How does WarpFix detect CI failures?

WarpFix integrates as a GitHub App. When a workflow fails, GitHub sends a webhook and WarpFix starts analyzing the failure logs immediately.

Is my code safe with WarpFix?

WarpFix only reads logs and file contents needed for repair. All patches are validated in isolated sandboxes. The GitHub App uses minimal permissions.

What errors can WarpFix fix?

Build errors, test failures, lint issues, type errors, dependency problems, runtime crashes, and configuration bugs.

How does fingerprint learning work?

Each error is normalized and hashed into a unique fingerprint. When the same pattern recurs across any repository in your org, the proven fix is reused instantly with high confidence — reducing repair time by 37%.

What if a patch has low confidence?

Patches below 40 confidence are flagged for manual review and not opened as PRs. Scores between 40-70 get a 'review suggested' label. Only high-confidence patches are auto-merged.

Can I use WarpFix without Warp terminal?

Yes. The web dashboard and GitHub App work independently. Terminal commands are optional — you can use WarpFix entirely through the web interface.

How is WarpFix different from CodeRabbit?

CodeRabbit reviews code but does not fix it. WarpFix reviews AND auto-repairs CI failures. WarpFix also includes predictive CI failure prevention, security auto-patching, dead code detection, fingerprint learning, and sandbox validation — features CodeRabbit does not offer.

What CI/CD platforms does WarpFix support?

WarpFix currently supports GitHub Actions with webhook integration. Support for GitLab CI, CircleCI, and Jenkins is on the roadmap.

Security & Data Practices

Transparency about how WarpFix handles your code, data, and security.

AILLM Provider

WarpFix uses OpenAI GPT-4o as its primary LLM for patch generation, code review intelligence, and chat agent responses.

•Zero data retention: We use the OpenAI API with data retention disabled. OpenAI does not store or train on any data sent through our API calls.
•Minimal context: Only the specific error logs and directly relevant source files are sent — never your entire repository.
•No fine-tuning: Your code is never used for model training or fine-tuning. Period.

↓Data Flow

Here is exactly what happens when WarpFix processes a CI failure:

CI Failure Detected

GitHub webhook notifies WarpFix of a failed workflow run.

Log Retrieval

WarpFix reads only the failed job logs via GitHub API (read-only).

Error Classification

Logs are parsed and classified locally — no external calls yet.

LLM Patch Generation

Relevant code context + error snippet sent to OpenAI GPT-4o for patch generation. No full repo sent.

Sandbox Validation

Candidate patch is tested in an isolated Docker container. No access to production.

PR Submission

If validation passes, a PR is opened via GitHub API. Humans review before merge.

🔒Encryption

In Transit

All data is encrypted in transit using TLS 1.3. All API endpoints enforce HTTPS. HSTS headers are set with a 1-year max-age.

At Rest

Database storage uses AES-256 encryption at rest. OAuth tokens and secrets are encrypted before storage using application-level encryption.

⏱Data Retention

Data Type	Retention
CI logs (raw)	Processed in memory, discarded after repair (not stored)
Error fingerprints	Stored indefinitely (hashed patterns only, no source code)
Repair metadata	90 days (repair type, status, timestamps)
Generated patches	Deleted after PR is opened (not persisted)
Account data	Until account deletion + 30 day grace period

⚙GitHub App Permissions

WarpFix requests the minimum permissions necessary. Here is exactly what each permission is used for:

Repository contents (read/write)Read source files for context; write to create fix branches and PRs.

Actions (read)Read CI workflow run logs to diagnose failures.

Pull requests (read/write)Open fix PRs, post review comments, and respond to @warpfix mentions.

Issues (read)Cross-reference related issues when analyzing failures.

Metadata (read)Basic repository metadata for configuration.

✓Compliance & Standards

SOC 2 Type I

In Progress — Q3 2026

Audit initiated with Vanta. Expected completion Q3 2026.

GDPR

Compliant

Data processing agreement available. EU data handled per GDPR requirements.

security.txt

Published

Available at /.well-known/security.txt

Responsible Disclosure

Active

Report vulnerabilities to security@warpfix.org

Questions?

If you have security questions or need a Data Processing Agreement, contact us at security@warpfix.org. We respond to all security inquiries within 24 hours.