Poneglyphs --ShiftLeft

Label a GitLab issue `shiftleft` → autonomous 5-agent pipeline reads GitLab Orbit, triages the bug, writes the fix, and opens a Merge Request in under 60 seconds.

Comment

Inspiration

Engineering teams spend 30–40% of their time on bug maintenance. Most of that time isn't the actual fix — it's everything around it: reading the codebase, triaging urgency, writing the patch, validating syntax, pushing a branch, opening an MR. The code change itself is usually 5–15 lines.

I wanted to automate every step except the human judgment at the end — the review and merge. ShiftLeft v1 proved it worked: 100% triage accuracy, 100% MR success rate, 57-second average from issue to MR.

But v1 had a weakness — it built its own knowledge map by fetching every file and parsing Python AST. No cross-file relationships. Python only. Re-parsed every run. When I saw GitLab Orbit, I realised GitLab had already solved this. So I rebuilt Cartographer — the mapping agent — to query Orbit instead.

What It Does

  1. Label any GitLab issue shiftleft
  2. Cartographer queries GitLab Orbit for the full codebase knowledge graph
  3. Triage (Gemini 2.0 Flash) picks the highest-severity bug and target file
  4. Coder (Gemini 2.0 Flash) writes the complete fix
  5. Auditor validates syntax (py_compile / node / tsc / go vet)
  6. HITL commits the fix and opens a Merge Request

From label to Merge Request: under 60 seconds.

How I Built It

Orchestration: LangGraph cyclic state machine. Each agent is a node. Auditor loops back to Coder on syntax failure (up to MAX_RETRIES).

Codebase intelligence: GitLab Orbit API (/api/v4/projects/:id/orbit/graph). Cartographer converts the node/edge graph into a file_map schema — no downstream agents needed to change.

Fallback chain: Orbit REST API → glab orbit export CLI → original Python AST (always available). ShiftLeft works even if Orbit isn't enabled yet.

LLM: Gemini 2.0 Flash via Vertex AI. ~3,200 tokens per run. < $0.01 cost.

GitLab integration: GitLab MCP for file commits, GitLab REST API v4 for issues and MR creation. Webhook on issue label event triggers the pipeline.

Agent Platform: skill.py exposes ShiftLeft as a native GitLab Duo Agent skill. Published to GitLab AI Catalog via agent.toml.

Observability: Arize Phoenix traces every LLM call with token counts, latency, and cost per agent per run.

Challenges

Orbit schema mapping — Orbit's node/edge format differs from the {functions, classes, imports} schema downstream agents expected. Writing _orbit_to_file_map() cleanly — handling contains edges for class methods, imports edges for

Built With

  • arize
  • gemini
  • gitlabduoagent
  • googlecloudrun
  • langgraph
  • mcp
  • orbit
  • phoenix
  • platform
  • python
  • streamlit
  • vertexai
Share this project:

Updates