RepoPilotAPI · alpha

RepoPilot API

One endpoint. Pass a GitHub URL, get a structured onboarding artifact (verdict + CLAUDE.md + .cursor/rules). Designed for agents that need to make sense of unfamiliar codebases on the fly.

Quick start

curl
curl -s "https://repopilot.app/api/v1/onboard?repo_url=https://github.com/sindresorhus/slugify"

Endpoint

GET/api/v1/onboard

repo_url Required. A GitHub URL like https://github.com/owner/repo.

Response

json
{
  "version": 1,
  "repo": {
    "fullName": "vercel/next.js",
    "url": "https://github.com/vercel/next.js",
    "description": "The React Framework",
    "defaultBranch": "main",
    "license": "MIT",
    "stars": 128430,
    "forks": 27801,
    "pushedAt": "2026-05-02T18:30:00Z"
  },
  "verdict": {
    "label": "GO",
    "headline": "Production-ready, actively maintained",
    "receipts": [
      "Last commit 1d ago",
      "30+ active contributors",
      "MIT licensed",
      "CI configured",
      "Tests present",
      "Distributed ownership (top contributor 22%)"
    ],
    "watchouts": [],
    "computedFrom": "Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests"
  },
  "artifact": {
    "markdown": "# Onboarding: vercel/next.js\n\n> Generated by ...",
    "cursorRules": "---\ndescription: Onboarding context for ..."
  },
  "generatedAt": "2026-05-03T09:30:00.000Z",
  "fromCache": true
}

The artifact markdown is suitable for CLAUDE.md at the root of a repo — Claude Code reads it on every prompt. The cursorRules field is MDC-formatted with alwaysApply: true; save it as .cursor/rules/onboarding.mdc and Cursor uses it on every prompt in that repo.

Verdict labels

GOHealthy across maintenance signals. Safe to depend on; safe to onboard onto.

WAITMixed signals. Read the watchouts before committing — usually means slowing activity, single-maintainer risk, or a copyleft license.

AVOIDStale + solo, or stale + unlicensed. High risk to depend on.

Verdicts are computed deterministically from maintenance signals only. They are not security audits — pair with GitHub Advisory or deps.dev for CVE data.

Rate limits & quota

6 requests/minute per IP (rate limit, returns 429 when exceeded).
Cached responses are free — they bypass the quota gate. fromCache: true in the response.
Uncached: 5/day anonymous (by IP), 10/day signed in via GitHub OAuth on the website.

Use it from Claude Code

bash
# Drop a CLAUDE.md into any repo you're working with:
curl -s "https://repopilot.app/api/v1/onboard?repo_url=$(git remote get-url origin)" \
  | jq -r '.artifact.markdown' > CLAUDE.md

Use it from Cursor

bash
mkdir -p .cursor/rules
curl -s "https://repopilot.app/api/v1/onboard?repo_url=$(git remote get-url origin)" \
  | jq -r '.artifact.cursorRules' > .cursor/rules/onboarding.mdc

Errors

Status	Type	Meaning
400	INVALID_URL	Missing or malformed `repo_url`.
402	QUOTA_EXCEEDED	Free quota exhausted; sign in for more.
404	PRIVATE_REPO	Repo not found or private.
429	RATE_LIMITED	Too many requests. Retry after the `retryAfter` seconds.
500	INTERNAL	Pipeline failure. Inspect `retryable` in the body.

Roadmap

API keys + per-key quota dashboards
MCP server (so Claude Code can use this as a native tool)
Webhook for repo-change-triggered regeneration
Real CVE data and dep-tree weight in verdicts

Feedback or want a key bumped? Email hello@repopilot.app.