RepoPilot
Local-first repository audits for safer human and AI-assisted code changes.
RepoPilot is a fast Rust CLI that scans a repository locally, ranks evidence-backed risks, supports baseline adoption, reviews branches, and creates AI-ready remediation context without uploading source code.
scan -> review risk -> baseline adoption -> CI evidence -> local AI context
RepoPilot is not a replacement for language linters, formatters, type checkers, or dedicated security scanners. It complements them with repository-level evidence: secrets, runtime footguns, architecture risk, review blast radius, baseline status, and report formats that work in CI.
Install
Choose one install method.
Cargo:
npm:
Homebrew:
Installer:
|
From source:
More: docs/install.md.
Quick Start
Run a local scan:
Adopt RepoPilot in an existing repository without failing CI on old debt:
Review a branch:
Generate local AI context:
Save CI evidence:
Use with AI agents (MCP)
RepoPilot ships a local Model Context Protocol server so AI coding agents (Claude Code, Cursor, …) can call it as a tool — auditing what the agent just changed, without anything leaving your machine.
The server runs locally over stdio (JSON-RPC, no network, no AI calls) and exposes four tools:
repopilot_review_change— audit the current Git changes: in-diff vs out-of-diff findings plus blast radius.repopilot_scan— full repository audit as a JSON report.repopilot_context— a budgeted, AI-ready Markdown brief of the repo.repopilot_explain_file— how a single file is classified and which rules apply.
More: docs/mcp.md.
What It Checks
| Area | Examples |
|---|---|
| Security | secret candidates, private keys, committed .env files |
| Runtime risk | Rust panic/unwrap paths, JavaScript/Python/Go/JVM/.NET process exits |
| Architecture | circular dependencies, excessive fan-out, instability hubs |
| Review risk | changed files, branch context, blast radius |
| Adoption | baselines, new-vs-existing findings, CI gates |
| Evidence | JSON, Markdown, SARIF, receipts, report envelopes |
| AI context | local, budgeted, evidence-backed Markdown for coding assistants |
Trust Mode
Default scans are intentionally quiet. They keep high-trust security, runtime, and import-graph findings visible while summarizing broad maintainability and testing suggestions as strict-only noise.
Use strict mode for cleanup passes, rule development, and release hardening. Use the default profile for day-to-day local checks and CI gates.
More: docs/trust-mode.md.
Core Commands
scan | review | baseline | compare | doctor | inspect | ai | init | cache | mcp
Common workflows:
More: docs/commands.md and docs/cli.md.
Baseline Adoption
A baseline records current findings as accepted existing debt. Future scans can fail only on newly introduced risk:
Review baseline updates like code changes. A baseline is not a suppression file; it is a CI adoption contract.
Rule Quality
Rules move through a lifecycle:
experimental -> preview -> stable
Before a rule becomes stable or default-visible, it should have metadata, true-positive and false-positive fixtures, stable finding IDs, concrete evidence, false-positive notes, recommendations, and clean local evaluation:
More: docs/rule-quality-gate.md.
Local-First
RepoPilot does not upload source code, run a hosted scanner, call LLM APIs implicitly, send telemetry, or require a SaaS account.
AI commands only format local scan evidence as Markdown for tools such as Claude Code, ChatGPT, Cursor, Zed, or another assistant.
Reports
| Format | Use case |
|---|---|
| Console | fast local feedback |
| Markdown | PR comments and human-readable reports |
| JSON | automation and internal tooling |
| SARIF | GitHub Code Scanning |
| HTML | shareable local reports |
| Receipt | compact release/CI evidence |
More: docs/reports.md.
CI
Minimal baseline-aware gate:
GitHub Code Scanning:
Release smoke:
More: docs/integrations/github-code-scanning.md.
Documentation
| Document | Purpose |
|---|---|
| Install | Cargo, npm, Homebrew, curl, and source builds |
| Commands | Task-oriented workflows |
| CLI | Complete command and flag reference |
| Configuration | repopilot.toml, presets, ignores, and baselines |
| Rulesets | Built-in rules, lifecycle, severity, and confidence |
| Trust Mode | Default vs strict visibility policy |
| Reports | JSON, SARIF, Markdown, HTML, receipts, and schema fields |
| Release Process | Local and CI release gates |
Development
Run rule evaluation from source:
License
RepoPilot is licensed under MIT OR Apache-2.0.