Skip to main content
Glama



AI now writes a large and growing share of the code, and the humans accountable for it have to trust what ships. A score that says "this file is risky" isn't enough: you need to know where the risk concentrates and how to fix it.

repowise closes that loop. It indexes your codebase once and scores every file for defect risk, maintainability, and performance from 25 deterministic markers, calibrated against a real defect corpus, no LLM, in under 30 seconds (the proof ↓). The same index then locates the risk through a real dependency graph and git history, and generates the fix: concrete, graph-aware refactoring plans (split this god class, move this method, break this dependency cycle, dedup this clone) that your coding agent can execute.

And because it is all one index, your agent gets the rest for free: five intelligence layers: dependency graph, git history, auto-generated docs, architectural decisions, and code health, exposed to Claude Code, Codex, and any MCP-compatible agent through nine task-shaped tools. Your agent answers "why does auth work this way?" instead of "here is what auth.ts contains", with fewer tool calls, fewer file reads, and lower cost per query, at comparable answer quality (benchmarks ↓). One index: context your agent can use, signals your team can trust, and the fix it can apply.


The five layers

repowise runs once, builds everything, then keeps it in sync on every commit. Each layer is queryable from the CLI, the MCP tools, and the local dashboard.

Layer

What it gives you

Edge

◈ Graph

tree-sitter dependency graph across 15 languages · two-tier file + symbol nodes · 3-tier call resolution · Leiden communities · PageRank / centrality / execution flows · framework-aware route→handler edges

A real graph most tools never build

◈ Git

hotspots (churn × complexity) · ownership % · co-change pairs (hidden coupling) · bus factor · contributor profiles · module health · reviewer suggestions

Behavioral signals static analysis can't see

◈ Docs

LLM-generated wiki per module/file · incremental on every commit · freshness + confidence scoring · hybrid RAG search (FTS + vector via RRF) · selectable wiki styles (comprehensive / reference / tutorial / caveman) · 15 output languages (init --language zh)

Stays current, rebuilt every commit

◈ Decisions

architectural decisions mined from 8 sources, evidence-backed (verified / fuzzy / unverified), linked to graph nodes, connected by supersedes/refines/conflicts_with edges, tracked for staleness

★ Captured nowhere else

★ Code Health

25 deterministic markers, 1–10 per file · three signals: defect risk · maintainability · performance · coverage ingestion · trend alerts · concrete graph-aware refactoring plans (Extract Class / Helper / Move Method / Break Cycle / Split File / Extract Method) · zero LLM, <30s

★ Defect-validated, with the fix attached. Our edge

Full deep-dive on every layer (graph, git, docs, decisions, hooks, auto-sync, dead code, CLAUDE.md generation): docs/INTELLIGENCE_LAYERS.md →


Related MCP server: CodeGraph

Learns from how you actually use it

repowise doesn't just index once and go stale, it watches how you and your agent work in the repo and tilts itself toward that. All local, all deterministic, no extra LLM calls, and it feeds back through the hooks at zero agent effort:

  • Decisions mined from your own sessions. repowise reads your Claude Code transcripts for the corrections and conventions you actually enforce ("new endpoints go through the auth middleware", "use the shared HTTP client, not raw requests"), turns the durable ones into tracked decisions, then delivers the relevant ones back: a compact block at session start, and a one-line "governed by" notice the moment your agent edits a file that decision governs. If a later session contradicts a decision, it stops being injected.

  • Docs that follow your questions. The wiki generation budget tilts toward the modules you and your agent ask about most (from get_answer and search_codebase history), so depth lands where you actually work instead of spreading evenly. Silent and byte-identical on a fresh repo with no history.

It is a flywheel: use it → it mines what mattered → it delivers that back on the next session. How the hooks carry it: docs/HOOKS.md → · decision layer: docs/INTELLIGENCE_LAYERS.md →


★ Code Health: the layer nobody else nails

Code health is repowise's deepest differentiator: the one layer with no real equivalent, and the only one we can prove predicts real bugs. It runs as a loop: measure every file across three signals, locate where the risk concentrates through the graph and git history, then fix it with a concrete refactoring plan your agent can execute.

repowise scores every file 1–10 from 25 deterministic markers, McCabe complexity, brain methods, class cohesion (LCOM4), god classes, native Rabin–Karp clone detection, untested hotspots, change entropy, prior-defect history, and more, split into three signals:

  • Defect risk is the headline 1–10: the defect-calibrated, bug-predictive score in the table below.

