11 posts
Published on: March 4, 2026 7 min read 10 AI prompts to speed your team’s software delivery Eliminate review backlogs, security delays, and coordination overhead with ready-to-use AI prompts covering every stage of the software lifecycle. AI/ML DevOps platform AI-assisted coding…
Published on: March 5, 2026 8 min read Extend GitLab Duo Agent Platform: Connect any tool with MCP Learn how to connect external tools to GitLab Duo Agent Platform using MCP. Step-by-step setup with three practical workflow demos. ai-ml product tutorial Managing software develop…
Published on: February 27, 2026 4 min read AI can detect vulnerabilities, but who governs risk? AI-assisted vulnerability detection is developing fast, but the harder challenges of enforcement, governance, and supply chain security require a holistic platform. AI/ML security Ant…
GitLab has integrated Anthropic’s Claude Opus 4.6 into its Duo Agent Platform, providing developers with a high-intelligence frontier model designed for complex agentic workflows. By combining a 1-million-token context window with native access to DevSecOps data, the update enables more autonomous task execution and deeper reasoning within the software development lifecycle. This integration allows teams to delegate multi-step tasks to AI agents that can now process entire codebases and project histories in a single interaction. ## Advanced Agentic Capabilities and Reasoning * Claude Opus 4.6 features enhanced "agentic" behavior, meaning it can proactively take actions and drive tasks forward with minimal human intervention. * The model supports multi-agent orchestration, allowing it to spin up subagents and coordinate parallel workstreams to solve complex, multi-step problems. * Adaptive thinking capabilities allow the model to calibrate its reasoning depth based on the query, using extended thinking for difficult tasks while maintaining speed for simpler ones. * Deep reasoning via test-time compute helps the model navigate challenging development bottlenecks and architectural decisions. ## Full-Context DevSecOps Integration * The model boasts a 1-million-token context window—a fivefold increase over Opus 4.5—enabling the processing of massive codebases and extensive documentation. * Integration with the GitLab Duo Agent Platform provides the model with direct access to repositories, merge requests, pipelines, and security findings. * Enterprise-grade security features, including human-in-the-loop controls and group-based access, ensure that agentic actions remain transparent and governed. * Native integration ensures developers can utilize these frontier capabilities without leaving their established GitLab workflows. ## Availability and Resource Consumption * Opus 4.6 is currently available for GitLab.com users via the Duo Agent Platform and Agentic Chat, though it is not supported for GitLab Duo Classic features. * Support for the model within various Integrated Development Environments (IDEs) is expected to be released in the near future. * Usage is managed via GitLab credits, with multipliers determined by the size of the prompt. * Prompts containing 200k tokens or fewer are charged at 1.2 requests per credit, while larger prompts exceeding 200k tokens are charged at 0.7 requests per credit. Organizations aiming to automate complex development workstreams should migrate their specialized agents to Claude Opus 4.6 to take advantage of its superior orchestration and context handling. By leveraging the model's ability to coordinate parallel subagents, teams can significantly reduce the manual effort required for codebase-wide refactors and security remediation.
