Skip to content

nordbyte/RepoVista

Repository files navigation

RepoVista

RepoVista Banner

Latest release CI Security License: MIT npm Node.js TypeScript

RepoVista is a CLI for structured, read-only AI repository audits. It collects local project evidence, runs specialized analysis phases through provider CLIs such as Codex CLI or Claude Code CLI, and writes Markdown plus machine-readable reports to .repovista/<run-id>.

Install

npm install -g repovista

Requirements:

  • Node.js 20 or newer.
  • At least one installed and authenticated provider CLI, for example codex or claude.
  • Permission to analyze the repository with the selected provider.

Quick Start

Run from a repository root:

repovista

Useful first commands:

repovista settings
repovista doctor
repovista plan
repovista audit
repovista reports
repovista findings-ui

The main report entry point is written to:

.repovista/<run-id>/index.md

Use repovista reports to open the terminal report browser, select a generated run, search inside one section or across runs, filter/sort findings, open finding details with evidence previews, triage statuses, compare with the previous run, bookmark sections/findings, queue GitHub issues or PRs for selected findings, export the current view, and navigate the full report or individual sections. Use repovista findings-ui for the same persistent finding management view across runs, including publish readiness, workflow filters, and mixed issue/PR queues.

During an interactive audit, RepoVista shows a live progress TUI with the current step and elapsed counters. Press q or Ctrl+C to cancel; RepoVista sends SIGINT to the provider process group so the provider can cancel cleanly, then escalates to SIGTERM and SIGKILL if it does not exit.

Fresh installs use quality-oriented defaults: Codex CLI, reasoning=xhigh, read-only sandbox, local checks, strict report gates, report repair, incremental cache, parallel=auto, and SARIF/HTML/JSONL exports.

Common Examples

repovista audit --model gpt-5.5
repovista audit --provider claude --model sonnet --reasoning high
repovista audit --github-repo nordbyte/RepoVista
repovista audit --github-repo https://github.com/nordbyte/RepoVista --github-ref v0.4.0
repovista audit --bug-findings
repovista audit --github-repo nordbyte/RepoVista --bug-findings
repovista audit --no-parallel
repovista audit --since origin/main
repovista audit --ci --json --fail-on-critical
repovista compare .repovista/old-run .repovista/new-run
repovista findings
repovista findings-ui
repovista next
repovista publish fnd_abc123def456 --run .repovista/run-id --as issue --dry-run
repovista publish fnd_abc123def456 --run .repovista/run-id --as issue --publish-language German
repovista publish fnd_abc123def456 --run .repovista/run-id --as pr --contribution-policy warn
repovista github-status fnd_abc123def456 --run .repovista/run-id
repovista fix fnd_abc123def456 --dry-run
repovista ci init --template security --dry-run

GitHub issues and pull request descriptions published from findings default to English, even when the report was generated in another language. Use --publish-language <name> to publish them in a different language. Use --bug-findings when you only need the Risk/Bug findings report plus the supporting artifacts needed for finding review, issue publishing, or PR publishing. This works for local repositories and --github-repo source audits. For --github-repo reports, repovista publish also reads repository contribution guidelines, security policy, and issue/PR templates from the analyzed checkout. The default --contribution-policy enforce blocks public security disclosures and guideline conflicts; use warn to allow publishing with visible warnings or off to skip guideline handling. Use repovista github-status or the g/G keys in the report and findings TUIs to refresh linked issue and PR state. Remote GitHub status is stored separately from RepoVista finding lifecycle status, so a merged PR does not silently mark a finding fixed.

Documentation

Full documentation is published at repovista.com and lives in docs/.

Notes

RepoVista is an audit and review assistant. It is not a replacement for tests, manual review, SAST, dependency scanning, or a security assessment. By default, provider runs use read-only intent. The opt-in repovista fix workflow can write changes, records patch attempts, and never commits or pushes by itself. The separate repovista publish --as pr workflow is explicit GitHub publishing for --github-repo reports and can create commits, push a branch or fork, and open a PR after confirmation.

About

AI-powered CLI for structured repository audits with Codex or Claude Code, including evidence packs, risk findings, roadmap reports and parallel analysis.

Topics

Resources

License

Stars

Watchers

Forks

Packages

 
 
 

Contributors