stable · v1.7.0 · 10 analyzers · 70 rules · 49 playbooks

We prepare your codebase so AI writes 90% of the code.

RepoPrime audits 10 categories, scores your repo 0–100 for Agent-Readiness, and ships a fix playbook per finding that your AI agent can execute directly.

Scan your repo See how it works →$npm i -g @evgeniynezivoy/repoprime

zsh — ~/acme-api — repoprime scan .

~/acme-api on ⎇ main ❯

↑ runs locally · never uploads source · writes only under .repoprime/

02the problem

Your AI agent is only as good as the context you give it.

◆ ETH Zürich, 2025

# AGENTS.md

This is a TypeScript project.

Run tests with npm test.

Follow best practices.

↳ score: 14/100 · worse than empty

Generic AGENTS.md makes your agent WORSE

A study comparing Claude Code output with generic AGENTS.md ("this is a TypeScript project") vs. no AGENTS.md at all found the generic instructions materially degraded task success. Boilerplate context is not neutral — it crowds out the specific intent the agent actually needs.

◆ what we see

✗ wildcard CORS in 3 handlers

✗ 14 undocumented env vars

▲ 7 deps pinned to ^

▲ process.env accessed 41×

✗ 0 migrations committed

Bugs agents silently reproduce

Undocumented env vars. Wildcard deps. Missing migrations. Unvalidated process.env. Wildcard CORS. Your agent has no way to see these are mistakes — so when it writes the next handler, it copies the pattern, and the bug propagates.

◆ tooling gap

ESLintcode for humans

SonarQubecode for humans

CodeClimatecode for humans

Copilotreads · does not score

Cursorreads · does not score

RepoPrimecontext for agents

ESLint and Sonar score code for humans

They catch unused variables, cognitive complexity, test coverage. None of them grade the context files your AI agent reads before writing a line. Until now, repo quality for agents was invisible.

03how it works

Three steps. One command. Zero mutations to your source.

One command. Ten analyzers. Seventy rules.

Runs locally on your machine. Reads your repo, never writes to source files. Produces report.json and updates your AGENTS.md in-place if allowed.

.repoprime/

report.json12.4 kBJSON · machine-readable findings

AGENTS.md8.2 kBregenerated · 267 lines

fixes/49 filesone markdown playbook per finding

history.ndjson1.1 kBdelta series for sparklines

04the ten analyzers

Ten categories. Seventy rules. Forty-nine auto-fixable.

Each analyzer runs AST-level checks against your repo and writes structured findings to report.json. Hover any card to see example rules.

documentation

README, quickstart, architecture.md, changelog — agent-readable source of intent.

8 rules75% fixable

ai-context

AGENTS.md, CLAUDE.md, .cursorrules, .github/copilot-instructions.md — scored for specificity.

7 rules100% fixable

testing

Framework presence, coverage config, CI test job, meaningful test structure.

8 rules63% fixable

security

CORS, helmet, gitignore, docker non-root, pinned versions, committed lockfile.

9 rules89% fixable

configuration

Env validation, .env.example sync, ports/URLs extracted to config layer.

7 rules71% fixable

errorHandling

Structured logger, base error class, request-id, process handlers, non-zero exits.

8 rules88% fixable

cicd

CI workflow, PR triggers, lint/test/build steps, commitlint, husky, PR template.

8 rules100% fixable

structure

Module boundaries, circular imports, dead code, layer coherence.

6 rules50% fixable

database

Migration scaffold, schema versioning, seed scripts, connection pooling.

5 rules20% fixable

apiContracts

API version prefix, validation pipe, rate limiter, contract tests.

4 rules75% fixable

05playbook demo

Every finding ships a playbook your agent can run.

Click a finding on the left to see its rendered .repoprime/fixes/<fixerId>.md. The Prompt for your agent block is exactly what goes to Claude Code or Cursor.

~/acme-api ❯ repoprime scan . --fixable

◇ 49 fixable findings across 10 analyzers · showing top 3

→ wrote .repoprime/fixes/security.fix-cors.md

~/acme-api ❯

.repoprime/fixes/security.fix-cors.md

Fix: security.fix-cors

severity: high · location: src/main.ts:14 · auto-fixable

## Context

CORS is currently `origin: true` — any origin passes preflight. Exposes browser clients to CSRF on authenticated endpoints. ETH Zurich research shows generic fixes (`cors(...)`) degrade agent output vs. no config at all.

## Files affected

→src/main.ts
→.env.example
→README.md

## Prompt for your agent

Restrict Nest CORS to an allow-list read from CORS_ORIGINS env.
Remove the wildcard `origin: true` and reject non-listed origins.
Add CORS_ORIGINS=<your allowed production origin> to .env.example.
Verify by running `curl -I` against the /health endpoint with a disallowed Origin header
and confirm the Access-Control-Allow-Origin header is NOT echoed back.

## Verification

$ pnpm build
$ pnpm test src/main.spec.ts
$ curl -I -H "Origin: <disallowed>" /health

06the dashboard

Visualize every repo's readiness across your organisation.

·repo table with 30-day sparklines
·per-finding drilldown with diff context
·one-click copy of any playbook prompt

repoprime.com/dashboard

repoprime1.6.0

dashboardreposfindingsplaybooks

prod · onlineA

Overview

Live readout across 5 repositories · scans streaming from repoprime scan --push · historic series retained 180 days.

last scan 12m ago24 scans /24h

aggregate score · 5 repos

68.6/100+4.2

+4.2 vs. last week

agent-ready

1stable

holding at top band

foundation

1needs fix

priority attention

scans · 24h

last 24 hours

Repositories

allreadystrongdevfound

repository	score	maturity	last scan	sha
stripe/stripe-node @stripe · node.js	94	Agent-Ready	12m ago	a8f3c21
vercel/next.js @vercel · next.js	78	Strong	1h ago	e22d5b0
prisma/prisma @prisma · typescript · monorepo	72	Strong	3h ago	7b19af4
anthropics/anthropic-sdk-python @anthropics · python	58	Developing	5h ago	c9d0312
your-org/your-repo @you · scanned yesterday	41	Foundation	yesterday	11f6ae8

07your agent stack, unchanged

RepoPrime writes the context. Your agent does the fix.

RepoPrime lives beside your existing agent setup — it does not replace it, and it never calls an LLM itself.

Claude Code

reads playbooks verbatim

Cursor

composer · paste prompt

GitHub Copilot

via .github/copilot-instructions.md

Paperclip

agent plugin

GitHub Actions

ship repoprime scan --ci

08get started

Scan your first repo in under a minute.

No account. No upload. Runs locally, writes only under .repoprime/.

Start scanning Read the docs· MIT · node ≥ 20