CodeMechanic-Bot uses an event-driven, multi-agent architecture. The system is designed around a central EventBus in orchestrator.py that fully decouples the agents, allowing them to scale and fail independently.
When you run python orchestrator.py, the orchestrator enters an infinite loop. Every 30 minutes, it triggers the BountyRadar to start a scan cycle.
- BountyRadar: Queries GitHub for issues with specific labels (
bounty,algora,polar). It filters out saturated issues and emits aBOUNTY_FOUNDevent. - ScamDetector: Listens for
BOUNTY_FOUND. It queries the repository's statistics. If the repo has < 5 stars, 0 historically merged PRs, or > 50 open issues, it kills the pipeline for that issue. Otherwise, it emitsBOUNTY_VERIFIED. - StaticAnalyzer: Runs continuously in the background to proactively audit popular repositories (via
docker). RunsSemgrep(logic bugs),Trivy(IaC and CVEs), andGitleaks(secrets). EmitsBOUNTY_VERIFIEDfor zero-days found. - PREngineer: Listens for
BOUNTY_VERIFIED.- Uses the GitHub API to post a "Comment First" message proposing to work on the issue.
- Clones the repository locally.
- Harvests context (tests,
CONTRIBUTING.md, recent commits). - Queries the local AI (
gemma4:e4b, with fallbacks tollama3andmistral) to generate a targeted patch. - Tests the patch in a sandboxed Docker container (with daemon reconnection resilience).
- Emits
PR_READY.
- CodeReviewer: Listens for
PR_READY.- Has the AI self-review the generated patch for security and style.
- If approved, it uses the GitHub CLI (
gh) and robust git branching (checkout -B) to fork the repository, commit the patch, and open a Pull Request. - Emits
PR_SUBMITTED.
- ContentEngine / DevOpsMonitor / EarningsTracker: All listen for
PR_SUBMITTEDin parallel.ContentEngine: Writes a markdown blog post detailing the automated fix.DevOpsMonitor: Simulates tracking the CI/CD pipeline of the PR.EarningsTracker: Maintains a local ledger of estimated ROIs.
- ReviewTracker: Runs continuously alongside the radar. It polls open PRs authored by the bot. If a maintainer leaves a review requesting changes, it emits
PR_REVIEWED, which routes back to thePREngineerto iteratively fix the code.
The backend communicates natively with a lightweight FastAPI server (api/main.py). The frontend (ui/) uses a beautiful Catppuccin Mocha theme with glassmorphism to control the bot. It embeds CodeMirror (with Vim mode enabled) so humans can intercept and review PRs manually if manual_approval is required in the config.
The system behavior is defined in config.yaml.
Crucially, the bot implements a "Model Fallback" system. If the primary model fails or times out, it automatically tries the next models in the fallback array to ensure 24/7 uptime.