An AI-powered diagnostic engine that reverse-engineers, maps, and secures complex codebases in seconds.
Reading someone else's code is hard. Figuring out the blast radius of a Pull Request across thousands of files is even harder.
CodeAutopsy is a continuous diagnostic pipeline. It is not a simple AI wrapperβit performs deterministic static analysis, constructs graphing algorithms, intercepts hardcoded secrets, and feeds highly structured context to an LLM. It helps developers understand new codebases and merge PRs safely in minutes rather than days.
π Live Engine: codeautopsy.app
- Architecture Blueprints β Pattern detection (MVC, Monolith, Library) and visual Mermaid.js dependency graphs.
- Execution Flow Tracing β Detailed traces of how the application runs from entry to exit.
- Tech Stack & Key Modules β Deep dive into languages, frameworks, and a functional analysis of what each file does.
- Developer Onboarding β Instant documentation and setup guides for new contributors.
- Repo Chat Copilot β Natural language Q&A powered by Groq/Llama 3.3 to interrogate the codebase.
- Blast Radius Detection β Shows exactly what downstream files will break if you modify critical code.
- Context-Aware Reviewers β Fetches historical
git blamedata to intelligently recommend PR reviewers based on who actually authored the modified files. - Enterprise Security Scanner β High-speed RegEx interception layer that catches exposed AWS keys, private keys, and secrets before they are sent to the LLM.
- Shareable Reports β Persistent analysis URLs at
/view/{owner}/{repo}. - Official GitHub Action β Automatically maps your architecture and injects a live SVG dependency graph into your README on every push.
Make your repository self-documenting. Add the CodeAutopsy Action to automatically generate and inject a live architecture map directly into your repository's README.
1. Place the Map Beacon
Add these invisible HTML comments anywhere in your README.md. The action will automatically replace the space between them on every push.
<!-- CODEAUTOPSY_MAP_START -->
<!-- CODEAUTOPSY_MAP_END -->2. Add the Workflow
Create a new file at .github/workflows/codeautopsy.yml and paste this configuration:
name: Update Architecture Map
on:
push:
branches: [main, master]
jobs:
update-map:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: CodeAutopsy Architecture Sync
uses: Sidhant0707/codeautopsy-action@v1.0.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}Most "AI code analysis" tools dump a repo into an LLM and pray. CodeAutopsy uses a sophisticated engineering pipeline that runs before any AI call is made:
- Fetches the full file tree in a single call via the GitHub Git Trees API.
- Intelligent noise filtering: ignores
node_modules,dist, lock files, and binaries. - Entry point detection via manifest parsing (
package.json) and filename patterns.
- Regex Parsing: Extracts
import/requirestatements across the codebase. - Graph Construction: Builds a dependency adjacency list with local path resolution.
- Metric Computation: Calculates Fan-in scores to dynamically identify core utility modules.
- Ranking Algorithm: Sorts files by "Architectural Significance" (Fan-in + Depth + Role).
- Context Optimization: Only the top ranked files are sent to Groq to prevent "lost in the middle" LLM degradation.
- Strict Schema: Forces AI into a typed JSON schema for consistent UI rendering.
- Security Interception: Diff patches are pre-scanned locally; if secrets are found, AI risk assessments are physically overridden to HIGH RISK.
- Smart Caching: Supabase (PostgreSQL) caching keyed by
repo_url + commit_sha + analysis_version. - Stateless Auth:
@supabase/ssrfor secure session handling and Private Repo token injection. - Traffic Control: Upstash Redis rate-limiting (3 analyses/day for free users, 10 for authenticated).
User pastes GitHub URL β GitHub API β fetch file tree (single call) β Filter noise files & Detect entry points β Build dependency graph & Rank files by importance β Pre-scan PR diffs for hardcoded secrets (Regex Engine) β Fetch top file contents & Send structured context to Groq β Groq returns strict typed JSON β Store in Supabase cache β Render Analysis + Dependency Graph + Context-Aware Reviewers + Chat
| Layer | Technology |
|---|---|
| Frontend UI | Next.js 16 (App Router) + Tailwind CSS + Framer Motion |
| AI Analysis | Groq (Llama 3.3 70B Versatile) |
| Repo Chat | Groq (Llama 3.1 8B) |
| Data Fetching | GitHub REST API & Git Trees API |
| Database & Auth | Supabase (PostgreSQL) |
| Rate Limiting | Upstash Redis |
| Diagrams | Mermaid.js |
| Deployment | Vercel |
1. Clone & Install
git clone https://github.com/Sidhant0707/codeautopsy
cd codeautopsy
npm install2. Configure Environment
Create a .env.local file:
GITHUB_TOKEN=your_github_token
GITHUB_FALLBACK_TOKEN=your_fallback_token
GROQ_API_KEY=your_groq_api_key
USE_GROQ_FOR_ANALYSIS=true
NEXT_PUBLIC_SUPABASE_URL=your_supabase_url
NEXT_PUBLIC_SUPABASE_ANON_KEY=your_supabase_anon_key
SUPABASE_SERVICE_KEY=your_supabase_service_key
UPSTASH_REDIS_REST_URL=your_upstash_url
UPSTASH_REDIS_REST_TOKEN=your_upstash_token3. Launch
npm run devContributions are highly welcome! Whether it is optimizing the dependency graph algorithm, refining the UI, or adding new LLM providers.
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'feat: Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request. Please see
CONTRIBUTING.mdfor architecture guidelines.
Distributed under the MIT License. See the LICENSE file for more information.
Software Development Engineer