building-codewatch

at cisco, I got to work on one of those problems that sounds simple but isn't: fixing code defects at scale.

the problem

large codebases accumulate thousands of static analysis warnings over time. these aren't there by style, they're potential bugs, security issues, maintainability problems. fixing them manually takes forever.

what we built

codewatch is a multi-agent system that:

• analyzes defects from existing tooling (Coverity)
• understands the context around each issue
• generates fixes autonomously
• validates nothing breaks
• creates PRs for human review

the key was making it horizontally scalable. each defect gets processed independently, so we can spin up as many workers as needed.

making sure it works

We do something like map reduce. let's say we have 10k files. We spin up 80 workers.

Step 1: Each worker gets a file of it's own. It fixes just that file.

Step 2: Each worker compiles the file using compile.sh, if it does not compile, fix it.

Step 3: Once all files in a directory are processed, we build that module. If error, fix it.

Step 4: Once all the modules are built, we build the final image

Then, we raise the PRs based on CODEOWNERS.

results

• 100k+ defects fixed.
• Got featured on OpenAI's website.
• Selected at Anthropic's MCP hackathon among 400+ teams.

what i learned

ai in production is about reliability. the technical stuff matters, but so does building systems people actually trust. validation at every step isn't optional, it's mandatory when our devices are mission critical. One bug can take the system down, but it's not a reason to disregard innovation!