  • Maintainability (cohesion, brain methods, DRY and god-class smells) flags what raises change-cost without predicting bugs.

  • Performance (static N+1 / I/O-in-loop risk) is followed across files through the call graph: file-local linters found 0 of those cross-function cases on a 12k-file benchmark where repowise surfaced 557.

The companion signals are separate lenses, never blended into the defect headline, so the bug-predictive number stays clean.

Zero LLM calls, zero cloud, zero new runtime dependencies. Pure Python over tree-sitter + git data, under 30 seconds on a 3,000-file repo. The marker weights are calibrated against a real defect corpus, not hand-tuned; only the learned constants ship and the runtime stays fully deterministic.

repowise health                       # KPIs + lowest-scoring files
repowise coverage add cov.lcov   # ingest LCOV/Cobertura/Clover → untested-hotspot
repowise impacted-tests HEAD~1   # run only the tests a diff actually exercises
repowise health --refactoring-targets # ranked by impact / effort
repowise health --trend               # snapshots + declining / predicted-decline alerts

And it proves itself on your repo, not just a benchmark: after every index, repowise checks its own flags against your git history and reports the hit rate in the terminal and on the dashboard: "16/20 lowest-health files had a bug fix in the last 6 months, 3.3x the 24% baseline". See Does the score find the bugs?.

Does the score actually find bugs? Yes, and it out-ranks CodeScene, the leading commercial code-health tool. On the same 2,770 files across 9 languages, scored at the same leakage-free commit against the same defect labels:

Axis (head-to-head, paired tests)

repowise

CodeScene

Recall @ 20%-of-lines budget

0.173

0.074

Effort-aware ranking (Popt)

0.607

0.462

Defect density, size-normalized (defects/KLOC, Alert:Healthy)

2.18×

0.56×

Discrimination (ROC AUC)

0.731

0.705

Ranking by repowise health surfaces 2.3× the defects under a fixed review budget (Popt Δ +0.144, recall Δ +0.098, density Δ all p = 0.003, paired and significant; the ROC AUC edge is marginal). Full methodology & CIs →

User guide & per-marker reference: docs/CODE_HEALTH.md

Refactoring intelligence

A health score tells you a file is in trouble; every other tool stops there, or prints the same static sentence for every god class. repowise names the specific fix, computed deterministically from the graph, the class model, and git co-change: Extract Class, Extract Helper, Move Method, Break Cycle, Split File, Extract Method. Each plan names the exact methods, edges, or symbols that move and carries its blast radius (the callers and co-changing files that must move with it), ranked graph-aware (impact × call-graph centrality × blast radius) so a fix on a central hub outranks the same fix on a leaf. That is the wedge: CodeScene's AI refactoring stays inside a single function; repowise names the cross-file move and the dependents it ripples to. Extract Method goes deepest, an intra-procedural dataflow pass (CFG + def/use

  • reaching definitions) lifts the exact line span and infers the helper's signature, behavior-preserving by construction.

The deterministic plan is the product; an optional LLM step (never in the indexing path, only on request) expands any plan into generated code plus a unified diff, fed the graph and co-change context a bare codegen tool throws away.

repowise health --refactoring-targets    # ranked plans; get_health(include=["refactoring"]) over MCP

The web Refactoring tab renders each plan as a card with a copy-to-agent button and the opt-in Generate code diff view. Per-detector mechanics: docs/CODE_HEALTH.md · full reference: docs/REFACTORING.md


Change risk & agent provenance

Two more deterministic signals, built on the same graph and git history, for the people who have to trust what ships:

  • ★ Change risk: score any commit or base..HEAD range 0–10 for defect risk from the shape of the diff (Kamei-style just-in-time metrics), with PR-mode directives (will_break, missing_cochanges, missing_tests). One command: repowise risk main..HEAD. Reference: docs/CHANGE_RISK.md.

