SentinelFlow

Multi-agent orchestration system. It leverages the GitLab Duo Agent Platform to transform DevOps into a closed-loop remediation system that not only detects issues but actually fixes them.

Comment

That is the core of your submission! Here is a high-impact, professionally drafted "About this Project" that highlights your technical sophistication and prize eligibility:

🚀 About SentinelFlow

🛡️ Inspiration

DevOps teams are drowning in alerts. Most security tools are "read-only" - they find a vulnerability, open an issue, and wait for a human to fix it. I was inspired to build a system that closes the loop. I wanted to turn GitLab into a self-healing environment where security and sustainability aren't just detected but automatically remediated at the moment of creation.

🤖 What it does

SentinelFlow is a multi-agent orchestration system that autonomously manages the "Scan-Fix-Report" lifecycle.

  • Security: It detects hardcoded secrets (GCP, Stripe, AWS) and expiring PKI certificates. It then opens Merge Requests to replace them with environment variables.
  • Google Cloud: It specifically identifies GCP patterns and guides users toward GCP Secret Manager with automated rotation links.
  • GreenOps: It analyzes .gitlab-ci.yml for inefficiencies and suggests job-filtering rules (rules: changes) and caching, reducing pipeline compute waste.
  • Intelligence: Consolidates 5 specialized agents into one "Sentinel Master" Super Agent for a seamless GitLab Duo Sidebar experience.

🏗️ How I built it

I built SentinelFlow entirely within the GitLab Duo Agent Platform.

  • Agent Orchestration: I designed a custom GitLab Flow that sequences five specialized agents (Scanner, Classifier, Remediator, GreenOps, and Reporter).
  • LLM Integration: Leveraged Anthropic Claude via GitLab Duo for high-reasoning classification and remediation logic.
  • GCP Native: Built with a deep focus on Google Cloud best practices, including automated rotation paths for Secret Manager.
  • Deterministic Scanning: Combined LLM intelligence with deterministic signal extraction to ensure 100% accuracy in secret detection.

🚧 Challenges I ran into

The biggest challenge was Agent Permission Scoping. I initially struggled with the orchestrator hit 403 blocks during automated triggers. I solved this by developing the "Sentinel Master" consolidated agent - a high-capability "Super Agent" that inherits the user's session token in the sidebar, ensuring a flawless and secure "Magic Moment" for the demo.

🏆 Accomplishments that I'm proud of

  • Autonomous Remediation: Moving the needle from "Alerting" to "Fixing" with automated MR generation.
  • Measured Sustainability: Successfully quantifying a 2.4 kg/month CO2 reduction (a 40% efficiency gain) through simple GreenOps job optimizations.
  • User Experience: Condensing a complex multi-agent system into a single, intuitive sidebar interaction that feels like a native GitLab feature.

🧠 What I learned

I learned that the future of DevOps isn't just about faster pipelines - it's about smarter ones. I realized that "Shift Left" can actually be fully automated if the agents have the right context and the right tools (like create_merge_request). I also gained deep insights into the GitLab AI Catalog's versioning and sync mechanisms.

🏁 What's next for SentinelFlow

  • Active Secret Revocation: Integrating with GCP APIs to automatically revoke exposed keys in real-time.
  • Historical GreenOps Trends: Adding a GitLab Wiki dashboard to track CO2 savings across entire organizations.
  • PKI Chain Validation: Expanding the certificate scanner to validate full trust chains and intermediate CA health.

Built With

  • claude
  • gcp
  • git
  • gitlab
  • gitlab-duo
  • opus
Share this project:

Updates