Sovereign

Sovereign is an autonomous AI architect. Write a GitLab Issue, and it instantly generates code, provisions secure Google Cloud infrastructure via Terraform, and runs tests—ensuring zero cloud waste.

Comment

Sovereign Architect — From GitLab Issue to Deployed App, Zero Clicks

Inspiration

GitLab Issues describe what to build. Sovereign closes the gap between "idea" and "deployed, tested, production-ready code" — autonomously, using GitLab Duo as the brain.

What it does

Sovereign Architect is an AI agent built on the GitLab Duo Agent Platform that automates the entire SDLC from a single Issue:

  • Issue opened → Duo analyzes requirements, creates a branch, scaffolds code, opens an MR with SRE risk analysis and cost estimate
  • MR opened → Duo reviews code, generates Playwright E2E tests, runs SOC2/ISO27001/GDPR compliance checks, and auto-approves if no critical issues are found
  • CI pipeline → Gitleaks, Trivy, and Semgrep scan for secrets and CVEs; results posted to the MR
  • Preview deploy → Terraform provisions an isolated Cloud Run environment per MR (max 10 concurrent)
  • E2E failure → Self-Healing: Duo reads the error, commits a fix, re-triggers CI — up to 3 times
  • MR merged → Preview environment destroyed; related Issues auto-closed

All features are also available as /sovereign commands in any MR or Issue comment, and via GitLab Duo Chat.

How we built it

  • GitLab Duo Agent Platform — External Agent with /duo endpoint; Note Hook enables /sovereign commands natively in comments and Duo Chat
  • Gemini 2.5 Flash Lite — code generation, review, self-healing, compliance analysis
  • Google Cloud Run — Brain service + isolated preview environments per MR
  • GitLab CI — 5-stage pipeline: deploy → security → test → notify → weekly report
  • Terraform — preview environment provisioning with GCS remote state
  • Workload Identity Federation — keyless GCP auth from GitLab CI (no SA keys stored)

Challenges we ran into

  • GitLab CI YAML parser misinterpreted inline Python scripts starting at column 0 as YAML keys — collapsed all to single lines
  • gcloud builds submit sync mode failed in CI — replaced with --async + polling loop
  • Bootstrap chicken-and-egg: solved with /sovereign install which auto-registers the webhook and generates a Cloud Shell-ready GCP setup script

Accomplishments that we're proud of

  • A single Issue triggers branch, code, review, security scan, deploy, E2E test, and cleanup — fully autonomous
  • Self-Healing CI: Duo reads test failures, generates fixes, and re-triggers the pipeline automatically
  • /sovereign install gets any forked repo running in minutes with zero manual GCP config

What we learned

GitLab Duo's External Agent + Note Hook combination makes AI commands feel like a native part of the GitLab workflow — not a bolt-on chatbot. The real power is in taking direct actions: committing code, approving MRs, triggering pipelines.

What's next for Sovereign

  • Multi-cloud preview environments (AWS ECS, Azure Container Apps)
  • Custom SRE rulesets via sovereign.yml in the repo
  • Streaming Duo Chat responses for real-time deployment progress

Built With

Share this project:

Updates