ShipSafe

ShipSafe is a multi-agent GitLab Duo Flow that automatically assesses merge request readiness.

Comment

Inspiration

Every merge request needs security review, compliance checks, CI/CD audits, and risk scoring before it's safe to ship. In practice, teams skip steps under deadline pressure or bottleneck on a few senior reviewers. I wanted to build a digital teammate that handles all of it automatically — no manual checklists, no waiting.

What it does

ShipSafe is a GitLab Duo Flow that triggers on merge request events and runs four AI agents in sequence:

  • Security Sentinel: scans for OWASP Top 10 vulnerabilities,
  • Compliance Scribe: maps changes to SOC 2/GDPR/HIPAA controls,
  • Green Optimizer: analyzes CI/CD pipeline sustainability, and
  • Release Gate Assessor: aggregates everything into a scored Release Readiness Report posted as an MR comment. Critical findings automatically create GitLab issues.

How I built it

I built it entirely on the GitLab Duo Agent Platform using custom agents and a flow definition. Each agent has a focused system prompt and specific toolset. The flow chains them sequentially, passing findings downstream via context:{agent}.final_answer so the final assessor can score and summarize everything in one report.

Challenges I ran into

Getting the flow YAML schema right was trial and error, the validator caught issues with tool names (blob_search vs gitlab_blob_search), unexpected properties and flow structure.

Accomplishments that I am proud of

On its first real test, ShipSafe caught 4 critical and 1 high severity vulnerability, flagged 7 compliance violations across 3 frameworks, identified missing CI/CD optimizations, and delivered a scored HOLD verdict with auto-created issues — all from a single MR trigger.

What I learned

The GitLab Duo Agent Platform is powerful for building multi-agent workflows that take real action, not just chat. I was able to focus on just prompts as the platform handled everything else.

What's next for ShipSafe

Adding a Test Coverage Analyzer agent, conditional routing (skip compliance for docs/style only changes)

Built With

  • anthropic
  • duo-agent
  • gitlab
Share this project:

Updates