Fix CI/CD Pipeline Flow

Tier: Free, Premium, Ultimate
Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated

Introduced as an experiment in GitLab 18.4 with flags named duo_workflow_in_ci and ai_duo_agent_fix_pipeline_button. duo_workflow_in_ci is enabled by default. ai_duo_agent_fix_pipeline_button is disabled by default. These flags can be enabled or disabled for the instance or project.
Enabled on GitLab.com and GitLab Self-Managed in GitLab 18.5.
Feature flag ai_duo_agent_fix_pipeline_button enabled by default in GitLab 18.5.
Generally available in GitLab 18.8. Feature flag ai_duo_agent_fix_pipeline_button removed. Feature flag duo_workflow_in_ci was removed in GitLab 18.9.
Available on the Free tier on GitLab.com with GitLab Credits in GitLab 18.10.
Fixes to pipelines associated with a merge request changed to apply as code suggestions in GitLab 19.1 with a flag named fix_pipeline_next. Enabled on GitLab.com for a subset of users.

The Fix CI/CD Pipeline Flow diagnoses and proposes fixes issues in your GitLab CI/CD pipeline. To diagnose failures, the flow examines:

Pipeline logs, including error messages, failed job outputs, and exit codes.
Merge request changes that could have caused the failure.
Repository contents, for identifying syntax, linting, or import errors.
Script errors, including command failures, missing executables, or permission issues.

How the flow applies fixes depends on the pipeline context:

If the pipeline is associated with a merge request, the flow applies inline code suggestions on the source branch. You can review and apply the suggestions directly from the merge request.
- If the fix requires changes to files outside the current merge request diff, the flow creates a new merge request instead.
If the pipeline is not associated with a merge request, the flow creates a new merge request that contains the fix.

In some cases, instead of attempting a fix, the flow posts a comment that describes the failure and possible next steps. This happens when the pipeline is associated with a merge request, for example:

Insufficient context exists to determine a reliable fix.
The failure is security-sensitive and should be reviewed by a person.
The failure category is not actionable by the flow.

When a session starts and completes, the flow posts system notes to the merge request with a link to the session. This flow is available in the GitLab UI only.

Prerequisites

Meet the prerequisites for the GitLab Duo Agent Platform.
Turn on Allow foundational flows and Fix CI/CD Pipeline for the top-level group.
Have the Developer, Maintainer, or Owner role for the project.
Have an existing failed pipeline.
Configure push rules to allow a service account.
Configure your own runners or turn on GitLab hosted runners for your project.

Fix the pipeline in a merge request

To fix the CI/CD pipeline in a merge request:

In the top bar, select Search or go to and find your project.
In the left sidebar, select Code > Merge requests and open your merge request.
To fix the pipeline, you can either:
- Select the Overview tab and under the failing pipeline, select Fix pipeline with Duo.
- Select the Pipelines tab and in the rightmost column, select Fix pipeline with Duo ( ).
To monitor progress, select AI > Sessions.

When the session is complete, the flow adds code suggestions to the merge request, or a comment describes possible next steps.

Fix other CI/CD pipelines

To fix a CI/CD pipeline that is not associated with a merge request:

Select Build > Pipelines.
Select your failing pipeline.
In the upper-right corner, select Fix pipeline with Duo.
To monitor progress, select AI > Sessions.

Use `AGENTS.md` to customize the flow

The flow reads repository-specific instructions from an AGENTS.md file in your repository. You can use AGENTS.md to customize behavior such as:

Commit message format for the changes the flow commits.
Merge request metadata, such as labels and description, for merge requests the flow creates.
How to classify and treat specific types of failures.

For example:

## Fix pipeline merge requests

When opening a merge request as part of the Fix Pipeline flow (the title contains [FixPipeline]),
apply labels based on the following failed pipeline scenarios:

- Pipeline failed on merge_request: apply "pipeline::tier-1". This runs the cheaper tier-1
  pipeline instead of the full default pipeline.
- Pipeline failed on the default_branch (main): apply both "pipeline::expedited" and
  "main:broken". Do not apply pipeline::tier-1 in this case.
- Pipeline failed on other branches: apply "pipeline::tier-1". Same treatment as the
  merge_request case.

Known issues

The AI gateway processes only the last 150 KiB of job logs. If your job produces extensive output, the flow might not capture relevant failure information that appears earlier in the log. See the following section for workarounds.
The flow cannot always verify package installation in the sandboxed runtime environment. If dependencies are missing, you can customize the default flow image. See change the default Docker image.
Repository instructions in AGENTS.md influence the flow’s behavior but are not guaranteed to be followed in every case.

Troubleshooting

When working with the Fix CI/CD Pipeline Flow, you might encounter the following issues.

Flow cannot identify the root cause of a failure

The flow might not identify the root cause of a pipeline failure.

This issue occurs when job logs exceed 150 KiB. The AI gateway processes only the last 150 KiB, so relevant failure information that appears earlier in the log might not be captured.

To work around this issue, try the following:

Reduce verbose output by removing debug logging and progress indicators.
Redirect non-critical output using shell redirection (> /dev/null).
Add a summary step at the end of your script that echoes key error messages.
Use after_script to output diagnostic information after the main script completes.
Split verbose jobs into smaller, focused jobs with more concise logs.