Autopsy Incident Investigator

Autopsy auto-investigates failed CI/CD pipelines using AI agents, tracing commits, logs & MRs, then files a root cause report as a GitLab Issue in under 90 seconds.

Comment

Inspiration

Every team has been there — a pipeline fails at 2am, the on-call engineer spends an hour digging through job logs, commit history, and merge requests trying to figure out what broke and who changed it. The root cause is almost always findable, but the process is tedious, manual, and slow. We wanted to automate that entire investigation loop using GitLab's own AI platform.

What it does

Autopsy is an autonomous incident investigator that triggers when you mention it in a GitLab issue. It fetches the latest failed pipeline, pulls the job logs, traces recent commits and merge requests, identifies the most likely root cause, and creates a structured incident report as a GitLab Issue — all without any manual intervention. The report includes the failing job, exact error lines, suspect commit or MR, affected component, confidence level, and a recommended fix.

How we built it

Autopsy is built entirely on the GitLab Duo Agent Platform using a custom flow registered in the AI Catalog. The flow uses a single AgentComponent with a carefully engineered system prompt that walks the agent through a six-step investigation procedure: identify the failed pipeline, inspect job logs, trace recent commits, check recent MRs, synthesize a root cause, and create the incident issue. The project ID and path are hardcoded in the prompt to ensure reliable tool routing. The agent has access to 13 GitLab tools covering pipelines, commits, merge requests, and issue creation.

Challenges we ran into

The GitLab Duo Agent Platform is genuinely new territory. We hit several platform-level issues that weren't documented anywhere: the AI Catalog only syncs from git tags (not pushes to main), the rootNamespaceId resolution fails silently when the flow input format is wrong, and the multi-agent chained flow pattern we started with caused session failures that looked like namespace errors but were actually input routing issues. We went through 6 catalog versions before landing on the single-agent pattern that actually works. The GuardianMR project's changelog was the most useful debugging resource we found.

Accomplishments that we're proud of

Getting a fully autonomous agent to investigate a real pipeline failure, trace it to a specific commit, and create a properly formatted incident issue — triggered by nothing more than an issue mention — is genuinely useful. We're also proud of the investigation procedure we engineered into the system prompt: it's explicit, step-by-step, and produces consistent structured output even when some tool calls return empty data.

What we learned

Single-agent flows are dramatically more reliable than chained multi-agent flows on the current platform. The platform's context injection is not always reliable — hardcoding project identifiers in the prompt is the pragmatic fix. Tags are deployments, not just labels. And the most valuable debugging resource on a new platform is other people's changelogs.

What's next for Autopsy Incident Investigator

The natural next step is pipeline event triggers — Autopsy should fire automatically when a pipeline fails, not just when someone mentions it. We also want to add MR comment posting to pin the root cause directly on the suspect merge request, and explore a fix-suggestion mode that proposes a revert command or code change alongside the incident report.

Built With

  • 4.6
  • agent
  • ai
  • api
  • catalog
  • ci/cd
  • claude
  • duo
  • flow
  • gitlab
  • input-format-must-match-the-flow-registry-v1-spec-exactly
  • node.js
  • platform
  • registry
  • rest
  • sonnet
  • v1
  • v4
  • websockets
  • yaml
Share this project:

Updates