←back to thread

Show HN: Patchwork – Open-source framework to automate development gruntwork

(github.com)
116 points rohansood15 | 6 comments | 26 Jul 24 20:34 UTC | HN request time: 0s | source | bottom

Hi HN! We’re Asankhaya and Rohan and we are building Patchwork.

Patchwork tackles development gruntwork—like reviews, docs, linting, and security fixes—through customizable, code-first 'patchflows' using LLMs and modular code management steps, all in Python. Here's a quick overview video: https://youtu.be/MLyn6B3bFMU

From our time building DevSecOps tools, we experienced first-hand the frustrations our users faced as they built complex delivery pipelines. Almost a third of developer time is spent on code management tasks[1], yet backlogs remain.

Patchwork lets you combine well-defined prompts with effective workflow orchestration to automate as much as 80% of these gruntwork tasks using LLMs[2]. For instance, the AutoFix patchflow can resolve 82% of issues flagged by semgrep using gpt-4 (or 68% with llama-3.1-8B) without fine-tuning or providing specialized context [3]. Success rates are higher for text-based patchflows like PR Review and Generate Docstring, but lower for more complex tasks like Dependency Upgrades.

We are not a coding assistant or a black-box GitHub bot. Our automation workflows run outside your IDE via the CLI or CI scripts without your active involvement.

We are also not an ‘AI agent’ framework. In our experience, LLM agents struggle with planning and rarely identify the right execution path. Instead, Patchwork requires explicitly defined workflows that provide greater success and full control.

Patchwork is open-source so you can build your own patchflows, integrate your preferred LLM endpoints, and fully self-host, ensuring privacy and compliance for large teams.

As devs, we prefer to build our own ‘AI-enabled automation’ given how easy it is to consume LLM APIs. If you do, try patchwork via a simple 'pip install patchwork-cli' or find us on Github[4].

Sources:

[1] https://blog.tidelift.com/developers-spend-30-of-their-time-...

[2] https://www.patched.codes/blog/patched-rtc-evaluating-llms-f...

[3] https://www.patched.codes/blog/how-good-are-llms

[4] https://github.com/patched-codes/patchwork

[Sample PRs] https://github.com/patched-demo/sample-injection/pulls

Show context
meiraleal ◴[27 Jul 24 03:05 UTC] No.41084187[source]
PR reviews are the one thing you sure don't want a LLM doing.
replies(4): >>41084276 #>>41084316 #>>41084513 #>>41086015 #
1. Carrok ◴[27 Jul 24 03:50 UTC] No.41084316[source]
Please elaborate.

While obviously a LLM might miss functional problems, it feels extremely well suited for catching “stupid mistakes”.

I don’t think anyone is advocating for LLMs merging and approving PRs on their own, they can certainly provide value to the human reviewer.

replies(2): >>41084867 #>>41097230 #
2. cuu508 ◴[27 Jul 24 06:47 UTC] No.41084867[source]
They can lull the human reviewer into a false sense of security.

"Computer already looked at it so I only need to glance at it"

replies(1): >>41085502 #
3. throwthrowuknow ◴[27 Jul 24 09:55 UTC] No.41085502[source]
I don’t know what your process is but if someone else has reviewed a PR before I take my turn I don’t ignore the code they’ve looked at. In fact I take the time to review both the original code as well as their comments or suggestions. That’s the point of review after all, to verify the thinking behind the code as well as the code itself and that applies equally to thoughts or code added by a reviewer.
4. spartanatreyu ◴[29 Jul 24 01:08 UTC] No.41097230[source]
> LLM [...] feels extremely well suited for catching “stupid mistakes”.

No.

Linters are extremely well suited for catching stupid mistakes.

LLMs are extremely well suited for the appearance of catching stupid mistakes.

Linters will catch things like this because they can go through checking and evaluating things logically:

> if (

> isValid(primaryValue, "strict") || isValid(secondaryValue, "strict") ||

> isValid(primaryValue, "loose" || isValid(secondaryValue, "loose"))

> //...............................^^^^ Did we forget a closing ')'?

> ) {

> ...

> }

LLMs will only highlight exact problems they've seen before, miss other problems that linters would immediately find, and hallucinate new problems altogether.

replies(2): >>41097913 #>>41098717 #
5. rohansood15 ◴[29 Jul 24 04:35 UTC] No.41097913[source]
Linters are great at finding syntactical errors like the case you mentioned. But LLMs do a better job at finding logical flaws or enforcing things like non-syntactic naming conventions. The idea is not to replace linters, but to complement them. In fact, one of the flows we're building next is fixing linting issues that linters struggle to fix automatically.
6. luckilydiscrete ◴[29 Jul 24 08:02 UTC] No.41098717[source]
While true in a subset of problems, linters will also miss stupid mistakes because not everything is syntactical.

AI for example can catch the fact that `phone.match(/\d{10}/)` might break because of spaces, while a linter has no concept of a correct "regex" as long as it matches the regex syntax.

I don't think anyone is arguing that replacing linters with AI is the answer, instead a combination of both is useful.