Skychitect

AI agents that autonomously designs production-ready cloud architectures, generates infrastructure code, and calculates costs.

Comment

Skyrchitect

AI-powered cloud architect that turns requirements (or diagrams) into validated multi-cloud Terraform—powered by the GitLab Duo Agent Platform, with optional GitLab MR automation.

Inspiration

Every cloud infrastructure journey starts the same way: someone describes what they need, and then a DevOps engineer spends hours — sometimes days — translating those requirements into production-grade Terraform. For teams without dedicated cloud engineers, this bottleneck is even worse. They struggle with cloud best practices, miss critical security configurations, overpay for resources, and end up with fragile infrastructure that's hard to maintain.

We saw this gap firsthand: the distance between describing what you need and having production-ready Infrastructure as Code is enormous. Manual Terraform authoring demands deep expertise in networking, IAM, encryption, cost optimization, and compliance — knowledge that's expensive and scarce.

Skyrchitect was built to shrink that gap. We bring GitLab's DevSecOps philosophy into infrastructure design: describe or sketch what you need, get an architecture and Terraform from GitLab Duo, deploy it for real, and only then save the proven code to GitLab as a merge request.

What it does

Skyrchitect is an AI-powered infrastructure assistant delivered as a React + FastAPI application. Users work in the Skyrchitect UI (not raw GitLab) for the main demo flow: pick AWS, GCP, or Azure, generate an architecture, generate Terraform, deploy with stored credentials, and on success open a GitLab merge request with the validated code.

The repo also ships a GitLab Duo Flow (flows/skyrchitect-iac-generator.yaml), custom chat agent (agents/skyrchitect-chat-agent.md), skills, and MR review rules—so the same product story applies whether you drive it from the web app or from GitLab automation.

Three-agent pipeline (concept → implementation)

The hackathon design is a three-agent pipeline. In the live app, that pipeline is mirrored in the FastAPI backend: requirements-style prompts and IaC generation go to GitLab Duo (primary: Duo Chat GraphQL; optional glab duo cli fallback), with AGENTS.md, .gitlab/duo/chat-rules.md, and skills/ providing the same guardrails as the YAML flow.

Agent Purpose What it does in the product
Requirements Analyzer Natural language → structured architecture User requirements (or image-derived text) are sent to Duo; response is parsed into diagrams, components, costs, and alternatives for the UI.
IaC Generator Architecture → Terraform Duo generates Terraform (and can target GCP or AWS patterns per provider); large outputs can be split to reduce truncation.
Code Committer Proven code → GitLab After successful terraform apply, the backend uses the GitLab API to branch, commit, and open an MRdeploy-first, validate-then-save. 
Describe use case OR upload diagram
              │
              ▼
┌─────────────────────────────┐
│  Requirements (Duo + skills) │──▶ Structured architecture + diagram
└─────────────────────────────┘
              │
              ▼
┌─────────────────────────────┐
│   IaC Generator (Duo)        │──▶ Terraform (multi-cloud)
└─────────────────────────────┘
              │
              ▼
┌─────────────────────────────┐
│  Deployer (Terraform CLI)   │──▶ Real apply to AWS / GCP (+ Azure path in UI)
└─────────────────────────────┘
              │ success
              ▼
┌─────────────────────────────┐
│  Code committer (GitLab API)│──▶ Branch + commit + merge request
└─────────────────────────────┘

Image workflow: Anthropic Claude Opus (vision) extracts components from the uploaded image as text; that text is then fed to GitLab Duo so the hackathon-required Duo stack still owns the structured architecture output.

Reference architecture patterns (skills + examples)

The repository encodes GCP-focused patterns and examples (three-tier, serverless API, data pipeline, GKE, multi-region) in skills and examples/terraform/. The companion app uses the selected cloud provider and Duo-generated code rather than hard-coding a single pattern picker—patterns inform prompts and defaults, not a rigid wizard.

