repopilot 0.16.0

Local-first CLI for reviewing Git changes, security boundaries, and blast radius before merge.
Documentation

RepoPilot

Crates.io npm CI GitHub Release License

Review what you or an AI agent changed before you merge.

RepoPilot is a fast, local-first Rust CLI for Git change review. It flags security-boundary changes, behavioral and algorithmic shifts, taint-lite flows, and blast radius so maintainers can focus on the parts of a diff that deserve extra attention. It is deterministic, runs entirely on your machine, and can be called by coding agents over MCP. Nothing is uploaded.

git diff -> boundary + behavior + taint + blast radius -> review or CI gate

RepoPilot reports structural evidence, not a security verdict. Use it beside tests, linters, type checkers, and dedicated security tools.

Install

cargo install repopilot
# or
npm install -g repopilot

Homebrew, curl, GitHub Releases, and source builds are documented in Installation.

Review A Change

Review the working tree against HEAD:

repopilot review .

Review a branch before merge:

repopilot review . --base origin/main

RepoPilot groups review evidence into confidence tiers:

  • security boundaries: access control, request trust, deploy surface, supply chain, and secret configuration;
  • behavioral changes: network, subprocess, filesystem, SQL, dependencies, migrations, removed error handling, or removed auth checks;
  • algorithmic changes: deeper nesting, nested loops, growth, or recursion;
  • taint-lite flows: changed request or process input reaching SQL, exec, filesystem-write, or outbound-network sinks;
  • blast radius: files that import a changed file.

All review signals ship at preview. They are advisory by default; enable the explicit high-confidence gate with:

repopilot review . --base origin/main --fail-on-review definitely

For a complete agent run:

repopilot snapshot
# let the agent or developer work
repopilot review --since-snapshot

Full Repository Audit

The broader scan remains available for repository adoption and CI:

repopilot scan .
repopilot baseline create .
repopilot scan . \
  --baseline .repopilot/baseline.json \
  --fail-on new-high

Default scans hide broad maintainability noise. Use --profile strict for the full audit surface.

AI Agents And MCP

RepoPilot exposes local review, scan, context, and explain tools over stdio:

claude mcp add repopilot -- repopilot mcp --root .

The MCP server is synchronous, root-confined, and makes no network or LLM calls. See MCP server.

Distribution

Official CLI channels are crates.io, npm, Homebrew, and GitHub Releases.

Platform-specific VSIX files are attached to GitHub Releases as a preview integration. RepoPilot is not currently published to the VS Code Marketplace or PyPI.

Documentation

Development

cargo fmt --all -- --check
cargo clippy --all-targets --all-features -- -D warnings
cargo test --all
npm run release:contract
./scripts/smoke-product.sh

License

RepoPilot is licensed under MIT OR Apache-2.0.