nyxcore-systems
6 min read

AutoFix Unleashed: Building Our AI-Powered Code Remediation Pipeline

Dive into the journey of building AutoFix, our new AI-powered pipeline for automated security and bug remediation, from initial architecture to overcoming common development hurdles and integrating with our existing ecosystem.

AICodeRemediationSecurityAutomationSoftwareDevelopmentTypeScriptNext.jsPrismaLLMGitHub

The world of software development is a constant race against time, bugs, and security vulnerabilities. What if we could automate not just the detection of issues, but also their remediation? That's the ambitious vision behind AutoFix, a project we've just brought to feature completeness.

This post chronicles the intense development session that culminated in shipping the core AutoFix Pipeline. It's a peek behind the curtain at how we're leveraging AI to build a proactive, intelligent system for maintaining code health and security.

The Vision: AutoFix - Your Autonomous Code Guardian

Our goal with AutoFix is clear: establish an automated pipeline for security and bug discovery, coupled with AI-powered remediation. Imagine a system that not only flags an OWASP Top 10 vulnerability or a common performance bottleneck but also proposes a precise, unified diff patch, and can even create a GitHub Pull Request for review. To top it off, it supports external resolution via webhooks, allowing integration with advanced AI assistants like Claude Code, Copilot, or Cursor.

As of this session's close, the AutoFix Pipeline is feature complete, committed to main at 0fa60cc. Typechecks pass, and the build compiles (ignoring a pre-existing issue in a separate module). It's a significant milestone!

Under the Hood: Crafting the AutoFix Architecture

Building AutoFix required touching almost every layer of our stack, from database models to sophisticated AI services and a responsive UI. Here's a breakdown of the key components we shipped:

1. Data Foundation: Tracking Runs and Issues

At the core, we needed to track every AutoFix operation. This led to the creation of:

  • AutoFixRun and AutoFixIssue Prisma models, establishing critical relationships with User, Tenant, and Repository to ensure proper context and access control.
  • A shared type definitions file, src/types/auto-fix.ts, defining essential enums like IssueSeverity, IssueCategory, IssueStatus, and the AutoFixEvent for our real-time updates.

2. GitHub Integration: The Automated PR Engine

To enable truly automated remediation, AutoFix needed to interact seamlessly with GitHub. We significantly extended src/server/services/github-connector.ts to include:

  • POST/PUT capabilities for ghFetch.
  • Functions to createBranch, createOrUpdateFile, createPullRequest, and getFileSha – the building blocks for programmatically pushing fixes.

3. The AI Brain: Detection and Generation

This is where the magic happens. We built two crucial AI-powered services:

  • src/server/services/auto-fix/issue-detector.ts: An LLM-based service capable of prescriptive issue detection. It's trained to identify common vulnerabilities (OWASP), bugs, performance issues, error-handling flaws, and general code smells. We leveraged our existing batch processing and "Bring Your Own Key" (BYOK) pattern from our pattern-detector service for flexibility and security.
  • src/server/services/auto-fix/fix-generator.ts: Once an issue is detected, this LLM-based service generates a precise, per-issue unified diff. This diff is the blueprint for the actual code change.

4. Patching & Orchestration: Applying the Fixes

An AI-generated diff is only useful if it can be reliably applied.

  • src/server/services/auto-fix/patch-utils.ts: This utility is responsible for parsing and applying unified diffs, ensuring that the AI's suggestions are translated into actual code changes robustly.
  • src/server/services/auto-fix/pipeline.ts: The central orchestrator. Implemented as an AsyncGenerator, it manages the entire AutoFix lifecycle: scandetectfixPR phases, providing a stream of updates throughout the process.

