Skip to main content

planning ai

GitLab Duo Planning - AI-Powered Project Management

Overview

GitLab Duo enhances project planning and issue management with AI-powered features that help teams break down work, generate descriptions, and manage the software development lifecycle more efficiently.

Key Planning Features

1. Issue Description Generation

Available: GitLab Ultimate

AI-generated descriptions for issues to improve clarity and completeness.

How It Works

When creating or editing an issue:

  1. Provide a brief title or outline
  2. Click "Generate with AI"
  3. Duo analyzes context and generates detailed description
  4. Review and edit as needed
  5. Save to issue

Example Generation

Input:

Title: Add user export feature
Context: Users need to export their data

AI Generated Description:

## Summary
Implement a feature allowing users to export their personal data
in compliance with GDPR requirements.

## Problem Statement
Users currently cannot download their data from the platform,
which is required for:
- GDPR compliance (data portability)
- Account migration
- Backup purposes
- Transparency

## Proposed Solution
Add a "Export Data" button to user settings that generates a
downloadable archive containing:
- Profile information
- Activity history
- Uploaded content
- Preferences and settings

## Technical Requirements
- Export format: JSON or CSV
- Include all user-related data
- Archive format: ZIP
- Email notification when ready
- Expiration: 7 days

## Acceptance Criteria
- [ ] User can request data export from settings
- [ ] Export includes all personal data
- [ ] Email notification sent when ready
- [ ] Download link expires after 7 days
- [ ] Export complies with GDPR Article 20

## Security Considerations
- Verify user identity before generating export
- Encrypt export file
- Audit log all export requests
- Rate limiting (1 export per 24 hours)

## Dependencies
- Email service for notifications
- Background job processor
- Secure file storage

## Estimated Effort
3-5 days

## References
- GDPR Article 20: Right to data portability
- Related: #456 (GDPR compliance epic)

Best Practices

Provide Context:

Title: Payment processing error
Context: Users reporting failed payments, happens during checkout,
affects ~5% of transactions, started after deployment last week

Specify Type:

Title: Improve search performance
Type: Performance improvement
Current: Search takes 3-5 seconds
Target: Search under 500ms

2. Planner Agent

Beta: GitLab Duo Agent Platform Available: GitLab 18.7+

AI agent that helps plan and break down work.

Capabilities

Create Features:

  • Analyze issue requirements
  • Break down into smaller tasks
  • Generate implementation plan
  • Estimate effort
  • Identify dependencies

Edit Features:

  • Refine existing plans
  • Update acceptance criteria
  • Adjust scope
  • Reestimate effort

Using Planner Agent

Via GitLab UI:

1. Navigate to issue
2. Click "Plan with AI"
3. Planner Agent analyzes and suggests breakdown
4. Review suggested tasks
5. Accept or modify
6. Create sub-issues automatically

Example Planning Session:

Original Issue:

Title: Implement OAuth2 authentication

Planner Agent Output:

Epic: OAuth2 Authentication Implementation

Breakdown:

1. Research and Design (2 days)
   - Research OAuth2 providers (Google, GitHub, Microsoft)
   - Design authentication flow
   - Create database schema for OAuth tokens
   - Document security considerations

2. Backend Implementation (5 days)
   - Set up OAuth2 client library
   - Implement authorization endpoint
   - Implement token exchange
   - Add user account linking
   - Create token refresh mechanism
   - Add session management

3. Frontend Implementation (3 days)
   - Add OAuth login buttons
   - Implement authorization redirect
   - Handle callback and token storage
   - Add account linking UI
   - Implement logout flow

4. Security Hardening (2 days)
   - Implement PKCE flow
   - Add state parameter validation
   - Set up CORS policies
   - Add rate limiting
   - Security audit

5. Testing (3 days)
   - Unit tests for OAuth flow
   - Integration tests with providers
   - Security testing
   - End-to-end tests
   - Load testing

6. Documentation (1 day)
   - API documentation
   - User guide
   - Admin setup instructions
   - Troubleshooting guide

Total Estimated Effort: 16 days

Dependencies:
- SSL certificate for OAuth redirect
- OAuth app registration with providers
- Redis for session storage

Risks:
- Provider API changes
- Rate limiting from providers
- Complex error scenarios

Success Metrics:
- 90% of new signups via OAuth
- < 5 second authentication time
- Zero security vulnerabilities

3. Merge Request Summaries

Available: GitLab Premium/Ultimate (18.0+)

AI-generated summaries of merge request changes.

