Forgehaven Labs · RepoRadar · v0.1 · zero dependencies · safe on untrusted code

Scan any repo. Get a grade and a Claude-ready fix plan.

RepoRadar reads a git repository and scores its health A to F across seven dimensions, then writes a prioritized remediation plan you paste straight into Claude Code. Diagnosis to fix, in one move. No build runs, so it is fast and safe to point at code you do not trust.

Node 18+ · no npm install · MIT licensed · works offline

reporadar scan ./acme-widget-api
$ reporadar scan ./acme-widget-api

RepoRadar · health report
acme-widget-api (Node/JS)

  Overall  F  ███░░░░░░░░░░░░░░░░░░░░░  11/100

  Tests                ░░░░░░░░░░░░░░░░░░░░   0
       No real `test` script in package.json
  Security / Secrets   ░░░░░░░░░░░░░░░░░░░░   0
       Possible Anthropic API key in src/index.js
  Documentation        ██░░░░░░░░░░░░░░░░░░  10
  Dependencies         █████░░░░░░░░░░░░░░░  25
  CI / Automation      ░░░░░░░░░░░░░░░░░░░░   0
  Git Hygiene          ████░░░░░░░░░░░░░░░░  20
  Build / Lint Config  ███████░░░░░░░░░░░░░  35

  Top fixes (13 total)
     Rotate the Anthropic API key in src/index.js (P0)
     Add a real `test` script to package.json
     Add a CI workflow that builds and tests on push

The one number

Is this repo in good shape?

One number every developer, agency, and engineering manager wants. RepoRadar answers it, shows the evidence, and hands the fix to an AI agent.

What it does

Three artifacts from a single scan.

  • Grades it A to F

    Seven weighted dimensions (tests, secrets, docs, dependencies, CI, git hygiene, build config) collapse into one honest letter grade with a per-dimension breakdown.

  • the part nobody else ships

    Writes a Claude fix plan

    The differentiator. A prioritized, agent-ready plan: P0 secrets first, then reds, then yellows, with guardrails. Paste it into Claude Code and the repo fixes itself.

  • Ranks your whole portfolio

    Point it at a folder of repos and get a manager's view: every project ranked worst-first, so you see exactly where the technical debt and the leaking secrets are.

The dashboard

A self-contained HTML report, no server required.

Every scan can also write a standalone dashboard and a machine-readable JSON. Here is the same acme-widget-api result, rendered as per-dimension scores.

Tests0
Security / Secrets0
Documentation10
Dependencies25
CI / Automation0
Git Hygiene20
Build / Lint Config35

Who it's for

Built for the people who inherit other people's code.

  • Solo devs & indie hackers

    Before you ship a side project or buy a repo, get an honest grade and a punch list you can clear in an afternoon with Claude.

  • Agencies & consultants

    Audit a client codebase in seconds. Hand them a dashboard with a grade and a fix plan: billable, repeatable, and it looks sharp.

  • Engineering managers

    Portfolio mode ranks every repo worst-first. See which projects leak secrets, ship no tests, or have no CI, without opening a single file.

  • Anyone wiring CI gates

    Exit code 2 on a red repo. Drop reporadar scan . into a pipeline and fail the build before the debt lands on main.

Pricing

Free to scan. Pay once for the fix.

No subscription. No account. The grade is always free. The toolkit that fixes the repo is a one-time purchase.

Free

$0

The honest answer, forever.

  • Live terminal scan of any repo
  • The A to F grade + per-dimension breakdown
  • Static-only, safe on untrusted code
  • HTML dashboard & JSON export
  • Claude fix-plan generator
  • Portfolio mode
Clone & scan on GitHub

Team / Agency

$149

One-time. Up to 10 seats.

  • Everything in Pro
  • Commercial license for client work
  • White-label reports with your own name
  • Up to 10 developer seats
  • Priority support
Get Team / Agency

For consultants and teams · 14-day refund

FAQ

Questions, answered.

Is it safe to run on code I don't trust?

Yes. RepoRadar is static-only by default. It reads config and files but never executes your build, install, or test scripts. There is no arbitrary code path. That is the whole point.

Do I need to install anything?

Just Node 18 or newer. RepoRadar has zero npm dependencies; it runs straight from source on Node built-ins. No npm install, no lockfile, no supply chain.

What exactly is the "Claude fix plan"?

A Markdown file you generate with --claude FIXES.md. It lists every finding as a prioritized, agent-ready task (P0 secrets first) with guardrails like "never commit secrets" and "commit at each checkpoint." Paste it into Claude Code and the repo remediates itself.

How accurate is the secret detection?

It is high-signal pattern matching for AWS keys, private key blocks, OpenAI/Anthropic/GitHub/Google/Slack tokens, hardcoded credentials, and committed .env files. It is a fast first line of defense, not a replacement for a dedicated scanner like gitleaks, and we say so plainly.

What does the grade actually measure?

A weighted average of seven dimensions: Tests (20), Security/Secrets (18), Documentation (15), Dependencies (15), CI/Automation (12), Git Hygiene (10), Build/Lint Config (10). Because it is static, "Tests" measures whether tests exist, not whether they pass.

Is it really a one-time purchase?

Yes. Pay $39 once, get the full toolkit and every v0.x update. No subscription, no per-scan fee, no account. The free terminal scan stays free for everyone.

Stop guessing

Know your repo's grade in ten seconds.

Then let Claude clear the fix plan. Diagnosis to remediation, one move.

One-time payment · instant download · 14-day money-back guarantee