{"slug": "show-hn-automaxfix-controlled-ai-repair-loop-that-won-t-eat-your-migrations", "title": "Show HN: AutoMaxFix – controlled AI repair loop that won't eat your migrations", "summary": "Noumenon AI released AutoMaxFix, an open-source Python CLI tool that creates a controlled, safety-gated repair loop for AI-generated software. The tool converts failing tests and bug reports into structured tickets, then applies patches one at a time with infrastructure-level safeguards including banned command lists, path allowlists, and dirty workspace checks. AutoMaxFix aims to solve the reliability problems of AI-generated code by enforcing reproduction tests, human approval gates, and regression testing before any patch is applied.", "body_md": "Audit → Reproduce → Patch → Test → Report\n\nSupported test runners: pytest · jest · vitest · mocha · go · cargo · generic\n\nAutoMaxFix is a standalone open-source Python CLI for controlled repair loops in AI-built software. It turns failing tests, audit logs, or plain-English bug reports into structured tickets, then runs a safety-first patch workflow one ticket at a time.\n\n**AutoMaxFix is not an autonomous code god.**\n**AutoMaxFix is a controlled repair loop for AI-built software.**\n\nThe safety floor (enforced at infrastructure level, not in the prompt):\n\n- Banned command list —\n`rm -rf`\n\n,`sudo`\n\n,`curl|bash`\n\n,`pip install`\n\n,`npm install`\n\nare all rejected before any agent sees them - Path allowlist — patches cannot touch\n`.git/`\n\n,`.env*`\n\n,`secrets*`\n\n, or anything outside configured`allowed_paths`\n\n- Dirty workspace check — won't run if there are uncommitted changes\n- Reproduction test bundled in the same patch as the fix\n`max_files_changed`\n\ncap per patch\n\n```\npython3 -m venv .venv\n.venv/bin/pip install -e .\n.venv/bin/automaxfix --help\n```\n\nWire AutoMaxFix into GitHub Actions with the composite action in [docs/ci-integration.md](/Noumenon-ai/AutoMaxFix/blob/main/docs/ci-integration.md). The full walkthrough covers the reusable workflow wrapper, approval gating, path allowlists, and required permissions.\n\n```\n- name: Run tests\n  run: pytest -q 2>&1 | tee pytest-failures.log\n- name: AutoMaxFix on failure\n  if: failure()\n  uses: ./.github/actions/automaxfix-action\n  with:\n    test-runner: pytest\n    test-output-path: pytest-failures.log\n    agent: codex_cli\n    require-approval: true\n    open-pr: true\n```\n\nFor local failure loops, `automaxfix watch`\n\npolls a test command, captures each failing run, creates a ticket with the matching scanner, and launches `codex_cli`\n\nwith `--max-attempts 2`\n\n.\n\n```\nautomaxfix watch --test-runner pytest --command \"pytest -q\" --interval 30\n```\n\nWatch mode keeps the approval gate by default: it prints the full proposed diff and asks `y/n`\n\nbefore applying each patch attempt. To opt into unattended approval, set `watch_mode.auto_approve_in_watch: true`\n\nin config or export `AUTOMAXFIX_WATCH_AUTOAPPROVE=1`\n\n. The watched command is reused as the regression suite after each patch attempt, and polling continues until `Ctrl+C`\n\n.\n\n- A ticket generator for test runner failures and user bug reports\n- A controlled patch-execution loop for local repositories\n- A bridge between structured bug tickets and external coding agents such as Codex CLI or Claude CLI\n- A local-first, open-source workflow with no required hosted API\n\n- Not a blind repo rewriter\n- Not a package installer\n- Not a networked orchestration platform\n- Not tied to Noumenon, Nexus, or any private internal stack\n\nAI-generated code is fast, but speed creates failure modes:\n\n- missing reproduction coverage\n- low-confidence fixes\n- patch sprawl across unrelated files\n- hidden regressions after a \"successful\" edit\n\nAutoMaxFix enforces a repair loop:\n\n- detect failure\n- create ticket\n- create or confirm a reproduction test\n- validate a patch\n- require human approval unless explicitly bypassed\n- apply only inside allowed paths\n- run targeted tests\n- run regression\n- generate a report\n- stop\n\nPython 3.11+ is recommended.\n\nIf your environment does not provide a `python`\n\nalias, use `python3`\n\nfor module mode:\n\n```\npython3 -m automaxfix.cli ...\n```\n\nRun directly:\n\n```\npython3 -m automaxfix.cli init\n```\n\nOr install a console script in a virtualenv:\n\n```\npip install -e .