Generation

When Creating MR:

  1. Fill in title
  2. Click "Generate summary with AI"
  3. Duo analyzes diff
  4. Generates comprehensive description
  5. Edit and save

Model: Claude Sonnet 4 (as of GitLab 18.1)

Example Summary

Code Changes:

+ Added user authentication middleware
+ Implemented JWT token validation
+ Added role-based access control
+ Updated API routes with auth requirements

AI Generated Summary:

## Changes
This MR implements a comprehensive authentication and authorization
system for the API.

## What Changed
- Added JWT-based authentication middleware
- Implemented token validation with expiration
- Added role-based access control (RBAC) system
- Protected all API routes requiring authentication
- Added support for refresh tokens

## New Dependencies
- jsonwebtoken@9.0.0: JWT creation and validation
- bcrypt@5.1.0: Password hashing

## Configuration Changes
- Added JWT_SECRET environment variable
- Added TOKEN_EXPIRATION configuration
- Updated CORS settings

## Migration Required
Yes - Run `npm run migrate:auth` to create auth tables

## Breaking Changes
- All API routes now require authentication
- Clients must include Bearer token in Authorization header
- Previous session-based auth is deprecated

## Testing
- Added 45 unit tests for auth middleware
- Added integration tests for protected routes
- All existing tests updated for auth requirements

## Security Considerations
- Tokens expire after 1 hour
- Refresh tokens stored securely
- Passwords hashed with bcrypt (10 rounds)
- Rate limiting on auth endpoints

## Performance Impact
- Adds ~5ms per authenticated request
- Minimal memory overhead
- Token validation is cached

## Deployment Notes
1. Set JWT_SECRET before deploying
2. Run database migrations
3. Update client applications to include tokens
4. Monitor auth failure rates

Closes #123
Related to #456 (OAuth integration)

4. Discussion Summaries

Available: GitLab Ultimate

AI summarization of long discussions in issues and MRs.

Use Cases

Long Threads:

Issue #789: Database performance degradation
Comments: 47
Participants: 8
Duration: 2 weeks

AI Summary:

## Discussion Summary

### Problem
Database queries slowing down over time, affecting user experience.

### Root Cause (Identified)
Missing indexes on frequently queried columns after recent schema changes.

### Agreed Solution
1. Add composite index on (user_id, created_at)
2. Add index on status column
3. Implement query caching for read-heavy operations

### Implementation Plan
@john will create indexes (#comment-123)
@jane will implement caching (#comment-145)
Target: Sprint 23

### Concerns Raised
- Index maintenance overhead (addressed: minimal impact)
- Cache invalidation strategy (resolved: time-based + event-based)

### Action Items
- [ ] @john: Add indexes (by Friday)
- [ ] @jane: Implement caching (next sprint)
- [ ] @mike: Load testing with new indexes
- [ ] @sarah: Update documentation

### Decisions Made
- Use Redis for query cache
- 5-minute cache TTL for list queries
- Event-based invalidation for updates

### Open Questions
None - all concerns addressed

5. Work Breakdown Suggestions

AI-powered work decomposition for large features.

Epic Planning

Input:

Epic: Implement real-time collaboration
Description: Enable multiple users to edit documents simultaneously

AI Breakdown:

## Epic: Real-time Collaboration

### Phase 1: Foundation (3 weeks)
**Goal:** Set up infrastructure for real-time communication

Issues:
1. Research WebSocket vs SSE options (2 days)
   - Evaluate Socket.io vs native WebSocket
   - Load testing requirements
   - Browser compatibility

2. Implement WebSocket server (5 days)
   - Set up Socket.io server
   - Connection management
   - Room/channel concept
   - Authentication integration

3. Set up message queue (3 days)
   - Redis pub/sub for message distribution
   - Message persistence
   - Failure handling

4. Client WebSocket integration (3 days)
   - Connection lifecycle management
   - Reconnection logic
   - Message serialization

