# RepoPilot
[](https://crates.io/crates/repopilot)
[](https://www.npmjs.com/package/repopilot)
[](https://github.com/MykytaStel/repopilot/actions)
[](https://github.com/MykytaStel/repopilot/releases)
[](LICENSE)
**Review what you or an AI agent changed before you merge.**
RepoPilot is a fast, local-first Rust CLI for Git change review. It flags
security-boundary changes, behavioral and algorithmic shifts, taint-lite flows,
and blast radius so maintainers can focus on the parts of a diff that deserve
extra attention. It is deterministic, runs entirely on your machine, and can be
called by coding agents over MCP. Nothing is uploaded.
```text
git diff -> boundary + behavior + taint + blast radius -> review or CI gate
```
<p align="center">
<img src="https://raw.githubusercontent.com/MykytaStel/repopilot/main/docs/demos/02-review.gif" alt="RepoPilot reviewing a branch change" width="800">
</p>
> RepoPilot reports structural evidence, not a security verdict. Use it beside
> tests, linters, type checkers, and dedicated security tools.
## Install
```bash
cargo install repopilot
# or
npm install -g repopilot
```
Homebrew, curl, GitHub Releases, and source builds are documented in
[Installation](https://github.com/MykytaStel/repopilot/blob/main/docs/install.md).
## Review A Change
Review the working tree against `HEAD`:
```bash
repopilot review .
```
Review a branch before merge:
```bash
repopilot review . --base origin/main
```
RepoPilot groups review evidence into confidence tiers:
- security boundaries: access control, request trust, deploy surface, supply
chain, and secret configuration;
- behavioral changes: network, subprocess, filesystem, SQL, dependencies,
migrations, removed error handling, or removed auth checks;
- algorithmic changes: deeper nesting, nested loops, growth, or recursion;
- taint-lite flows: changed request or process input reaching SQL, exec,
filesystem-write, or outbound-network sinks;
- blast radius: files that import a changed file.
All review signals ship at `preview`. They are advisory by default; enable the
explicit high-confidence gate with:
```bash
repopilot review . --base origin/main --fail-on-review definitely
```
For a complete agent run:
```bash
repopilot snapshot
# let the agent or developer work
repopilot review --since-snapshot
```
## Full Repository Audit
The broader scan remains available for repository adoption and CI:
```bash
repopilot scan .
repopilot baseline create .
repopilot scan . \
--baseline .repopilot/baseline.json \
--fail-on new-high
```
Default scans hide broad maintainability noise. Use `--profile strict` for the
full audit surface.
## AI Agents And MCP
RepoPilot exposes local review, scan, context, and explain tools over stdio:
```bash
claude mcp add repopilot -- repopilot mcp --root .
```
The MCP server is synchronous, root-confined, and makes no network or LLM calls.
See [MCP server](https://github.com/MykytaStel/repopilot/blob/main/docs/mcp.md).
## Distribution
Official CLI channels are crates.io, npm, Homebrew, and GitHub Releases.
Platform-specific VSIX files are attached to GitHub Releases as a **preview**
integration. RepoPilot is not currently published to the VS Code Marketplace or
PyPI.
## Documentation
- [Documentation index](https://github.com/MykytaStel/repopilot/blob/main/docs/README.md)
- [Common workflows](https://github.com/MykytaStel/repopilot/blob/main/docs/commands.md)
- [CLI reference](https://github.com/MykytaStel/repopilot/blob/main/docs/cli.md)
- [Configuration](https://github.com/MykytaStel/repopilot/blob/main/docs/configuration.md)
- [Reports and schemas](https://github.com/MykytaStel/repopilot/blob/main/docs/reports.md)
- [GitHub pull request integration](https://github.com/MykytaStel/repopilot/blob/main/docs/integrations/github-code-scanning.md)
- [Signal contract](https://github.com/MykytaStel/repopilot/blob/main/docs/engineering/signal-contract.md)
- [Release process](https://github.com/MykytaStel/repopilot/blob/main/docs/release.md)
## Development
```bash
cargo fmt --all -- --check
cargo clippy --all-targets --all-features -- -D warnings
cargo test --all
npm run release:contract
./scripts/smoke-product.sh
```
## License
RepoPilot is licensed under **MIT OR Apache-2.0**.