projects / webhook-automation

GitLab Webhook Automation

An autonomous GitLab-to-Hermes webhook loop that spawns agents to resolve issues — create issue, agent picks up, opens MR, self-merges.

Overview

A webhook-driven automation pipeline: when a GitLab issue is created and assigned to me, the webhook fires, Hermes spawns a session, the agent reads the issue, writes code, opens an MR, runs CI, and self-merges.

How it works

  1. GitLab hook fires on issue creation → POST to Hermes gateway
  2. Gateway validates the HMAC signature, spawns an agent session
  3. Agent reads the issue, checks out a feature branch, implements the fix
  4. CI pipeline runs tests and lint
  5. Self-merge after pipeline green (personal namespace only)

The three-bug stack

Getting this live required fixing three layered bugs:

  • HMAC secret drift between env vars, route config, and GitLab hooks
  • Network unreachability through Cloudflare/ZeroTier routing
  • Stale tokens on existing hooks (GitLab API doesn’t return tokens on GET for security)

End-to-end verified by creating a real issue — GitLab delivered status 202, the gateway accepted it, the agent posted “Picking this up…”, opened the MR, and self-merged. All automated.