GitLab раскрыла, почему AI-кодерам нужен контекст платформы, а не просто код

Every week new demos of AI agents emerge that turn a prompt into a pull request in five minutes. But demos end after the commit. The PR doesn't reference the issue it was supposed to fix. The CI/CD pipeline fails — the agent didn't know about the new linter rule. Security scan complains about a dependency the agent added without checking the organization's approved list. These are context failures, and they determine whether AI-assisted coding will accelerate delivery or create rework bottlenecks.

Three levels of context

GitLab published a tutorial with Claude Code and a tutorial with Codex that demonstrate one pattern: what changes when an AI agent receives more platform context.

Level 1: repository code only. You point the agent at your codebase and describe the problem. The agent reads files, proposes a fix, runs a build. The code works locally, but in a vacuum. The agent doesn't see acceptance criteria from the issue, doesn't know non-functional requirements, hasn't read style standards from the CI config.

Level 2: repo code + GitLab issue. Connect the GitLab MCP server, and the agent can read the issue before writing code. Now requirements, implementation notes, labels, milestones are visible. The agent adds `Closes #32` to the MR description because it understands the link between change and issue. It uses `get_issue` and `create_merge_request` with proper references. This time the fix aligns with the team's plan.

Level 3: agent works inside merge request. GitLab Code Review Flow leaves feedback automatically. The agent is invoked as an external reviewer to address comments:

• adds missing tests
• updates documentation
• closes validation gaps
• commits changes directly to the MR branch

The pipeline validates the new commit. The human reviewer sees the result in one tool, without switching. Outcome: fewer review rounds, faster merge.

Context matters most for security

AI coders produce code fast. More code — more potential vulnerabilities, more scanner findings, more fix MRs to review. Before, the bottleneck was on the security side: scan, prioritize findings, escalate critical ones, wait for fixes. Now the bottleneck shifts. The workflow moves from "which vulnerability to fix first" to "which AI-generated fix MR to review first". This requires context that a local agent doesn't have: the surrounding application code in full, complete data flow, deployment targets, organization security policies.

With complete context, prioritization becomes more accurate. An agent seeing surrounding code and applicable policies ranks findings by real exposure in your environment, not generic severity scores. GitLab's security layer analyzes findings with full project context, filters false positives, marks confirmed vulnerabilities. When a vulnerability is confirmed, agentic SAST resolution automatically creates an MR with the fix. The pipeline validates. The reviewer approves. Governance remains intact.

How to start

Invest in AGENTS.md — a file with custom instructions. Document how your repository works, which commands to run, what quality expectations exist. One-time investment that pays off in every agent session.

Monitor context consumption. If sessions are slow or results are shallow — the problem is in the context you're feeding the model. Structured context through platform integrations is better than raw file dumps.

Make sure all projects are scanned by security tools. Enable Security Configuration Profiles at the group level.

What this means

AI coders work reliably only when the platform gives them context and guarantees that output passes quality gates. Five-minute demos in a vacuum don't reflect production reality. Organizations that systematically structure context through issue tracker, pipeline, security policy and code review standards will gain competitive advantage.