GitLab Duo Agent Platform

Every MR gets the
context it deserves

Write a flow once. Let it analyze your merge request and post a structured context brief — automatically.

See how it works
context-brief.yaml
context-brief.yaml
AGENTS.md
1version: "v1"
2environment: ambient
3 
4components:
5 - name: "context_brief_agent"
6 type: AgentComponent
7 prompt_id: "context_brief_prompt"
8 toolset:
9 - "get_merge_request"
10 - "list_merge_request_diffs"
11 - "list_commits"
12 - "create_merge_request_note"
13 
14flow:
15 entry_point: "context_brief_agent"

THE DIFFERENCE

From noise to clarity

A typical MR shows what changed. Context Brief shows what you actually need to know.

Without Context Brief
- const TOKEN_EXPIRY = 3600;
+ const TOKEN_EXPIRY = 7200;
- validateSession(req);
+ validateRecoveryToken(req);
// ... 847 more lines across 12 files

MR Description

"Added password reset flow"

Reviewer reconstructs context from the diff alone. Time wasted.

With Context Brief

What changed

  • Added password reset endpoint in reset.ts
  • Updated token validation logic
  • New recovery_tokens migration

Risk level

HighAuth + DB schema + sessions

Hidden assumptions

  • Token expiry enforced server-side only
  • Session invalidation is asynchronous

Full context in under 10 seconds.

SAMPLE OUTPUT

The Context Brief

Exactly what gets posted as a comment on the merge request. Seven sections, scannable in under 10 seconds.

CB
Context Brief Agentjust now
Bot

🔍Context Brief

  • Added POST /api/v1/auth/reset-password in src/api/auth/reset.ts
  • Updated token validation in token-service.ts for single-use recovery tokens
  • Added PasswordResetForm component with rate-limit UX
  • New migration 20260320_add_recovery_tokens_table.sql
  • Updated password-reset email template with branding
  • Added integration tests for the reset endpoint

This MR introduces self-service password recovery, changing the authentication flow to allow users to reset credentials without admin intervention. It touches token generation, email delivery, and user settings — three areas tightly coupled to session management and account security.

  • Auth middleware — token validation path now includes recovery type
  • Email delivery service — new template registration
  • User settings page — new recovery flow entry point
  • Session management — sessions invalidated after reset
  • Rate limiting — reset endpoint needs its own bucket
  • Recovery tokens are single-use server-side, but client does not prevent double-submission
  • Email provider may retry delivery, sending multiple reset links
  • UI assumes user is logged out after reset, but session invalidation is asynchronous
  • Migration is irreversible — rollback drops all recovery token history
HIGHAuth + DB schema + session lifecycle
  • Verify expired-token behavior returns 401
  • Verify replay protection (single-use enforcement)
  • Verify concurrent request handling on same token
  • Verify session invalidation ordering
  • Verify rate limiting on reset endpoint
  • Verify test coverage for failure paths
  • Update auth flow documentation with recovery path
  • Add password-reset architecture note
  • Document recovery_tokens table schema
  • Add rate-limiting config to ops runbook
Generated by Context Brief Agent

HOW IT WORKS

From setup to automation
in 3 simple steps

STEP 1

INTEGRATING…

Connect your existing tools

Assign the agent as a reviewer or mention it in a comment. The flow launches automatically.

Assign reviewerActive
Mention triggerActive
Pipeline eventsOptional

STEP 2

PROCESSING…

Analyze every change

The agent gathers MR metadata, diffs, and commits. It classifies changes, infers intent, and detects hidden assumptions.

get_merge_requestRead
list_merge_request_diffsRead
list_commitsRead
build_review_contextRead
list_repository_treeRead

STEP 3

COMPLETE

Post the brief instantly

A structured Context Brief is posted directly as a merge request note. Seven sections, zero config.

What changedPosted
Risk levelPosted
Reviewer checklistPosted
Docs follow-upPosted

FULL TOOLSET

build_review_merge_request_contextget_merge_requestlist_merge_request_diffslist_commitsget_repository_filelist_repository_treecreate_merge_request_note

CUSTOMIZATION

Configure per project

Tune agent behavior through the flow prompt and AGENTS.md. Every setting is optional.

Sections

Toggle brief sections on or off

Risk sensitivity

Adjust flagging threshold

LowMediumHigh

Posting mode

Auto or manual trigger

Flow preview

Live config summary

Active sections7/7
Risk thresholdMedium
Postingauto
Environmentambient
Triggersreviewer, mention
version: "v1"
environment: ambient
components:
- name: context_brief_agent
type: AgentComponent

OPEN SOURCE

Automate context.
Ship faster.

Built for the GitLab AI Hackathon. One flow, one agent, one comment that saves every reviewer's time.

Explore the project