@tomtarpey/codegen-cli
v1.8.2
Published
Multi-agent AI-powered CLI tool for code generation, analysis, and refactoring
Maintainers
tomtarpeyReadme
CodeGen CLI
Multi-agent AI-powered command-line tool for code generation, analysis, refactoring, and security scanning.
Built with SOLID principles and modular design patterns. See the PRD for complete architecture documentation.
Features
- Build - Generate code using AI-powered agents with planning, coding, review, and testing
- Security - Scan for vulnerabilities, secrets, and dependency issues with deep CVE/Exploit-DB analysis
- Brownfield - RAG-powered legacy code analysis with multi-language support (COBOL, Fortran, Java, Python, JS/TS)
- Refactor - Improve code quality with automated refactoring suggestions
- Review - Get AI-powered code reviews for any language (JS, Python, Java, Go, etc.)
- PR Review - Review GitHub pull requests, analyze diffs, and generate changelogs
- Docs - Generate README, API documentation, JSDoc comments, and more
- Eval - Benchmark and compare different models and strategies
- Multi-Provider - Support for OpenAI, OpenRouter, and Groq
Installation
Global Installation (Recommended)
npm install -g @tomtarpey/codegen-cliLocal Installation
npm install @tomtarpey/codegen-cliFrom Source
git clone https://github.com/decagondev/codegen-cli.git
cd codegen-cli
npm install
npm linkQuick Start
1. Set up your API key
# Using environment variable (recommended)
export OPENAI_API_KEY=sk-your-api-key
# Or create a .env file
echo "OPENAI_API_KEY=sk-your-api-key" > .env2. Generate code
# Create a new Express API
codegen build create an express api with user authentication in the src folder
# Add features to existing code
codegen build add a /health endpoint to src/app.js
# Quick build (skip review and tests)
codegen build --quick add input validation to the signup form3. Review code
# Review code and output to terminal
codegen review src/
# Save review to markdown file
codegen review src/ --output code-review.md
# Focus on specific areas
codegen review src/ --focus security,performanceCommands
build
Generate or modify code using AI agents.
codegen build <task>
Options:
--provider <name> LLM provider (openai|openrouter|groq)
--model <name> Model to use
--context <path> Additional context directory
--quick Skip review and test steps
--dry-run Preview plan without executingExamples:
# Create new project
codegen build create a react component for a todo list with typescript
# Modify existing code
codegen build add error handling to the api routes in src/routes/
# With specific provider
codegen build --provider groq create a CLI calculator appsecurity
Run security analysis on your codebase with optional deep CVE and Exploit-DB scanning.
codegen security [path]
Options:
--deep Enable deep CVE and Exploit-DB vulnerability scanning
--cve-api-key <key> NVD API key for higher rate limits
--vuln-type <type> Scan for specific vulnerability type (sql_injection, xss, etc.)
--research-cve <cveId> Research a specific CVE and check if codebase is affected
--provider <name> LLM provider
-o, --output <file> Write report to markdown fileExamples:
# Standard security scan
codegen security
codegen security ./src
# Deep scan with CVE and Exploit-DB lookups
codegen security ./src --deep
# Scan for specific vulnerability type
codegen security ./src --vuln-type sql_injection
# Research a specific CVE
codegen security ./src --research-cve CVE-2021-44228
# Save detailed report to file
codegen security ./src --deep -o vulnerability-report.mdbrownfield
Analyze and migrate legacy codebases using RAG-powered multi-language support.
codegen brownfield <command>
Commands:
ingest <path> Ingest a codebase for analysis
query <question> Query the ingested codebase
analyze Run analysis (overview, patterns, dependencies, impact)
migrate <feature> Generate migration plan for a feature
status Show ingestion status
clear Clear ingested data
Options:
--languages <list> Languages to include (default: all)
--exclude <dirs> Directories to exclude
--to <language> Target language for migration
--type <type> Analysis type (overview, patterns, dependencies, impact, business-logic)
-o, --output <file> Write output to fileSupported Languages:
- JavaScript/TypeScript
- Python
- COBOL
- Fortran
- Java
Examples:
# Ingest a legacy codebase
codegen brownfield ingest ./legacy-app --languages cobol,fortran
# Query the codebase
codegen brownfield query "How does the interest calculation work?"
