Sprint Guardian

Inspiration: As a founder and AI engineer, I watched development teams struggle with the same bottleneck over and over. Developers were merging code faster than humans could review it. Security vulnerabilities slipped through. Quality issues piled up. The problem wasn't the developers ......it was the process. There was no scalable way to give every merge request the attention it deserved. Sprint Guardian was born from that gap. What if every developer had a world class security reviewer, quality engineer, and technical lead available on every single MR .....automatically?

What it does: Sprint Guardian is a four agent merge request review pipeline built natively on the GitLab Duo Agent Platform. When a developer opens a merge request, Sprint Guardian automatically deploys four specialized agents in sequence: Triage Agent reads the full diff, identifies the core change, assigns a risk level, and creates a problem marker that every downstream agent works from. Security Gate Agent scans for hardcoded secrets, authentication flaws, authorization gaps, injection risks, and insecure configuration. Every category gets a PASS, WARN, or FAIL rating. Quality Check Agent reviews the code across four pillars; correctness, readability, testability, and maintainability, and rates each one independently. Unblock Agent synthesizes all three upstream reports into one prioritized action list for the developer. Must fix. Should fix. Nice to fix. Clear verdict. No vague feedback. The result is a complete security and quality report posted directly on the MR, telling the developer exactly what to fix and where.

How we built it: Sprint Guardian is built using the GitLab Duo Agent Platform custom flows framework. The flow is defined in a single YAML file using the v1 schema with four AgentComponent entries connected by sequential routers. Each agent has a dedicated SKILL.md file in the skills folder that defines its identity, purpose, logic, guardrails, and a self check criteria it must pass before posting. This means each agent knows not just what to do, but why it exists and when to stop. The demo scenario uses a real authentication middleware file with intentional vulnerabilities, a hardcoded production API key and a hardcoded session timeout, to produce a realistic and predictable demo run. Built by MKE BIZ TECH LLC, Milwaukee Wisconsin.

Challenges we ran into: The biggest challenge was the YAML schema. GitLab Duo Agent Platform uses a completely different flow syntax than GitLab CI/CD pipelines, and early versions of the flow were written in GitHub Actions syntax by mistake, meaning the flow sat silently doing nothing. Debugging the schema from scratch, understanding the difference between components, routers, and prompts, and getting the skill files wired correctly took significant iteration. Getting the agents to actually post structured output to the MR in a readable format was also a key challenge that required careful prompt engineering in each skill file.

Accomplishments that we're proud of: We are proud that Sprint Guardian actually works. Four agents run in sequence, each one building on the previous agent's output, and the final result is a structured, actionable review posted directly on the MR. We are also proud of the skill file architecture, giving each agent a full identity, purpose statement, guardrails, and self check criteria goes far beyond a basic prompt. Each agent knows what it is, why it exists, and how to verify its own work before posting. That design philosophy is core to our proprietary Staged Intelligence methodology.

What we learned We learned that the GitLab Duo Agent Platform is genuinely powerful for multi agent orchestration but requires precise schema knowledge that is easy to get wrong. We also learned that the quality of an agent's output is directly proportional to how well it understands its own role, not just its instructions. Agents with identity, purpose, and self check criteria perform dramatically better than agents with only a task description. This reinforced everything we believe about how AI agents should be built.

What's next for Sprint Guardian Sprint Guardian is the surface layer. The underlying architecture, Staged Intelligence; is a four phase multi tier AI orchestration methodology developed and trade secret protected by MKE BIZ TECH LLC. Future versions of Sprint Guardian will include adaptive routing based on risk level, integration with GitLab security scanning tools, team specific rule sets loaded via skills, and a compliance reporting layer for enterprise DevSecOps pipelines. We are also exploring Sprint Guardian as a standalone product for development teams who want automated MR review without changing their existing workflow.

Built With

agent
anthropic
biz
claude
custom
duo
flows
framework
gitlab
identity
javascript
mke
node.js
platform
skill.md
stagedintelligence
tech
yaml

Submitted to

GitLab AI Hackathon

Created by

I am the sole founder and builder of Sprint Guardian. As CEO of MKE BIZ TECH LLC I designed the full four agent architecture, wrote all four SKILL.md agent identity files defining each agent's purpose, guardrails, and self check criteria, configured the GitLab Duo custom flow YAML using the v1 schema, built the demo scenario, recorded and produced the demo video, and submitted the complete project. The agent identity framework used in Sprint Guardian is derived from my proprietary Staged Intelligence methodology, a four phase multi tier AI orchestration system developed and trade secret protected by MKE BIZ TECH LLC.

Yavohonna Ford
Mke Biz Tech

Updates

Yavohonna Ford started this project — Mar 25, 2026 10:51 AM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.