Multi-agent AI-powered CLI tool for code generation, analysis, and refactoring
npm install @tomtarpey/codegen-clibash
npm install -g @tomtarpey/codegen-cli
`
$3
`bash
npm install @tomtarpey/codegen-cli
`
$3
`bash
git clone https://github.com/decagondev/codegen-cli.git
cd codegen-cli
npm install
npm link
`
Quick Start
$3
`bash
Using environment variable (recommended)
export OPENAI_API_KEY=sk-your-api-key
Or create a .env file
echo "OPENAI_API_KEY=sk-your-api-key" > .env
`
$3
`bash
Create a new Express API
codegen build create an express api with user authentication in the src folder
Add features to existing code
codegen build add a /health endpoint to src/app.js
Quick build (skip review and tests)
codegen build --quick add input validation to the signup form
`
$3
`bash
Review code and output to terminal
codegen review src/
Save review to markdown file
codegen review src/ --output code-review.md
Focus on specific areas
codegen review src/ --focus security,performance
`
Commands
$3
Generate or modify code using AI agents.
`bash
codegen build
Options:
--provider LLM provider (openai|openrouter|groq)
--model Model to use
--context Additional context directory
--quick Skip review and test steps
--dry-run Preview plan without executing
`
Examples:
`bash
Create new project
codegen build create a react component for a todo list with typescript
Modify existing code
codegen build add error handling to the api routes in src/routes/
With specific provider
codegen build --provider groq create a CLI calculator app
`
$3
Run security analysis on your codebase with optional deep CVE and Exploit-DB scanning.
`bash
codegen security [path]
Options:
--deep Enable deep CVE and Exploit-DB vulnerability scanning
--cve-api-key NVD API key for higher rate limits
--vuln-type Scan for specific vulnerability type (sql_injection, xss, etc.)
--research-cve Research a specific CVE and check if codebase is affected
--provider LLM provider
-o, --output Write report to markdown file
`
Examples:
`bash
Standard security scan
codegen security
codegen security ./src
Deep scan with CVE and Exploit-DB lookups
codegen security ./src --deep
Scan for specific vulnerability type
codegen security ./src --vuln-type sql_injection
Research a specific CVE
codegen security ./src --research-cve CVE-2021-44228
Save detailed report to file
codegen security ./src --deep -o vulnerability-report.md
`
$3
Analyze and migrate legacy codebases using RAG-powered multi-language support.
`bash
codegen brownfield
Commands:
ingest Ingest a codebase for analysis
query Query the ingested codebase
analyze Run analysis (overview, patterns, dependencies, impact)
migrate Generate migration plan for a feature
status Show ingestion status
clear Clear ingested data
Options:
--languages Languages to include (default: all)
--exclude Directories to exclude
--to Target language for migration
--type Analysis type (overview, patterns, dependencies, impact, business-logic)
-o, --output Write output to file
`
Supported Languages:
- JavaScript/TypeScript
- Python
- COBOL
- Fortran
- Java
Examples:
`bash
Ingest a legacy codebase
codegen brownfield ingest ./legacy-app --languages cobol,fortran
Query the codebase
codegen brownfield query "How does the interest calculation work?"
Analyze patterns
codegen brownfield analyze --type patterns
Generate migration plan
codegen brownfield migrate "payment processing" --to typescript
Check ingestion status
codegen brownfield status
Clear ingested data
codegen brownfield clear --all
`
$3
Analyze code and suggest refactoring improvements.
`bash
codegen refactor [path]
Options:
--provider LLM provider
`
Examples:
`bash
codegen refactor ./src/legacy.js
codegen refactor ./src --provider groq
`
$3
Review code quality with AI. Supports all programming languages including JavaScript, Python, Java, Go, Rust, C++, and more.
`bash
codegen review [path]
Options:
--focus Focus areas (security,performance,readability)
--provider LLM provider
-o, --output Write review to markdown file
`
Examples:
`bash
Review and print to terminal
codegen review ./src
Save to file
codegen review ./src -o review.md
Focus on specific areas
codegen review ./src --focus security,performance -o security-review.md
`
$3
Run evaluations and benchmarks.
`bash
codegen eval
Options:
--benchmark Specific benchmark to run
--output Output file for results
--provider LLM provider
`
$3
Manage CLI configuration.
`bash
codegen config # Show current config
codegen config get # Get specific value
codegen config set # Set value
codegen config reset # Reset to defaults
codegen config path # Show config file path
`
$3
Pull request operations and Git analysis.