  • ★ Agent provenance: attribute commits to the AI agents that wrote them, straight from git history, so you can see how much of your codebase an agent produced and which of that code is a low-health hotspot owned by a single person. Risk management for AI-era codebases, not developer surveillance.

Both are zero-LLM and reproducible. Deep dives on the hosted site: change risk → · agent provenance →.


Benchmarks

Reproducible, on public codebases. repowise-bench →

1 · Agent efficiency: repowise does the exploration once, offline

Most of a coding agent's spend goes to exploration: greping for symbols, reading candidate files, re-reading them as context grows. repowise does that work once so the agent skips it on every query. Paired SWE-QA runs on real repositories (same model, same harness, with vs without repowise's MCP tools):

up to −96% tokens to load context  ·  −89% file reads  ·  −70% fewer tool calls  ·  answer quality at parity

The win is context: repowise hands the agent a curated answer instead of a pile of files to read. Loading a commit's context via get_context costs 2,391 tokens vs 64,039 raw, ~27× fewer (−96%). Across the two benchmarks, agents read −69% to −89% fewer files and make −49% to −70% fewer tool calls at answer quality on par with raw exploration; on a long, multi-step investigation that compounds to −41% of the context re-read across the whole session. Saved tokens are tokens you don't pay for, so dollar cost drops too, though agent-side prompt caching now mutes the cost delta. Reports: flask48 · flask v3 · sklearn48

2 · Distill: index-aware output distillation

Most of what an agent reads from a shell command is noise: 300 lines of passing tests around 4 failures, full commit bodies for "what changed recently". repowise distill <cmd> compresses command output before the agent reads it, errors-first, exit code preserved, and every omission reversible via an inline [repowise#<ref>] marker (repowise expand <ref>). Paired runs on a public OSS repo, per command:

Command

Raw → distilled tokens

Saved

pytest -q (11 failures)

3,374 → 1,317

61%, all 11 failure lines preserved

git log -50

3,064 → 331

89%

git diff (30 commits)

62,833 → 8,635

86%

Small outputs pass through untouched (net-positive guard), and in an end-to-end spot-check the agent reached the identical root-cause diagnosis from distilled output as from raw. Opt-in Claude Code hook rewrites noisy commands automatically (shown for approval); repowise saved tracks tokens and dollars saved. Full guide: docs/DISTILL.md →

3 · Code health predicts real defects

Health scores are collected at a historical commit (T0); bug-fixing commits are counted over the following 6 months; the two are correlated, with strictly no leakage. Across 21 open-source repositories spanning all 9 Full-tier languages:

  • Cross-project mean ROC AUC 0.74 [95% CI 0.68–0.79] at identifying the files that go on to receive bug-fixes, up to 0.90 on individual repos.

  • Survives controlling for file size (partial Spearman ρ = −0.16), so it is not just "flag the big files."

  • Significantly out-discriminates recent churn (+0.10 AUC) and prior-defect history (+0.12 AUC), DeLong p < 1e-9.

  • Holds up on an external published dataset it has never seen (PROMISE/jEdit CK-metrics: AUC 0.76–0.78, within ~0.03 of the dataset's own tuned model).

Full report: health-defect/BENCHMARK_REPORT.md →


Local dashboard

repowise serve starts a full web UI alongside the MCP server, no separate setup.

Highlights: Chat (natural-language Q&A) · Docs (wiki with Mermaid + graph sidebar) · Graph (interactive, 2,000+ nodes, community coloring, path finder) · C4 Architecture (Context → Containers → Components) · Risk (hotspots, ownership heatmap, module health, dead code, blast radius) · Contributors (per-author profiles) · Decisions (evidence drawer, evolution timeline, decision-graph) · Health (three signals: defect, maintainability, performance; coverage, trends) · Refactoring (ranked plan cards, blast radius, copy-to-agent, opt-in code-gen diff) · Security (local pattern scan) · Costs · Workspace (cross-repo contracts & co-changes). Full view-by-view list in docs/USER_GUIDE.md.


VS Code extension

The Repowise extension puts the index where code gets written: know what your change breaks before you push (your riskiest files ranked, what is downstream, forgotten companion files, missing tests, suggested reviewers), health signals in the gutter and status bar, callers and ownership on hover, refactoring plans as CodeLens, and the full dashboards (health, architecture, knowledge graph, decisions, docs) inside the editor. One install also registers the Repowise MCP server with VS Code, so the same local index serves both you and your AI agent. Quiet by default, everything toggleable, nothing leaves your machine.