\nautomaxfix init\n```\n\nInitialize local state:\n\n```\npython3 -m automaxfix.cli init\n```\n\nCreate a ticket from a bug report:\n\n```\npython3 -m automaxfix.cli bug \"reminder gets duplicated after update\"\n```\n\nCreate tickets from pytest output:\n\n```\npython3 -m automaxfix.cli scan --pytest-output examples/broken_pytest_output.txt\n```\n\nCreate tickets from other supported test runners:\n\n```\npython3 -m automaxfix.cli scan --jest-output tests/fixtures/jest/failures.txt\npython3 -m automaxfix.cli scan --from-file test-output.log --format generic\n```\n\nPrepare a reproduction brief:\n\n```\npython3 -m automaxfix.cli reproduce --ticket .automaxfix/tickets/AMF-YYYYMMDD-001.json\n```\n\nRun Phase 3 in manual patch mode:\n\n```\npython3 -m automaxfix.cli run \\\n  --ticket .automaxfix/tickets/AMF-YYYYMMDD-001.json \\\n  --patch-file patch.diff \\\n  --yes\n```\n\nRead the latest report:\n\n```\npython3 -m automaxfix.cli report --latest\n```\n\nCheck current status:\n\n```\npython3 -m automaxfix.cli status\n```\n\nWatch a local test loop:\n\n```\npython3 -m automaxfix.cli watch --test-runner pytest --command \"pytest -q\"\nautomaxfix init\nautomaxfix scan --pytest-output failed.txt\nautomaxfix scan --jest-output jest.log\nautomaxfix scan --vitest-output vitest.log\nautomaxfix scan --mocha-output mocha.log\nautomaxfix scan --go-output go-test.log\nautomaxfix scan --cargo-output cargo-test.log\nautomaxfix scan --from-file build.log --format generic\nautomaxfix bug \"reminder gets duplicated after update\"\nautomaxfix reproduce --ticket .automaxfix/tickets/AMF-YYYYMMDD-001.json\nautomaxfix run --ticket .automaxfix/tickets/AMF-YYYYMMDD-001.json --patch-file patch.diff\nautomaxfix run --ticket .automaxfix/tickets/AMF-YYYYMMDD-001.json --agent codex_cli\nautomaxfix run --ticket .automaxfix/tickets/AMF-YYYYMMDD-001.json --agent claude_cli\nautomaxfix run --ticket .automaxfix/tickets/AMF-YYYYMMDD-001.json --agent codex_cli --max-attempts 4\nautomaxfix watch --test-runner pytest --command \"pytest -q\"\nautomaxfix report --latest\nautomaxfix status\n```\n\n| Format | Flag | Example |\n|---|---|---|\n`pytest` |\n`--pytest-output <file>` |\n`automaxfix scan --pytest-output failed.txt` |\n`jest` |\n`--jest-output <file>` |\n`automaxfix scan --jest-output jest.log` |\n`vitest` |\n`--vitest-output <file>` |\n`automaxfix scan --vitest-output vitest.log` |\n`mocha` |\n`--mocha-output <file>` |\n`automaxfix scan --mocha-output mocha.log` |\n`go` |\n`--go-output <file>` |\n`automaxfix scan --go-output go-test.log` |\n`cargo` |\n`--cargo-output <file>` |\n`automaxfix scan --cargo-output cargo-test.log` |\n`generic` |\n`--from-file <file> --format generic` |\n`automaxfix scan --from-file build.log --format generic` |\n\nModule mode is also supported:\n\n```\npython3 -m automaxfix.cli init\npython3 -m automaxfix.cli bug \"sample bug\"\npython3 -m automaxfix.cli run --ticket .automaxfix/tickets/AMF-YYYYMMDD-001.json --patch-file patch.diff\n```\n\nManual patch mode is the safest Phase 3 entrypoint.\n\n- Generate or hand-write a unified diff file.\n- Run\n`automaxfix run --ticket ... --patch-file patch.diff`\n\n. - AutoMaxFix validates the diff, checks the workspace, asks for approval unless\n`--yes`\n\n, applies the patch, runs tests, writes a report, and stops.\n\nAgent-driven Phase 3 runs can now escalate through multiple repair strategies with:\n\n```\nautomaxfix run --ticket .automaxfix/tickets/AMF-YYYYMMDD-001.json --agent codex_cli --max-attempts 3 --yes\n```\n\nDefault behavior is 3 strategy attempts:\n\n`minimal`\n\n-> smallest possible diff`test_first`\n\n-> rewrite the failing test to state the expected behavior clearly, then fix the implementation`refactor`\n\n-> allow a focused refactor when a tiny diff is not enough\n\nIf you raise `--max-attempts`\n\nto 4, the last fallback is `rollback`\n\n, which asks the agent to prefer reverting the suspected recent change first.\n\nEach failed post-patch test attempt is written into the ticket's strategy memo with the strategy, reason, agent used, duration, and success flag. Re-running `automaxfix run`\n\non the same ticket reuses that memo and skips strategies already exhausted.\n\nThe safety floor does not change between attempts: every strategy still goes through the same diff validation, approval, patch apply, targeted test, regression test, and report pipeline.