overview
GitLab Duo Agent Platform - Overview
Introduction
The GitLab Duo Agent Platform is GitLab's comprehensive AI-powered orchestration system that enables multiple AI agents to work autonomously and in parallel across the entire software development lifecycle. The platform represents a fundamental shift from traditional CI/CD automation to intelligent, agentic workflows that understand context, make decisions, and perform complex multi-step tasks.
Status: Public Beta (as of December 2025) General Availability: January 2026 (GitLab 18.8 release) Launch Event: February 10, 2026
What is GitLab Duo Agent Platform?
GitLab Duo Agent Platform is an AI orchestration layer built into GitLab that allows:
- Multiple AI agents to collaborate on complex development tasks
- Autonomous workflows that operate without constant human intervention
- Full lifecycle integration across planning, coding, testing, security, and operations
- Extensible architecture that supports custom agents and external tool integration
- Deep context awareness through the GitLab Knowledge Graph
The platform processes AI requests, orchestrates workflows, and provides agents with tools to interact with your entire DevSecOps environment.
Core Concepts
1. Agents
Agents are AI-powered entities that perform specialized tasks autonomously. They have:
- Specialized expertise for specific domains (security, code review, planning)
- Access to tools to interact with GitLab and external systems
- System prompts that define their behavior and capabilities
- Context awareness from the Knowledge Graph and project data
Types of Agents:
Foundational Agents (Pre-built by GitLab)
Production-ready agents created by GitLab for common workflows:
- Chat Agent: General-purpose development assistance via natural language
- Security Analyst Agent: Automates vulnerability triage, risk assessment, and security workflow
- Code Review Agent: Analyzes code changes and provides detailed review feedback
- Planning Agent (Planner): Streamlines project planning, balances workloads, and aligns with strategic goals
- Deep Research Agent: Leverages Knowledge Graph for comprehensive project analysis
- Product Planning Agent: Prioritizes backlogs and assigns work items
All foundational agents are enabled by default in GitLab Duo Chat.
Custom Agents
Agents you create and configure for your team's specific needs:
- Define behavior through custom system prompts
- Choose which tools they can access
- Configure for specific workflows and domains
- Integrate with your internal processes
External Agents
Integrate GitLab with AI model providers you already use:
- Connect to third-party AI systems
- Trigger from issues, epics, and merge requests
- Automatically creates service accounts with Developer role
- Extends platform capabilities beyond GitLab's native agents
2. Triggers
Triggers determine when a flow or agent action should execute. They define:
- Which service account runs the flow
- What conditions cause the flow to run
- Which events activate the trigger
Introduced: GitLab 18.3 (enabled by default)
Trigger Event Types:
- Mention: When a service account user is mentioned in a comment (
@ai-flow-name) - Assign: When a service account is assigned to an issue or merge request
- Assign Reviewer: When a service account is assigned as a reviewer to a merge request
Example Workflow:
# Flow triggered when @ai-security-scan is mentioned in an MR comment trigger: event: mention service_account: ai-security-scan flow: - agent: security_analyst action: scan_vulnerabilities - agent: security_analyst action: post_report
3. Flows
Flows are YAML-defined workflows that orchestrate agents to complete multi-step tasks. They:
- Define workflow steps and the sequence of agent actions
- Orchestrate multiple agents working together
- Automate repetitive tasks like diagnosing failures, updating dependencies, or running checks
- Run in GitLab CI/CD when triggered from the UI
Types of Flows:
Foundational Flows (Pre-built by GitLab)
- Code Review Flow: Analyzes code changes, MR comments, and linked issues; provides actionable feedback
- Software Development Flow: End-to-end development task automation
- Security Triage Flow: Automated vulnerability assessment and prioritization
Custom Flows
Teams create their own flows to automate specific processes:
- YAML-defined sequences
- Multi-step workflow orchestration
- Available in IDEs and GitLab UI
- Execute directly in CI/CD pipelines
Flow Structure:
name: automated-dependency-update description: Automatically update dependencies when vulnerabilities are detected trigger: event: assign_reviewer service_account: ai-dependency-updater agents: - name: security_analyst role: vulnerability_scanner - name: code_generator role: dependency_updater steps: - agent: security_analyst action: scan_dependencies - agent: security_analyst action: assess_risk condition: vulnerabilities_found - agent: code_generator action: update_packages condition: high_risk_detected - agent: code_generator action: run_tests - agent: code_generator action: create_merge_request condition: tests_passed
4. Actions
Actions are specific tasks that agents perform within a flow. Each agent has a set of available actions based on its tools and capabilities.
