Guardian Angel

Guardian Angel, built on GitLab Duo, is your Matrix defense—scanning every MR, catching compliance, privacy, and security violations before they escape into production and cost millions.

Comment

Guardian-Angel (GitLab Duo) — Compliance, Security & Privacy Enforcement

Inspiration

In the Matrix, threats don’t come from outside—they’re hidden inside the system.
We were inspired by a simple idea: what if compliance, security, and privacy risks could be stopped inside the pipeline—before they escape into production?

Regulated teams today lack real-time enforcement at merge time. We set out to build a sentinel layer inside the CI/CD Matrix—powered by rules and AI.

What it does

Guardian-Angel acts like the Matrix’s intelligent defense system, watching every Merge Request:

  • 🐶 Compliance Watchdog → enforces regulatory rules (HIPAA, SOX, FINRA, SOC2, ECOA/TILA/RESPA)
  • 🦅 CyberHawk → detects security vulnerabilities and misconfigurations
  • 🐾 PantherVault → protects sensitive data and privacy (PII/PHI)

With Anthropic-powered intelligence, the system understands context, explains risks, and helps developers fix issues faster.

Together, they intercept risky code before it “escapes the Matrix” into production, with inline MR comments, structured JSON, and optional merge blocking.

How we built it

We built Guardian-Angel as an orchestrated GitLab Duo agent system:

  • GitLab Duo agents + flows (guardian-angel.yml) orchestrating all three agents
  • A deterministic rule engine (sentinel/) using YAML rules (compliance-rules/*.yaml) as the source of truth
  • Anthropic integration for:
    • Attribute extraction from MR code + context
    • Rich, human-readable explanations and remediation
  • CI/CD integration via AI Catalog sync and commit status checks

Matrix analogy:

  • Rules = the laws of the system
  • Anthropic = the intelligence that interprets intent

Accomplishments that we're proud of

  • ✅ Built a multi-agent system combining compliance, security, and privacy
  • ✅ Integrated deterministic rules + Anthropic AI for accuracy and explainability
  • ✅ Enabled pre-merge enforcement, not just detection
  • ✅ Delivered structured outputs + executive summaries
  • ✅ Designed for enterprise readiness (auditability, CI/CD, offline testing)

What we learned

  • AI alone isn’t enough—you need deterministic rules for trust and governance
  • The combination of Anthropic AI + rule engines creates powerful, explainable systems
  • Developers prefer inline, actionable feedback over external reports
  • Compliance can be embedded into developer workflows without slowing them down

What's next for Compliance Watchdog

  • 🔮 Context-aware AI (Anthropic) for smarter remediation and fewer false positives
  • 🔗 Integration with SIEM, GRC, and audit platforms
  • 🌍 Expansion to global regulatory frameworks
  • ⚡ Move toward auto-remediation inside CI/CD pipelines
  • 🧠 Continuous learning from violations to improve rules and AI reasoning

Vision

A world where no risky code escapes the Matrix—because Guardian-Angel, powered by Anthropic, is always watching.

Built With

Share this project:

Updates