I built Ghost Architect™ Open — a free, local AI tool that triages codebases and scores findings by severity. To test it properly, I ran it on its own source code.
It found a Critical bug.
The finding
The redaction engine — the module that strips API keys and secrets before sending code to Claude — had a pointer offset bug. When replacing a secret pattern, it wasn't advancing the scan position after each replacement. On files with 50+ environment variables, it would stop redacting halfway through.
Users were seeing "Redacted 12 patterns" and assuming their code was safe. Pattern 13 was their database password.
The bug was fixed the same day. That's the point — you can't fix what you can't see.
What Ghost Architect™ Open does
- Points at any local directory, ZIP file, or GitHub repo
- Triages the code and scores findings: Critical, High, Medium, Low
- Runs entirely on your machine — your code never leaves
- Uses the Anthropic API with your own key (new accounts get a $5 credit)
- Supports PHP, Python, Node.js, Java, Go, React, and more
Free vs Pro
Ghost Open is free. It returns Critical and High findings in TXT and Markdown format.
Ghost Pro adds Medium and Low findings, multipass analysis, project intelligence, and full PDF reports.
Try it
GitHub: https://github.com/EJWisner/ghost-architect-open
Full platform: https://ghostarchitect.dev
Top comments (0)