Skip to content

repowise-dev/repowise

v0.2.0 Feature

This release adds 5 notable features for engineering teams evaluating rollout.

Published 1mo Git Forges
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai code-complexity code-health code-intelligence code-quality dead-code
+8 more
developer-tools documentation git-analytics mcp python refactoring static-analysis technical-debt

Affected surfaces

auth rbac rce_ssrf

Summary

AI summary

Broad release touches CLI, REST endpoints, Web UI, and Internal.

Full changelog

[0.2.0] — 2026-04-07

A large overhaul: faster indexing, smarter doc generation, transactional storage,
new analysis capabilities, and a completely revamped web UI that surfaces every
new signal — all without changing the eight MCP tool surface.

Added

Pipeline & ingestion

  • Parallel indexing. AST parsing now runs across all CPU cores via
    ProcessPoolExecutor. Graph construction and git history indexing run
    concurrently with asyncio.gather. Per-file git history fetched through a
    thread executor with a semaphore.
  • RAG-aware doc generation. Pages are generated in topological order; each
    generation prompt now includes summaries of the file's direct dependencies,
    pulled from the vector store of already-generated pages.
  • Atomic three-store coordinator. New AtomicStorageCoordinator buffers
    writes across SQL, the in-memory dependency graph, and the vector store, then
    flushes them as a single transaction. Failure in any store rolls back all three.
  • Dynamic import hint extractors. The dependency graph now captures edges
    that pure AST parsing misses: Django INSTALLED_APPS / ROOT_URLCONF /
    MIDDLEWARE, pytest conftest.py fixture wiring, and Node/TS path aliases
    from tsconfig.json and package.json exports.

Analysis

  • Temporal hotspot decay. New temporal_hotspot_score column on
    git_metadata, computed as Σ exp(-ln2 · age_days / 180) · min(lines/100, 3)
    per commit. Hotspot ranking now uses this score; commits from a year ago
    contribute ~25% as much as commits from today.
  • Percentile ranks via SQL window function. recompute_git_percentiles()
    is now a single PERCENT_RANK() OVER (PARTITION BY repo ORDER BY ...) UPDATE
    instead of an in-Python sort. Faster and correct on large repos.
  • PR blast radius analyzer. New PRBlastRadiusAnalyzer returns direct
    risks, transitive affected files, co-change warnings, recommended reviewers,
    test gaps, and an overall 0–10 risk score. Surfaced via get_risk(changed_files=...)
    and a new web page.
  • Security pattern scanner. Indexing now runs SecurityScanner over each
    file. Findings (eval/exec, weak crypto, raw SQL string construction,
    hardcoded secrets, pickle.loads, etc.) are stored in a new
    security_findings table.
  • Knowledge map. Top owners, "bus factor 1" knowledge silos (>80% single
    owner), and high-centrality "onboarding targets" with thin documentation —
    surfaced in get_overview and the web overview page.

LLM cost tracking

  • New llm_costs table records every LLM call (model, tokens, USD cost).
  • CostTracker aggregates session totals; pricing covers Claude 4.6 family,
    GPT-4.1 family, and Gemini.
  • New repowise costs CLI: --since, --by operation|model|day.
  • Indexing progress bar shows a live Cost: $X.XXXX counter.

MCP tool enhancements (still 8 tools — strictly more capable)

  • get_risk(targets, changed_files=None) — when changed_files is provided,
    returns the full PR blast-radius report (transitive affected, co-change
    warnings, recommended reviewers, test gaps, overall 0–10 score). Per-file
    responses now include test_gap: bool and security_signals: list.
  • get_overview() — now includes a knowledge_map block (top owners, silos,
    onboarding targets).
  • get_dead_code(min_confidence?, include_internals?, include_zombie_packages?)
    sensitivity controls for false positives in framework-heavy code.

REST endpoints (new)

  • GET /api/repos/{id}/costs and /costs/summary — grouped LLM spend.
  • GET /api/repos/{id}/security — security findings, filterable by file/severity.
  • POST /api/repos/{id}/blast-radius — PR impact analysis.
  • GET /api/repos/{id}/knowledge-map — owners / silos / onboarding targets.
  • GET /api/repos/{id}/health/coordinator — three-store drift status.
  • GET /api/repos/{id}/hotspots now returns temporal_hotspot_score and is
    ordered by it.
  • GET /api/repos/{id}/git-metadata now returns test_gap.
  • Job SSE stream now emits actual_cost_usd (running cost since job start).

Web UI (new pages and components)

  • Costs page — daily bar chart, grouped tables by operation/model/day.
  • Blast Radius page — paste files (or click hotspot suggestion chips) to
    see risk gauge, transitive impact, co-change warnings, reviewers, test gaps.
  • Knowledge Map card on the overview dashboard.
  • Trend column on the hotspots table with flame indicator (default sort).
  • Security Panel in the wiki page right sidebar.
  • "No tests" badge on wiki pages with no detected test file.
  • System Health card on the settings page (SQL / Vector / Graph counts +
    drift % + status).
  • Live cost indicator on the generation progress bar.

CLI

  • repowise costs [--since DATE] [--by operation|model|day] — new command.
  • repowise dead-code — new flags --min-confidence, --include-internals,
    --include-zombie-packages, --no-unreachable, --no-unused-exports.
  • repowise doctor — new Check #10 reports coordinator drift across all
    three stores. --repair deletes orphaned vectors and rebuilds missing graph
    nodes from SQL.

Fixed

  • C++ dependency resolution edge cases.
  • Decision extraction timeout on very large histories.
  • Resume / progress bar visibility for oversized files.
  • Coordinator health_check falsely reporting 100% drift on LanceDB / Pg
    vector stores (was returning -1 for the count). Now uses list_page_ids().
  • Coordinator health_check returning null graph node count when no
    in-memory GraphBuilder is supplied. Now falls back to SQL COUNT(*).

Internal

  • Three new Alembic migrations: 0009_llm_costs, 0010_temporal_hotspot_score,
    0011_security_findings.
  • New module: packages/core/.../persistence/coordinator.py
  • New module: packages/core/.../ingestion/dynamic_hints/ (5 files)
  • New module: packages/core/.../analysis/pr_blast.py
  • New module: packages/core/.../analysis/security_scan.py
  • New module: packages/core/.../generation/cost_tracker.py
  • New module: packages/server/.../services/knowledge_map.py

Compatibility

  • Existing repositories must run migrations: repowise doctor will detect
    the missing tables and prompt; alternatively re-run repowise init to
    rebuild from scratch.
  • The eight MCP tool names and signatures are backwards compatible — new
    parameters are all optional.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track repowise-dev/repowise

Get notified when new releases ship.

Sign up free

About repowise-dev/repowise

All releases →

Related context

Related tools

Beta — feedback welcome: [email protected]