### Phase 2: Document Locking (2 weeks)
**Goal:** Prevent conflicting edits

Issues:
5. Implement document locking mechanism (5 days)
   - Optimistic locking strategy
   - Lock acquisition/release
   - Lock timeout handling

6. Add user presence indicators (3 days)
   - Show active users
   - Cursor position sharing
   - User color assignment

7. Conflict resolution (4 days)
   - Detect conflicts
   - Merge strategies
   - User notification

### Phase 3: Operational Transform (4 weeks)
**Goal:** Real-time collaborative editing

Issues:
8. Research OT algorithms (3 days)
   - Evaluate OT vs CRDT
   - Choose algorithm (recommendation: OT)

9. Implement OT core (10 days)
   - Operation types (insert, delete, retain)
   - Transform function
   - Composition and inversion

10. Integrate OT with editor (5 days)
    - Hook into editor events
    - Apply remote operations
    - Generate local operations

11. Testing and edge cases (4 days)
    - Concurrent edit scenarios
    - Network interruption handling
    - Stress testing

### Phase 4: Performance & Polish (2 weeks)
**Goal:** Production-ready collaboration

Issues:
12. Optimize message frequency (3 days)
    - Debouncing strategies
    - Batch operations
    - Compression

13. Add offline support (4 days)
    - Queue operations when offline
    - Sync on reconnect
    - Conflict resolution

14. Monitoring and analytics (3 days)
    - Collaboration metrics
    - Performance monitoring
    - Error tracking

### Dependencies
- WebSocket infrastructure (#2)
- Message queue (#3)
- OT implementation (#9) before editor integration (#10)

### Risks
- OT complexity (Mitigation: Use proven library like ShareDB)
- Scalability at high user count (Mitigation: Load testing early)
- Network reliability (Mitigation: Robust reconnection)

### Success Metrics
- Support 50+ simultaneous editors
- Operation latency < 100ms
- Zero data loss
- 99.9% uptime

### Total Effort: 11 weeks

6. Sprint Planning Assistance

AI-powered sprint planning and estimation.

Capabilities

Velocity Analysis:

Team Velocity Analysis (Last 6 Sprints)

Average Points Completed: 42
Trend: Stable (+2% over 6 sprints)
Capacity: 50 points (team of 5)
Utilization: 84%

Recommendations:
- Current sprint: Plan 42-45 points
- Include 5 points buffer for unexpected work
- Leave 2-3 small issues for flex capacity

Story Point Estimation:

Issue #890: Add export to PDF feature

AI Estimation: 5 points (Medium complexity)

Reasoning:
- Similar to previous export features (CSV, Excel): 5 pts each
- Requires PDF library integration: +1 pt
- Custom formatting logic: +2 pts
- Testing across browsers: +1 pt
- No new dependencies beyond PDF lib: -1 pt

Comparable Issues:
- #456: Export to Excel (5 pts, completed in 3 days)
- #678: Export to CSV (3 pts, completed in 2 days)

Recommended Breakdown:
- PDF library setup: 1 pt
- Basic PDF generation: 2 pts
- Custom formatting: 2 pts
- Testing and polish: 1 pt

Estimate Range: 4-6 points (Medium confidence)

Sprint Goal Generation:

Sprint 24 Planning

Based on selected issues:
- User authentication improvements (8 pts)
- Search performance optimization (5 pts)
- PDF export feature (5 pts)
- Bug fixes (3 pts)

AI Suggested Sprint Goal:
"Enhance user experience with improved authentication,
faster search, and PDF export capability"

Theme: User Experience & Performance

Risks:
- PDF export may uncover edge cases (+2 pts buffer)
- Search optimization requires production testing

Recommendation: Commit to 21 points, keep 3-5 pts in backlog

Roadmap Planning

AI-Assisted Roadmap Creation

Generate Roadmap from Epics:

Q1 2026 Roadmap

Theme: Platform Modernization

January:
- OAuth2 Authentication (16 days)
- API v2 Migration Phase 1 (20 days)

February:
- Real-time Collaboration (Phase 1-2: 5 weeks)
- Mobile App Beta Launch (15 days)

