Day 6: My AI QA tool fixed its own broken code
Spent today finishing the autofix pipeline. The goal was simple: click a button, Claude fixes your code, PR gets created. The execution was not simple.
The Find
VibeProof caught and fixed issues across 4 merged PRs on itself. Health score jumped from 60 → 80, security from 46 → 82. But the real test was scanning Idealift, a 26K file monorepo.
The external scan found:
- 136 security criticals: missing auth checks, no rate limiting
- ~170
console.logstatements in production code - Massive code duplication:
llms.txt/route.tspattern copied across 12 apps - Shared auth patterns copy-pasted across 11 files
- 90+ god functions in cron jobs
Total: 651 auto-fixable issues, 222 security issues. Health score: 62.5, security: 55.
The Fix
Built the full end-to-end flow: scan → autofix → tsc verify → self-heal if broken → PR created. The self-healing retry loop was key. First real test: Claude broke a Stripe type annotation during autofix. The system fed tsc errors back to Claude, which fixed its own mistake. PR merged.
For monorepos, I added priority-based batching: 25 issues per PR, criticals first. Idealift's 651 issues = 26 batches. The UI shows "Fix batch 1/26" with progress tracking.
The Score
VibeProof: 60 → 80 health, 46 → 82 security. Idealift started at 62.5 health, 55 security.
The Takeaway
Autofix works perfectly at small scale but breaks at monorepo scale. Enterprise autofix isn't a button click, it's a campaign. The self-healing loop is the seed of something bigger — scan, fix, verify, heal, learn. The system is starting to debug itself.