Technical Debt Sentinel

Your codebase's autonomous security guardian — scans for technical debt, calculates a Health Score, and opens fix MRs before bad code ships.

Comment

Inspiration

Every software team has "dark corners" in their codebase - legacy files that are too scary to touch but too critical to ignore. While working on systems where a single bug could impact high-value operations, I realized that the biggest threat isn't a hacker; it's 10-year-old technical debt that no one understands anymore. I built the Technical Debt Sentinel to be the digital teammate that finally sheds light on those corners.

What it does

Technical Debt Sentinel is an autonomous AI Agent that lives inside your GitLab workflow. Instead of waiting for a developer to ask a question, it proactively "jumps" into repositories to perform a medical-grade health checkup.

~Proactive Scanning: It uses gitlab_search to map out the codebase and identify high-risk legacy files.

~Compliance Mapping: It doesn't just find bugs; it maps them to GDPR, HIPAA, SOC2, and PCI-DSS standards.

~Remediation engine: For every issue found, it provides a "Why this matters" explanation and a copy-pasteable code fix.

~Sustainability (Green Debt): It identifies O(n^2) loops and inefficient patterns that waste CI/CD compute and increase carbon footprints.

How we built it

We built the Sentinel to be a native "teammate" within the GitLab Duo Agent Platform.

~The Brain: We utilized Vertex AI (Claude 3.5/4.6 Sonnet) via Google Cloud credits to provide high-reasoning code analysis.

~Agentic Logic: Unlike a chatbot, the Sentinel uses MCP tools to autonomously explore the file structure and perform semantic code searches.

~Integration: We leveraged GitLab CI/CD as the agent's "nervous system" to ensure that audit reports are delivered directly into Merge Requests where they can be acted upon immediately.

Challenges we ran into

The biggest technical hurdle was the "last mile" of communication. While the agent could produce incredible 8/100 health scores in the background, getting those results to post back as visible MR comments required deep-diving into GitLab's schema validators. We solved this by pivoting to a Relay Architecture, using a Python-based execution wrapper that catches the AI's output and uses the GitLab API to "speak" back to the developer.

Accomplishments that we're proud of

~We successfully moved beyond "linting" to "mentorship." The Sentinel explains the consequences of a bug, helping junior developers learn from the code it fixes.

~Green Debt Detection: Creating a tool that explicitly targets Sustainability in the SDLC is a huge win for us.

~Autonomous Discovery: Seeing the agent successfully use tools to find hidden secrets in a 200+ line legacy file without a single human hint was a "eureka" moment.

What we learned

We learned that Agentic behavior is the future of DevOps. A chatbot is a tool you have to manage; an Agent is a teammate that manages the work for you. Navigating the GitLab Duo platform taught us how to structure prompts that prioritize action over conversation.

What's next for Technical Debt Sentinel

~Auto-Fix MRs: We want to move from "suggesting" fixes to automatically opening "Remediation Merge Requests" that a human just has to click "Approve" on.

~Custom Compliance Sets: Allowing companies to upload their own internal coding standards so the Sentinel can enforce specific corporate policies.

~Expansion: Bringing the Sentinel's "Green Debt" logic to more languages beyond Python, targeting cloud-heavy Java and Go environments.

Built With

Share this project:

Updates