BugFixer

Assign it. Walk away. Bug fixed.

Comment

Inspiration

Every developer knows this pain. A bug gets filed and suddenly someone has to drop everything, read the issue, hunt through the codebase, figure out what broke, write a fix, write tests, open a PR, and report back. All of that is manual work that pulls people away from things that actually need a human brain. I work as a data analyst, not a full-time software engineer. When I found the GitLab Duo Agent Platform through this hackathon, the question I kept asking myself was simple, how much of that work can an agent just handle on its own? BugFixer is the answer I came up with.

What it does

How we built it

BugFixer is an AI agent that lives inside GitLab. You file a bug report, assign BugFixer to the issue, and walk away. The agent reads the issue, looks through the codebase, finds the buggy file, writes a fix with tests, opens a merge request, and posts a comment back on the issue explaining what it found and what it changed. Nothing gets merged without a human approving it first. BugFixer does the work, you make the final call. In the demo I file a bug report about passwords being stored as plain text in an authentication file. I assign BugFixer and within minutes it has found all three vulnerable functions, replaced the plaintext storage with proper bcrypt hashing, written security tests, and opened a merge request. It also spotted a session token vulnerability that I never mentioned in the issue. It found that completely on its own just by reading the code.

Challenges we ran into

The first wall I hit was the YAML syntax for the toolset. The documentation was not clear about the correct format. When I used plain strings like "get_issue" it threw a tool_name is missing error. When I switched to tool_name: "get_issue" it threw tool_name not expected. I had to ask in the GitLab Discord community to find out the correct format and get it working. The second problem was that create_commit and create_merge_request were failing with access errors even though my service account had Developer role. The agent could read files fine but could not write anything. That took days to figure out and was the main reason the early sessions were triggering but producing nothing, no commits, no merge requests, no comments.

Accomplishments that we're proud of

BugFixer fixed real bugs in multiple files on its own a Python calculator, a geospatial script I actually use at work, and an authentication module with three separate security vulnerabilities. Every run produced a real merge request with real tests.. The session token finding is what I am most proud of. I never asked BugFixer to look for that. It just read the file, noticed the problem, and flagged it. That is the agent actually thinking rather than just following steps.

What we learned

How to build a working AI agent from scratch on a platform I had never used before. How to write prompts that give an LLM enough context to make good decisions on its own. How to debug an agent when the only feedback you have is a session log. And how to ship something real under a deadline. Building on a beta platform means you will hit walls with no documentation. The answer is to keep digging, keep testing, and keep going until something works.

What's next for BugFixer

Right now BugFixer handles one bug at a time. A real team has dozens of open issues at once. The next version would run multiple agents in parallel and sort by severity so the worst bugs get fixed first. It should also leave inline comments on the specific lines it changed inside the MR, not just a summary on the issue. That would make the review experience much more useful. Long term I want BugFixer to run the pipeline after fixing a bug, check if tests pass, and only then open the MR. The tools for that are already in the toolset, that next step is closer than it looks.

Built With

  • agent
  • claude
  • duo
  • gitlab
  • python
  • yaml
Share this project:

Updates