GitLab 18.9 introduces critical updates designed to provide regulated enterprises with governed, agentic AI capabilities through self-hosted infrastructure and model flexibility. By combining the Duo Agent Platform with Bring Your Own Model (BYOM) support, organizations in sectors like finance and government can now automate complex DevSecOps workflows while maintaining total control over data residency. This release transforms GitLab into a high-security AI control plane that balances the need for advanced automation with the rigid sovereignty requirements of high-compliance environments. ## Self-Hosted Duo Agent Platform for Online Cloud Licenses The Duo Agent Platform allows engineering teams to automate sequences of tasks, such as hardening CI/CD pipelines and triaging vulnerabilities, but was previously difficult to deploy for customers under strict online cloud licensing. This update makes the platform generally available for these environments, bridging the gap between cloud-based licensing and self-hosted security needs. * **Usage-Based Billing:** The platform now utilizes GitLab Credits to provide transparent, per-request metering, which is essential for internal chargeback and regulatory reporting. * **Infrastructure Control:** Enterprises can host models on their own internal infrastructure or within approved cloud environments, ensuring that inference traffic is routed according to internal security policies. * **Deployment Readiness:** By removing the requirement to route data through external AI vendors, the platform is now a viable option for critical infrastructure and government agencies. ## Bring Your Own Model (BYOM) Integration Recognizing that many enterprises have already invested in domain-tuned LLMs or air-gapped deployments, GitLab now allows customers to integrate their existing models directly into the Duo Agent Platform. This ensures that organizations are not locked into a specific vendor and can leverage models that have already passed internal risk assessments. * **AI Gateway Connectivity:** Administrators can connect third-party or internal models via the GitLab AI Gateway, allowing these models to function as enterprise-ready options within the GitLab ecosystem. * **Granular Model Mapping:** The system provides the ability to map specific models to individual Duo Agent Platform flows or features, giving admins fine-grained control over which agent uses which model. * **Administrative Ownership:** While GitLab provides the orchestration layer, administrators retain full responsibility for model validation, performance tuning, and risk evaluation for the models they choose to bring. For organizations operating in high-compliance sectors, these updates offer a path to consolidate fragmented AI tools into a single, governed platform. Engineering leaders should evaluate their current model investments and leverage the GitLab AI Gateway to unify their automation workflows under one secure DevSecOps umbrella.
The GitLab Duo Agent Platform’s Automate capabilities provide a centralized framework for managing, executing, and monitoring AI-driven development workflows within the software development lifecycle. By integrating event-driven triggers and detailed session logging, the platform allows developers to transition from manual AI interactions to fully autonomous, production-ready processes. This orchestration layer ensures that AI agents are not only performant but also transparent and easy to audit across projects. ## Resource Management for Agents and Flows The Automate hub serves as the control center for organizing AI resources, distinguishing between agents (entities that perform tasks) and flows (structured sequences of actions). * Resources are categorized into "Enabled" (those available for project use) and "Managed" (those created and owned specifically by the project). * Custom agents and flows must be enabled at the top-level group before they can be activated for specific projects. * Users can expand their automation library by browsing and enabling pre-configured resources from the GitLab AI Catalog. ## Event-Driven Automation with Triggers Triggers allow AI agents to respond automatically to specific actions within the GitLab interface, eliminating the need for manual invocation. * Automation can be initiated through three primary event types: user mentions (e.g., `@agent-name`), issue/MR assignments, or reviewer assignments. * When a trigger is activated, the system identifies the associated flow, executes the agent, and posts the final results directly back to the relevant issue or merge request. * Common use cases include using the `/assign` quick action to trigger a CI/CD optimizer or a code explanation agent. ## Workflow Monitoring and Session Transparency The Sessions interface provides a detailed audit trail for every execution, offering visibility into the "black box" of AI decision-making. * The Activity tab tracks step-by-step reasoning, showing exactly which tools the agent used and the results of individual actions. * Execution statuses are monitored in real-time, with labels such as Running, Finished, Failed, or Input Required. * The Details tab provides deep technical context by linking directly to Runner job logs, including system messages and full tool invocation outputs. ## Practical Conclusion To maximize the utility of the GitLab Duo Agent Platform, teams should move beyond experimental chat prompts and begin configuring triggers for repetitive tasks like code review assignments or issue triaging. Utilizing the Sessions tool is recommended during the initial rollout phase to verify agent reasoning and ensure that custom flows are interacting correctly with project data before full-scale deployment.
