**GitLab Duo Demo Workspace** - A multi-agent orchestrated environment for showcasing DevSecOps, security scanning, and GitLab Duo Platform features.
Sign in to like and favorite skills
GitLab Duo Demo Workspace - A multi-agent orchestrated environment for showcasing DevSecOps, security scanning, and GitLab Duo Platform features.
Duo Foundry is a multi-project workspace containing 14 GitLab demo projects with intentional security vulnerabilities. It uses a multi-agent orchestration system powered by Claude Code to automate demo preparation, GitLab operations, and project maintenance.
| Metric | Value |
|---|---|
| Projects | 14 demo projects |
| SSOT | gitlab.com/gl-demo-ultimate-fsieverding/Duo-Foundry |
| Sync Instances | cs.gitlabdemo.cloud, dap185/186/187b/188 |
| Pipeline Status | ✅ All passing |
See PROJECT-STATE-REPORT.md for detailed status.
All 14 projects use pull mirroring from gitlab.com (SSOT):
gitlab.com (SSOT) ↓ (auto-sync every 5 min) ├── cs.gitlabdemo.cloud ├── dap185.gitlab-private.org ├── dap186.gitlab-private.org ├── dap187b.gitlab-private.org └── dap188.gitlab-private.org
No manual sync required. Changes pushed to gitlab.com automatically propagate.
For immediate code sync or troubleshooting:
./sync-foundry.sh status # Check sync status ./sync-foundry.sh sync # Force push to all instances ./sync-foundry.sh setup # Configure remotes (first time only)
Sync labels, milestones, issues, and MRs from SSOT to target instances:
# Workflow: Prepare SSOT first, then sync resources # 1. Run @demo-prep or @demo-resetter on gitlab.com (SSOT) # 2. Code syncs automatically via pull mirroring # 3. Sync GitLab resources to target instance: ./sync-foundry.sh sync-resources cs # Sync issues, MRs, labels to cs.gitlabdemo.cloud ./sync-foundry.sh verify cs # Verify target has expected resources ./sync-foundry.sh full-sync cs # All-in-one: sync + verify
Note: Resources are matched by title - existing items are skipped, missing items are created.
Complete workflow to prepare SSOT and sync to all instances:
# ============================================ # PHASE 1: Prepare SSOT (gitlab.com) # ============================================ # 1. Scout - Always start here @project-analyzer: Analyze all Duo Foundry projects and report demo readiness. # 2. Prepare demos (creates issues, MRs, cleans branches) @demo-prep: Prepare all projects for tomorrow's demo. # 3. Verify SSOT is ready @gitlab-ops: List all open issues and MRs across Duo Foundry. # ============================================ # PHASE 2: Sync to Target Instances # ============================================ # Code syncs automatically via pull mirroring (every 5 min) # Or force immediate code sync: ./sync-foundry.sh sync # Sync GitLab resources (issues, MRs, labels) to target: ./sync-foundry.sh sync-resources cs # or dap186, dap187b, etc. # Verify target instance is ready: ./sync-foundry.sh verify cs # ============================================ # PHASE 3: Post-Demo Reset (after presentation) # ============================================ @demo-resetter: Reset all projects after today's demo.
Quick commands:
# All-in-one sync + verify for a specific instance: ./sync-foundry.sh full-sync cs # Check what exists on an instance before sync: ./sync-foundry.sh verify dap186
# 1. Start with analysis @project-analyzer: Analyze all Duo Foundry projects and report demo readiness. # 2. Prepare for demos @demo-prep: Prepare all projects for tomorrow's demo. # 3. Check status @gitlab-ops: List all open issues and MRs across Duo Foundry.
See QUICK-START-NEW-SETUP.md for transforming a brand new GitLab group into a Duo Foundry environment.
| Agent | Purpose | When to Use |
|---|---|---|
| Scout - Surveys project state | Start here - Always run first |
| Prepares demos, verifies vulnerabilities | Before presentations |
| Onboards new projects | Adding repos to Duo Foundry |
| Manages GitLab resources | Issues, MRs, pipelines, labels |
| Polishes demos | Final prep for presentations |
| Creates feature branches | GitLab Flow workflows |
| Creates merge requests | Demo MRs with test cases |
| Maintains documentation | README, AGENTS.md updates |
| Runs tests, coverage | Test verification |
| Cleans stale branches | workloads/, dependabot/ cleanup |
| Bulk enriches issues | Time estimates, due dates, epics |
| Analyzes use case docs | Customer demo planning |
| Creates demo scripts | Presenter-ready runbooks |
| Verifies demo requirements | Pre-demo requirement checks |
| Project | Stack | Purpose | Special Capabilities |
|---|---|---|---|
| dap-swag-shop-in-duo-foundry | Flask | SAST vulns, Duo Agent Platform | Issue-to-MR, Code Review |
| dev-sec-ops-with-git-lab-in-duo-foundry | Flask | DevSecOps pipeline, 97% coverage | Jira MCP Integration |
| ex-nihilo | Static | Software development flow | Hackathon tracking |
| juice-shop-in-duo-foundry | Node.js/Angular | OWASP Top 10, CTF | 100+ vulnerabilities |
| online-boutique-in-duo-foundry | Multi-lang/K8s | Microservices, containers | Container scanning |
| poc-api-in-dap-flow | Docker | External API integration | DAP Flows testing |
| project-arrakis-supply-chain-defense | Node.js | npm supply chain attack | Static Reachability Analysis |
| test-shai-hulud-v2 | Python | Malware IOC detection | 795 malware packages |
| v-am-pi-in-duo-foundry | Flask API | API security testing | Swagger UI |
| web-goat-in-duo-foundry | Java/Spring | 30+ security lessons | Large MR demos |
| Project | Purpose | Contents |
|---|---|---|
| agents | Custom agent examples | Templates, security-reviewer, docs |
| claude-orchestrator | Multi-agent orchestration | 14 specialized agents, sync script |
| convert-ci-test | CI conversion testing | Jenkinsfile for Convert CI flow |
| gitlab-profile | Group profile | Demo RunBooks, group config |
| Document | Purpose |
|---|---|
| group-readiness-standard.md | Group-level spec - Epics, milestones, labels, policies |
| demo-readiness-standard.md | Project-level spec - Demo readiness criteria |
| Multi-agent-Orchestrator.md | Full orchestrator documentation |
| CLAUDE.md | Development instructions and project rules |
| QUICK-START-NEW-SETUP.md | Guide for new group setup |
# Survey all projects @project-analyzer: Analyze all projects and report demo readiness. # Clean up stale branches @branch-cleaner: Clean all workloads/* and stale dependabot/* branches. # Enrich issues for planning demos @issue-enricher: Enrich all issues in dap-swag-shop-in-duo-foundry. # Prepare specific project @demo-prep: Prepare web-goat for tomorrow's security demo.