`bash
codegen pr
Commands:
review Review a GitHub pull request
diff [branch] Review local diff against a branch
create Generate a PR description from current changes
changelog [to] Generate changelog between refs
analyze Analyze repository for hotspots and patterns
`
Examples:
`bash
Review a GitHub PR (requires GITHUB_TOKEN)
codegen pr review 42 --repo owner/repo
Review local changes against main
codegen pr diff main
Review only staged changes
codegen pr diff --staged
Generate PR description
codegen pr create --base main -o pr-description.md
Generate changelog
codegen pr changelog v1.0.0 v2.0.0 -o CHANGELOG.md
Analyze repository patterns
codegen pr analyze --commits 100
`
$3
Generate and manage documentation.
`bash
codegen docs
Commands:
readme [path] Generate or update README.md
api [path] Generate API documentation
coverage [path] Analyze JSDoc documentation coverage
changelog [to] Generate CHANGELOG from git commits
comments Generate inline documentation comments
lint [path] Lint markdown documentation
toc Generate table of contents
`
Examples:
`bash
Generate README
codegen docs readme -o README.md
Generate API docs
codegen docs api src/ -o docs/api.md
Check documentation coverage
codegen docs coverage src/
Add JSDoc comments to a file
codegen docs comments src/utils.js
Lint markdown files
codegen docs lint docs/
Generate table of contents
codegen docs toc README.md
`
Configuration
$3
Create a .env file in your project root:
`bash
Required: At least one provider API key
OPENAI_API_KEY=sk-your-openai-key
OPENROUTER_API_KEY=sk-or-your-openrouter-key
GROQ_API_KEY=gsk_your-groq-key
Optional: Research tools
TAVILY_API_KEY=tvly-your-tavily-key
Optional: Deep vulnerability scanning (increases NVD API rate limits)
NVD_API_KEY=your-nvd-api-key
Optional: Defaults
DEFAULT_PROVIDER=openai
DEFAULT_MODEL=gpt-4o
`
$3
Create ~/.codegen/config.yaml for persistent configuration:
`yaml
provider: openai
model: gpt-4o
providers:
openai:
apiKey: ${OPENAI_API_KEY}
openrouter:
apiKey: ${OPENROUTER_API_KEY}
groq:
apiKey: ${GROQ_API_KEY}
agents:
maxIterations: 10
temperature: 0.7
memory:
vectorDimensions: 1536
chunkSize: 1000
`
Supported Providers
| Provider | Models | Tool Calling | Streaming | Embeddings |
|----------|--------|--------------|-----------|------------|
| OpenAI | GPT-4o, GPT-4-turbo, GPT-3.5-turbo | Yes | Yes | Yes |
| OpenRouter | Claude, Llama, Mixtral, Gemini | Yes | Yes | No |
| Groq | Llama 3, Mixtral, Gemma | Yes | Yes | No |
Architecture
CodeGen CLI uses a hierarchical multi-agent architecture:
`mermaid
graph TB
subgraph CLI["CLI Layer"]
Commands[Commands]
REPL[Interactive REPL]
end
subgraph Supervisors["Supervisors"]
BuildSup[Build Supervisor]
SecSup[Security Supervisor]
RefSup[Refactor Supervisor]
end
subgraph Teams["Team Managers"]
BuildTeam[Build Team]
SecTeam[Security Team]
RefTeam[Refactor Team]
ReviewTeam[Review Team]
BrownTeam[Brownfield Team]
end
subgraph BuildAgents["Build Agents"]
Planner[Planner]
Coder[Coder]
Reviewer[Reviewer]
Tester[Tester]
TestAnalyst[Test Analyst]
end
subgraph SecAgents["Security Agents"]
VulnScan[Vulnerability Scanner]
SecretDet[Secret Detector]
DepAudit[Dependency Auditor]
DeepVuln[Deep Vulnerability Agent]
end
subgraph RefAgents["Refactor Agents"]
CodeSmell[Code Smell Detector]
Refactorer[Refactorer]
Optimizer[Optimizer]
end
subgraph ReviewAgents["Review Agents"]
PRReview[PR Reviewer]
GitAnalyst[Git Analyst]
DocAgent[Documentation Agent]
end
subgraph BrownAgents["Brownfield Agents"]
IngestionAgent[Ingestion Agent]
RetrievalAgent[Retrieval Agent]
AnalysisAgent[Analysis Agent]
MigrationAgent[Migration Agent]
end
subgraph Tools["Tools"]
FileTools[File: read write edit]
SearchTools[Search: grep glob semantic]
CodeTools[Code: AST lint]
ShellTool[Shell]
ResearchTool[Research: Tavily]
GitTools[Git: status diff log blame]
GitHubTools[GitHub: PR review comments]
DocsTools[Docs: JSDoc markdown diagram]
TestTools[Test: runner coverage]
SecTools[Security: CVE ExploitDB]
BrownTools[Brownfield: Chunking Metadata]
end
subgraph Providers["LLM Providers"]
OpenAI[OpenAI]
OpenRouter[OpenRouter]
Groq[Groq]
end