# Analyze patterns
codegen brownfield analyze --type patterns
# Generate migration plan
codegen brownfield migrate "payment processing" --to typescript
# Check ingestion status
codegen brownfield status
# Clear ingested data
codegen brownfield clear --allrefactor
Analyze code and suggest refactoring improvements.
codegen refactor [path]
Options:
--provider <name> LLM providerExamples:
codegen refactor ./src/legacy.js
codegen refactor ./src --provider groqreview
Review code quality with AI. Supports all programming languages including JavaScript, Python, Java, Go, Rust, C++, and more.
codegen review [path]
Options:
--focus <areas> Focus areas (security,performance,readability)
--provider <name> LLM provider
-o, --output <file> Write review to markdown fileExamples:
# Review and print to terminal
codegen review ./src
# Save to file
codegen review ./src -o review.md
# Focus on specific areas
codegen review ./src --focus security,performance -o security-review.mdeval
Run evaluations and benchmarks.
codegen eval
Options:
--benchmark <name> Specific benchmark to run
--output <file> Output file for results
--provider <name> LLM providerconfig
Manage CLI configuration.
codegen config # Show current config
codegen config get <key> # Get specific value
codegen config set <key> <value> # Set value
codegen config reset # Reset to defaults
codegen config path # Show config file pathpr
Pull request operations and Git analysis.
codegen pr <command>
Commands:
review <pr-number> Review a GitHub pull request
diff [branch] Review local diff against a branch
create Generate a PR description from current changes
changelog <from> [to] Generate changelog between refs
analyze Analyze repository for hotspots and patternsExamples:
# Review a GitHub PR (requires GITHUB_TOKEN)
codegen pr review 42 --repo owner/repo
# Review local changes against main
codegen pr diff main
# Review only staged changes
codegen pr diff --staged
# Generate PR description
codegen pr create --base main -o pr-description.md
# Generate changelog
codegen pr changelog v1.0.0 v2.0.0 -o CHANGELOG.md
# Analyze repository patterns
codegen pr analyze --commits 100docs
Generate and manage documentation.
codegen docs <command>
Commands:
readme [path] Generate or update README.md
api [path] Generate API documentation
coverage [path] Analyze JSDoc documentation coverage
changelog <from> [to] Generate CHANGELOG from git commits
comments <file> Generate inline documentation comments
lint [path] Lint markdown documentation
toc <file> Generate table of contentsExamples:
# Generate README
codegen docs readme -o README.md
# Generate API docs
codegen docs api src/ -o docs/api.md
# Check documentation coverage
codegen docs coverage src/
# Add JSDoc comments to a file
codegen docs comments src/utils.js
# Lint markdown files
codegen docs lint docs/
# Generate table of contents
codegen docs toc README.mdConfiguration
Environment Variables
Create a .env file in your project root:
# Required: At least one provider API key
OPENAI_API_KEY=sk-your-openai-key
OPENROUTER_API_KEY=sk-or-your-openrouter-key
GROQ_API_KEY=gsk_your-groq-key
# Optional: Research tools
TAVILY_API_KEY=tvly-your-tavily-key
# Optional: Deep vulnerability scanning (increases NVD API rate limits)
NVD_API_KEY=your-nvd-api-key
# Optional: Defaults
DEFAULT_PROVIDER=openai
DEFAULT_MODEL=gpt-4oConfig File
Create ~/.codegen/config.yaml for persistent configuration:
provider: openai
model: gpt-4o
providers:
openai:
apiKey: ${OPENAI_API_KEY}
openrouter:
apiKey: ${OPENROUTER_API_KEY}
groq:
apiKey: ${GROQ_API_KEY}
agents:
maxIterations: 10
temperature: 0.7
memory:
vectorDimensions: 1536
chunkSize: 1000Supported Providers
| Provider | Models | Tool Calling | Streaming | Embeddings | |----------|--------|--------------|-----------|------------| | OpenAI | GPT-4o, GPT-4-turbo, GPT-3.5-turbo | Yes | Yes | Yes | | OpenRouter | Claude, Llama, Mixtral, Gemini | Yes | Yes | No | | Groq | Llama 3, Mixtral, Gemma | Yes | Yes | No |
