Patcha can use LLM providers to resolve complex vulnerabilities that can’t be fixed automatically.
Supported Providers
| Provider | Model | Setup Required |
|---|
| Anthropic | Claude | API key |
| OpenAI | GPT-4 | API key |
| Google | Gemini | API key |
Setup
1. Install the package
Patcha is installed with LLM support by default:
2. Set the provider
patcha config set-provider anthropic
patcha config set-api-key anthropic $ANTHROPIC_API_KEY
patcha config set-api-key anthropic sk-ant-api03-xxxxx
Be careful when setting API keys directly. Use environment variables in CI/CD.
Anthropic (Claude)
patcha config set-provider anthropic
patcha config set-api-key anthropic $ANTHROPIC_API_KEY
ANTHROPIC_API_KEY
OpenAI
patcha config set-provider openai
patcha config set-api-key openai $OPENAI_API_KEY
OPENAI_API_KEY
Google Gemini
patcha config set-provider google
patcha config set-api-key google $GOOGLE_API_KEY
GOOGLE_API_KEY
Using AI Fixes
Once configured, use the --ai flag:
This enables Level 3 (AI-assisted) resolution.
Disable AI Features
patcha config set-provider none
patcha config auto-fix --no-level3
Verify Configuration
Shows:
- Current provider
- Available providers
- Auto-fix levels status
Cost Considerations
- Level 1 and 2 are free (no API calls)
- Level 3 uses API credits based on:
- Number of vulnerabilities
- Complexity of each case
- Model used
Start with a dry run to estimate costs:patcha fix --ai --dry-run
