repopilot 0.13.0

Local-first CLI for repository audit, architecture risk detection, baseline tracking, and CI-friendly code review.
Documentation
# Trust Mode

RepoPilot's default scan output is intentionally quieter than a raw audit dump.

The goal of the default profile is to answer:

- what can break production
- what can leak secrets
- what should block a release
- what is safe to review later
- what should move into a strict/deep-audit workflow

## Profiles

```bash
repopilot scan .
repopilot scan . --profile default
repopilot scan . --profile strict
repopilot scan . --include-maintainability
```

`default` is optimized for day-to-day development and CI review. It hides broad
maintainability and testing heuristics by policy, including long-function,
complex-file, TODO/FIXME/HACK, and testing-gap rules.

`strict` preserves the full raw audit output. Use it for refactoring passes,
codebase cleanup, rule development, and release-hardening audits.

## Visibility intent model

RepoPilot does not decide visibility only from severity. A high-severity large
file can still be a maintainability concern, while a medium/high-confidence
runtime signal can be important if it affects production behavior.

Every finding is classified into a product-level intent:

```text
SecurityRisk
RuntimeRisk
ActionableRisk
Maintainability
TestingGap
Informational
```

The visibility layer then applies profile policy:

```text
raw finding
  -> intent classification
  -> default/strict policy
  -> visible finding or hidden suggestion
```

This keeps audit rules focused on evidence and keeps report policy centralized.

## Hidden suggestion summaries

Default profile does not simply drop hidden findings. It records a structured
breakdown in the scan summary:

```json
{
  "hidden_suggestions": [
    {
      "intent": "maintainability",
      "rule_id": "architecture.large-file",
      "category": "architecture",
      "reason": "maintainability signals are hidden in the default profile",
      "count": 43
    }
  ]
}
```

Console and Markdown reports show the top hidden groups so users understand what
was hidden and why. This makes the default report quieter without making it
opaque.

## Why this matters

Earlier versions of RepoPilot could produce technically valid but noisy reports.
For example, missing-test suggestions, long functions, large files, and script
`process.exit` calls could dominate the default report even when they were not
release-blocking risks.

Trust Mode makes the default report more useful:

```text
default profile = actionable production/security/runtime risks
strict profile  = full maintainability/testing/deep audit output
```

## Examples

A real secret candidate stays visible by default:

```text
security.secret-candidate -> SecurityRisk -> visible
```

A missing source test is hidden by default:

```text
testing.source-without-test -> TestingGap -> hidden
```

A script-level process exit is hidden by default:

```text
scripts/verify-release.mjs process.exit(1) -> RuntimeRisk -> hidden
```

A reusable source-level process exit stays visible:

```text
src/runtime/server.ts process.exit(1) -> RuntimeRisk -> visible
```

A large file is hidden by default as a maintainability suggestion:

```text
architecture.large-file -> Maintainability -> hidden
```

A high-priority architecture/coupling issue can remain visible:

```text
architecture.circular-dependency -> ActionableRisk -> visible when high priority or high confidence
```

## Future improvements

The current intent model is still rule-id aware, but visibility policy is now
centralized and semantic. The next improvements should be:

- persisted hidden summaries in SARIF properties
- `repopilot eval` fixtures for visibility behavior
- validated local feedback with visible `local_feedback` metadata
- confidence calibration per rule
- project profile specific visibility defaults