repopilot 0.11.0

Local-first CLI for repository audit, architecture risk detection, baseline tracking, and CI-friendly code review.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

use crate::audits::framework::js_common::is_js_file;
use crate::audits::traits::ProjectAudit;
use crate::findings::types::{Evidence, Finding, FindingCategory, Severity};
use crate::scan::config::ScanConfig;
use crate::scan::facts::ScanFacts;
use std::path::PathBuf;

pub struct HermesDisabledAudit;

impl ProjectAudit for HermesDisabledAudit {
    fn audit(&self, facts: &ScanFacts, _config: &ScanConfig) -> Vec<Finding> {
        let mut findings = Vec::new();

        let podfile = facts.root_path.join("ios/Podfile");
        if let Ok(content) = std::fs::read_to_string(&podfile) {
            if content.contains("hermes_enabled: false")
                || content.contains("hermes_enabled => false")
            {
                findings.push(hermes_finding(podfile, "hermes_enabled: false"));
            }
        }

        let gradle = facts.root_path.join("android/app/build.gradle");
        if let Ok(content) = std::fs::read_to_string(&gradle) {
            if content.contains("enableHermes: false") || content.contains("enableHermes : false") {
                findings.push(hermes_finding(gradle, "enableHermes: false"));
            }
        }

        let gradle_props = facts.root_path.join("android/gradle.properties");
        if let Ok(content) = std::fs::read_to_string(&gradle_props) {
            if gradle_properties_hermes_disabled(&content) {
                findings.push(hermes_finding(gradle_props, "hermesEnabled=false"));
            }
        }

        findings
    }
}

pub struct ReactNativeCodegenMissingAudit;

impl ProjectAudit for ReactNativeCodegenMissingAudit {
    fn audit(&self, facts: &ScanFacts, _config: &ScanConfig) -> Vec<Finding> {
        let Some(profile) = &facts.react_native else {
            return vec![];
        };
        if profile.has_codegen_config || !has_codegen_usage_signal(facts) {
            return vec![];
        }

        vec![Finding {
            id: String::new(),
            rule_id: "framework.react-native.codegen-missing".to_string(),
            recommendation: Finding::recommendation_for_rule_id(
                "framework.react-native.codegen-missing",
            ),
            title: "React Native Codegen config is missing".to_string(),
            description: concat!(
                "This project appears to use Turbo Native Modules or Fabric components, ",
                "but package.json does not define codegenConfig. ",
                "Add codegenConfig so React Native can generate native interfaces consistently."
            )
            .to_string(),
            category: FindingCategory::Framework,
            severity: Severity::Medium,
            confidence: Default::default(),
            evidence: vec![Evidence {
                path: facts.root_path.join("package.json"),
                line_start: 1,
                line_end: None,
                snippet: "codegenConfig missing while Codegen usage was detected".to_string(),
            }],
            workspace_package: None,
            docs_url: Some("https://reactnative.dev/docs/the-new-architecture/codegen".to_string()),
            risk: Default::default(),
        }]
    }
}

/// Returns true when gradle.properties explicitly disables Hermes.
/// Tolerates spaces around `=` and ignores inline comments.
fn gradle_properties_hermes_disabled(content: &str) -> bool {
    for line in content.lines() {
        let line = line.trim();
        if line.starts_with('#') {
            continue;
        }
        let Some((key, rest)) = line.split_once('=') else {
            continue;
        };
        let key = key.trim();
        if key != "hermesEnabled" && key != "enableHermes" {
            continue;
        }
        let value = rest.split_once('#').map(|(v, _)| v).unwrap_or(rest).trim();
        if value == "false" {
            return true;
        }
    }
    false
}

fn hermes_finding(path: PathBuf, snippet: &str) -> Finding {
    Finding {
        id: String::new(),
        rule_id: "framework.react-native.hermes-disabled".to_string(),
        recommendation: Finding::recommendation_for_rule_id("framework.react-native.hermes-disabled"),
        title: "Hermes JavaScript engine is disabled".to_string(),
        description: concat!(
            "Hermes is explicitly disabled in this project. ",
            "Hermes compiles JavaScript to bytecode at build time, reducing startup time by 2–3× ",
            "and lowering memory usage. It has been the recommended and default JS engine since React Native 0.70. ",
            "Remove the `hermes_enabled: false` / `enableHermes: false` flag to enable it."
        )
        .to_string(),
        category: FindingCategory::Framework,
        severity: Severity::Low,
        confidence: Default::default(),
        evidence: vec![Evidence {
            path,
            line_start: 1,
            line_end: None,
            snippet: snippet.to_string(),
        }],
        workspace_package: None,
        docs_url: Some("https://reactnative.dev/docs/hermes".to_string()),
            risk: Default::default(),
    }
}

fn has_codegen_usage_signal(facts: &ScanFacts) -> bool {
    facts
        .files
        .iter()
        .filter(|file| is_js_file(&file.path))
        .any(|file| {
            std::fs::read_to_string(&file.path)
                .map(|content| {
                    content.contains("TurboModuleRegistry")
                        || content.contains("codegenNativeComponent")
                        || (content.contains("TurboModule") && content.contains("react-native"))
                })
                .unwrap_or(false)
        })
}