Examples of Agent Actions:
Security Analyst Agent Actions:
scan_vulnerabilities: Analyze code for security issuesassess_risk: Evaluate vulnerability severity and exploitabilitytriage_findings: Prioritize vulnerabilities based on contextgenerate_report: Create detailed security analysissuggest_remediation: Provide fix recommendations
Code Review Agent Actions:
analyze_changes: Review code modificationscheck_standards: Verify coding standards compliancedetect_issues: Identify potential bugs or anti-patternssuggest_improvements: Recommend code enhancementspost_review_comments: Add inline MR feedback
Planning Agent Actions:
analyze_requirements: Break down feature requestsestimate_effort: Provide sizing estimatesbalance_workload: Distribute tasks across teamtrack_progress: Monitor completion statusgenerate_updates: Create status reports
How They Work Together
TRIGGER † FLOW † AGENTS † ACTIONS † RESULTS
Example:
1. TRIGGER: Developer mentions @ai-code-review in MR comment
2. FLOW: Code Review Flow starts
3. AGENTS: Code Review Agent activates
4. ACTIONS:
- analyze_changes (reviews diff)
- check_standards (verifies style)
- detect_issues (finds bugs)
- post_review_comments (adds feedback)
5. RESULTS: Detailed review comments appear in MR
Service Accounts
Service accounts are non-human user accounts that represent AI agents and flows. They:
- Perform automated actions on behalf of the platform
- Are created automatically when flows are defined
- Have stable credentials unaffected by human user changes
- Follow naming convention:
ai-<flow>-<group>or@duo-developer
Key Service Accounts:
@duo-developer: Default composite identity for GitLab Duo Agent Platformai-<flow-name>-<group>: Automatically created for each custom flow- External agent service accounts: Created with Developer role when external agents are configured
Composite Identity
GitLab Duo Agent Platform uses a composite identity model:
Composite Identity = Human User Account + Service Account (@duo-developer)
This model:
- Limits access given to users through the service account
- Maintains audit trails linking actions to both human and AI
- Enforces permissions based on the intersection of both accounts' access
- Provides security boundaries for AI-driven operations
Platform Availability
Current Status (December 2025)
- Public Beta: Available to GitLab Ultimate customers
- Feature Set: Foundational agents, custom flows, triggers, external agents
- IDE Integration: Available in VS Code and JetBrains IDEs
- UI Integration: Available throughout GitLab web interface
General Availability (January 2026)
- Release: GitLab 18.8
- Additional Features:
- Enhanced agent observability
- Public AI Catalog for sharing agents and flows
- Advanced governance controls
- Extended MCP (Model Context Protocol) integrations
Roadmap (2026-2027)
2026 Focus Areas:
- Full agentic autonomy across DevSecOps lifecycle
- Compliance automation (goal: 82% of compliance built into code by 2027)
- Enhanced multi-cloud and hybrid deployments
- Extended ecosystem integrations (Jira, ServiceNow, ZenDesk)
2027 Vision:
- GitLab as the intelligent orchestration platform
- Autonomous agents handling majority of development workflow
- Predictive analytics and proactive issue resolution
- Self-healing systems and infrastructure
Key Benefits
For Development Teams
