PatchPilot finds the CVEs that actually reach your code, lets OpenAI Codex write the fix in a sandbox, signs the result, and waits for a tap on your phone. Every integration runs live (Codex, OSV, GitHub, Telegram) with a full audit trail behind each change.
$npx patchpilot-cli scanHighlighted steps are PatchPilot's edge: reachability triage, Codex-written fixes, and a signed attestation, all gated behind a human tap.
Is the vulnerable package actually imported in your source? If not, it's de-prioritized. The CVE wall shrinks to the handful that matter.
Codex (GPT-5.5) is the only model that writes to the repo. Behind it, configured cloud or local providers by policy, then a deterministic fallback. Secrets never reach the cloud.
Every fix ships a verifiable HMAC statement of from→to, validation result, and files changed, embedded in the pull request.
Inline Telegram buttons to approve, reject, retry safer, or rollback. No auto-merge, no auto-deploy, no exceptions.