GitLab Integration

Prerequisites

• A GitLab instance or group with API access
• An Ironwork workspace with owner or admin role
• For service accounts (recommended): separate GitLab users for Build and Review with appropriate project permissions

Setup

1. Navigate to Integrations in your Ironwork dashboard.
2. Click Connect on the GitLab card.
3. Authorize the OAuth connection. Ironwork will request access to your GitLab repositories.
4. Once connected, go to Projects and add repositories from your GitLab instance. Ironwork clones them for agent access.

Service accounts

Using separate service accounts provides several benefits:

• Audit trail — commits from Build and review comments from Review appear under their respective GitLab accounts, making it clear which changes are human-authored and which are agent-authored
• Separate permissions — you can grant Build write access (to push commits) while giving Review read-only access plus comment permissions
• Token rotation — rotate PATs independently without affecting the other agent

Configure PATs in your workspace's integration settings. Each PAT is encrypted at rest with AES-256-GCM.

What Ironwork accesses

• Repository files — cloned for codebase analysis and code writing
• Merge request diffs — the full diff of all changed files
• MR discussions — all comments, threads, and inline notes
• CI pipeline jobs — status, logs, and error output for each job
• MR metadata — title, description, author, branches, version SHAs

Webhook events

Ironwork listens to GitLab webhook events to trigger agents and react to changes. Webhook payloads are verified using the configured webhook secret.

• Merge request updates — when an MR is created, updated, or assigned to an agent
• Note creation — when comments are posted on MRs (triggers agent responses to feedback)
• Pipeline status changes — when CI jobs succeed or fail (Build fixes failures, Review factors results into scoring)

Troubleshooting