GitLab Duo Setup MRs for Impact Analyst

When GitLab Duo Impact Analyst runs on your merge request, it can either use a real analysis tool for deterministic metrics or, if the runner is not bootstrapped yet, fall back to a setup hint. A setup MR exists to close that gap automatically.

There are two outcomes you might see in your Impact Analyst MR comment:

Mode	Output	How it works
Tool-assisted	Deterministic metrics + findings	Runs Lizard against the changed source files
Review-only	Setup hint + remediation link	Impact Analyst points you to the setup MR needed to enable deterministic metrics

If a setup MR was linked

The Impact Analyst flow determined that the repository can be bootstrapped safely, then created or reused a setup MR on a dedicated branch. That MR adds or updates .gitlab/duo/agent-config.yml so future runs can install and execute lizard automatically.

What to do Review and merge the setup MR. Then rerun Impact Analyst on your merge request. The rerun should switch from review-only findings to tool-assisted metrics and findings.

The setup MR targets the current GitLab Duo config schema:

image: python:3.12-slim
setup_script:
  - apt-get update && apt-get install -y --no-install-recommends git ca-certificates
  - rm -rf /var/lib/apt/lists/*
  - pip install lizard
cache:
  paths:
    - /root/.cache/pip
network_policy:
  include_recommended_allowed: true
  allowed_domains: []
  denied_domains: []

If your project already has an agent config, the setup MR should update the existing file rather than replacing it outright. The important part is that setup_script ends up installing lizard. For new configs, the bootstrap MR also installs git because the GitLab Duo runner still executes Git commands such as git remote set-url during setup.

If no setup MR was linked

No link usually means one of two things: the repository was already bootstrapped, or the flow decided it was not safe to rewrite the existing config automatically.

The repo already installs lizard, so the failure is runtime-specific.
The config uses an unusual structure that the flow cannot patch confidently.
The setup step failed due to runner, package-install, or network issues.

What to do Inspect .gitlab/duo/agent-config.yml, verify that setup_script installs lizard, and if you use a minimal Python image also verify that git is available. Then check the GitLab Duo session logs for the exact runtime failure.

Minimum manual bootstrap

image: python:3.12-slim
setup_script:
  - apt-get update && apt-get install -y --no-install-recommends git ca-certificates
  - rm -rf /var/lib/apt/lists/*
  - pip install lizard
# keep your other setup steps

What is `.gitlab/duo/agent-config.yml`?

This file configures the execution environment for GitLab Duo workflows. For Impact Analyst, the important keys are:

image — the runtime container image
setup_script — commands that install tooling before the flow runs
cache — optional dependency cache paths
network_policy — outbound access rules for installs and tool execution

When this file installs lizard, Impact Analyst can produce deterministic function-level metrics such as CCN, NLOC, and parameter counts. For repositories starting from a minimal image, the setup also needs git so the runner's built-in Git operations succeed. Without those pieces, the flow now posts a setup hint and merge link instead of trying to estimate complexity without deterministic tooling.

What is cyclomatic complexity?

Cyclomatic complexity measures the number of independent execution paths through a function. More branches, cases, and nested conditions increase the score. GitLab Duo uses that signal to highlight functions that may need decomposition or simplification.

If a setup MR was linked

If no setup MR was linked

Minimum manual bootstrap

What is .gitlab/duo/agent-config.yml?

What is cyclomatic complexity?

What is `.gitlab/duo/agent-config.yml`?