Find what reviews miss.

Vibe-coded or hand-crafted — your repo has blind spots. RepoLens runs specialist AI agents to surface them. Evidence-backed findings, filed as GitHub issues.

Apache-2.0 · Open Source
View on GitHub →
283 Lenses
27 Domains
8 Modes
4+ Agents Supported

Numbers reflect current state — we ship new lenses and domains regularly.

Depth beats breadth

Code might look fine through one lens and be a shitshow through another.

Monolithic LLM Review

One prompt. Ten concerns. Surface-level results.

  • Spreads attention across every concern equally
  • The auth bypass gets the same weight as a naming nit
  • No convergence check — one pass, hope for the best
  • Output: a report that lives in a spreadsheet

Lens-Based Auditing (LBA)

One lens. One concern. Full depth.

  • Each agent gets the full cognitive budget for its domain
  • Security lens traces data flows — not style nits
  • DONE×3 streak protocol verifies completeness
  • Output: GitHub issues you can close in one sitting

Eight operational modes

RepoLens doesn't just audit code. Run a lensing pass to discover features, hunt bugs, inspect servers, or check open-source readiness — each mode has its own specialized lens set. A single-lens security scan is valid. A full-spectrum 283-lens audit is too. The scope scales; the method stays the same.

audit

default

Deep code audit across security, architecture, compliance, and more.

bugfix

Hunt real bugs. Root cause analysis, reproduction steps, fix guidance.

feature

Find missing capabilities. What should your project do that it doesn't yet?

discover

Product discovery. Market gaps, integrations, competitive positioning.

deploy

containers in beta

Inspect live servers. TLS, disk, backups, config drift, monitoring.

content

Audit docs and content. Staleness, accessibility, completeness, localization.

opensource

Pre-release audit. Secret leaks, licensing, PII, community readiness.

custom

Change impact analysis. Analyze diffs against your impact statement.

Find, fix, merge. Their repo, their rules.

27 domains. 283 lenses. Growing.

Each domain is a group of specialized lenses. Run one domain or all of them. Add your own for concerns specific to your stack.

62

Code Foundations

Security · Code Quality · Architecture · Testing · Error Handling · Performance · Concurrency

39

Frontend & UX

Frontend · Visual Design · Design System · Interaction Design · Information Architecture · Adaptive UX · UX Anti-Patterns

56

Compliance

GDPR · NIS2 · AI Act · HIPAA · PSD2 · DORA · EAA · CCPA · and 48 more regulatory frameworks

14

APIs & Data

API Design · Database · Internationalization

24

Infrastructure

DevOps · Observability · Maintainability · Documentation

26

Server & Deployment

TLS · DNS · Storage · Containers · Backups · Monitoring · and 20 more checks

44

Discovery & Content

Product Discovery · Content Quality · Open Source Readiness

18

Tool Gate

Lint · SAST · DAST · Type Check · Load Testing · API Security

Three steps. Real results.

Point

Clone RepoLens. Point it at any git repository. Pick your agent.

Lens

Specialist agents scan your code — one domain per lens. DONE×3 verifies completeness.

Ship

Findings appear as GitHub issues — severity-tagged, evidence-backed, each closeable in approximately one hour.

Terminal 
git clone https://github.com/TheMorpheus407/RepoLens.git
cd RepoLens

# Run a single domain against your repository
./repolens.sh --project /path/to/your/repo --agent claude --domain security

# Run all lenses
./repolens.sh --project /path/to/your/repo --agent claude

# Run in parallel (up to 8 agents at once)
./repolens.sh --project /path/to/your/repo --agent claude --parallel
Give an LLM one thing to focus on and the depth will be unmatched.

Built on three principles

One Lens, One Concern

Each agent has exactly one domain. No context switching. No attention splitting. Full cognitive budget on a single focus.

Evidence-Required

Every finding cites specific files, functions, or configurations. No hypotheticals. No vague advice. Not in the code? Not in the report.

Convergence-Verified

The DONE×3 streak protocol. Each lens runs until three consecutive passes find nothing new. Done means done — verified, not assumed.

Real tools in the loop

RepoLens doesn't only use AI. It integrates real static analysis, security scanning, and performance testing into the same workflow.

Static Analysis always available

ESLint Ruff Clippy golangci-lint ShellCheck Bandit Semgrep TypeScript Mypy

Dynamic Analysis requires --hosted

OWASP ZAP SQLMap Nuclei Lighthouse K6 Schemathesis

Your agent. Your choice.

RepoLens is a prompt orchestrator, not an LLM wrapper. It works with any CLI-based AI agent — swap providers without changing your workflow.

Claude Codex Spark OpenCode

Star History

Growth of RepoLens GitHub stars over time.

Audit was the first step. Development is the destination.

RepoLens is Apache-2.0 open source. Clone it. Run it. Contribute lenses. The repository is yours to fork, extend, and deploy on your own terms.

View on GitHub →