Codebase Auditor

An AI-powered CLI tool that audits your codebase across six dimensions using the Anthropic API. Point it at any project and get a structured Markdown report with prioritized findings and fix suggestions.

What It Does

Codebase Auditor runs six parallel AI agents against your source files, each focused on a specific dimension:

• Security — Hardcoded secrets, SQL injection, unsafe eval(), insecure patterns
• Performance — Blocking sync operations, N+1 queries, memory leaks, inefficient loops
• Test Coverage — Untested exports, missing error-path tests, weak assertions
• Documentation — Missing JSDoc, undocumented parameters, README gaps
• Dependencies — Vulnerable packages, abandoned libraries, license conflicts
• Code Quality — Long functions, deep nesting, duplicate code, dead code

All six agents run simultaneously via Promise.all() and their results are merged into a single audit-report.md file.

Requirements

• Node.js 18 or higher
• An Anthropic API key

Installation

git clone https://github.com/your-username/codebase-auditor.git
cd codebase-auditor
npm install
cp .env.example .env
# Edit .env and add your Anthropic API key

Usage

node audit.js ./your-project

Replace ./your-project with the path to the directory you want to audit. Defaults to ./ if no path is given.

What Gets Checked

| Dimension | What the Agent Looks For | |-----------|--------------------------| | Security | Hardcoded credentials, API keys, SQL injection, eval() misuse, path traversal | | Performance | readFileSync in async functions, nested loops on large data, N+1 DB calls, memory leaks | | Tests | Exported functions with no tests, missing edge-case coverage, trivial test files | | Docs | Public functions without JSDoc, missing @param/@returns, README without usage section | | Dependencies | CVE-prone packages, unmaintained libraries (2+ years), devDependencies in wrong section | | Quality | Functions >50 lines, 4+ nesting levels, duplicated blocks, console.log in production code |

Example Output

Codebase Auditor — scanning: /home/user/my-app

Scanning files...
Found 42 files to audit.

Starting Security agent...
Starting Performance agent...
Starting Tests agent...
Starting Docs agent...
Starting Dependencies agent...
Starting Quality agent...

Security agent complete.
Performance agent complete.
...

Audit complete. 17 total findings:

  🔴 Critical: 2
  🟠 High:     5
  🟡 Medium:   7
  🟢 Low:      3

Report saved to: /home/user/my-app/audit-report.md

The generated audit-report.md contains an executive summary table and a dedicated section for each audit dimension with severity labels, affected files, descriptions, and fix suggestions.

Contributing

1. Fork the repository
2. Create a feature branch (git checkout -b feature/my-feature)
3. Make your changes and run npm test
4. Submit a pull request with a clear description of the change