March:
- Performance Optimization Sprint (10 days)
- Security Audit & Hardening (10 days)
- Real-time Collaboration (Phase 3-4: 6 weeks)

Dependencies Identified:
- OAuth2 must complete before Mobile App
- API v2 required for Real-time Collaboration

Critical Path:
OAuth2 † Mobile App Beta (8 weeks)
Real-time Collab (11 weeks, parallel track)

Resource Allocation:
- Team A: OAuth2 + Mobile App
- Team B: Real-time Collaboration
- Shared: Performance & Security

Risk Mitigation:
- OAuth2 complexity † Start early, external review
- Real-time scale issues † Load testing in Phase 1

Issue Refinement

AI-Powered Issue Enhancement

Before:

Title: Search is slow
Description: Fix it

After AI Refinement:

Title: Optimize search performance for product catalog

## Problem
Product search currently takes 3-5 seconds to return results,
causing poor user experience and abandonment.

## Current State
- Query scans entire products table (500K rows)
- No indexes on search fields
- Full-text search not optimized
- No caching layer

## Target State
- Search results in < 500ms
- Supports fuzzy matching
- Cached for common queries
- Scales to 1M+ products

## Proposed Solutions

### Option 1: Database Optimization (Recommended)
- Add GIN indexes for full-text search
- Implement tsvector for search fields
- Add materialized view for search
- Estimated: 3 days

### Option 2: Elasticsearch Integration
- Set up Elasticsearch cluster
- Sync products to ES
- Update search to use ES
- Estimated: 10 days

### Option 3: Hybrid Approach
- DB optimization for simple queries
- ES for advanced/faceted search
- Estimated: 8 days

## Recommendation
Start with Option 1 (quick win), evaluate Option 3 if needed.

## Success Metrics
- P95 search latency < 500ms
- Support 1000 concurrent searches
- Zero downtime during implementation

## Technical Details
- Tables: products, product_search_vector
- Indexes: products_search_idx (gin)
- Cache: Redis with 5-minute TTL

## Acceptance Criteria
- [ ] P95 latency < 500ms
- [ ] Supports fuzzy matching
- [ ] Handles typos gracefully
- [ ] Load tested to 1000 concurrent users
- [ ] Monitoring and alerts configured

Labels: performance, search, high-priority
Weight: 5
Milestone: v2.3.0

Label Suggestions

AI-Powered Label Recommendations:

Issue #901: User authentication failing on mobile app

Suggested Labels:
- bug (High confidence: mentions "failing")
- mobile (High confidence: mentions "mobile app")
- authentication (High confidence: domain-specific)
- priority::high (Medium confidence: auth is critical)
- customer-reported (Low confidence: not explicit)

Suggested Assignee:
@auth-team (Reason: authentication domain)

Suggested Milestone:
v2.2.1 (Reason: bug fix, next patch release)

Related Issues:
- #789: Similar mobile auth issue (closed)
- #856: Auth token refresh problem (open)

Time Tracking and Estimation

AI-Enhanced Time Estimates

Historical Analysis:

Issue #912: Add email notification preferences

AI Time Estimate: 2-3 days

Based on similar issues:
- #456: Email template system (3 days)
- #678: Notification settings UI (2 days)
- #789: User preferences API (2 days)

Complexity Factors:
- UI changes: 1 day (straightforward)
- Backend preferences: 0.5 days (existing pattern)
- Email integration: 0.5 days (existing service)
- Testing: 0.5 days (standard coverage)
- Documentation: 0.5 days

Developer Experience Level:
- Assigned to: @senior-dev
- Modifier: -15% (experienced with email system)

Final Estimate: 2 days (16 hours)
Confidence: 80%

Collaboration Features

Meeting Summaries

AI-Generated Meeting Notes:

Sprint Planning Meeting - 2026-01-08

Attendees: 8
Duration: 2 hours

Key Decisions:
1. Sprint goal: "Improve authentication and mobile UX"
2. Committed to 42 story points
3. Include OAuth2 and mobile bug fixes

Story Selections:
- OAuth2 implementation (8 pts) - @john
- Mobile auth fixes (5 pts) - @jane
- PDF export (5 pts) - @mike
- Performance improvements (8 pts) - @sarah
- Bug fixes (16 pts) - @team

