bypass phonecall if high-level emergency is detected , hence include mcp for phonecall in this demo. Why Peggy? It is just a name I can think of of for PQC +Green

Why Carbon Measurement Matters

PQC isn't free. ML-KEM and ML-DSA produce significantly larger keys and signatures than ECC. Millions of larger TLS handshakes per day adds up — in latency, in energy, in emissions. Without measuring, teams migrate blindly and may land on a standard that's secure but wasteful. Peggy finds the optimal algorithm, not just a compliant one.

What Makes This Different

Most security tools stop at detection. Most GreenOps tools ignore cryptography entirely. Peggy is the only agent that closes the loop: find the vulnerability → ship the fix → prove the carbon saving — autonomously, inside your existing GitLab workflow.

🤔 Problem statements

Quantum computers will break cryptography like RSA, ECC, and Diffie-Hellman within 3–7 years using Shor's and Grover's algorithms. "Harvest now, decrypt later" attacks are already happening. Most developers don't know their code is exposed and fixing it manually is slow, error-prone, and environmentally blind. Existing tools scan. They don't fix. And none of them tell you what the migration costs in carbon and GREEN impact. Peggy PQC Agent was born to bridge this gap (pqc-readiness + green impact), even featuring a skip-level protocol to bypass standard escalation tree by having direct AI voice alerts during national security emergencies (eg PQC impact multiple key infra repos).

Peggy PQC Agent is an AI-powered security auditor that can think and act:

  1. Auto-Finds Quantum Vulnerabilities
  2. Auto-Fixes with NIST Standards by creating actual commits, branch and merge request , comments
  3. Visualizes diagrams of before vs after Threats (mermaid )
  4. Measures and rationalizes Carbon Impact
  5. Generates Production-Ready MRs & Do Skip-level escalation Phone call if needed

GreenOps carbon methodology

  1. Deterministic Methodology
  2. Use library @tgwf/co2 methodology

  3. Count actual compute time taken and network byte sent before vs after

  4. Non-deterministic methodology

  5. Use laws and knowledge of association with PQC fixes and crypto-relationship with carton ipact

  6. Calculates network bytes transferred per operation Estimates CPU energy consumption Converts to CO₂e using @tgwf/co2 methodology Shows before/after carbon footprint Identifies optimization opportunities (compression, batching)

🛠️ How We Built It

I developed this primarily within the GitLab Web IDE, leveraging GitLab Duo AI and following the technical guidance provided by @LeeTickett. To refine the implementation locally, I used Antigravity to debug and troubleshoot the agent's logic and flows.


Platform: GitLab Duo Agent (YAML-based skill flows)
Language: Node.js
Key tools: gitlab_blob_search, create_commit, create_merge_request, create_merge_request_note
Carbon engine: @tgwf/co2
Visualization: Mermaid diagrams
Escalation: MCP Suarify (local stdio)
AI assistance: GitLab Duo + Claude (Vertex)
Skills are defined in chat-rules.md, mcp.json, and skills/SKILL.md.

Challenges we ran into

I was unfamiliar with the agent and flowsyntax YAML-based. So, I focused on rapid upskilling by trial and error with the pipeline to see the result. Also faced an issue where my connection to external server mcp always disconnects. So after trying out , getting help from claude and gitlab duo, able make local stdio MCP integration connection that worked, but then shifted toward a more lightweight skill.md to navigate the tool use.

Accomplishments that we're proud of

Despite having no prior experience with YAML-based AI frameworks or GitLab agents, successfully get it to work the way i intended it to work in terms of capability and flow-wise. Thanks google claude and gitlab. This project represents a significant milestone in my ability to rapidly master new technologies to solve complex, multi-dimensional problems.

What's next for Peggy - Post-quantum security & GreenOps Agent for Gitlab

Aim to scale Peggy by refining its PQC and carbon footprint analysis through advanced libraries to cover more use cases, solidify pqc-green impact. Aim to continue implementing a local AI voice "final-boss-protocol" for direct, high-stakes critical infrastructure alerts.

Built With

Share this project:

Updates