Gomboc Code Remediation Skill

Deterministic, merge-ready code fixes for any codebase.

Gomboc.ai Community Edition automatically scans and fixes code issues across your entire codebase — infrastructure, applications, configurations, and more — using deterministic AI (no hallucinations). This skill wraps Gomboc's power into agent workflows, CLI tools, and CI/CD pipelines, making it the perfect complement to agentic coding.

What It Does

• Scan any codebase for issues (infrastructure, application code, configs)
• Generate deterministic, merge-ready pull requests with fixes
• Remediate continuously via GitHub Actions or interactive CLI/MCP
• Trust 94%+ fix acceptance rate with zero hallucinations (ORL Engine)
• Pair with agents — deterministic remediation that works perfectly alongside agentic coding systems

Supported Languages & Frameworks

• Infrastructure as Code — Terraform, CloudFormation, Kubernetes YAML
• Configuration Files — JSON, YAML, HCL
• Security Issues — Across any codebase (IaC, applications, configs)
• Expanding — More languages and frameworks added regularly

Quick Start

1. Get a Token

# Sign up at https://app.gomboc.ai (free, Community Edition)
# Generate Personal Access Token in Settings
export GOMBOC_PAT="gpt_your_token"

2. Scan Code

python scripts/cli-wrapper.py scan --path ./src

3. Generate Fixes

python scripts/cli-wrapper.py fix --path ./src

4. Apply Fixes (Optional)

python scripts/cli-wrapper.py remediate --path ./src --commit

Key Features

✅ Deterministic AI — Same fix every time, no hallucinations ✅ 94%+ Accuracy — Merge-ready fixes users actually accept ✅ Free Forever — Community Edition of Gomboc.ai ✅ Production-Ready — Battle-tested implementation ✅ Secure by Design — No token leaking, proper error handling ✅ Agent-Friendly — Perfect for autonomous code improvement loops

CLI Commands

scan

Detect issues in your codebase

gomboc scan path:./terraform
gomboc scan path:./src policy:aws-cis format:markdown

fix

Generate merge-ready fixes

gomboc fix path:./terraform format:pull_request
gomboc fix path:./src format:json

remediate

Apply fixes directly to code

gomboc remediate path:./src commit:true
gomboc remediate path:./terraform commit:true push:true

config

Manage authentication

gomboc config --show-token

For Agents

This skill is designed as the ideal complement to agentic coding:

• Deterministic — Reliable, repeatable remediation
• Trustworthy — 94%+ of fixes are merged as-is
• Autonomous — Agents can scan, generate, and apply fixes without human intervention
• Continuous — Perfect for ongoing code improvement loops

Integration Methods

1. MCP Server (Agents)

Run the MCP server for interactive agent integration:

docker-compose -f scripts/docker-compose.yml up
# Server runs on http://localhost:3100

See references/mcp-integration.md for details.

2. CLI Tool (Developers)

Use the Python CLI for local scanning and fixing:

export GOMBOC_PAT="your_token"
python scripts/cli-wrapper.py scan --path ./src

See references/setup.md for detailed instructions.

3. GitHub Actions (CI/CD)

Automate continuous remediation in your CI/CD pipeline:

- uses: gomboc-action@v1
  with:
    path: ./terraform
    auto-fix: true

See references/github-action.md for configuration.

Configuration

All configuration is via environment variables:

Security & Audit

This skill has been:

• ✅ Security-audited for token handling
• ✅ Verified against live Gomboc API
• ✅ Tested with real vulnerabilities
• ✅ Confirmed production-ready

See SECURITY.md for complete audit details.

Support & Documentation

• Setup Guide: references/setup.md
• MCP Integration: references/mcp-integration.md
• GitHub Actions: references/github-action.md
• Security Audit: SECURITY.md
• Changelog: CHANGELOG.md
• GitHub Issues: https://github.com/Gomboc-AI/gomboc-ai-feedback/discussions

License

MIT License — See LICENSE file

Ready to remediate? Start with the Quick Start section above, then explore integration methods that fit your workflow.