shield_lock
Repocheck

How Repocheck Works

Repocheck helps you understand whether a repository is ready for real-world use — not by running your code, but by checking for risk signals and missing safeguards.

Think of Repocheck as a pre-flight checklist for your codebase.

? What Repocheck Is (and Is Not)

check What Repocheck Is

  • ✅ A read-only CLI tool
  • ✅ A risk and readiness analyzer
  • ✅ A signal-based checker
  • ✅ Safe to run on any repository
  • ✅ Designed for local use and CI pipelines

close What Repocheck Is NOT

  • ❌ It does not compile your code
  • ❌ It does not run tests
  • ❌ It does not execute scripts
  • ❌ It does not claim your code is "error-free"

Repocheck focuses on what is missing or risky, not on proving correctness.

Step 1: Local-Only Scanning

When you run:

repocheck scan .

Repocheck scans the repository on your machine.

  • No files are uploaded
  • No telemetry is sent
  • No background network calls are made
  • Your code never leaves your system

All scanning happens locally.

Step 2: Static, Read-Only Analysis

Repocheck works by reading files, not executing them.

It:
  • Walks through the repository structure
  • Reads configuration files
  • Looks at metadata and file contents
  • Applies deterministic rules
It Does Not:
  • Build the project
  • Run CI jobs
  • Execute code paths

This makes Repocheck fast, safe, predictable, and CI-friendly.

Step 3: Signal-Based Checks

Instead of trying to detect bugs, Repocheck looks for signals that commonly cause problems in real projects.

Documentation & Onboarding

Missing documentation is a high onboarding risk.

  • Is there a README.md?
  • Are setup and run instructions present?
  • Are environment variables documented?

Dependency & Hygiene

Dependency issues often lead to security problems and legal risk.

  • Dependency files (e.g. go.mod, package.json)
  • Abandoned or outdated dependencies
  • Risky or missing license information
  • Accidental secrets in the repository
  • Presence of .env.example and .gitignore

CI/CD Readiness

Repocheck checks for CI readiness, not CI correctness.

  • Common CI configuration files (GitHub Actions, GitLab CI, etc.)
  • Test or build script signals
  • Evidence that the repo is intended to be automated

Step 4: Readiness Scoring & Actionable Findings

Based on the signals it finds, Repocheck calculates a Readiness Score. The score is deterministic, explainable, and broken down by category.

Every issue Repocheck reports:

  • Points to a specific file or missing element
  • Explains why it matters
  • Suggests what to fix next

There is no black box and no AI guessing. This helps teams quickly understand where to focus first.

CI-Friendly by Design

Repocheck can run in CI using strict mode:

repocheck scan . --ci

In CI mode, output is machine-readable, and exit codes reflect risk level. Builds can fail when readiness drops, making Repocheck a powerful quality gate.