I ran my AI codebase triage tool on itself — here's what it found

EJ Wisner — Mon, 06 Apr 2026 20:28:29 +0000

I built Ghost Architect™ Open — a free, local AI tool that triages codebases and scores findings by severity. To test it properly, I ran it on its own source code.

It found a Critical bug.

The finding

The redaction engine — the module that strips API keys and secrets before sending code to Claude — had a pointer offset bug. When replacing a secret pattern, it wasn't advancing the scan position after each replacement. On files with 50+ environment variables, it would stop redacting halfway through.

Users were seeing "Redacted 12 patterns" and assuming their code was safe. Pattern 13 was their database password.

The bug was fixed the same day. That's the point — you can't fix what you can't see.

What Ghost Architect™ Open does

Points at any local directory, ZIP file, or GitHub repo
Triages the code and scores findings: Critical, High, Medium, Low
Runs entirely on your machine — your code never leaves
Uses the Anthropic API with your own key (new accounts get a $5 credit)
Supports PHP, Python, Node.js, Java, Go, React, and more

Free vs Pro

Ghost Open is free. It returns Critical and High findings in TXT and Markdown format.

Ghost Pro adds Medium and Low findings, multipass analysis, project intelligence, and full PDF reports.

Try it

GitHub: https://github.com/EJWisner/ghost-architect-open

Full platform: https://ghostarchitect.dev

DEV Community: EJ Wisner

I ran my AI codebase triage tool on itself — here's what it found

The finding

What Ghost Architect™ Open does

Free vs Pro

Try it