This is a submission for the GitHub Copilot CLI Challenge
What I Built
Copilot Autopsy is a terminal-first forensic analysis tool that performs deep "autopsies" of any GitHub repository using GitHub Copilot CLI as the AI reasoning engine.
๐ก Unlike traditional linters that just list problems, Copilot Autopsy explains WHY issues existโpowered entirely by GitHub Copilot CLI.
โจ The Problem It Solves
Developers run linters and get a list like:
โ "Function too long" โ But WHY?
โ "Possible SQL injection" โ But HOW do I fix it?
โ "Missing tests" โ But WHICH functions first?
Copilot Autopsy fixes this with AI-powered context:
โ
Explains the ROOT CAUSE of each issue
โ
Provides CONTEXT-AWARE fixes with code examples
โ
Prioritizes findings by SEVERITY and IMPACT
โ
Generates a beautiful AUTOPSY.md report
๐๏ธ Architecture
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ COPILOT AUTOPSY CLI โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโ โ
โ โ Scanner โโโโถโ Analyzer โโโโถโAggregatorโโโโถโ Reporter โ โ
โ โ Module โ โ Module โ โ Module โ โ Module โ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโ โ
โ โ โ โ โ
โ โผ โผ โผ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโ โ
โ โ Detect โ โ GitHub โ โ AUTOPSY โ โ
โ โ Language โ โ Copilot โ โ .md โ โ
โ โFramework โ โ CLI โญ โ โ Report โ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโ โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ Project Structure
copilot-autopsy/
โโโ ๐ bin/
โ โโโ copilot-autopsy.js # CLI entry point
โโโ ๐ src/
โ โโโ cli.js # Commander.js setup
โ โโโ index.js # Main orchestrator
โ โโโ ๐ ui/ # Terminal UI components
โ โ โโโ banner.js # ASCII art banner
โ โ โโโ progress.js # Progress bars & summary
โ โโโ ๐ scanner/ # Project detection
โ โ โโโ index.js # Scanner orchestrator
โ โ โโโ ๐ detectors/
โ โ โ โโโ language.js # Language detection
โ โ โ โโโ framework.js # Framework detection
โ โ โ โโโ tooling.js # Tooling detection
โ โ โโโ ๐ collectors/
โ โ โโโ files.js # Smart file prioritization
โ โ โโโ dependencies.js # Dependency parser
โ โโโ ๐ analyzer/ # ๐ AI analysis engine
โ โ โโโ index.js # Analyzer orchestrator
โ โ โโโ copilot.js # GitHub Copilot CLI wrapper
โ โ โโโ ๐ prompts/
โ โ โ โโโ templates.js # 6 specialized prompts
โ โ โโโ ๐ analyzers/
โ โ โโโ quality.js # Code quality analyzer
โ โ โโโ security.js # Security analyzer (CWE)
โ โ โโโ architecture.js # Architecture analyzer
โ โ โโโ testing.js # Test gap analyzer
โ โ โโโ documentation.js# Documentation analyzer
โ โโโ ๐ aggregator/
โ โ โโโ index.js # Deduplication & scoring
โ โโโ ๐ reporter/
โ โโโ index.js # AUTOPSY.md generator
โโโ ๐ package.json
โโโ ๐ README.md
๐ฏ Features
| Feature | Description |
|---|---|
| ๐ Auto-Detection | Detects language, framework, tooling automatically |
| ๐ Code Quality | Finds code smells, SOLID violations, complexity |
| ๐ Security | Vulnerabilities with CWE references |
| ๐๏ธ Architecture | Circular dependencies, coupling issues |
| ๐งช Testing | Missing tests, coverage gaps |
| ๐ Documentation | README and JSDoc analysis |
| ๐ Health Score | 0-100 score with visualization |
| ๐ Report | Beautiful AUTOPSY.md with action items |
| ๐จ Beautiful UI | ASCII art, progress bars, colors |
๐ฌ Demo
Installation
1. Install GitHub CLI
macOS:
brew install gh
Linux (Debian/Ubuntu):
sudo apt install gh
Windows (choose one):
# Option 1: winget
winget install --id GitHub.cli
# Option 2: Chocolatey
choco install gh
# Option 3: Scoop
scoop install gh
# Option 4: Download from https://cli.github.com/
2. Setup Copilot CLI
โ ๏ธ IMPORTANT: GitHub CLI and Copilot CLI are separate. You must install Copilot as an extension!
# Login to GitHub
gh auth login
# Verify login
gh auth status
# Install Copilot CLI extension
gh extension install github/gh-copilot
Windows users: When installing Copilot, you'll see:
? Authenticate Git with your GitHub credentials? (Y/n) y
! First copy your one-time code: XXXX-XXXX
Press Enter to open browser...
โ Authentication complete.
# Verify Copilot works
gh copilot -p "test"
3. Install Copilot Autopsy
# Clone the repository
git clone https://github.com/xdarwin13/copilot-autopsy.git
cd copilot-autopsy
# Install dependencies
npm install
# Install globally
npm install -g .