Install from the Marketplace (search Repowise) or Open VSX, then run Repowise: Set Up This Repository. Full guide in docs/VSCODE.md →.


Supported languages

15 languages parsed to AST · 11 at the Full tier · framework-aware across all of them.

Tier

Languages

What works

Full

Python · TypeScript · JavaScript · Java · Kotlin · Go · Rust · C++ · C# · Scala · Ruby

AST parsing, import resolution, named bindings, call resolution, heritage extraction, docstrings; multi-project workspace resolvers; framework-aware edges; per-language dynamic-hint extractors; code-health markers

Good

C · Swift · PHP · Dart

AST parsing, import resolution, named bindings, call resolution, heritage (mixins / derive / extensions / traits), docstrings; dedicated workspace-aware resolvers; Laravel / TYPO3 / Flutter framework edges; dynamic-hint extractors; Dart adds code-health + perf markers

SQL / dbt

.sql via sqlglot (postgres, mysql, tsql, clickhouse, ...)

Tables / views / functions / procedures as symbols with wiki pages; dbt projects get real ref() / source() lineage edges: model-level DAG, hotspots, co-change, ownership

Shell

.sh · .bash · .zsh

Functions as symbols, source / . import edges ($SCRIPT_DIR / dirname idioms), and function-level code-health complexity. No class metrics, heritage, or dead-code flagging

Config / data

OpenAPI · Protobuf · GraphQL · Dockerfile · Makefile · YAML · JSON · TOML · Terraform · Markdown

Included in the file tree; special handlers extract endpoints / targets where applicable

Git-blame only

Objective-C · Elixir · Erlang · Zig · Julia · Clojure · Haskell · OCaml · F# · …

Tracked in git history (blame, hotspots, co-change); no AST parsing yet

Adding a language needs one .scm query file and one config entry, with no changes to the parser core. Full per-language matrix, code-health checklist, and the contributor recipe: docs/LANGUAGE_SUPPORT.md →


Who it's for

Start here

Individual developers

pip install repowiserepowise init → query from Claude Code, Cursor, or any MCP agent. 100% local, BYO API key, free under AGPL-3.0. For developers →

Team leads

Know which PRs to worry about before you merge: change-risk scoring plus the free Repowise PR Bot that posts one deterministic comment per PR (hotspots, hidden coupling, declining health), zero LLM. For team leads →

Engineering leaders

See how much of your code AI wrote and whether it is healthy: agent provenance, code-health trends, and bus factor, from git history. For engineering leaders →

Security & compliance

Reachability-aware CVE triage, secret detection across full git history, and SBOM, on your real dependency graph. For security →

Enterprises

On-prem / air-gapped, SSO/SCIM, commercial licensing (no AGPL obligation), and IP indemnification. For enterprise → · docs/COMMERCIAL.md


Quick start (under 5 minutes, no API key)

Index once, and give your agent the dependency graph + git history + code-health — not 40 greps.

1. Install

pip install repowise          # Windows: python -m pip install repowise
repowise --version            # -> repowise, version 0.27.x

2. Index your repo — no LLM, no key

cd /path/to/your/repo
repowise init --index-only -y

Builds the dependency graph, git history, code-health score, and dead-code findings in seconds. (Want the generated wiki + semantic search? Use repowise init --provider gemini|anthropic|openai with the matching key.)

3. Connect your agent — the MCP server is repowise mcp, served from the repo dir.

# Plugin (adds 9 tools + slash commands + skills):
/plugin marketplace add repowise-dev/repowise
/plugin install repowise@repowise

# …or wire the MCP server directly:
claude mcp add repowise -- repowise mcp

Or commit a project .mcp.json:

{ "mcpServers": { "repowise": { "command": "repowise", "args": ["mcp"] } } }

Add to ~/.codex/config.toml:

[mcp_servers.repowise]
command = "repowise"
args = ["mcp"]

Or: codex mcp add repowise -- repowise mcp

4. First real call. Ask your agent: "Use repowise get_overview to summarize this repo," or "get_context for src/auth.py." You get graph-grounded architecture and per-file triage instead of a flurry of greps. ✅

get_overview / get_context work in index-only mode (no key) — they synthesize from the graph/git/health layers. search_codebase / get_answer / get_why need full mode (the generated wiki).

