RepoPilot
See what your AI agent — or you — just changed, before you merge.
RepoPilot is a fast, local-first Rust CLI that reviews a Git change and flags when it crossed a security boundary — the parts of your repo that decide who can do what (auth, sessions, permissions, CORS) and how it ships (CI, Dockerfiles, dependencies, committed .env) — then shows how far each changed file reaches. It's deterministic, runs entirely on your machine, and plugs into your AI coding agent over MCP. Nothing is uploaded.
review a change -> boundary + blast radius -> baseline / CI gate -> local AI context
RepoPilot flags that a boundary moved and how far it reaches — it does not prove the change is safe. Think "open the report before merging," not "security audit." It complements linters, type checkers, and dedicated security scanners; it doesn't replace them.
Install
Homebrew, install script, and from-source: docs/install.md.
Quick start
Review a change — what you'd check before merging, and what an agent can check on its own edits:
$ repopilot review . --base main
Changed files: 2
In-diff findings: 2
Blast radius:
The following files import changed files and may need extra review:
- src/admin.ts
- src/routes.ts
Security boundary changed [preview]:
⚑ access control src/middleware/auth.ts (imported by 2 files)
⚑ request trust src/server/cors.ts
⚠ A code boundary changed but no test did — confirm it's still covered.
Boundary categories: access control, request trust, deploy surface, supply chain, secret config. Tune or disable them in repopilot.toml under [security_boundary] (ships at preview).
Beyond boundaries, repopilot review also flags behavioral changes (added network/subprocess/filesystem/SQL, removed error handling or auth checks) and algorithmic changes (deeper nesting, a new nested loop, a function that grew or became recursive), grouped into three confidence tiers and reported as structural facts — never verdicts (ships at preview). To review a whole agent run, take a marker first: repopilot snapshot, let the agent edit, then repopilot review --since-snapshot covers every commit and uncommitted change since.
Full audit, a CI gate that fails only on new risk, and a local brief for an assistant:
First five minutes for AI-assisted work:
Use with AI agents (MCP)
RepoPilot ships a local Model Context Protocol server so AI coding agents (Claude Code, Cursor, …) can call it as a tool — the deterministic, private check an agent can run on its own edits before handing you the PR.
It runs over stdio (JSON-RPC, no network, no AI calls) and exposes four tools:
repopilot_review_change— audit the current Git changes: in-diff vs out-of-diff findings, tiered review signals (security-boundary, behavioral, and algorithmic changes grouped by confidence), and blast radius (structured JSON).repopilot_scan— full repository audit as JSON.repopilot_context— a budgeted, AI-ready Markdown brief of the repo.repopilot_explain_file— how a single file is classified and which rules apply.
More: docs/mcp.md.
What RepoPilot does
| Capability | What it does |
|---|---|
| Review a change | changed-line findings, blast radius, and tiered boundary/behavioral/algorithmic signals — including before/after an agent edit via snapshot + review --since-snapshot (review, MCP) |
| Full scan | repo-wide, evidence-ranked findings — secrets, runtime footguns, architecture — quiet by default (trust mode) |
| Baseline + CI gate | accept current debt as a baseline; fail CI only on newly introduced risk |
| Reports | Console, Markdown, JSON, SARIF, HTML, receipts |
| AI context | local, budgeted, evidence-backed Markdown brief for coding assistants |
Rules carry an experimental -> preview -> stable lifecycle and a quality gate (fixtures, stable IDs, evidence). See docs/rule-quality-gate.md.
Local-first
RepoPilot does not upload source code, run a hosted scanner, call LLM APIs implicitly, send telemetry, or require an account. AI commands only format local scan evidence as Markdown for tools such as Claude Code, Cursor, or Zed.
Documentation
| Document | Purpose |
|---|---|
| Install | Cargo, npm, Homebrew, curl, and source builds |
| Commands / CLI | Task-oriented workflows and the full flag reference |
| Configuration | repopilot.toml, presets, ignores, baselines |
| Rulesets / Rule quality gate | Built-in rules, lifecycle, and the gate |
| Trust Mode | Default vs strict visibility |
| Reports / Code Scanning | Formats, schema, and SARIF in CI |
| MCP | Using RepoPilot from AI agents |
| Release Process | Local and CI release gates |
Development
License
RepoPilot is licensed under MIT OR Apache-2.0.