Cookbook
- Tier: Premium, Ultimate
- Offering: GitLab.com
- Status: Beta
The availability of this feature is controlled by a feature flag. For more information, see the history. This feature is available for testing, but not ready for production use.
Ready-to-use queries for the most common Orbit use cases. All examples use the
REST API format. To run them via MCP, pass the JSON body to query_graph.
Blast radius analysis
Answer: “What breaks if I change this?”
Find all files that import a specific module
Replace payments-service with the module or library you want to trace.
{
"query_type": "traversal",
"node": {
"id": "sym",
"entity": "ImportedSymbol",
"columns": ["file_path", "import_path", "identifier_name"],
"filters": {
"import_path": {"op": "contains", "value": "payments-service"}
}
},
"limit": 100
}Find projects that depend on a shared library
{
"query_type": "traversal",
"nodes": [
{
"id": "f",
"entity": "File",
"filters": {"path": {"op": "contains", "value": "shared-auth-lib"}}
},
{"id": "b", "entity": "Branch", "columns": ["name", "is_default"]},
{"id": "p", "entity": "Project", "columns": ["name", "full_path"]}
],
"relationships": [
{"type": "ON_BRANCH", "from": "f", "to": "b"},
{"type": "CONTAINS", "from": "p", "to": "b"}
],
"limit": 100
}Onboarding and codebase exploration
Answer: “Help me understand this codebase.”
Find the most active contributors to a project
{
"query_type": "aggregation",
"nodes": [
{"id": "u", "entity": "User", "columns": ["username", "name"]},
{
"id": "mr",
"entity": "MergeRequest",
"filters": {"state": "merged"}
},
{
"id": "p",
"entity": "Project",
"filters": {"full_path": "my-org/my-project"}
}
],
"relationships": [
{"type": "AUTHORED", "from": "u", "to": "mr"},
{"type": "IN_PROJECT", "from": "mr", "to": "p"}
],
"group_by": [{"kind": "node", "node": "u"}],
"aggregations": [
{"function": "count", "target": "mr", "alias": "merged_mrs"}
],
"aggregation_sort": {"column": "merged_mrs", "direction": "DESC"},
"limit": 10
}Dependency mapping
Answer: “How are our services connected?”
Map imported definitions
{
"query_type": "aggregation",
"nodes": [
{
"id": "sym",
"entity": "ImportedSymbol",
"columns": ["import_path"],
"filters": {
"import_path": {"op": "contains", "value": "payments"}
}
},
{"id": "def", "entity": "Definition", "columns": ["name", "fqn", "file_path"]}
],
"relationships": [
{"type": "IMPORTS", "from": "sym", "to": "def"}
],
"group_by": [{"kind": "node", "node": "def"}],
"aggregations": [
{"function": "count", "target": "sym", "alias": "import_count"}
],
"aggregation_sort": {"column": "import_count", "direction": "DESC"},
"limit": 20
}Pipeline health
Answer: “Where are our CI/CD problems?”
Find projects with the most failed pipelines
{
"query_type": "aggregation",
"nodes": [
{"id": "pl", "entity": "Pipeline", "filters": {"status": "failed"}},
{"id": "p", "entity": "Project", "columns": ["name", "full_path"]}
],
"relationships": [
{"type": "IN_PROJECT", "from": "pl", "to": "p"}
],
"group_by": [{"kind": "node", "node": "p"}],
"aggregations": [
{"function": "count", "target": "pl", "alias": "failed_count"}
],
"aggregation_sort": {"column": "failed_count", "direction": "DESC"},
"limit": 10
}Find failed jobs and their failure reasons
{
"query_type": "traversal",
"node": {
"id": "j",
"entity": "Job",
"columns": ["name", "status", "failure_reason"],
"filters": {"status": "failed"}
},
"limit": 10
}Vulnerability tracing
Answer: “Where are our security risks, and how did they get there?”
Find all critical and high vulnerabilities in a group
{
"query_type": "traversal",
"nodes": [
{
"id": "v",
"entity": "Vulnerability",
"columns": ["title", "severity", "state", "report_type"],
"filters": {
"severity": {"op": "in", "value": ["critical", "high"]},
"state": "detected"
}
},
{"id": "p", "entity": "Project", "columns": ["name", "full_path"]}
],
"relationships": [
{"type": "IN_PROJECT", "from": "v", "to": "p"}
],
"order_by": {"node": "v", "property": "severity", "direction": "DESC"},
"limit": 50
}Count vulnerabilities by project
{
"query_type": "aggregation",
"nodes": [
{
"id": "v",
"entity": "Vulnerability",
"filters": {"state": "detected"}
},
{"id": "p", "entity": "Project", "columns": ["name", "full_path"]}
],
"relationships": [
{"type": "IN_PROJECT", "from": "v", "to": "p"}
],
"group_by": [{"kind": "node", "node": "p"}],
"aggregations": [
{"function": "count", "target": "v", "alias": "vuln_count"}
],
"aggregation_sort": {"column": "vuln_count", "direction": "DESC"},
"limit": 20
}Count vulnerabilities by severity
{
"query_type": "aggregation",
"nodes": [
{
"id": "v",
"entity": "Vulnerability",
"filters": {"state": "detected"}
}
],
"group_by": [
{"kind": "property", "node": "v", "property": "severity", "alias": "severity"}
],
"aggregations": [
{"function": "count", "target": "v", "alias": "vuln_count"}
],
"aggregation_sort": {"column": "vuln_count", "direction": "DESC"},
"limit": 10
}Fetch source code
Answer: “Show me the actual code.”
Virtual columns (content on File and Definition) trigger a Gitaly fetch
after the graph query. Response time is higher than non-virtual queries.
Always request them explicitly in columns. They are excluded from
dynamic_columns in path_finding and neighbors queries.
Fetch the source text of a file
Replace the path filter value with a file path that exists in an indexed project.
Use limit: 1 when fetching full file content to avoid large responses.
{
"query_type": "traversal",
"node": {
"id": "f",
"entity": "File",
"columns": ["path", "language", "content"],
"filters": {
"path": {"op": "ends_with", "value": "app/models/project.rb"}
}
},
"limit": 1
}Fetch the source text of a specific function or class definition
The content field returns the raw source text of just that definition,
not the full file.
{
"query_type": "traversal",
"node": {
"id": "d",
"entity": "Definition",
"columns": ["name", "fqn", "file_path", "start_line", "end_line", "content"],
"filters": {
"fqn": {"op": "eq", "value": "Gitlab::Auth::authenticate"}
}
},
"limit": 5
}