Ready for the full picture? Run repowise init --provider … for the generated wiki + semantic search, or skip key management entirely with the hosted tier at repowise.dev. Full walkthrough: docs/QUICKSTART.md.

Docs: Quickstart · User Guide · CLI Reference · Codex · MCP Tools · Hooks · Distill · Workspaces · Auto-Sync · Upgrading · Config


Nine MCP tools

Most tools are designed around data entities (one module, one file, one symbol), forcing agents into long chains of sequential calls. repowise tools are designed around tasks: pass multiple targets in one call, get complete context back. Every response carries an _meta envelope with index_age_days, indexed_commit, and a stale_warning that fires only when the indexed HEAD diverges from live .git/HEAD.

Tool

What only this tool answers

get_overview()

Architecture summary, module map, entry points, git health, community summary. First call on any unfamiliar codebase.

get_answer(question)

Hybrid retrieval (FTS + vector via RRF) + PageRank bias + 1-hop graph expansion → a cited answer with calibrated retrieval_quality. Returns structured best_guesses on low confidence. Collapses search → read → reason into one round-trip.

get_context(targets, include?)

Triage card for files / modules / symbols: title, summary, signatures, hotspot bit, governing_decisions, and symbol_ids. include opens callers/callees, ownership, metrics, decisions, full_doc. Batch many targets.

get_symbol("file.py::Name")

Raw source bytes for one indexed symbol with exact line bounds, cheaper and safer than Read + offset math.

search_codebase(query, kind?)

Semantic search over the wiki, filterable by kind (implementation / test / config / doc), tagging each result's search_method.

get_risk(targets, changed_files?)

Hotspot scores, dependents, co-change partners, ownership, test gaps, security signals. Pass changed_files for PR mode → a directive block (will_break, missing_cochanges, missing_tests, governance_risk).

get_why(query?, targets?)

Architectural decision records, status, evidence spans, and the supersession lineage chain. Falls back to git archaeology when no ADRs exist.

get_dead_code(...)

Unreachable code by confidence tier with cleanup-impact estimates; cross-repo consumer detection in workspace mode.

get_health(targets?, include?)

Marker scores per file across three signals (defect · maintainability · performance). Dashboard mode → KPIs + lowest-scoring files + module rollup; targeted mode → per-file findings. Self-check before a PR via include: accuracy (does the score find the bugs), signals (per-file churn / owners / prior defects), churn_complexity, a dimension name to filter findings, plus coverage, trend, and refactoringstructured, graph-aware refactoring plans (split groups, move target, cut edges + blast radius), not template strings.

Worked example ("Add rate limiting to all API endpoints" in 5 calls instead of ~30 greps+reads) and the full reference: docs/MCP_TOOLS.md →


How it compares

repowise

Google Code Wiki

DeepWiki

Swimm

CodeScene

Self-hostable, open source

✅ AGPL-3.0

❌ cloud only

❌ cloud only

❌ Enterprise only

✅ Docker

Private repo, no cloud

❌ in development

❌ OSS forks only

✅ Enterprise tier

Auto-generated documentation

✅ Gemini

✅ PR2Doc

MCP server for AI agents

✅ 9 tools

✅ 3 tools

Proactive agent hooks

✅ Claude + Codex hooks

Auto-generated AI instructions (CLAUDE.md, AGENTS.md)

Learns from your usage (session-mined decisions, demand-weighted docs)

Code health score (1–10)

✅ 25 markers

✅ 25–30

Brain Method / LCOM4 / god class

Test-coverage intelligence

✅ LCOV/Cobertura/Clover

Untested-hotspot detection

✅ coverage × hotspot

Health trend + declining alerts

✅ rolling snapshots

Refactoring recommendations

✅ deterministic

Concrete cross-file refactoring plans (Extract Class / Move Method / Break Cycle)