5. API & Real-time Updates: Connecting the Frontend

To expose AutoFix functionality and provide a dynamic user experience:

  • src/server/trpc/routers/auto-fix.ts: We added 7 new tRPC procedures: list, get, start, cancel, resolveIssue, skipIssue, and resolutionStats. This provides a robust API for interacting with the pipeline.
  • src/app/api/v1/events/auto-fix/[id]/route.ts: A Server-Sent Events (SSE) streaming endpoint, mirroring our code-analysis service, to deliver live updates on AutoFix run progress directly to the UI.
  • src/app/api/v1/webhooks/auto-fix/resolve/route.ts: An external resolution webhook, allowing third-party tools (like advanced AI code assistants) to mark issues as resolved in AutoFix.

6. User Interface: Visualizing the Automation

A powerful backend needs an intuitive frontend. We developed:

  • Four new React UI components: patch-viewer.tsx (for reviewing generated diffs), issue-card.tsx (to display individual issues), run-progress.tsx, and run-stats.tsx (for pipeline monitoring).
  • A dedicated run list page at /dashboard/auto-fix, complete with a dialog to initiate new scans.
  • A detailed run page at /dashboard/auto-fix/[id], featuring live SSE updates, filtering capabilities, and a comprehensive issue list.

7. Ecosystem Integration: Expanding Knowledge

Finally, AutoFix seamlessly integrates with our existing "Knowledge Hub":

  • getResolutionStats() was added to src/server/services/knowledge-hub.ts.
  • The KnowledgeStatsData type and knowledge-stats.tsx were updated to blend AutoFix resolution data with our existing insight pairing metrics, providing a holistic view of code health improvements.

Navigating the Bumps: Lessons Learned and Challenges

No significant feature delivery comes without its share of challenges. Here are a few we tackled:

  • Prisma and vector Column Woes: Our database schema includes a vector(1536) column for embeddings, often defined via raw SQL or Unsupported("tsvector") in Prisma. This column consistently triggered warnings during npm run db:push, as Prisma would try to drop it.

    • Workaround: We followed our established pattern: use --accept-data-loss and then re-add the column via an ALTER TABLE statement. This is a recurring headache, highlighting the impedance mismatch between ORMs and specific database features.

  • ESLint Configuration Glitch: Running npm run build initially failed due to ESLint's @typescript-eslint/no-unused-vars rule not being found across all files. This was a pre-existing configuration issue in our monorepo setup.

    • Workaround: For this session, we bypassed the linting step with npx next build --no-lint to focus on functionality. Addressing the root ESLint configuration is a priority for a dedicated tech debt sprint.

  • Relative Path Resolution: A minor but frustrating TypeScript error cropped up in our SSE endpoint, where the relative import path ../../../../middleware was incorrect.

    • Solution: A quick correction to ../../../middleware (3 levels up) resolved the issue, matching the pattern of our existing code-analysis SSE endpoint. A good reminder to double-check those relative imports!

What's Next? Our Immediate Roadmap

With the core AutoFix pipeline now in place, our immediate next steps focus on polishing, testing, and hardening:

  1. UI Integration: Add a sidebar navigation link for AutoFix (/dashboard/auto-fix) in src/components/layout/sidebar.tsx for easy access.
  2. End-to-End Testing: Conduct a comprehensive end-to-end test run on a designated test repository to verify SSE streaming, detection, fix generation, and PR creation.
  3. Webhook Validation: Thoroughly test the external resolution webhook (POST /api/v1/webhooks/auto-fix/resolve) with valid issue IDs.
  4. Security Hardening: Consider adding Row-Level Security (RLS) policies for auto_fix_runs and auto_fix_issues tables in prisma/rls.sql to enhance data isolation.
  5. Technical Debt Cleanup: Finally, tackle the pre-existing ESLint configuration issue and the useSearchParams() Suspense boundary issue in our /dashboard/consolidation/new page.

Conclusion

Shipping the AutoFix Pipeline marks a significant leap forward in our quest for proactive code health and security. By integrating AI-powered detection and remediation directly into our development workflow, we're empowering developers to focus on innovation while AutoFix handles the repetitive, error-prone task of fixing common issues. The journey was challenging, but the outcome – a feature-complete, intelligent code guardian – makes every effort worthwhile. We're incredibly excited about the future impact of AutoFix on our codebase and developer productivity!