Paste a public GitHub repo URL. We’ll detect every AI provider, model, framework, and anti-pattern — and tell you what it would cost to run in production.
Any public GitHub repository — owner/name or a full URL. Monorepos, private mirrors, forks all welcome.
The scanner reads source code, lockfiles, env files, CI config, and the GitHub API to build a complete picture.
27 graded categories — costs, architecture, security, production readiness, deprecation risk, and more.
Each audit lands in a sub-page (one per dimension). Open the overview and drill into Costs, Optimization, Security, RAG, Per-Request, Production, Team — 25 graded views with repo-specific narrative.
Providers, models, frameworks, agent loops, vector stores, embeddings, observability — stack composition end-to-end.
Per-model pricing, per-request token floor, system-prompt overhead, tool-definition cost, agent-loop multipliers.
30+ anti-patterns: missing prompt caching, no rate limiting, no fallback model, unbounded loops, wrong model tier.
Guardrails, content filtering, rate limiting, error handling, OWASP LLM Top 10 coverage, exposed API keys.
Vector stores, embedding models, retrievers, rerankers, chunking strategy, and overall retrieval cost.
CI maturity, releases, Docker / Kubernetes setup, README quality, contributor velocity, deployment cadence.
The audit scans the repository's source code, lockfiles, environment files, and CI configuration to detect AI providers (OpenAI, Anthropic, Google, Bedrock, etc.), specific models in use, framework choice (LangChain, LlamaIndex, Vercel AI, CrewAI, etc.), vector stores, embedding models, agent loops, guardrails, observability tooling, and ~30 well-known anti-patterns (missing prompt caching, no rate limiting, no fallback model, unbounded loops, etc.).
The repository must be public. We don't store source code or secrets — we read public files via the GitHub API, compute an analysis, and persist only the derived metrics (providers, models, scores, optimization opportunities). The audit URL is shareable and indexable so others can see the analysis too.
Cost estimates are derived from detected call sites and the per-million-token pricing of each model in use, applied to a typical request shape (system prompt + tools + agent multiplier). Without production usage telemetry the absolute numbers are directional; the relative cost between models and the savings opportunities are typically within ±15% of measured spend.
There's no difference — the free audit page is a thin entry point that runs the same analysis pipeline. Submitting a repo here routes you to /audit/{owner}/{repo}, the persistent audit URL that you can share or come back to. Repeated visits use the cached analysis.
Yes. The scanner walks the entire tree and aggregates findings across every package or subdirectory. The resulting audit shows file-level call sites so you can attribute usage to specific apps in the monorepo.
No signup, no API key. The free audit is fully public and runs on a public GitHub URL. If you want to track audits over time, integrate observability, or rerun on a schedule, sign in — but it's not required to get an analysis.
Want something deeper? Generate a custom AI cost report or run the API key exposure scanner. Browse live audits or compare LangChain stacks across the ecosystem.
