Frequently Asked Questions
Everything you need to know about Repotoire.
What is Repotoire?
Repotoire is a graph-powered code analysis CLI that detects architectural issues, security vulnerabilities, and code smells across your codebase. It builds a knowledge graph of your code using a hand-rolled CSR (Compressed Sparse Row) graph and tree-sitter, then runs 110 pure Rust detectors to find problems that traditional file-by-file linters miss — like circular dependencies, god classes, architectural bottlenecks, and hidden coupling.
How is Repotoire different from ESLint or SonarQube?
Traditional linters like ESLint analyze files in isolation — they can catch syntax errors, style violations, and per-file bugs. Repotoire analyzes relationships between files by building a graph of your entire codebase. This lets it detect cross-file issues like circular dependencies, architectural bottlenecks, and coupling problems that no file-by-file linter can see. It complements ESLint rather than replacing it.
What languages does Repotoire support?
Repotoire supports 13 languages total: full graph analysis for Python, TypeScript, JavaScript, Rust, Go, Java, C#, C, C++, plus regex-scanned security and quality coverage for Ruby, PHP, Kotlin, Swift. All full-graph parsing is done via tree-sitter grammars compiled into the binary — no external parser dependencies needed.
How do I install Repotoire?
Install via Homebrew (brew install repotoire), cargo install (cargo install repotoire), cargo-binstall for prebuilt binaries (cargo binstall repotoire), or npm (npx repotoire). It's a single binary with zero runtime dependencies.
Is Repotoire free?
The CLI is free and open source. You can analyze any codebase locally without limits. The web dashboard (at repotoire.com) has free and paid tiers for team features, history, and CI/CD integration.
What are the 110 detectors?
Repotoire has 77 default detectors and 33 deep-scan detectors (enabled with --all-detectors). Categories include security, code quality, graph-based code smells, architecture, and specialized detectors for AI-generated code, ML/data science, Rust, and async patterns.
How does the scoring work?
Repotoire uses a three-pillar scoring system: Structure (40%), Quality (30%), and Architecture (30%). Findings are weighted by severity (Critical=5, High=2, Medium=0.5, Low=0.1). Graph-derived bonuses reward good practices like high modularity, clean dependencies, and balanced complexity distribution. Scores range from F to A+, with 13 grade levels.
How fast is Repotoire?
Cold analysis of a typical codebase takes 10-20 seconds. Subsequent runs use incremental caching and typically complete in 1-2 seconds for single-file changes. All parsing and detection runs in parallel via rayon. Files over 2MB are automatically skipped.
Does Repotoire work in CI/CD?
Yes. There's an official GitHub Action (Zach-hammad/repotoire-action@v1) that runs analysis on PRs, posts comments with findings, uploads SARIF for GitHub Code Scanning, and supports quality gates (--fail-on high to block merges). SARIF 2.1.0 output works with any CI system that supports it.
What output formats does Repotoire support?
Five formats: text (default, with themed narrative output), JSON (machine-readable), HTML (standalone report with SVG architecture map, treemap, and charts), SARIF 2.1.0 (GitHub Code Scanning compatible), and Markdown. Use --format to select.
Can I suppress specific findings?
Yes. Add // repotoire:ignore on the line before a finding to suppress all detectors, or // repotoire:ignore[detector-name] to suppress a specific detector. Supports //, #, /*, and -- comment styles. You can also configure exclusions in repotoire.toml.
Does Repotoire send my code anywhere?
No. All analysis runs locally on your machine. The only network call is optional telemetry (PostHog, opt-in only) which sends aggregate metrics like language distribution and score — never source code. You can disable it with repotoire config telemetry off.
Can Repotoire gate AI-generated code at commit time?
Yes — `repotoire claude-hook install` registers a Claude Code pre-commit hook that runs `repotoire diff` on staged changes and denies the commit if it introduces high-severity findings. The hook respects baselines, hunk-level attribution, and the same severity flags as `repotoire diff`. See the Claude Code integration page at /integrations/claude-code.