GitMate

Your AI repo teammate. GitMate autonomously labels issues, reviews MRs, scans for secrets, and takes action on your GitLab repos. 24/7, configurable autonomy, zero friction.

Comment

Inspiration

Every developer has experienced it: a MR sitting unreviewed for days, a secret accidentally committed, issues piling up with no labels, no owner, no context. The bottleneck is never the code, it's the overhead around it.

GitMate was born from the idea that an AI agent should handle all of that automatically, the same way a senior teammate would.

What it does

GitMate is an autonomous AI agent that connects to any GitLab repository via webhook and takes action on its behalf, 24/7, with configurable autonomy levels.

On every Issue:

  • Auto-labels (bug / feature / question / duplicate)
  • Answers questions directly in comments
  • Analyzes bug reports with priority + debugging steps
  • Estimates complexity (easy / medium / hard + hours)
  • Auto-assigns the most relevant contributor

On every Merge Request:

  • Posts a TL;DR summary (one line, non-technical)
  • Reviews code: issues, suggestions, verdict
  • Detects breaking changes statically (removed routes, exports, model fields)
  • Checks intent vs implementation
  • Adapts tone to author profile (new contributor -> welcoming, core team -> terse)

On every Push:

  • Scans real commit diffs for leaked secrets (API keys, tokens, DB URLs, AWS creds)

Proactively every 6 hours:

  • CVE scan on dependencies (requirements.txt, package.json, Gemfile, go.mod)
  • Stale MR and branch detection
  • TODO/FIXME scan across the codebase
  • Weekly repo health report (score 1-10)

Everything is logged in a real-time dashboard with CRIT / HIGH / MED / LOW danger levels. HIGH and CRIT actions can be queued for human approval before execution.

How we built it

  • Backend: FastAPI (Python) with an async webhook queue. Responds in <1ms, processes in background. APScheduler for the proactive loop. SlowAPI for rate limiting. Tenacity for LLM retry with exponential backoff.
  • LLM: Anthropic Claude via Groq (llama-3.3-70b-versatile), with parallel batch calls (4 simultaneous LLM requests per event for speed).
  • Context injection: GitMate builds a live repo context (README, stack, conventions, directory structure) and an author profile (commit history, familiar paths, experience level). Both are injected into every prompt for grounded, relevant responses.
  • Frontend: Next.js 14 + Tailwind CSS dark theme, React Query, Recharts, ReactFlow for the context graph. Real-time feed with split-view detail panels, live LLM metrics (p95 latency, token usage, cost).
  • Config: .gitlab-teammate.yml in the target repo with autonomy level, personality (formal / direct / encouraging / fun), and per-action toggles.

Challenges

Async reliability: GitLab webhooks expect a response in <3s. Processing an event takes 5-15s with multiple LLM calls. Solved with a queue. Webhook returns 202 instantly, processing happens in a ThreadPoolExecutor.

LLM output sanitization: Groq sometimes wraps JSON in markdown code fences. Built a sanitize_llm_output() function that strips fences, handles partial JSON, and falls back gracefully.

Context without RAG: Full RAG was too heavy for a hackathon timeline. GitMate uses a lightweight repo context builder that reads key files (README, package.json, requirements.txt, top-level dirs) and caches them with a 10-minute TTL. Enough context for most relevant responses.

Playwright capture for the demo video: Next.js with basePath served assets on a subpath. Browser automation was capturing a broken white page. Fixed by pointing Playwright at localhost directly, bypassing nginx.

What we learned

Autonomous agents on codebases need to be opinionated. An agent that asks "are you sure?" on every action is useless.

The autonomy level system (low / medium / high) is what makes GitMate deployable in production. Teams with low trust start on medium, teams that want full automation go high.

Built With

Share this project:

Updates