Architecture
CodeGen CLI uses a hierarchical multi-agent architecture:
graph TB
subgraph CLI["CLI Layer"]
Commands[Commands]
REPL[Interactive REPL]
end
subgraph Supervisors["Supervisors"]
BuildSup[Build Supervisor]
SecSup[Security Supervisor]
RefSup[Refactor Supervisor]
end
subgraph Teams["Team Managers"]
BuildTeam[Build Team]
SecTeam[Security Team]
RefTeam[Refactor Team]
ReviewTeam[Review Team]
BrownTeam[Brownfield Team]
end
subgraph BuildAgents["Build Agents"]
Planner[Planner]
Coder[Coder]
Reviewer[Reviewer]
Tester[Tester]
TestAnalyst[Test Analyst]
end
subgraph SecAgents["Security Agents"]
VulnScan[Vulnerability Scanner]
SecretDet[Secret Detector]
DepAudit[Dependency Auditor]
DeepVuln[Deep Vulnerability Agent]
end
subgraph RefAgents["Refactor Agents"]
CodeSmell[Code Smell Detector]
Refactorer[Refactorer]
Optimizer[Optimizer]
end
subgraph ReviewAgents["Review Agents"]
PRReview[PR Reviewer]
GitAnalyst[Git Analyst]
DocAgent[Documentation Agent]
end
subgraph BrownAgents["Brownfield Agents"]
IngestionAgent[Ingestion Agent]
RetrievalAgent[Retrieval Agent]
AnalysisAgent[Analysis Agent]
MigrationAgent[Migration Agent]
end
subgraph Tools["Tools"]
FileTools[File: read write edit]
SearchTools[Search: grep glob semantic]
CodeTools[Code: AST lint]
ShellTool[Shell]
ResearchTool[Research: Tavily]
GitTools[Git: status diff log blame]
GitHubTools[GitHub: PR review comments]
DocsTools[Docs: JSDoc markdown diagram]
TestTools[Test: runner coverage]
SecTools[Security: CVE ExploitDB]
BrownTools[Brownfield: Chunking Metadata]
end
subgraph Providers["LLM Providers"]
OpenAI[OpenAI]
OpenRouter[OpenRouter]
Groq[Groq]
end
subgraph Memory["Memory System"]
SQLite[(SQLite)]
VectorStore[(Vector Store)]
RAG[RAG Pipeline]
end
CLI --> Supervisors
CLI --> ReviewTeam
CLI --> BrownTeam
BuildSup --> BuildTeam
SecSup --> SecTeam
RefSup --> RefTeam
BuildTeam --> BuildAgents
SecTeam --> SecAgents
RefTeam --> RefAgents
ReviewTeam --> ReviewAgents
BrownTeam --> BrownAgents
BuildAgents --> Tools
SecAgents --> Tools
RefAgents --> Tools
ReviewAgents --> Tools
BrownAgents --> Tools
BuildAgents --> Providers
SecAgents --> Providers
RefAgents --> Providers
ReviewAgents --> Providers
BrownAgents --> Providers
Tools --> MemoryAgent Teams
- Build Team: Planner → Coder → Reviewer → Tester, TestAnalyst
- Security Team: VulnerabilityScanner, SecretDetector, DependencyAuditor, DeepVulnerabilityAgent
- Refactor Team: CodeSmellDetector, Refactorer, Optimizer
- Review Team: PRReviewer, GitAnalyst, DocumentationAgent
- Brownfield Team: IngestionAgent, RetrievalAgent, AnalysisAgent, MigrationAgent
Available Tools
| Tool | Description |
|------|-------------|
| file_read | Read file contents (any language) |
| file_write | Create or overwrite files |
| file_edit | Edit existing files |
| grep | Search for patterns in files |
| glob | Find files by pattern |
| shell | Execute shell commands (npm, git, mkdir, etc.) |
| ast | Parse and analyze code AST |
| lint | Run ESLint on code |
| semantic_search | Vector similarity search |
| tavily | Web search for research |
| git | Git operations (status, diff, log, branch, commit, blame) |
| github | GitHub API (PR list, get, diff, comments, review) |
| jsdoc | Extract and generate JSDoc documentation |
| markdown | Parse, lint, and generate markdown |
| diagram | Generate and validate Mermaid diagrams |
| test_runner | Execute tests and get coverage reports |
| cve | Search and lookup CVE vulnerability database (NVD) |
| exploitdb | Search Exploit-DB for known exploits |
| chunking | Language-aware code chunking for RAG |
| metadata_extract | Extract code metadata (imports, exports, functions, classes) |
Interactive Mode (REPL)
Start the interactive REPL:
codegen
CodeGen CLI v1.6.0
Type a task or use /commands
codegen> create a hello world express app
codegen> /review src/
codegen> /security
codegen> /pr review 42
codegen> /docs readme
codegen> /ingest ./legacy-app
codegen> /ask How does the payment system work?
