Patchwork is a command-line interface. It can be used in your local terminal, IDE or as part of a CI/CD pipeline.


Using Pip

PatchWork is available on PyPI and can be installed using pip:

pip install 'patchwork-cli[all]' --upgrade

The following optional dependency groups are available.

  • security: installs semgrep and depscan with pip install 'patchwork-cli[security]' and is required for AutoFix and DependencyUpgrade patchflows.
  • rag: installs chromadb with pip install 'patchwork-cli[rag]' and is required for the ResolveIssue patchflow.
  • notifications: Used by steps sending notifications, e.g. slack messages.
  • all: installs everything.
  • not specifying any dependency group (pip install patchwork-cli) will install a core set of dependencies that are sufficient to run the GenerateDocstring, PRReview and GenerateREADME patchflows.

Using Poetry

PatchWork is built using Poetry, a dependency management and packaging tool for Python. To install PatchWork using Poetry, follow these steps:

  1. Make sure you have Poetry installed. If you don’t have it installed, you can install it by running:

    curl -sSL | python3 -
  2. Clone the PatchWork repository:

    git clone
  3. Navigate to the project directory:

    cd patchwork
  4. Activate a shell using virtual environment:

    poetry shell
  5. Install the dependencies using Poetry:

    poetry install --all-extras

PatchWork CLI

The CLI runs Patchflows, as follows:

patchwork <Patchflow> <?Arguments>


  • Arguments: Allow for overriding default/optional attributes of the Patchflow in the format of key=value. If key does not have any value, it is considered a boolean True flag.


For an AutoFix patchflow which patches vulnerabilities based on a scan using Semgrep:

patchwork AutoFix openai_api_key=<YOUR_OPENAI_API_KEY> github_api_key=<YOUR_GITHUB_TOKEN>

The above command will default to patching code in the current directory, by running Semgrep to identify the vulnerabilities.

You can take a look at the default.yml file for the list of configurations you can set to manage the AutoFix patchflow. You will need to pass your own openai_api_key to call the LLM. Otherwise, to get started, you can get a patched_api_key for free by by signing in at and generating an API key from the integrations tab. You can then call the patchflow with the key as follows:

patchwork AutoFix patched_api_key=<YOUR_PATCHED_API_KEY> github_api_key=<YOUR_GITHUB_TOKEN>

Similarly, to use Google’s models you can set the google_api_key and model, this is useful if you want to work with large contexts as the gemini-pro-1.5 model supports a input context length of 1 million tokens.

The patchwork-configs repository contains the default configuration and prompts for all the patchflows. You can clone that repo and pass it as a flag to the CLI:

patchwork AutoFix --config /path/to/patchwork-configs/patchflows