# Run on any repo!
autopsy
Terminal Output
____ _ _ _ _ _
/ ___|___ _ __ (_) | ___ | |_ / \ _ _| |_ ___ _ __ ___ _ _
| | / _ \| '_ \| | |/ _ \| __| / _ \| | | | __/ _ \| '_ \/ __| | | |
| |__| (_) | |_) | | | (_) | |_ / ___ \ |_| | || (_) | |_) \__ \ |_| |
\____\___/| .__/|_|_|\___/ \__/_/ \_\__,_|\__\___/| .__/|___/\__, |
|_| |_| |___/
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ ๐ฌ Repository Forensics โข Powered by GitHub Copilot CLI โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
๐ PROJECT DETECTION
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Language: TypeScript (78%), JavaScript (22%)
โ Framework: Next.js + React
โ Tooling: ESLint, Prettier, Jest, GitHub Actions
โ Files: 142 total (47 source)
๐ค COPILOT ANALYSIS
Powered by GitHub Copilot CLI
โ ๐ Code Quality: 5 findings
โ ๐ Security: 2 findings
โ ๐๏ธ Architecture: 3 findings
โ ๐งช Testing: 4 findings
โ ๐ Documentation: 2 findings
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ โ
โ ๐ AUTOPSY COMPLETE โ
โ โ
โ Health Score: 72/100 โ
โ โโโโโโโโโโโโโโโโโโโโ 72% โ
โ โ
โ ๐ด Critical: 1 ๐ High: 3 โ
โ ๐ก Medium: 8 ๐ข Low: 4 โ
โ โ
โ Duration: 45.2s โ
โ Copilot CLI calls: 18 โ
โ โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
Sample AUTOPSY.md Report
# ๐ฌ Repository Autopsy Report
## ๐ Executive Summary
| Metric | Value |
|--------|-------|
| **Repository** | `my-project` |
| **Primary Language** | TypeScript |
| **Framework** | Next.js |
| **Health Score** | 72/100 |
### Health Score: 72/100
โโโโโโโโโโโโโโโโโโโโโโ 72%
## ๐ Detailed Findings
### ๐ Security Vulnerabilities
#### SEC-001: SQL Injection Risk
| Property | Value |
|----------|-------|
| **Severity** | ๐ด CRITICAL |
| **Location** | `src/api/users.ts:45` |
**Description:**
User input is directly concatenated into SQL query.
**Why This Matters:**
Attackers can manipulate the query to access or delete data.
**Suggested Fix:**
Use parameterized queries or an ORM.
๐ง CLI Options
| Option | Description | Default |
|---|---|---|
--depth |
quick, standard, deep
|
standard |
--focus |
security, quality, architecture, testing, docs, all
|
all |
--path |
Target repository path | . |
--output |
Output file name | AUTOPSY.md |
--verbose |
Show Copilot CLI calls | false |
--fix |
Include code fix examples | false |
๐ก My Experience with GitHub Copilot CLI
The Core Integration
GitHub Copilot CLI is the brain of this project. Without it, Copilot Autopsy would have zero intelligence.
// src/analyzer/copilot.js - The heart of the tool
class CopilotCLI {
async query(prompt) {
// Send prompt to GitHub Copilot CLI
const result = execSync(
`gh copilot -p ${JSON.stringify(prompt)}`,
{ encoding: 'utf-8', timeout: 120000 }
);
return this.parseResponse(result);
}
}
Prompt Engineering
I designed 6 specialized prompts for different analysis types:
// Quality Analysis Prompt
const QUALITY_PROMPT = `
You are a senior code reviewer performing forensic analysis.
FILE: ${file.path}
\`\`\`${language}
${content}
\`\`\`
Analyze for:
1. Code smells (long methods, deep nesting)
2. SOLID violations
3. DRY violations
4. Complexity issues
For EACH issue, respond:
[QUAL-NNN] SEVERITY | LINE | Description | Why | Fix
`;
The "Why" Analysis - Unique Feature
What makes Copilot Autopsy special is the root cause analysis:
// Root Cause Prompt
const ROOT_CAUSE_PROMPT = `
Explain WHY this code issue exists, not just WHAT it is.
FINDING: ${finding.description}
CODE: ${codeContext}
Explain in 2-3 sentences:
1. The likely reason this was introduced
2. The technical debt it creates
3. The fix priority
`;
This gives developers context instead of just a list of problems.
Orchestration Strategy
I orchestrate 15-20 Copilot CLI calls into one coherent report:
Phase 1 (Parallel): Phase 2: Phase 3: Phase 4:
โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ
โ Quality โ โArchitecture โ โ Root Cause โ โ Report โ
โ Security โโโโโโโโโโถโ Analysis โโโโถโ Analysis โโโโถโ Generation โ
โ Docs โ โ โ โ (critical) โ โ โ
โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ
What I Learned
- Copilot CLI handles complex prompts well - Even 2000+ character prompts work
- Rate limiting is important - Added 1.5s delays between calls
- Response parsing requires creativity - Structured prompts help
-
The
-pflag is powerful - Usegh copilot -p "prompt"for non-interactive mode
๐ Why This Project?
- Linters tell you WHAT, not WHY - Copilot CLI adds context
- Code reviews are time-consuming - Automate the first pass
- Security scanning is often shallow - AI understands intent
- Onboarding is hard - Health Score gives quick overview
๐ฆ Tech Stack
| Component | Technology |
|---|---|
| Runtime | Node.js 18+ |
| CLI Framework | Commander.js |
| Terminal UI | Chalk, Ora, Boxen |
| AI Engine | GitHub Copilot CLI โญ |
| Templating | Handlebars |
๐ Links
๐ Acknowledgments
Built with โค๏ธ for the GitHub Copilot CLI Challenge 2026
Special thanks to the GitHub Copilot team for creating such a powerful CLI tool!
โญ If you found this useful, give it a star on GitHub! โญ
Top comments (0)