repopilot 0.11.0

Local-first CLI for repository audit, architecture risk detection, baseline tracking, and CI-friendly code review.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

use crate::audits::context::{FileRole, classify_file};
use crate::scan::facts::FileFacts;
use crate::scan::path_classification::is_low_signal_audit_path;

use super::model::{RiskSignal, push_adjustment};

pub(super) fn add_file_context_signals(
    file: &FileFacts,
    score: &mut i16,
    signals: &mut Vec<RiskSignal>,
) {
    let context = classify_file(file);
    if context.is_production_code() {
        push_adjustment(
            score,
            signals,
            "role.production",
            "production code",
            10,
            "production code findings are more likely to affect runtime behavior",
        );
    }

    if context.has_role(FileRole::Test) || context.has_role(FileRole::RustTest) {
        push_adjustment(
            score,
            signals,
            "role.test",
            "test code",
            -20,
            "test code often accepts patterns that would be risky in production",
        );
    }

    if context.has_role(FileRole::Generated) {
        push_adjustment(
            score,
            signals,
            "role.generated",
            "generated file",
            -30,
            "generated files should usually be fixed at the generator source",
        );
    }

    if context.has_role(FileRole::Config) {
        push_adjustment(
            score,
            signals,
            "role.config",
            "config file",
            -18,
            "configuration files often use declarative patterns that differ from application code",
        );
    }

    if is_low_signal_audit_path(&file.path)
        && !context.has_role(FileRole::Test)
        && !context.has_role(FileRole::Generated)
    {
        push_adjustment(
            score,
            signals,
            "role.low-signal-path",
            "low-signal path",
            -15,
            "fixtures, examples, and benchmark paths are lower-priority by default",
        );
    }

    if context.has_role(FileRole::AppEntrypoint) {
        push_adjustment(
            score,
            signals,
            "role.entrypoint",
            "entrypoint",
            10,
            "entrypoints can affect application startup and process behavior",
        );
    }

    if context.has_role(FileRole::FrameworkController)
        || context.has_role(FileRole::DotNetController)
    {
        push_adjustment(
            score,
            signals,
            "role.controller",
            "controller/router",
            12,
            "controllers and routers sit on user-facing request boundaries",
        );
    }

    if context.has_role(FileRole::FrameworkService) || context.has_role(FileRole::DotNetService) {
        push_adjustment(
            score,
            signals,
            "role.service",
            "service layer",
            10,
            "service-layer findings can affect reusable production behavior",
        );
    }

    if context.has_role(FileRole::Domain) {
        push_adjustment(
            score,
            signals,
            "role.domain",
            "domain model",
            8,
            "domain code usually carries core business behavior",
        );
    }

    if context.has_role(FileRole::ReactComponent) {
        push_adjustment(
            score,
            signals,
            "role.react-component",
            "React component",
            4,
            "React component findings can affect user-visible behavior",
        );
    }
}