The GitLab Duo Agent Platform provides a multi-layered framework for customizing AI behavior to align with specific team workflows and coding standards. By leveraging configuration files at the user, workspace, and project levels, teams can ensure that AI-driven assistance remains context-aware and adheres to internal development policies. This extensibility allows organizations to move from generic AI interactions to highly specialized automation that respects unique architectural patterns and security requirements. ### Levels of Customization GitLab offers a hierarchical approach to tailoring agent behavior, ensuring the right balance between global consistency and project-specific flexibility: * **User-level:** Personal preferences and rules applied across all projects, typically stored in the user’s home directory (e.g., `~/.gitlab/duo/`). * **Workspace-level:** Project-specific configurations located in the repository root that override user-level settings for that specific codebase. * **Project-level:** The creation of entirely custom agents and workflows managed within a specific project to handle complex, specialized tasks. ### Custom Rule Configuration Custom rules provide a mechanism to enforce specific coding styles and instructional sets without repeating prompts in every interaction. * **File implementation:** Rules are defined in `chat-rules.md` files located either in the user's home directory for global application or within the `.gitlab/duo/` directory for project-specific application. * **Functional scope:** They are best used for granular instructions such as forcing the use of the Vue 3 Composition API, requiring JSDoc comments for public functions, or mandating single quotes for strings. * **Governance:** Teams are encouraged to use GitLab Code Owners to manage who can approve changes to these rules, ensuring that AI behavior remains aligned with official team standards. ### Architectural Control with AGENTS.md The platform supports `AGENTS.md`, an industry-standard configuration file used to define broader agent personality, tone, and deep repository context. * **Versatility:** Unlike basic rules, `AGENTS.md` is consumed by both foundational and custom flows and can be understood by external agents like Claude Code. * **Contextual Depth:** These files can be placed in subdirectories to provide specific instructions for different parts of a monorepo, helping the agent understand complex folder structures and internal dependencies. * **Key Parameters:** It typically controls high-level preferences such as security protocols (e.g., "never suggest hardcoding secrets"), documentation requirements, and preferred tool usage. ### Technical Requirements and Deployment Implementing these customizations requires specific environment versions to ensure compatibility across the GitLab ecosystem. * **GitLab Version:** Requires GitLab 18.8 or later. * **IDE Support:** For VS Code users, the GitLab Workflow extension must be version 6.60 or later. * **Update Cycle:** Changes to `AGENTS.md` or custom rules generally require starting a new chat session or triggering a new flow to take effect. To achieve the best results, teams should adopt a "standardize-then-specialize" approach: establish global security and documentation rules at the user level, while using workspace-level `AGENTS.md` files to define the unique architectural patterns and tech stacks of individual projects.
Published on: February 26, 2026 5 min read GitLab Duo Agent Platform with Claude accelerates development Learn how to leverage external AI models like Anthropic's Claude to automate everything from code generation to pipeline creation directly within GitLab. product AI/ML featur…
Published on: February 26, 2026 6 min read Secure and fast deployments to Google Agent Engine with GitLab Follow this step-by-step guide to build an AI agent with Google's Agent Development Kit and deploy to Agent Engine using GitLab. AI/ML google CI/CD DevSecOps In this tutoria…
The GitLab Duo Agent Platform provides a tiered framework for integrating AI into the software development lifecycle through foundational, custom, and external agents. By combining built-in expertise with the ability to define bespoke behaviors or connect to specialized external models, the platform enables teams to automate complex tasks ranging from product planning to runtime debugging. This structured approach ensures that AI assistance is deeply integrated into GitLab’s ecosystem while remaining flexible enough to meet specific organizational standards. ## Foundational Agents These are pre-configured, GitLab-maintained agents available immediately in the IDE or Web UI for general and specialized SDLC tasks. * **GitLab Duo:** The primary general-purpose partner for code modification, merge request management, and issue triaging within the full platform context. * **Planner Agent:** Specifically designed to assist with product management by breaking down epics into structured issues and generating acceptance criteria. * **Security Analyst Agent:** Focuses on triaging vulnerabilities, identifying