repopilot 0.15.0

Local-first CLI for repository audit, architecture risk detection, baseline tracking, and CI-friendly code review.
Documentation

RepoPilot

Crates.io npm CI GitHub Release Downloads License GitHub Stars

See what your AI agent — or you — just changed, before you merge. RepoPilot is a fast, local-first Rust CLI that reviews a Git change and flags when it crossed a security boundary — the parts of your repo that decide who can do what (auth, sessions, permissions, CORS) and how it ships (CI, Dockerfiles, dependencies, committed .env) — then shows how far each changed file reaches. It's deterministic, runs entirely on your machine, and plugs into your AI coding agent over MCP. Nothing is uploaded.

review a change -> boundary + blast radius -> baseline / CI gate -> local AI context

RepoPilot flags that a boundary moved and how far it reaches — it does not prove the change is safe. Think "open the report before merging," not "security audit." It complements linters, type checkers, and dedicated security scanners; it doesn't replace them.

Install

cargo install repopilot     # or: npm install -g repopilot

Homebrew, install script, and from-source: docs/install.md.

Quick start

Review a change — what you'd check before merging, and what an agent can check on its own edits:

repopilot review . --base main
$ repopilot review . --base main

Changed files: 2
In-diff findings: 2

Blast radius:
  The following files import changed files and may need extra review:
  - src/admin.ts
  - src/routes.ts

Security boundary changed [preview]:
  ⚑ access control  src/middleware/auth.ts  (imported by 2 files)
  ⚑ request trust   src/server/cors.ts
  ⚠ A code boundary changed but no test did — confirm it's still covered.

Boundary categories: access control, request trust, deploy surface, supply chain, secret config. Tune or disable them in repopilot.toml under [security_boundary] (ships at preview).

Beyond boundaries, repopilot review also flags behavioral changes (added network/subprocess/filesystem/SQL, removed error handling or auth checks) and algorithmic changes (deeper nesting, a new nested loop, a function that grew or became recursive), grouped into three confidence tiers and reported as structural facts — never verdicts (ships at preview). To review a whole agent run, take a marker first: repopilot snapshot, let the agent edit, then repopilot review --since-snapshot covers every commit and uncommitted change since.

Full audit, a CI gate that fails only on new risk, and a local brief for an assistant:

repopilot scan .                                                         # full local audit (quiet by default)
repopilot scan . --baseline .repopilot/baseline.json --fail-on new-high  # fail CI only on newly introduced risk
repopilot ai context . --budget 4k                                       # budgeted, evidence-backed Markdown

First five minutes for AI-assisted work:

repopilot doctor .          # confirm RepoPilot is ready for this repo
repopilot scan .            # see current visible risk
repopilot ai context .      # prepare local, evidence-backed context
repopilot ai plan .         # get a prioritized remediation plan
repopilot ai prompt .       # generate a paste-ready prompt for an assistant
repopilot review .          # check the assistant's change before merging

Use with AI agents (MCP)

RepoPilot ships a local Model Context Protocol server so AI coding agents (Claude Code, Cursor, …) can call it as a tool — the deterministic, private check an agent can run on its own edits before handing you the PR.

claude mcp add repopilot -- repopilot mcp

It runs over stdio (JSON-RPC, no network, no AI calls) and exposes four tools:

  • repopilot_review_change — audit the current Git changes: in-diff vs out-of-diff findings, tiered review signals (security-boundary, behavioral, and algorithmic changes grouped by confidence), and blast radius (structured JSON).
  • repopilot_scan — full repository audit as JSON.
  • repopilot_context — a budgeted, AI-ready Markdown brief of the repo.
  • repopilot_explain_file — how a single file is classified and which rules apply.

More: docs/mcp.md.

What RepoPilot does

Capability What it does
Review a change changed-line findings, blast radius, and tiered boundary/behavioral/algorithmic signals — including before/after an agent edit via snapshot + review --since-snapshot (review, MCP)
Full scan repo-wide, evidence-ranked findings — secrets, runtime footguns, architecture — quiet by default (trust mode)
Baseline + CI gate accept current debt as a baseline; fail CI only on newly introduced risk
Reports Console, Markdown, JSON, SARIF, HTML, receipts
AI context local, budgeted, evidence-backed Markdown brief for coding assistants

Rules carry an experimental -> preview -> stable lifecycle and a quality gate (fixtures, stable IDs, evidence). See docs/rule-quality-gate.md.

Local-first

RepoPilot does not upload source code, run a hosted scanner, call LLM APIs implicitly, send telemetry, or require an account. AI commands only format local scan evidence as Markdown for tools such as Claude Code, Cursor, or Zed.

Documentation

Document Purpose
Install Cargo, npm, Homebrew, curl, and source builds
Commands / CLI Task-oriented workflows and the full flag reference
Configuration repopilot.toml, presets, ignores, baselines
Rulesets / Rule quality gate Built-in rules, lifecycle, and the gate
Trust Mode Default vs strict visibility
Reports / Code Scanning Formats, schema, and SARIF in CI
MCP Using RepoPilot from AI agents
Release Process Local and CI release gates

Development

cargo fmt --all -- --check
cargo clippy --all-targets --all-features -- -D warnings
cargo test --all
./scripts/smoke-product.sh

License

RepoPilot is licensed under MIT OR Apache-2.0.