Every developer knows this pain. A bug gets filed and suddenly someone has to drop everything, read the issue, search through the codebase, figure out what broke, write a fix, add tests, open a PR and report back. It’s all manual work that takes time away from things that actually need a human brain. I kept asking myself one simple question, how much of this work can an agent handle on its own? That’s how BugFixer came about.
BugFixer is an AI agent that works inside GitLab using Claude. You file a bug report, assign BugFixer to the issue and walk away. The agent reads the issue, looks through the codebase, finds the problem, writes a fix with tests, opens a merge request and comments back explaining what it did. Nothing gets merged automatically, you still review and approve. BugFixer does the work, you make the final call.
In my demo, I filed a bug about passwords being stored as plain text in an authentication file. After assigning BugFixer, it found three vulnerable functions, replaced the plaintext storage with bcrypt hashing, wrote security tests and opened a merge request. It also spotted a session token vulnerability that I never mentioned. It found that on its own just by reading the code.
Building this wasn’t easy. The first problem was the YAML tool configuration. The documentation wasn’t clear, and small syntax changes caused confusing errors like “tool_name is missing” or “tool_name not expected.” I had to ask in the GitLab Discord community to figure it out. The second issue was permissions. Even with a Developer role, the agent could read files but couldn’t create commits or merge requests. Early runs were triggering but producing nothing, no commits, no MRs, no comments. Fixing that took days and was the biggest challenge.
Learn about Medium’s values
What I’m most proud of is that BugFixer fixed real bugs on its own. It worked on a Python calculator, a geospatial script I was working on at work and an authentication module with multiple security issues. Every run produced real fixes, real tests and real merge requests. But the best part was the session token issue it found on its own. I never asked for that. It just read the code and noticed the problem.
This project taught me how to build an AI agent from scratch on a platform I had never used before, how to write prompts that give an LLM enough context to make decisions, and how to debug using only session logs. It also showed me that building on a beta platform means hitting walls with little or no documentation. You just have to keep testing until something works.
Right now, BugFixer handles one bug at a time, but real teams deal with many issues at once. The next step is to run multiple agents in parallel and prioritize bugs by severity. I also want it to leave inline comments directly in the merge request not just a summary on the issue. Long term, the goal is for BugFixer to run the pipeline after fixing a bug, check if tests pass and only then open a merge request. The tools for that already exist, so it’s close.
BugFixer isn’t about replacing developers. It’s about removing repetitive work so people can focus on what really matters. If an agent can read bugs, fix code, and write tests, then maybe our time is better spent reviewing, designing, and solving harder problems.
Try it out: GitLab
YouTube: BugFixer - AI Agent that fixes bugs automatically in GitLab
Top comments (0)