\n\nSet the config:\n\n```\nagent:\n  mode: \"codex_cli\"\n  command: \"codex\"\n```\n\nAutoMaxFix writes a temporary prompt file that includes the ticket JSON, repo rules, safety rules, required reproduction test, and expected output format. It then runs Codex CLI and accepts the result only if the output is a valid unified diff.\n\nPhase 3 adds:\n\n- a Codex-specific prompt preset\n- invalid-diff retry feedback\n- at most 2 retries for malformed diff output\n- no retry when the output is unsafe rather than merely malformed\n\nSet the config:\n\n```\nagent:\n  mode: \"claude_cli\"\n  command: \"claude\"\n```\n\nThe Claude CLI path follows the same contract as Codex CLI:\n\n- prompt file generated locally\n- diff-only output expected\n- strict patch validation before apply\n- no auto-commit\n- invalid-diff retry feedback with the same 2-retry cap\n\nAutoMaxFix blocks:\n\n- edits outside\n`repo_path`\n\n- edits to\n`.git`\n\n,`.env`\n\n,`secrets`\n\n,`.venv`\n\n,`node_modules`\n\n, and other blocked paths - package installs\n- network or destructive shell patterns such as\n`rm -rf`\n\n,`sudo`\n\n,`curl | bash`\n\n, or`wget | bash`\n\n- patches that touch too many files\n- binary patches\n- mode changes\n- new source files when\n`allow_new_source_files: false`\n\nPhase 3 patch apply requires a git repository.\n\nBefore apply, AutoMaxFix validates that the diff:\n\n- is a unified diff\n- stays inside allowed paths\n- does not touch sensitive files\n- does not exceed\n`max_files_changed`\n\n- does not contain binary data\n- does not sneak in dangerous shell payloads\n\nIf an external agent returns a malformed diff, AutoMaxFix may retry once or twice with stricter validation feedback. It does not retry failed tests automatically, and it does not retry unsafe patches that touch blocked paths or violate safety rules.\n\nBy default, AutoMaxFix requires a real reproduction test before patching.\n\n- If the ticket has a\n`reproduction_test`\n\n, AutoMaxFix runs it first and expects failure. - If no reproduction test exists, AutoMaxFix stops safely and tells you to create one.\n`--no-repro`\n\nexists for explicit operator override, but the default path is reproduction-first.\n\nTickets are JSON files with this lifecycle:\n\n`new`\n\n`reproduced`\n\n`patched`\n\n`passed`\n\n`failed`\n\nEach ticket tracks:\n\n- source\n- bug summary\n- suspected files\n- reproduction test path\n- patch summary\n- executed tests\n- final result\n\nBefore apply, AutoMaxFix writes a pre-patch diff to `.automaxfix/reports/pre_patch_<ticket>.diff`\n\n.\n\nAfter apply, the report tells you how to reverse the applied patch:\n\n`git apply -R .automaxfix/logs/applied_<ticket>.diff`\n\n- if the workspace was already dirty, reapply the saved pre-patch diff as needed\n\nAutoMaxFix stops after every ticket because multi-ticket autonomy is where patch sprawl and hidden regressions start. The tool is intentionally narrow:\n\n- one ticket\n- one validated patch attempt\n- one approval boundary\n- one report\n\nThat makes failures debuggable and operator review realistic.\n\nCurrent Phase 3:\n\n- ticket creation\n- reproduction briefs\n- manual patch mode\n- Codex CLI mode\n- Claude CLI mode\n- agent presets for cleaner diff output\n- invalid-diff retry guardrails\n- git-backed patch apply\n- targeted and regression test execution\n- phase-3 reports with rollback instructions\n\nNext phase:\n\n- Nexus Chaos Audit -> AutoMaxFix ticket importer\n- patch scoring and retry workflows", "url": "https://wpnews.pro/news/show-hn-automaxfix-controlled-ai-repair-loop-that-won-t-eat-your-migrations", "canonical_source": "https://github.com/Noumenon-ai/AutoMaxFix", "published_at": "2026-05-25 16:14:59+00:00", "updated_at": "2026-05-25 16:37:38.744243+00:00", "lang": "en", "topics": ["ai-tools", "ai-safety", "ai-agents", "mlops", "ai-infrastructure"], "entities": ["AutoMaxFix", "GitHub Actions", "pytest", "jest", "vitest", "mocha", "cargo"], "alternates": {"html": "https://wpnews.pro/news/show-hn-automaxfix-controlled-ai-repair-loop-that-won-t-eat-your-migrations", "markdown": "https://wpnews.pro/news/show-hn-automaxfix-controlled-ai-repair-loop-that-won-t-eat-your-migrations.md", "text": "https://wpnews.pro/news/show-hn-automaxfix-controlled-ai-repair-loop-that-won-t-eat-your-migrations.txt", "jsonld": "https://wpnews.pro/news/show-hn-automaxfix-controlled-ai-repair-loop-that-won-t-eat-your-migrations.jsonld"}}