repoguardian
v0.3.0
Published
Turn AI coding assistants into repository-aware senior engineers. Free, local-first, zero API keys.
Maintainers
Readme
🛡️ RepoGuardian
Turn AI coding assistants into repository-aware senior engineers.
Free · Local-first · Zero API keys · Works in any IDE
Vision · Architecture · Security · Commands · Usage · Roadmap · FAQ
The Problem
Today's AI coding assistants are powerful, but they don't understand your specific repository.
When you write:
Build authentication…the assistant generates code, but it doesn't automatically know your:
- Existing architecture
- Security patterns
- Folder conventions
- Coding standards
- Database relationships
- Dependency risks
- Testing strategy
- Past team decisions
The result:
Good code ≠ Good code for THIS repositoryThe Idea
RepoGuardian is an intelligence layer between your repository and your AI assistant. It does not replace Claude, GPT, Cursor, or Copilot — it gives them the context and senior-engineer judgment they normally lack.
Developer
│
▼
RepoGuardian ← indexes & analyzes your repo locally
│
▼
AI Assistant ← your existing Claude Code / Cursor / Copilot / …
│
▼
Code ← now repository-awareMost AI tools answer "What should I code?" RepoGuardian answers "How should THIS repository evolve, safely?"
How it stays free and secure
RepoGuardian never runs its own LLM and never needs an API key. It:
- Analyzes your repo locally with deterministic static analysis (stack, dependencies, secrets, conventions, test gaps, unused/dead code).
- Builds a local knowledge index in
.repoguardian/. - Generates prompt personas — specialized "agents" (Architecture, Security, Testing, Performance, Documentation) that your existing assistant runs, fed with your repo's real context.
Nothing leaves your machine by default. No telemetry. Open source. See SECURITY.md.
Install
Once published, install will be a one-liner:
npx repoguardian init
# or
bunx repoguardian initThis scans the repo, builds the local index, and wires up /guardian commands for the AI assistants it detects.
Local development
Not published yet — run it from source:
npm install # dev deps only (TypeScript, Vitest) — zero runtime deps
npm run build # compile src/ → dist/
npm test # run the analyzer test suite
# run against any repo:
node dist/cli.js init --path /path/to/your/repo
node dist/cli.js init --all # generate every assistant adapter
node dist/cli.js status # show what's indexed
node dist/cli.js init --dry-run # preview without writingStatus: Working tool, published on npm. The CLI (
init,update,status) scans a repo, builds the local.repoguardian/index (including a real module import graph and an evidence-bearingfindings.json), and generates 11 guardian commands as adapters for Claude Code, Cursor, Windsurf, Copilot, Antigravity, and the universal fallback. Install withnpx repoguardian init, or build from source (see Local development). Design notes live in IMPLEMENTATION-PLAN.md.
Commands
Run these from inside your AI assistant (Claude Code, Cursor, Copilot, Windsurf, Antigravity, …):
| Command | Purpose |
|---|---|
| /guardian architecture | Map how the repository works — structure, data flow, risk areas |
| /guardian security | Senior security review — auth flaws, secrets, unsafe patterns |
| /guardian tests | Find testing gaps and suggest/generate test cases |
| /guardian dependencies | Unused, outdated, vulnerable, and duplicate packages |
| /guardian cleanup | 🧹 Find unused dependencies, dead files, empty/orphaned folders & dead code |
| /guardian performance | Bundle size, slow queries, expensive renders, caching gaps |
| /guardian documentation | Generate & maintain README, architecture, API, onboarding docs |
| /guardian refine | ⭐ Expand a thin request into a repo-aware prompt before the AI runs it |
| /guardian implement | Plan & build a feature against your conventions (asks before editing) |
| /guardian migrate | Plan a migration with affected files, changes, risks, rollback |
| /guardian review | Combined senior engineer + architect + security + QA review |
See the full reference in COMMANDS.md and tool-by-tool setup in USAGE.md.
The killer feature: /guardian refine
You write:
Add payment supportRepoGuardian intercepts and expands it using your repo's real context:
Build payment support.
Repository Context:
Framework: Next.js 15
Database: PostgreSQL
ORM: Prisma
Architecture: Repository Pattern
Existing SDK: Razorpay
Requirements:
- Create Orders table
- Verify webhooks
- Store transactions
- Add retry logic
- Add error handling
- Add unit tests
- Follow existing coding conventions
- Match existing folder structureYour assistant receives that prompt instead — and produces far better, repo-consistent output.
Works in any IDE
Native integrations for Claude Code, Cursor, Windsurf, VS Code + GitHub Copilot, and Antigravity, plus a universal fallback (GUARDIAN.md + .repoguardian/prompts/*.md) that works with any assistant that can read repository files — Cline, Continue, Zed, JetBrains AI, Aider, and more. See ADAPTERS.md and USAGE.md.
Documentation
| Doc | What's inside |
|---|---|
| VISION.md | Problem, vision, positioning, why it's free |
| ARCHITECTURE.md | System design, pipeline, agent model, index layout |
| SECURITY.md | Security & privacy model + threat model |
| COMMANDS.md | Full /guardian command reference |
| USAGE.md | Per-IDE / per-agent how-to guide |
| ADAPTERS.md | How multi-assistant integration is generated |
| KNOWLEDGE-INDEX.md | The analysis engine + index schemas |
| ROADMAP.md | Phased plan (all free) |
| IMPLEMENTATION-PLAN.md | Technical build plan for the CLI |
| PUBLISHING.md | How to publish to npm (npx repoguardian) |
| FAQ.md | Positioning, privacy, cost Q&A |
License
MIT — see LICENSE. Contributions welcome: CONTRIBUTING.md.
