Fixer is a sandboxed auto-fix agent that applies and executes PR fixes inside an ephemeral, isolated runtime. It runs format, lint and build checks and only commits changes when validation succeeds, saving reviewers hours reworking incoming feedback.
.png)
Fixer is a new agent class by Baz. Distinct from the Reviewers, Fixer is the very first Baz agent designed with the capability to both compose and execute code autonomously. Essentially, it functions as an intelligent pull-request sidekick, diligently handling all routine and repetitive development work, particularly addressing the common bugs and issues identified during the AI Code Review process.
Fixer is designed to handle common and repeated review feedback, such as general linting failures, complex typing issues, and formatting or import errors (missing or misplaced imports). It addresses these issues by automatically applying the required modifications and then thoroughly confirming the changes. This entire process occurs within the same secure, sandboxed environment which is compatible with the development environment that the development team relies on for building and linting their code. This automation dramatically reduces the time engineers spend switching back to their IDEs and manually reworking often trivial but necessary fixes, thus accelerating the development cycle.
Fixer strictly operates within the boundaries of your current branch, ensuring full traceability. All commits produced by the agent are fully auditable and are only created after both rigorous AI and deterministic validation checks have passed successfully.
Fixer is an automated, sandboxed agent that turns a “please fix this” review request into a code fix, validation, and an auditable commit when safe. The Fixer agent can be triggered on any compatible pull-request with a pre-defined environment setting.
When requested, Fixer initiates a brief, containerized agent session. This session is provided with a ready-made repository snapshot and environment. The process then involves two separate and distinct steps: the "fix" phase and the "commit" phase. The fix step clones the repo, prepares the environment, installs dependencies, and asks an AI-powered code agent to apply a minimal change that addresses the review. The runtime then runs a post-fix validation step. If validation succeeds the agent obtains a write token and asks the runtime to produce and push a commit. If validation fails we never push, and we post structured diagnostics back to the PR.
Operationally Fixer persists only ephemeral session metadata so the commit phase can resume the agent state created during the fix phase. Read-level credentials are used for cloning and analysis and write-level credential is used only after the fix and validations succeed. That keeps the high privilege push token off the runtime until it is strictly required.
We designed Fixer for two simultaneous constraints: run fixes securely, and make fixes compatible with the repository environment.
First, Fixer runs the agent inside an isolated, containerized runtime that is ephemeral and minimized. The runtime has only the narrow cloud permissions required to run models, pull the image, and emit logs. It does not have database access or unfettered network access to internal services. The agent server enforces a default deny policy on runtime permission requests so the agent cannot escalate capabilities dynamically. Sessions are kept short lived and cleaned up after the flow completes. Those runtime and IAM constraints are part of the infrastructure design for the sandboxed agent runtime.
To avoid fixes that only work on our machines we reproduce the repository environment inside the sandbox before the agent runs. The agent accepts a per-repo sandbox configuration with environment variables and an optional setup script. The runtime applies the environment variables and runs the setup script prior to creating the agent session.
Dependency handling is deterministic and cache friendly. Before installing dependencies we detect the project language and lockfile, pick the ecosystem install command, and attempt to reuse a signed, short lived dependency cache when available. That reduces variability and installation time while keeping cache access scoped and short lived.
After the agent applies a fix we never commit automatically. A strict code validator runs formatting, lint and build checks that are explicitly defined in the repository configuration. The validator is intentionally conservative and will apply only mechanical fixes and will stop and report whenever a failure requires logic changes.
If the validator reports lint failures or an incomplete result, Fixer records detailed, structured diagnostics and abstains from pushing. If a commit is attempted we use a write token tied to a dedicated bot identity so pushes are auditable. Tracing and logs are sanitized to avoid including secrets or full setup payloads.
To begin utilizing Fixer's secure, sandboxed, and environment-compatible auto fixes, you will first need to configure the designated sandbox environment and subsequently select the compatible runtimes that align with your current setup.
For more details on Sandboxes, go to our Docs.
.png)
.png)
