-
-
Powered by GitLab Orbit, Tremor reveals dependency impact, predicts incidents, and shrinks risk before release.
-
A three-line change can affect ten systems. Tremor uncovers hidden dependencies, remembers history, and predicts risk.
-
Six specialized agents collaborate through GitLab Orbit to transform repository knowledge into deployment decisions.
-
Tremor queries GitLab Orbit's knowledge graph in real time, turning repository relationships into actionable insights.
-
Tremor transforms a merge request into a live impact map, revealing hidden dependencies before code reaches production.
-
Tremor doesn't just find risk—it reduces it. A safer split shrinks blast radius by 60% before deployment begins.
-
Tremor isolates the highest-risk change, shrinking blast radius by 60% and turning one risky deployment into three safer ones.
-
AI shouldn't stop at prediction. Tremor closes the loop by delivering explainable risk insights into the review workflow.
-
Tremor goes beyond visualization—predicting future failures and proposing safer deployment paths before they happen.
-
Built for real-world adoption: typed, tested, reproducible, and deployable as a reusable GitLab Duo Agent skill.
⚡ Three lines of code took down billing this morning. Someone approved it in nine seconds.
A diff shows you lines. It never shows you blast radius — what a change actually touches. So reviewers approve blind, an over-broad MR bundles a risky change with trivial edits, and the incident that the project's own history predicted ships straight to prod.
The context to stop it already exists — it lives in GitLab Orbit, the lifecycle knowledge graph. Nobody queries it at review time. Tremor does.
What it does
The instant a merge request opens, Tremor:
- Maps the blast radius — queries Orbit for every downstream service, pipeline, team and owner the change can reach.
- Predicts the risk — reads the graph's history (past incidents, pipeline failures, prior MRs on those nodes) and forecasts where it'll break.
- Proposes a safer way to ship it — decomposes the MR so the risky part travels alone, shrinking the worst-case blast 10 → 4 nodes (−60%).
- Acts — posts the whole report as an MR comment. Not confident? It files an issue for a human instead. It never posts an unverified map as authoritative.
It's not a chatbot. It's a GitLab Duo Agent Platform flow of six agents that does the work: Cartographer → Historian → Risk Scorer → Decomposer → Mitigation Planner → Reviewer (guard).
Meaningfully using Orbit — one adapter, five transports
Tremor speaks Orbit's real traversal DSL (not Cypher) through a single adapter with five interchangeable transports, selected by one env var:
- REST —
POST /api/v4/orbit/query(Bearer, traversal DSL) - glab remote —
glab orbit remote query - glab local —
glab orbit local index+sqlovergl_definition/gl_edge(DuckDB) - MCP —
query_graph/get_graph_schemaon the Duo Agent Platform - offline fixture — a real AST index of the repo (22 nodes, 28 edges for ours)
make orbit-check T=<transport> runs schema → graph → history through any of them and prints
the exact DSL it sends. The demo runs the offline path on purpose — zero credentials, so it
never breaks mid-presentation. Flip the env var to point it live at a provisioned Orbit group.
Why the idea is new — beyond blast radius
A static blast-radius map is the obvious Orbit demo. Tremor adds two things Orbit doesn't showcase, turning a map into a forecast (predictive risk from graph history) and a plan (counterfactual decomposition that proposes a smaller-blast way to ship the same change).
How we built it
- Backend — Python · FastAPI · pydantic · SSE streaming. Six agents behind a model-agnostic LLM client that degrades to deterministic heuristics, so it runs with zero credentials. Optional Groq (Llama 3.3) writes the executive summary on the comment.
- Frontend — a scrollable product page with an embedded 3D dependency-graph console (Next.js · React · React Three Fiber · bloom post-processing), driven live by the agents' SSE stream: the changed node detonates, a shockwave rides the real edges Orbit returned, and the graph re-arranges when you apply the safer split.
- Quality — typed end-to-end, 119 passing tests, GitLab CI, MIT.
Challenges we ran into
- Making Orbit usage meaningful, not decorative. We refused to fake a graph — every transport speaks Orbit's real wire format, and the guard agent will escalate to a human rather than post a map it isn't confident in.
- Turning a graph into a decision. Blast radius is easy to draw and hard to act on. The Decomposer had to find a split that genuinely shrinks the worst-case blast, and say so honestly when no beneficial split exists.
- A demo that can't fail. Live infra dies on stage. We made the offline path a first-class transport so the full six-agent flow runs anywhere, on any laptop, with no setup.
Accomplishments we're proud of
A solo build, in a week, that acts — six agents, five Orbit transports, a live 3D console, 119 tests, MIT-licensed, and a one-line install so any team can adopt it.
What we learned
Reviewers don't need more lines to read — they need to know what a change will break before they merge it. The knowledge graph already holds that answer; the win is asking it at the right moment and acting on it.
What's next
- Map the blast onto Orbit's full SDLC entities (work items, security findings, environments).
- Learn risk weights per-project from real incident outcomes.
- Auto-open the proposed split MRs, not just recommend them.
Built With
- duckdb
- fastapi
- gitlab-ci
- gitlab-duo-agent-platform
- gitlab-orbit
- glab
- groq
- llama-3.3
- mcp
- next.js
- pydantic
- pytest
- python
- react
- react-three-fiber
- server-sent-events
- three.js
- typescript
Log in or sign up for Devpost to join the conversation.