✅ graph-aware + blast radius

⚠️ within-function only

Dataflow-verified within-function plans (Extract Method with inferred signature)

✅ CFG + reaching definitions

⚠️ LLM-generated, unverified

Git intelligence (hotspots, ownership, co-change)

Bus factor analysis

Dead code detection

Architectural decision records

Multi-repo workspace intelligence

✅ co-changes, contracts, federated MCP

Local dashboard

❌ IDE only

repowise is the intersection: behavioral git intelligence + a defect-validated code-health score with the graph-aware fix attached + auto-generated docs + agent-native MCP + architectural decisions + multi-repo workspace intelligence, self-hostable and open source. Full side-by-side comparisons (CodeScene, DeepWiki, Sourcegraph, Cursor, GitClear): repowise.dev/compare →.


For teams & enterprises

repowise.dev is the same engine, fully managed, at feature parity with self-hosted: every CLI command, every MCP tool, the full dashboard. We dogfood it on our own codebase: live snapshot → · explore public repos →.

On top of self-hosting:

  • Zero ops: managed deploys & webhooks, auto re-index on every commit.

  • Hosted MCP endpoint: point any MCP client at one URL, no local server.

  • Repowise PR Bot: free GitHub App, one deterministic comment per PR (hotspot touches, hidden coupling, declining health, dead code), zero LLM calls. Install → · Learn more →

  • CVE-aware security layer, cross-repo intelligence at scale, and integrations (Slack, Jira/Linear, Confluence/Notion, PagerDuty) (rolling out).

What's GA / in development / planned, on-prem topology, SSO/SCIM/RBAC, and pricing: docs/COMMERCIAL.md · Get in touch →


Privacy

  • Self-hosted: your code never leaves your infrastructure, so no code, file paths, or repo names are ever sent. The CLI does report anonymous, opt-out usage telemetry (command names + coarse environment only) to help us prioritize; turn it off with repowise telemetry disable, DO_NOT_TRACK=1, or by running fully offline. What's collected →

  • BYOK: bring your own Anthropic / OpenAI key. We never see your LLM calls. Zero data retention via Anthropic's API policy.

  • What's stored: the NetworkX graph, LanceDB embeddings (non-reversible vectors), generated wiki pages, git metadata. Raw source is processed transiently and never persisted.

  • Fully offline: Ollama + a local embedding model = zero external API calls.


CLI & configuration

repowise init [PATH]      # index codebase (one-time; --index-only skips LLM)
repowise serve [PATH]     # MCP server + local dashboard
repowise update [PATH]    # incremental update (<30s; --workspace for all repos)
                          # git worktrees auto-seed from the base checkout (docs/WORKTREES.md)
repowise search "<q>"     # search the wiki (fulltext / semantic / symbol)
repowise health           # code-health KPIs + lowest-scoring files
repowise risk main..HEAD  # score a branch / PR range for defect risk
repowise dead-code        # unreachable-code report
repowise distill pytest   # compact errors-first output (reversible), saves 60–90% tokens
repowise saved            # tokens & dollars saved by distillation
repowise doctor           # check setup, API keys, store drift

repowise init generates .repowise/config.yaml (provider, model, embedder, reasoning mode, exclude patterns, git commit depth). Full command set: docs/CLI_REFERENCE.md · config reference: docs/CONFIG.md.


Contributing

git clone https://github.com/repowise-dev/repowise
cd repowise
uv sync --all-packages
uv run repowise --version
uv run pytest tests/unit/

Full guide, including how to add languages and LLM providers: CONTRIBUTING.md.


License

AGPL-3.0. Free for individuals, teams, and companies using repowise internally.

For commercial licensing (the enterprise security & compliance layer, SSO/SCIM, RBAC, workflow integrations, priority support and SLA, or embedding repowise in a product without AGPL obligations), see docs/COMMERCIAL.md or contact hello@repowise.dev.


Built for engineers who got tired of watching their AI agent cat the same file for the fourth time.

Install Server
A
license - permissive license
A
quality
A
maintenance

Maintenance

Maintainers
16hResponse time
2dRelease cycle
48Releases (12mo)
Commit activity
Issues opened vs closed

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/repowise-dev/repowise'

If you have feedback or need assistance with the MCP directory API, please join our Discord server