Security-first defaults (design intent)

Generated Terraform and AGENTS.md / skills emphasize: custom VPC patterns, private connectivity where applicable, least-privilege IAM, no secrets in Terraform variables, labels, and production safeguards (e.g. deletion protection) where the template applies. Exact resources depend on the architecture Duo returns and the target provider.

GitLab Duo in the loop

  • Architecture & IaC: Routed through GitLab Duo with project chat rules and skills context.
  • Traceability: GitLab issues / MRs / project path are supported from the backend (GITLAB_* env).
  • IDE / GitLab UI: The declarative flow + agent + skills remain first-class for teams who prefer GitLab-native workflows.

Voice (optional)

ElevenLabs can be configured for voice-driven input where integrated; the core demo path is text and image.

Automated MR review

.gitlab/duo/mr-review-instructions.yaml documents review expectations for generated Terraform MRs (security, cost, quality, documentation).

How we built it

GitLab Duo Agent Platform (required hackathon technology)

  • Flowflows/skyrchitect-iac-generator.yaml: three-step pipeline definition (requirements → IaC → commit).
  • Custom agentagents/skyrchitect-chat-agent.md: interactive Duo agent for GitLab-centric workflows.
  • Skills — under skills/ (Terraform GCP generator, security, cost, architecture patterns, voice companion).
  • Chat rules.gitlab/duo/chat-rules.md for multi-cloud and “return code as text” behavior.
  • AGENTS.md — project-wide Terraform and labeling conventions.

Companion application (primary demo UX)

  • Backend: FastAPI — orchestrates Duo calls, Anthropic vision for images, deployer module (terraform init/plan/apply), encrypted credential storage, and GitLab REST for MR creation.
  • Deploy-first, validate-then-save: deploy to the user’s cloud; on failure, log analysis and retry logic; on success, push validated files to GitLab.

Where the app runs

The Skyrchitect web stack is containerized and deployable to Google Cloud Run (image built with gcloud builds submit, stored in Artifact Registry, released with gcloud run deploy—e.g. us-central1). nginx serves the built React app and reverse-proxies /api to uvicorn. The Terraform Skyrchitect generates is for the user’s chosen provider (AWS/GCP/Azure), which is separate from where the app itself is hosted.

Built with

  • GitLab Duo Agent Platform (flows, agents, skills, chat rules)
  • GitLab REST API (merge requests, commits)
  • Google Cloud Run + Artifact Registry + Cloud Build (app hosting)
  • React + TypeScript + Vite
  • FastAPI + Python
  • Terraform (CLI via deployer)
  • Anthropic Claude Opus 4.6 (default model id claude-opus-4-6 for vision / direct API paths)
  • requests, cryptography, boto3 (HTTP, credentials, optional S3 helpers)
  • ElevenLabs (optional voice)
  • Infrastructure as Code & DevSecOps practices

Accomplishments that we're proud of

  • Duo-first intelligence: Architecture and IaC generation go through GitLab Duo, with repo-native skills and rules—not a generic chat bolt-on.
  • Deploy-first, validate-then-save: Real terraform apply to AWS or GCP before anything is committed to GitLab.
  • Two input modes: Typed requirements or uploaded architecture images (vision → Duo).
  • Multi-cloud UI: Provider selection flows through to generation and deployment targets.
  • Honest automation: We combine declarative Duo assets in GitLab with a small purpose-built backend so judges can click through a real product without using GitLab as the only surface.
  • GCP-hosted demo: The app itself can run on Cloud Run, while still deploying customer stacks to AWS, GCP, or Azure.

What we learned

IaC generation is a workflow problem, not a single prompt. Chaining understand → generate → apply → fix → commit required clear boundaries between Duo (reasoning + code text), Terraform (ground truth), and GitLab (version control).

Credits and APIs matter: We support Duo Chat GraphQL as well as CLI workflows so the product stays usable when different Duo surfaces have different quota pools.

What's next for Skyrchitect

  • Stronger terraform plan gating in CI before MR merge (beyond post-apply success).
  • Deeper Azure generation and deploy parity with AWS/GCP.

Built With

  • antropic
  • gcp
  • gitlab
Share this project:

Updates