code-autopsy
Forensic codebase analysis. Find what's really wrong.
Point code-autopsy at any codebase and get a full diagnostic report — architecture map, tech debt score, complexity heatmap, security risks, and 12 more diagnostics. The output is an interactive HTML report you can share with your team, attach to a PR, or use in a technical review.
Like getting a full-body MRI for your code. It finds what you knew was wrong, what you suspected was wrong, and what you had no idea was wrong.
The Report
Each codebase gets a health score (0–100) broken into four categories, each scored independently:
| Category | What it measures |
|---|
| 🏗️ Architecture | Dependency graph, circular deps, layer violations, module cohesion |
| 🔬 Code Quality | Complexity heatmap, dead code, naming consistency, error handling |
| 🔧 Maintenance | Dependency health, test coverage, documentation, git health |
| ⚠️ Risk | Security surface, performance red flags, scalability bottlenecks, migration difficulty |
What's In the Report
Architecture Map
Visual dependency graph showing module relationships, circular dependencies, and "god modules" that everything imports.
Complexity Heatmap
Every file colored by composite complexity: nesting depth × function length × cyclomatic complexity × parameter count. Red = needs attention. Green = clean.
16 Diagnostics
Each diagnostic produces a score (0–100), concrete evidence, and a specific recommendation. No vague warnings — every finding is backed by file names, line numbers, and counts.
| # | Diagnostic | What it catches |
|---|
| D1 | Dependency Graph | Circular deps, god modules, coupling score |
| D2 | Layer Violations | UI importing data layer, reverse dependencies |
| D3 | Module Cohesion | Directories with unrelated files |
| D4 | Entry Points | Duplicated initialization, spaghetti startup |
| D5 | Complexity | Functions with 12 nesting levels, 200-line methods |
| D6 | Dead Code | Unused exports, unreachable files, stale TODOs |
| D7 | Naming | snake_case in a camelCase codebase |
| D8 | Error Handling | Empty catch blocks, unprotected API endpoints |
| D9 | Dependencies | Deprecated packages, dependency bloat |
| D10 | Test Coverage | Untested controllers, missing integration tests |
| D11 | Documentation | README quality, JSDoc coverage, architecture docs |
| D12 | Git Health | Commit frequency, bus factor, contributor spread |
| D13 | Security | Hardcoded secrets, SQL injection, XSS vectors |
| D14 | Performance | N+1 queries, missing pagination, bundle bloat |
| D15 | Scalability | Missing connection pools, synchronous I/O in async |
| D16 | Migration | Framework coupling, version lock-in, upgrade effort |
Risk Matrix
2×2 grid plotting each risk by likelihood × impact. Instantly shows where the real danger is.
Top 10 Actions
Prioritized by impact ÷ effort — not severity alone. A critical fix that takes 15 minutes ranks above a medium fix that takes a week.
Activity Timeline
Commit frequency chart showing team velocity over the last 6 months.
Install
One-line install (auto-detects your agent)
curl -fsSL https://raw.githubusercontent.com/OneSpiral/code-autopsy/main/install.sh | bash
Claude Code (Marketplace)
/plugin marketplace add OneSpiral/code-autopsy
Manual install
# Claude Code
git clone https://github.com/OneSpiral/code-autopsy.git ~/.claude/skills/code-autopsy
# Codex CLI
git clone https://github.com/OneSpiral/code-autopsy.git ~/.codex/skills/code-autopsy
# Pi
git clone https://github.com/OneSpiral/code-autopsy.git ~/.pi/agent/skills/code-autopsy
# OpenCode
git clone https://github.com/OneSpiral/code-autopsy.git ~/.opencode/skills/code-autopsy
Any other agent
Copy SKILL.md into your agent's skills directory. Single file, no dependencies.
Usage
Full autopsy
> Run a code autopsy on this project
or