# Parse use case document @use-case-analyzer: Analyze /path/to/customer-use-cases.md # Create demo runbooks @demo-runbook-creator: Create runbooks for T-Mobile 12/17 demo.
# Analyze current state @project-analyzer: Analyze new-project-in-duo-foundry. # Set up Duo Foundry configuration @project-setup: Set up new-project-in-duo-foundry as a Duo Foundry demo project. # Update workspace documentation @docs-writer: Update CLAUDE.md with new project.
# Reset demo environment @demo-prep: Reset demo environment - close demo MRs, clean branches. # Verify vulnerabilities intact @project-analyzer: Verify all vulnerabilities are intact across projects.
┌─────────────────────────────────────────────────────────────────────┐ │ ORCHESTRATOR │ │ Lead Solutions Architect for Duo Foundry │ │ Plans → Delegates → Reviews │ └─────────────────────────────────────────────────────────────────────┘ │ ┌──────────┬─────────────────┼─────────────────┬──────────┐ ▼ ▼ ▼ ▼ ▼ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │project- │ │demo- │ │project- │ │gitlab- │ │demo- │ │analyzer │ │prep │ │setup │ │ops │ │optimizer│ │ SCOUT │ │ │ │ │ │ │ │ │ └─────────┘ └─────────┘ └─────────┘ └─────────┘ └─────────┘ │ │ │ │ │ ▼ ▼ ▼ ▼ ▼ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │branch- │ │mr- │ │docs- │ │test- │ │branch- │ │creator │ │creator │ │writer │ │runner │ │cleaner │ └─────────┘ └─────────┘ └─────────┘ └─────────┘ └─────────┘ │ ┌────────────────────────────┼────────────────────────────┐ ▼ ▼ ▼ ┌─────────┐ ┌─────────┐ ┌─────────┐ │issue- │ │use-case-│ │demo- │ │enricher │ │analyzer │ │runbook- │ └─────────┘ └─────────┘ │creator │ └─────────┘
duo_foundry/ ├── README.md # This file ├── CLAUDE.md # Development instructions ├── QUICK-START-NEW-SETUP.md # New group setup guide ├── Multi-agent-Orchestrator.md # Full orchestrator docs ├── demo-readiness-standard.md # Project-level spec (v2.7) ├── group-readiness-standard.md # Group-level spec (v1.4) ├── DAP-Demo-Use-Cases.md # Demo use case scenarios ├── PROJECT-STATE-REPORT.md # Demo readiness status ├── orchestration/ # Agent definitions (portable) │ ├── README.md # Setup instructions │ ├── orchestrator.md # Orchestrator configuration │ └── agents/ # 14 specialized agents │ ├── project-analyzer.md # Scout agent │ ├── demo-prep.md # Demo preparation │ ├── project-setup.md # Project onboarding │ ├── gitlab-ops.md # GitLab operations │ ├── demo-optimizer.md # Demo enhancement │ ├── branch-creator.md # Branch management │ ├── mr-creator.md # MR creation │ ├── docs-writer.md # Documentation │ ├── test-runner.md # Test execution │ ├── branch-cleaner.md # Branch hygiene │ ├── issue-enricher.md # Issue enrichment │ ├── use-case-analyzer.md # Use case analysis │ ├── demo-runbook-creator.md # Demo runbook creation │ └── runbook-verifier.md # Pre-demo verification ├── .demo-runbooks/ # Generated demo runbooks │ ├── index.md │ └── [demo-name]/ │ └── analysis-report.md └── [project-name]-in-duo-foundry/ # Demo projects (8 total) ├── AGENTS.md # Project-specific instructions ├── .gitlab-ci.yml # CI/CD pipeline ├── .gitlab/ │ ├── duo/ # Duo configuration │ ├── merge_request_templates/ │ └── issue_templates/ └── ...
gl-demo-ultimate-fsieverding/Duo-FoundryNEVER FIX VULNERABILITIES - All security vulnerabilities are intentional for demos. Always verify they remain intact.
Last Updated: 2026-01-20