# Getting Started with Repotoire
Get from zero to your first code health scan in under 5 minutes.
## What is Repotoire?
Repotoire is a **graph-powered code analysis tool** that finds issues traditional linters miss. It builds a knowledge graph of your codebase to detect:
- đ **Security vulnerabilities** (SQL injection, hardcoded secrets, etc.)
- đī¸ **Architectural problems** (circular dependencies, coupling hotspots)
- đ **Code smells** (god classes, dead code, complexity issues)
- ⥠**Performance issues** (N+1 queries, sync in async)
All 108 detectors run **locally** â no cloud account or API key required.
---
## Installation
Choose one method:
### Download Binary (Fastest)
```bash
# Linux (x86_64)
curl -L https://github.com/Zach-hammad/repotoire/releases/latest/download/repotoire-linux-x86_64.tar.gz | tar xz
sudo mv repotoire /usr/local/bin/
# macOS (Apple Silicon)
# macOS (Intel)
curl -L https://github.com/Zach-hammad/repotoire/releases/latest/download/repotoire-macos-x86_64.tar.gz | tar xz
sudo mv repotoire /usr/local/bin/
```
### Cargo Binstall (No Build Required)
```bash
cargo binstall repotoire
```
### Cargo Install (From Source)
```bash
cargo install repotoire
```
> **Note:** Building from source requires `cmake`. Install it first:
> - macOS: `brew install cmake`
> - Ubuntu/Debian: `sudo apt install cmake build-essential`
---
## Verify Installation
```bash
repotoire --version
```
You should see something like:
```
repotoire 0.3.2
```
---
## Your First Scan
### Step 1: Navigate to Your Project
```bash
cd /path/to/your/project
```
Any Git repository works â Python, JavaScript, TypeScript, Rust, Go, Java, C/C++, C#, or Kotlin.
### Step 2: Run the Analysis
```bash
repotoire analyze .
```
That's it! Repotoire will:
1. Build a knowledge graph of your code
2. Run all 108 detectors
3. Display a health report
### Sample Output
```
âââââââââââââââââââââ đŧ Repotoire Health Report âââââââââââââââââââââ
â Grade: B â
â Score: 82.5/100 â
â Good - Minor improvements recommended â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââŦâââââââââŦââââââââââââ
â Category â Weight â Score â
âââââââââââââââââââââââŧâââââââââŧââââââââââââ¤
â Graph Structure â 40% â 85.0/100 â
â Code Quality â 30% â 78.3/100 â
â Architecture Health â 30% â 84.2/100 â
âââââââââââââââââââââââ´âââââââââ´ââââââââââââ
đ Findings (23 total)
âââââââââââââââŦââââââââ
â đ´ Critical â 2 â
â đ High â 5 â
â đĄ Medium â 12 â
â đĩ Low â 4 â
âââââââââââââââ´ââââââââ
```
---
## Understanding Results
### Severity Levels
| đ´ **Critical** | Security vulnerabilities or severe bugs | Fix immediately |
| đ **High** | Significant code quality issues | Fix soon |
| đĄ **Medium** | Code smells and maintainability issues | Plan to fix |
| đĩ **Low** | Minor suggestions | Consider fixing |
| âšī¸ **Info** | Informational findings | No action required |
### Grade Scale
| A | 90-100 | Excellent code health |
| B | 80-89 | Good, minor improvements needed |
| C | 70-79 | Fair, some issues to address |
| D | 60-69 | Poor, significant issues |
| F | <60 | Critical issues need attention |
---
## View Detailed Findings
After running `analyze`, view individual findings:
```bash
# See all findings (paginated)
repotoire findings
# Filter by severity
repotoire findings --severity critical
# See more findings per page
repotoire findings --per-page 50
```
### Example Finding
```
[1] đ´ CRITICAL: SQL Injection Vulnerability
Detector: sql-injection
File: src/database/queries.py:45
Description: SQL query uses string interpolation with user input.
This allows attackers to inject malicious SQL commands.
Code:
â 44 â def get_user(user_id):
â 45 â query = f"SELECT * FROM users WHERE id = {user_id}"
â 46 â return db.execute(query)
```
---
## Get AI-Powered Fixes (Optional)
Repotoire can generate fix suggestions using AI. Set up one of these API keys:
```bash
# Pick one:
export ANTHROPIC_API_KEY=sk-ant-... # Claude (recommended)
export OPENAI_API_KEY=sk-... # GPT-4
export DEEPINFRA_API_KEY=... # Llama 3.3 (cheapest)
# Or use Ollama for free, local AI:
ollama pull llama3.3
```
Then generate a fix:
```bash
# Fix finding #1 from the analysis
repotoire fix 1
# Auto-apply the fix
repotoire fix 1 --apply
```
> **No API key?** All analysis features work offline. AI fixes are optional.
---
## Quick Reference
| `repotoire analyze .` | Run full analysis |
| `repotoire analyze . --relaxed` | Show only high/critical findings |
| `repotoire findings` | View findings from last analysis |
| `repotoire fix <N>` | Generate AI fix for finding N |
| `repotoire doctor` | Check your environment setup |
| `repotoire stats` | Show graph statistics |
---
## Next Steps
- **[USER_GUIDE.md](USER_GUIDE.md)** â Full command reference
- **[CONFIGURATION.md](CONFIGURATION.md)** â Configure thresholds and exclusions
- **[FIXING_ISSUES.md](FIXING_ISSUES.md)** â How to fix each detector's findings
- **[CI_CD.md](CI_CD.md)** â Add to your CI pipeline
- **[DETECTORS.md](DETECTORS.md)** â All 108 detectors explained
---
## Troubleshooting
### "Cannot open file .repotoire/kuzu_db/.lock"
Stale database from a previous version. Delete and retry:
```bash
rm -rf .repotoire
repotoire analyze .
```
### Analysis is slow
Use `--relaxed` for faster runs with only high-severity findings:
```bash
repotoire analyze . --relaxed
```
Or skip external tools:
```bash
repotoire analyze . # Default: fast graph-based analysis only
```
### Check your setup
```bash
repotoire doctor
```
This shows if all dependencies are working correctly.
---
**That's it!** You're ready to improve your code quality. Run `repotoire analyze .` on your projects and start fixing issues.