Today GitLab launched Orbit at its Transcend 2026 conference: "the context layer for AI agents." It's a live, queryable graph of your code, merge requests, pipelines, deployments, vulnerabilities, and ownership — kept current as your team works, and reachable by agents like Claude Code over the Model Context Protocol (MCP). GitLab reports agents running up to 11x faster on 4.5x fewer tokens when they can query Orbit instead of crawling the repo.
This is a real piece of engineering, and it validates something the whole ecosystem has been converging on: agents run on context. The richer and more accurate the context, the sharper the output. A model that can see the dependency graph, the recent incidents, and who owns what will reason better than one fumbling around with grep.
But there's a word in GitLab's own announcement headline worth pausing on — "Speed and Control at Agentic Scale." Speed and control are two different problems. A context layer solves the first. It does not solve the second.
A better-informed agent is still an agent
Give an agent the entire graph of your repository and it can reason beautifully about your architecture. It can also, in the very same session, run git push --force to main, delete a directory outside the working tree, leak a key into a log line, or apply a destructive migration at 2 a.m. because a test "needed" the schema changed.
Knowing more is not the same as being safe to act. Context tells the agent what is true; it does nothing to stop the agent from doing the wrong thing with that truth. In fact, a faster, more capable, better-informed agent is a more efficient way to reach a bad outcome if nothing sits between its intent and your infrastructure.
That's the layer a context graph doesn't replace: a deterministic gate at the moment of action.
What a control layer actually is
The pattern that's emerged — and the one ThumbGate implements — is an enforcement boundary that evaluates each tool call before it executes, on your machine:
agent decides to act
|
v
[ PreToolUse gate ] <- literal match -> AST check -> scoped rule
| no LLM on this path: nothing to jailbreak
allow / block + reason (logged, with rule version + timestamp)
Three properties matter here, and none of them are things a context layer provides:
Determinism. The decision to block
rm -rfoutside the workdir or a force-push to a protected branch is a pattern/AST match, not a model inference. There's no prompt to talk it out of. A context graph, by contrast, makes the model smarter — and a smarter model is still a model you can social-engineer.The rules live in your git, not a vendor's graph. ThumbGate's lessons and guardrails are a versioned file (
.thumbgate/BRAIN.md) that you review in pull requests and that travels with the repo. Orbit's context lives in GitLab's hosted graph. Both are legitimate; they're just different things in different places.Local-first and cross-agent. The gate runs on the developer's machine with no server in the path, and works across Claude Code, Cursor, Codex, Gemini CLI, Amp, Cline, and OpenCode — not one vendor's ecosystem.
The good news: these are complementary, not rivals
Here's the part that gets lost in "X vs Y" framing. Orbit speaks MCP. So does ThumbGate. They sit at different points in the same loop:
- Context layer (Orbit, or any graph/RAG you like) makes the agent reason better: fewer tokens, more accurate plans, less hallucinated architecture.
- Control layer (a deterministic PreToolUse gate) makes the agent act safely: the dangerous call is blocked before it runs, with an audit trail.
You want both. Plug in whatever context layer gives your agents speed and situational awareness — and keep a deterministic control layer underneath, so the smarter, faster agent still can't ship the change that takes down prod. Context for reasoning. Control for action.
Why this distinction is about to matter more
As context layers make agents faster and more autonomous, the blast radius of a single bad tool call goes up, not down. The industry spent 2025 making agents capable; 2026 is the year teams discover that "capable" and "safe to run unattended" are not the same property — and that you can't retrofit safety by adding more context. A graph that knows your whole system still can't be the thing that says no at the moment of action, because knowing and gating are different jobs.
GitLab putting real marketing weight behind "context layer for AI agents" is good for everyone working on agent infrastructure — it names the category and proves the demand. It just makes the missing half more visible: once every agent reasons from the full picture, the question stops being "does the agent understand the system?" and becomes "what stops it when it's confidently wrong?"
That's the layer worth owning. It's open source, MIT-licensed, runs locally, and works with whatever context layer you choose.
ThumbGate is an open-source, local-first control layer for AI coding agents — a deterministic PreToolUse gate plus a git-native context brain. Free CLI, Pro at $19/mo. CTA: https://thumbgate.ai/?utm_source=devto&utm_medium=blog&utm_campaign=gitlab-orbit and https://github.com/IgorGanapolsky/ThumbGate
Sources
- Introducing GitLab Orbit: https://about.gitlab.com/blog/introducing-gitlab-orbit/
- GitLab "Speed and Control at Agentic Scale" (BusinessWire, 2026-06-10): https://www.businesswire.com/news/home/20260610038504/en/GitLab-Announces-New-Capabilities-to-Give-Enterprises-Speed-and-Control-at-Agentic-Scale
Top comments (0)