RepoLens: AI-Powered Code Auditing and Infrastructure Analysis

RepoLens is a sophisticated, multi-lens code auditing tool designed for developers, security engineers, and power users. It leverages 280 specialized AI agents across 27 distinct domains to perform automated code reviews, security testing, and infrastructure audits. The primary benefit is deep, automated analysis of codebases or live servers, generating actionable GitHub issues or markdown reports for identified findings, thereby accelerating the discovery of bugs, vulnerabilities, and architectural flaws.

How It Works

The tool orchestrates various AI agent CLIs (like Claude, Codex, or OpenCode) to analyze a target Git repository or live server. Analysis is segmented into domains (e.g., Security, Code Quality, Compliance) and further broken down into specific "lenses" (e.g., injection vulnerabilities, dead code). RepoLens composes detailed prompts for each lens, executes the agent within the target's directory, and iteratively analyzes the output until a "DONE" state is detected. Findings are then formatted as GitHub issues or local markdown files. The system supports multiple operational modes, including audit, feature, bugfix, and deploy for live server inspection.

Quick Start & Requirements

1. Clone RepoLens: git clone https://github.com/TheMorpheus407/RepoLens.git && cd RepoLens
2. Make Executable: chmod +x repolens.sh
3. Prerequisites:
   • bash (4.0+)
   • git
   • jq
   • timeout (coreutils)
   • gh (GitHub CLI, unless using --local)
   • At least one Agent CLI (e.g., claude, codex, opencode) installed and authenticated.
4. Run First Audit: ./repolens.sh --project <path|url> --agent <agent_cli> [--focus <lens-id> | --domain <domain-id> | --parallel]
   • Example: ./repolens.sh --project ~/my-app --agent claude --focus injection
   • Official Setup Guide: cli.github.com for gh. Agent CLI installation varies; see README.

Highlighted Details

• Extensive Coverage: Employs 280 lenses across 27 domains, including Security, Code Quality, Architecture, Compliance (56 lenses), and DevOps.
• Multiple Modes: Supports 8 distinct modes (audit, feature, bugfix, discover, deploy, custom, opensource, content) for varied analysis objectives.
• Flexible Output: Findings can be directly posted as GitHub issues or saved as local markdown files using the --local flag.
• Cost Management: Includes features like --max-cost warnings and --dry-run to preview execution without incurring API charges.
• Agent Agnostic: Supports multiple AI providers including Anthropic Claude, OpenAI Codex, and OpenCode with over 75 providers.

Maintenance & Community

RepoLens is maintained on a best-effort basis as a free, open-source project. Commercial support, including installation help and custom lens development, is available via email. Bug reports and feature requests are managed through GitHub Issues. The project is supported by Patreon patrons.

Licensing & Compatibility

This project is licensed under the Apache License 2.0. It is generally compatible with commercial use, but includes a strong warranty disclaimer. Users must ensure they have explicit authorization before running audits in deploy mode against live servers due to legal risks.

Limitations & Caveats

RepoLens is explicitly not a sandboxed security tool and carries significant risks. Agents operate with shell access, making prompt injection a potential vector. Users are solely responsible for API costs, which can reach hundreds or thousands of dollars for full audits. Running the tool on repositories or servers without explicit permission may have legal consequences. It is recommended to run RepoLens within an isolated VM or container and only on codebases the user fully owns or trusts.