RepoPilot

Agent rules

Drop one file into your project and your AI agent checks RepoPilot before adding any new dependency. Works with Claude Code, Cursor, Windsurf, or any agent that reads rules files.

Claude Code

Save as CLAUDE.md in your project root (or append to an existing one).

markdown
CLAUDE.md
# Dependency health check

Before adding a new dependency (npm install, pip install, cargo add, go get,
gem install, or any package manager), check its maintenance health:

```bash
curl -s "https://repopilot.app/api/v1/onboard?repo_url=https://github.com/OWNER/REPO"
```

Read the verdict field in the response:
- GO (Healthy): safe to proceed.
- WAIT (Mixed): flag the watchouts to the user before proceeding.
  Quote the specific watchouts from the response.
- AVOID (Concerns): warn the user and suggest alternatives.
  Do not add the dependency without explicit user confirmation.

If the API returns a 404 or the repo is not on GitHub, skip the check
and note that the dependency was not verified.

This check is free for cached repos (most popular packages are cached).
Do not check dependencies that are already in the project.

Or run: curl -s https://repopilot.app/rules/claude.md >> CLAUDE.md

Cursor

Save as .cursor/rules/repopilot.mdc

markdown
.cursor/rules/repopilot.mdc
---
description: Check RepoPilot before adding new dependencies
alwaysApply: true
---

# Dependency health check

Before adding a new dependency (npm install, pip install, cargo add, go get,
gem install, or any package manager), check its maintenance health:

```bash
curl -s "https://repopilot.app/api/v1/onboard?repo_url=https://github.com/OWNER/REPO"
```

Read the verdict field in the response:
- GO (Healthy): safe to proceed.
- WAIT (Mixed): flag the watchouts to the user before proceeding.
  Quote the specific watchouts from the response.
- AVOID (Concerns): warn the user and suggest alternatives.
  Do not add the dependency without explicit user confirmation.

If the API returns a 404 or the repo is not on GitHub, skip the check
and note that the dependency was not verified.

This check is free for cached repos (most popular packages are cached).
Do not check dependencies that are already in the project.

Or run: mkdir -p .cursor/rules && curl -s https://repopilot.app/rules/cursor.mdc > .cursor/rules/repopilot.mdc

How it works

  1. Your agent reads the rules file on every prompt.
  2. When it's about to npm install foo, it checks repopilot.app/api/v1/onboard first.
  3. Healthy? Proceeds. Mixed? Flags the watchouts. Concerns? Warns you and asks before adding it.

Most popular packages are already cached, so the check is instant and free. Uncached repos count against your daily quota (5 anonymous, 10 signed in).