Concerns Raised:
- OAuth2 complexity (Mitigation: Pair programming)
- Testing capacity (Mitigation: Dedicated QA time)

Action Items:
- [ ] @john: Set up OAuth2 dev environment (by tomorrow)
- [ ] @jane: Reproduce mobile auth issues (by EOD)
- [ ] @sarah: Profile performance bottlenecks (by Wed)
- [ ] @product: Prioritize bug list (by tomorrow)

Parking Lot:
- Real-time collaboration discussion (next sprint)
- Mobile app redesign (Q2 planning)

Next Meeting: Sprint Review - 2026-01-22

Best Practices

1. Provide Context for Better Results

Good:

Title: Add payment processing
Context: Stripe integration, support credit cards and ACH,
handle webhooks, PCI compliance required

Better:

Title: Implement Stripe payment processing

Context:
- Current: Manual invoicing only
- Goal: Automated card and ACH payments
- Requirements: PCI DSS compliance
- Volume: ~1000 transactions/month
- Similar: Payment gateway POC (issue #456)

2. Iterate on AI Suggestions

  1. Generate initial description
  2. Review and identify gaps
  3. Ask AI to expand specific sections
  4. Refine until complete

3. Use AI for Estimation Calibration

Track AI estimates vs. actual time:

# .gitlab/duo_calibration.yml
tracking:
  issue_901:
    ai_estimate: 3 days
    actual_time: 3.5 days
    accuracy: 88%

  issue_902:
    ai_estimate: 5 days
    actual_time: 4 days
    accuracy: 80%

4. Combine AI with Team Expertise

  • AI generates draft
  • Team reviews and enhances
  • Domain experts validate
  • Product approves scope

5. Use Templates with AI

<!-- Issue Template with AI Prompts -->

## Problem
[AI: Expand on user pain point]

## Solution
[AI: Suggest implementation approaches]

## Technical Details
[AI: Identify technical requirements]

## Acceptance Criteria
[AI: Generate testable criteria]

Integration with Agent Platform

Issue-to-MR Flow

Automated Implementation from Issues:

  1. Create issue with AI-generated description
  2. Label with auto-implement
  3. Planner Agent analyzes requirements
  4. Developer Agent generates implementation
  5. Test Agent creates tests
  6. Security Agent scans changes
  7. MR created automatically
  8. Notify team for review

Configuration:

# .gitlab/duo_flows/issue_to_mr.yml
flow:
  name: issue_to_mr
  trigger:
    type: label
    value: auto-implement

  agents:
    - planner
    - developer
    - test_generator
    - security_analyst

  steps:
    - agent: planner
      action: analyze_and_plan
    - agent: developer
      action: implement_from_plan
    - agent: test_generator
      action: generate_tests
    - agent: security_analyst
      action: security_review

Metrics and Analytics

Planning Effectiveness

Track AI Impact:

Planning Metrics Dashboard

Issue Quality Score: 8.2/10 (†‘12% with AI)
- Completeness: 9.0/10
- Clarity: 8.5/10
- Actionability: 7.5/10

Estimation Accuracy: 82% (†‘18% with AI)
- Under-estimated: 12%
- Over-estimated: 6%
- Accurate (±10%): 82%

Time Savings:
- Avg time to write issue: 8 min (was 20 min)
- Planning meeting duration: 1.2 hrs (was 2 hrs)
- Sprint planning: 2 hrs (was 3.5 hrs)

Team Satisfaction: 4.2/5

Troubleshooting

AI Suggestions Not Relevant

Improve Context:

  1. Add more details to issue title
  2. Include related issues
  3. Mention similar features
  4. Specify technical constraints

Estimates Inaccurate

Calibrate:

  1. Track estimates vs. actuals
  2. Provide feedback to AI
  3. Adjust for team velocity
  4. Factor in learning curve

Descriptions Too Generic

Refine Prompts:

Generic: "Add search feature"

Specific: "Implement full-text search for products using
PostgreSQL's tsvector, support fuzzy matching, return
results in < 500ms for 500K product catalog"

Resources

Next Steps