Inspiration
In modern DevSecOps workflows, the real bottleneck is not visibility but execution.
Tools today can already identify why a pipeline failed, where vulnerabilities exist, and what potential fixes might look like. However, engineers still spend significant time manually reading logs, updating configurations, creating merge requests, and tracking issues across systems.
This gap between insight and action is where most productivity is lost.
REFIX was built to address this directly. Instead of assisting with suggestions, it acts within GitLab to resolve problems end to end.
What I Built
REFIX is an autonomous DevSecOps agent built on the GitLab Duo platform with a strict execution model.
It is designed around a simple principle:
It does not suggest. It executes.
The system operates as a two phase pipeline.
Context Analyzer
This phase gathers real time project data from GitLab, including vulnerabilities, pipeline failures, issues, and merge requests. It uses a focused set of read only tools to construct a structured understanding of the current project state.
Action Responder
This phase takes the analyzed context and performs actions across multiple domains. It fixes pipelines, triages vulnerabilities, edits code, creates commits, opens merge requests, and generates reports.
Flow
User Goal → Context Analyzer → Action Responder → Actions Executed
This separation ensures that all actions are grounded in accurate, up to date information before execution begins.
How It Works
REFIX operates directly on GitLab primitives and produces real outcomes.
It reads pipeline logs, identifies root causes, applies fixes, and creates merge requests. It analyzes security findings, dismisses false positives, confirms real issues, and creates linked tracking issues. It traverses the codebase, modifies files, commits changes, and submits merge requests. It processes audit events and generates structured compliance reports.
Every execution results in concrete artifacts such as issues, commits, and merge requests rather than recommendations.
Key Design Decisions
The system is designed to prioritize execution over explanation. All actions are performed through structured tool usage that maps directly to GitLab APIs.
Every write operation is preceded by reading live project data, ensuring decisions are based on actual state rather than assumptions.
Safety is enforced through strict boundaries. All changes are submitted through merge requests, no automatic merges are performed, and every action is traceable within GitLab.
Challenges
One of the main challenges was ensuring that the system consistently performs actions rather than defaulting to explanations, which is a common pattern in AI systems.
Another challenge was orchestrating a large number of tools across different domains such as CI/CD, security, and repository management while maintaining reliable execution flow.
Working with live system state introduced additional complexity, as the agent needed to handle real pipeline logs, vulnerabilities, and evolving project data.
Balancing autonomy with control was also critical. The system needed to act independently while still maintaining safety through reviewable outputs.
What Makes REFIX Different
REFIX focuses on execution rather than assistance. It provides end to end automation from problem detection to resolution.
The two phase architecture separates analysis from action, ensuring structured and reliable decision making.
It integrates deeply with GitLab workflows and operates directly on real project data.
All actions are transparent, traceable, and aligned with standard development practices.
🛠️ Built With
Platform: GitLab Duo Agent Platform Configuration: YAML for agent and flow definitions APIs: GitLab REST API and GraphQL API Architecture: Two phase agent pipeline
Capabilities include CI/CD diagnostics and repair, vulnerability triage, repository operations, merge request automation, and compliance reporting.
Built With
- agent
- duo
- gitlab
Log in or sign up for Devpost to join the conversation.