ClarityCode analyzes GitHub repositories to surface code smells, dependency risks, security issues, and architectural hotspots using static analysis and multiple AI models (Groq, OpenAI, Gemini).
- Scans repositories (Quick / Deep) and builds an indexed view of files, dependencies, and code smells.
- Multi-provider AI routing with API key rotation and fallback strategies for resilient completions.
- Billing metering primitives and payment integration scaffolding (PayPal, Razorpay).
- Repository discovery & language detection
- Static code smell detectors (configurable rules)
- AI-assisted issue summaries & remediation suggestions
- Scan history, job workers, and basic billing meters
- Sensitive keys detected in repository — rotate immediately and add secrets to a secure vault.
- Add runtime monitoring, rate limiting for public APIs, hardened job queue (Inngest/Redis/Task queue), and proper webhook verification for payments.
-
Copy
.env.exampleto.env.localand fill required secrets. Do NOT commit secrets. -
Install dependencies and run:
npm ci
npm run devapp/— Next.js App Router pages, API routes, components, and server codelib/— Application services (auth, billing, scanners, GitHub helpers)app/api/— Serverless routes and worker endpointspublic/— Static assetssupabase/— Database migrations and RLS examples
- This repository contains committed environment variables and API keys. Treat this as a secret leak: rotate all exposed keys and remove them from the repo history (use git-filter-repo or BFG).
- Use
.env.localfor development and provider secrets for production.
See CONTRIBUTING.md for contribution guidelines and SECURITY.md for vulnerability reporting.
MIT — see LICENSE for details.
See CHANGELOG.md for release notes and versioning guidance.