false positives from scans, and prioritizing risks based on actual impact. * **Data Analyst Agent:** Leverages GitLab Query Language (GLQL) to visualize platform data, such as merge request trends, team workloads, and issue resolution times. ## Custom Agents Organizations can create specialized agents tailored to internal workflows by defining unique system prompts and visibility settings. * **Configuration and Control:** Custom agents are defined by a system prompt that dictates their persona and expertise—such as a DevOps agent that correlates static code data with CI/CD logs. * **Visibility Tiers:** Agents can be set to "Private" for use within a specific project or "Public" to be listed in the AI Catalog for broader organizational discovery. * **Operational Use Cases:** Common implementations include onboarding assistants for company-specific practices, compliance monitors for regulatory requirements, and localized support agents for non-English languages. * **Deployment Best Practices:** It is recommended to start with read-only permissions and highly specific constraints before granting agents write access to the repository or platform. ## External Agents External agents operate asynchronously and are triggered by mentions or assignments within issues and merge requests, rather than through interactive chat. * **Asynchronous Automation:** These agents, such as Anthropic Claude or OpenAI Codex, execute tasks in the background when triggered by commands like `@ai-codex`. * **Managed Credentials:** GitLab handles API key management and rotation for these integrations, simplifying the security overhead for teams using third-party models. * **Specialized Performance:** External agents allow teams to leverage provider-specific strengths, such as Claude’s code analysis or Codex’s task delegation, while maintaining compliance with specific data residency requirements. * **Integrated Review:** A typical workflow involves assigning an external agent as a reviewer on a merge request, where it automatically analyzes code quality and posts improvement suggestions directly as comments. To maximize the value of the platform, teams should begin by leveraging foundational agents for immediate productivity gains before developing custom agents that encode specific organizational knowledge. External agents should be reserved for specialized automation tasks or when specific third-party large language models (LLMs) are required for compliance or advanced code generation.
The GitLab Duo Agent Platform represents a shift in AI-assisted development by moving from individual chat-based interactions to a collaborative multi-agent orchestration layer. By integrating specialized AI agents throughout the software development lifecycle, the platform transforms linear DevSecOps workflows into parallel processes that leverage full project context for tasks like security scanning and code refactoring. This architecture allows development teams to delegate routine technical burdens to autonomous agents, focusing human efforts on high-level innovation and complex problem-solving. ### Orchestrating the DevSecOps Lifecycle The platform functions as a central intelligence layer that connects AI agents to the broader GitLab ecosystem. * Agents access comprehensive project context, including source code management, CI/CD pipelines, issue tracking, and security scan results. * Specialized agents can be assigned to specific technical domains such as research, refactoring, and automated testing. * The system enables asynchronous collaboration, allowing multiple agents to work on different stages of a project simultaneously. ### Evolution from Duo Enterprise to Agentic AI The Duo Agent Platform is a superset of previous GitLab AI offerings, moving beyond simple 1:1 user-to-AI interactions. * GitLab Duo Pro focused on individual IDE productivity through code suggestions and basic chat. * GitLab Duo Enterprise expanded AI to the wider software lifecycle but remained primarily a 1:1 Q&A experience. * The Agent Platform introduces a many-to-many collaboration model where teams and multiple specialized agents interact autonomously to handle production-ready workflows. ### Advanced Integration and Customization To support enterprise-grade automation, the platform provides a roadmap for scaling AI from basic interactions to production environments. * Integration with the Model Context Protocol (MCP) allows for expanded data access and agent capabilities. * The platform supports a progression from initial agent interactions to full workflow customization and production-ready automation. * Developers can leverage the eight-part guide series to move from foundational concepts to advanced technical implementations. To maximize the benefits of agentic AI, organizations should transition from viewing AI as a simple Q&A tool to treating it as an orchestration layer. Teams are encouraged to explore the complete introductory series to begin delegating routine maintenance and security tasks to specialized agents, thereby accelerating overall delivery speed.