Autofix Bot

Hey everyone! 👋 We built Autofix Bot because we kept seeing the same problem: AI coding agents are incredibly productive, but they ship code that nobody fully reviews. Studies show LLM-generated code fails basic security checks ~45% of the time — and asking an LLM to review its own output only gets it right ~68% of the time. So we tried something different. Instead of pure LLM review, we built a hybrid: deterministic static analysis (5,000+ rules) combined with an AI agent layer. The static pass anchors on known vulnerability patterns. The AI handles nuance, generates fixes, and explains them. We tested against the OpenSSF CVE Benchmark (200+ real-world vulnerabilities): - Autofix Bot: 81% accuracy - Cursor Bugbot: 74.5% - Claude Code: 71.5% - CodeRabbit: 59.4% - Semgrep: 57% For secrets detection, we hit 93% F1 — vs Gitleaks (76%), detect-secrets (64%), and TruffleHog (41%). Full methodology and results: https://autofix.bot/benchmarks How to use it: If you're on Claude Code: /plugin marketplace add DeepSourceCorp/autofix-bot-claude-plugin /plugin install autofix@autofix-bot-claude-plugin Then /autofix:review or just ask Claude to review your code. On OpenAI Codex: $codex mcp add autofix -- autofix --mcp Works with any MCP-compatible assistant. Or run standalone: $ curl -fsSL https://autofix.bot/install | sh $ autofix You can get started for free with a $10 credit today. We've spent a lot of time and effort rethinking how code reviews should look in today's era. We'd genuinely love feedback — what it catches, what it misses, how the fixes feel. That's how we improve. Give it a spin and let us know what you think! 🙏🏼