-
-
Demo repo logic check output
-
how it checks logic a demo and summary
-
How it works with 4 Agents Flow
Inspiration
I see the main problem most of the developer face that their vibe coded/self coding scripts can run without any errors but then their is issue in logic. Logic breaks and we fix it again and again.
What it does
Our project is mainly focused on this core problem of logic check, Bugs, Vulnerability, solutions/fixes. Our project read your entire codebase and it dry-run the whole code with all possible circumstances and verify your complete logic issue and tells you everything and fix it.
How we built it
We built LogicClaw on the GitLab Duo Agent Platform using Anthropic Claude as the reasoning engine. The system is a 4-agent sequential pipeline where each agent has a specialized role: Agent 1 (Codebase Reader) reads every file in the repository, maps the architecture, and captures MR diffs. Agent 2 (Logic Analyst) performs deep business logic verification using a Mental Execution Engine that simulates code execution without running it, and generates a plain-English Workflow Story. Agent 3 (Security & Compliance Analyst) scans for OWASP Top 10 vulnerabilities and checks compliance against GDPR, HIPAA, SOC2, and PCI-DSS. Agent 4 (Reporter) combines all findings, deduplicates, prioritizes by severity, and posts a structured report as an MR comment.
We also built a Knowledge Base of 14 Python reference modules and 4 JSON pattern databases that the agent reads before analysis for deeper, more accurate detection. The entire system is configurable through YAML policy-as-code files. We created 4 separate flows (Full Scan, Quick Scan, Compliance-only, and Green Report) and integrated MCP support for external tool connectivity.
Challenges we ran into
The biggest challenge was making the agent actually "think like the code" instead of just pattern-matching. We had to carefully design the 10-phase system prompt so the agent traces every execution path, simulates edge cases, and identifies where logic breaks - not just where syntax is wrong.
Another challenge was the Knowledge Base approach. We couldn't execute Python scripts on the GitLab Duo Agent Platform, so we designed the Python files as reference modules that the agent reads via the read_file tool and reasons from their logic directly. This required structuring the code as data (patterns, rules, detection logic) rather than executable scripts.
Accomplishments that we're proud of
We're also proud that LogicClaw found 11 logic bugs, 10 edge cases, and 10 business logic violations in a single analysis run, including subtle issues like TOCTOU race conditions, floating-point precision errors in financial calculations, and missing atomicity in database operations.
What we learned
What's next for LogicGuard
Auto-Fix MRs - Instead of just reporting bugs, LogicClaw will automatically create fix branches with corrected code and open ready-to-merge MRs, similar to how TRON handles dependency vulnerabilities but for logic bugs.
More MCP Integrations - Connect to Jira, Linear, and Confluence to pull business requirements and verify that code implementation actually matches the acceptance criteria in tickets. CI/CD Pipeline Integration - Automatic LogicClaw trigger on every MR open, push to main, and pipeline failure. Zero-friction continuous verification.
Language-Specific Knowledge Bases - Expand the pattern databases for JavaScript/TypeScript, Go, Rust, and Java with language-specific logic bug patterns.
Team Analytics Dashboard - Track recurring bug patterns across the team, identify which developers need training on which topics, and measure security posture improvement over time. Enterprise Compliance Automation - Generate compliance evidence reports for SOC2 audits, HIPAA assessments, and PCI-DSS certifications automatically from LogicClaw scan history.
Log in or sign up for Devpost to join the conversation.