Detective: A Digital Forensics CLI Built with GitHub Copilot CLI

What I Built

I built Detective, a forensic code investigation CLI tool that analyzes software projects the way a detective examines a crime scene.

Instead of only reporting raw metrics, Detective focuses on evidence → inference → reporting. It scans a codebase and its git history, collects concrete signals (file sizes, commit patterns, code markers like TODO/FIXME/HACK), and then translates those signals into meaningful findings such as technical debt indicators, bus-factor risk, and development activity patterns.

The output is a narrative forensic report designed for:

code audits

post-mortems

early-stage project reviews

understanding unfamiliar repositories quickly

The tool is cross-platform (Windows-first), stateless, and produces plain-text reports suitable for terminals, CI logs, or documentation.

This project was built solo by me (@geoffkats).

Demo

Repository:
👉 https://github.com/geoffkats/detective-cli.git

Example command:

detective open . --verbose

Sample output (excerpt):

◼ FINDINGS

[ MEDIUM ] Large File Detected
File exceeds 1MB, may impact repository performance.
Evidence:
- bin/detective.exe: 10,104,320 bytes

[ LOW ] Single Contributor
Project has only one contributor, indicating potential bus factor risk.
Evidence:
- Contributors: 1

The report also includes:

Investigator Notes with human-style reasoning

Overall project health score

Report integrity hash (SHA-256)

Screenshots of the full terminal output are included above to show the tool in action.

My Experience with GitHub Copilot CLI

GitHub Copilot CLI was used throughout the entire development process, directly from the terminal.

I used Copilot CLI to:

Design the overall architecture (evidence collection → inference → reporting)

Generate and refine Go code for file scanning, git analysis, and report formatting

Iterate quickly on CLI UX, flags, and output structure

Refactor logic into clean internal modules without breaking behavior

Instead of switching to a browser or IDE chat, I could stay in the terminal and ask Copilot things like:

“Generate Go code to scan a directory and collect file metrics”

“Refactor this logic to separate evidence collection from inference”

“Suggest a professional CLI output style for a forensic tool”

Copilot CLI felt like a pair programmer inside the command line, which made it especially effective for building a terminal-first tool. It helped me move faster while still keeping the reasoning and design intentional, not autogenerated.