- Accelerated Delivery: 30% faster releases with AI-powered automation
- Reduced Manual Effort: Automate repetitive tasks like code reviews, security scans, dependency updates
- Enhanced Code Quality: Consistent standards enforcement and proactive issue detection
- Improved Context: Agents understand full project context via Knowledge Graph
For Security Teams
- Proactive Vulnerability Detection: Earlier identification of security issues
- Intelligent Triage: Risk assessment based on exploitability and context
- Automated Remediation: Suggested fixes and automated patching
- Compliance Automation: Built-in compliance checks and evidence collection
For Operations Teams
- Self-Healing Pipelines: Automatic diagnosis and fixing of CI/CD failures
- Predictive Monitoring: Early detection of performance issues
- Infrastructure Automation: AI-driven scaling and optimization
- Reduced MTTR: Faster incident resolution with agent assistance
Platform Architecture (High-Level)
‚ GitLab Duo Agent Platform ‚
‚ ‚
‚ ‚
‚ ‚ AI Gateway ‚ ‚ Duo Workflow ‚ ‚ GitLab ‚ ‚
‚ ‚ ‚‚ Service ‚‚ Runner ‚ ‚
‚ ‚ (Routing) ‚ ‚(Orchestration‚ ‚ (Execution) ‚ ‚
‚ ˜ ˜ ˜ ‚
‚ ‚
‚ ‚
‚ ‚ GitLab Knowledge Graph ‚ ‚
‚ ‚ (Semantic Code Search, Entity Relationships) ‚ ‚
‚ ˜ ‚
‚ ‚
‚ ‚
‚ ‚ GitLab Rails (Core AI Features) ‚ ‚
‚ ‚ (Issues, MRs, Projects, CI/CD, Security Scanning) ‚ ‚
‚ ˜ ‚
‚ ‚
˜
‚ ‚ ‚
¼ ¼ ¼
‚ External ‚ ‚ Model ‚ ‚ Third ‚
‚ AI Models ‚ ‚ Context ‚ ‚ Party ‚
‚ (OpenAI, ‚ ‚ Protocol ‚ ‚ Systems ‚
‚ Claude) ‚ ‚ (MCP) ‚ ‚(Jira, etc) ‚
˜ ˜ ˜
See architecture.md for detailed technical architecture.
Integration Points
The Agent Platform integrates with:
Within GitLab
- Issues & Epics: Planning and tracking automation
- Merge Requests: Code review and approval workflows
- CI/CD Pipelines: Automated testing, security scanning, deployment
- Security Dashboard: Vulnerability triage and remediation
- Wiki & Documentation: Knowledge management and updates
External Systems (via MCP)
- Ticketing: Jira, ServiceNow, ZenDesk
- Communication: Slack, Microsoft Teams
- Cloud Providers: AWS, Azure, GCP
- Monitoring: Datadog, Grafana, Prometheus
- Custom Tools: Any system with MCP server integration
Adoption Impact
Industry Statistics (2025):
- 1.5 million developers using GitLab's AI tools
- 30% faster releases with AI-powered automation
- 400 million pipeline minutes processed monthly
- Daily/multiple daily deliveries replacing monthly/weekly cadences
Customer Success Patterns:
- Early vulnerability detection strengthening security posture
- Reduced manual code review time by 40-60%
- Faster incident response with agent-assisted debugging
- Improved compliance with automated policy enforcement
Next Steps
- Learn the Architecture: See architecture.md for deep technical details
- Understand Triggers: Read triggers.md for trigger configuration
- Master Flows: Explore flows.md for flow orchestration patterns
- Manage Agents: Review agents.md for agent lifecycle management
- Integrate with CI/CD: Check integration.md for pipeline patterns
- Follow Best Practices: Study best-practices.md for production deployment
Additional Resources
- GitLab Duo Agent Platform Official Docs
- Getting Started with Agent Platform
- Flows Documentation
- Triggers Documentation
- Agents Documentation
- GitLab 18.7 Release Notes
Last Updated: January 2026 GitLab Version: 18.7 (Beta), 18.8 GA (Upcoming)