codegen> /analyze overview
codegen> /migrate payment processing --to typescript
codegen> /status
codegen> /history
codegen> /help
codegen> /exitDevelopment
# Clone the repo
git clone https://github.com/decagondev/codegen-cli.git
cd codegen-cli
# Install dependencies
npm install
# Run in development mode (with file watching)
npm run dev
# Run tests (450+ unit tests)
npm test
# Run tests with coverage
npm run test:coverage
# Run tests in watch mode
npm run test:watch
# Lint code
npm run lint
# Format code
npm run formatTest Suite
The project includes a comprehensive test suite (450+ tests) covering:
- Error classes - Custom error types (ToolError, AgentError, etc.)
- Base classes - BaseTool, BaseProvider validation and schema generation
- Tool registry - Factory functions and tool management
- Agent registry - Agent/Team/Supervisor registration and execution
- Memory - Text chunking (chunkText, chunkByLines, chunkCode), LanguageChunker
- File tools - FileReadTool with real filesystem tests
- Security tools - CVETool and ExploitDBTool validation and caching
- Brownfield agents - IngestionAgent, RetrievalAgent, AnalysisAgent, MigrationAgent
- Brownfield tools - ChunkingTool, MetadataExtractionTool
- Integration tests - End-to-end brownfield workflow tests
Project Structure
codegen-cli/
├── src/
│ ├── index.js # Entry point
│ ├── cli/ # CLI commands and REPL
│ │ ├── commands/ # Individual commands (build, review, pr, docs, etc.)
│ │ ├── index.js # Commander setup
│ │ └── repl.js # Interactive mode
│ ├── agents/ # AI agents
│ │ ├── base/ # Base classes (BaseAgent, BaseTeamManager)
│ │ ├── build/ # Build team (Planner, Coder, Reviewer, Tester, TestAnalyst)
│ │ ├── security/ # Security team (VulnScan, SecretDetect, DepAudit)
│ │ ├── refactor/ # Refactor team (CodeSmell, Refactorer, Optimizer)
│ │ ├── review/ # Review team (PRReviewer, GitAnalyst)
│ │ ├── brownfield/ # Brownfield team (Ingestion, Retrieval, Analysis, Migration)
│ │ ├── docs/ # Documentation agent
│ │ └── supervisors/ # Supervisor agents
│ ├── providers/ # LLM provider implementations
│ ├── tools/ # Agent tools
│ │ ├── file/ # File operations (read, write, edit)
│ │ ├── search/ # Search tools (grep, glob, semantic)
│ │ ├── code/ # Code tools (AST, lint)
│ │ ├── shell/ # Shell command execution
│ │ ├── git/ # Git and GitHub tools
│ │ ├── docs/ # Documentation tools (JSDoc, Markdown, Diagram)
│ │ ├── test/ # Test runner tool
│ │ ├── security/ # Security tools (CVE, Exploit-DB)
│ │ └── brownfield/ # Brownfield tools (Chunking, Metadata)
│ ├── memory/ # SQLite + Vector store
│ ├── evals/ # Evaluation framework
│ └── utils/ # Utilities
├── tests/ # Test files
├── docs/ # Documentation
├── package.json
└── README.mdContributing
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
License
Copyright (c) 2026 Tom Tarpey. Licensed to Deca Dev Ltd.
This is proprietary software. See the LICENSE file for details.
Acknowledgments
- Built with OpenAI, OpenRouter, and Groq APIs
- CLI powered by Commander.js
- Styled with Chalk and Ora