subgraph Memory["Memory System"]
SQLite[(SQLite)]
VectorStore[(Vector Store)]
RAG[RAG Pipeline]
end
CLI --> Supervisors
CLI --> ReviewTeam
CLI --> BrownTeam
BuildSup --> BuildTeam
SecSup --> SecTeam
RefSup --> RefTeam
BuildTeam --> BuildAgents
SecTeam --> SecAgents
RefTeam --> RefAgents
ReviewTeam --> ReviewAgents
BrownTeam --> BrownAgents
BuildAgents --> Tools
SecAgents --> Tools
RefAgents --> Tools
ReviewAgents --> Tools
BrownAgents --> Tools
BuildAgents --> Providers
SecAgents --> Providers
RefAgents --> Providers
ReviewAgents --> Providers
BrownAgents --> Providers
Tools --> Memory
`
$3
- Build Team: Planner → Coder → Reviewer → Tester, TestAnalyst
- Security Team: VulnerabilityScanner, SecretDetector, DependencyAuditor, DeepVulnerabilityAgent
- Refactor Team: CodeSmellDetector, Refactorer, Optimizer
- Review Team: PRReviewer, GitAnalyst, DocumentationAgent
- Brownfield Team: IngestionAgent, RetrievalAgent, AnalysisAgent, MigrationAgent
$3
| Tool | Description |
|------|-------------|
| file_read | Read file contents (any language) |
| file_write | Create or overwrite files |
| file_edit | Edit existing files |
| grep | Search for patterns in files |
| glob | Find files by pattern |
| shell | Execute shell commands (npm, git, mkdir, etc.) |
| ast | Parse and analyze code AST |
| lint | Run ESLint on code |
| semantic_search | Vector similarity search |
| tavily | Web search for research |
| git | Git operations (status, diff, log, branch, commit, blame) |
| github | GitHub API (PR list, get, diff, comments, review) |
| jsdoc | Extract and generate JSDoc documentation |
| markdown | Parse, lint, and generate markdown |
| diagram | Generate and validate Mermaid diagrams |
| test_runner | Execute tests and get coverage reports |
| cve | Search and lookup CVE vulnerability database (NVD) |
| exploitdb | Search Exploit-DB for known exploits |
| chunking | Language-aware code chunking for RAG |
| metadata_extract | Extract code metadata (imports, exports, functions, classes) |
Interactive Mode (REPL)
Start the interactive REPL:
`bash
codegen
CodeGen CLI v1.6.0
Type a task or use /commands
codegen> create a hello world express app
codegen> /review src/
codegen> /security
codegen> /pr review 42
codegen> /docs readme
codegen> /ingest ./legacy-app
codegen> /ask How does the payment system work?
codegen> /analyze overview
codegen> /migrate payment processing --to typescript
codegen> /status
codegen> /history
codegen> /help
codegen> /exit
`
Development
`bash
Clone the repo
git clone https://github.com/decagondev/codegen-cli.git
cd codegen-cli
Install dependencies
npm install
Run in development mode (with file watching)
npm run dev
Run tests (450+ unit tests)
npm test
Run tests with coverage
npm run test:coverage
Run tests in watch mode
npm run test:watch
Lint code
npm run lint
Format code
npm run format
`
$3
The project includes a comprehensive test suite (450+ tests) covering:
- Error classes - Custom error types (ToolError, AgentError, etc.)
- Base classes - BaseTool, BaseProvider validation and schema generation
- Tool registry - Factory functions and tool management
- Agent registry - Agent/Team/Supervisor registration and execution
- Memory - Text chunking (chunkText, chunkByLines, chunkCode), LanguageChunker
- File tools - FileReadTool with real filesystem tests
- Security tools - CVETool and ExploitDBTool validation and caching
- Brownfield agents - IngestionAgent, RetrievalAgent, AnalysisAgent, MigrationAgent
- Brownfield tools - ChunkingTool, MetadataExtractionTool
- Integration tests - End-to-end brownfield workflow tests
Project Structure
`
codegen-cli/
├── src/
│ ├── index.js # Entry point
│ ├── cli/ # CLI commands and REPL
│ │ ├── commands/ # Individual commands (build, review, pr, docs, etc.)
│ │ ├── index.js # Commander setup
│ │ └── repl.js # Interactive mode
│ ├── agents/ # AI agents
│ │ ├── base/ # Base classes (BaseAgent, BaseTeamManager)
│ │ ├── build/ # Build team (Planner, Coder, Reviewer, Tester, TestAnalyst)
│ │ ├── security/ # Security team (VulnScan, SecretDetect, DepAudit)
│ │ ├── refactor/ # Refactor team (CodeSmell, Refactorer, Optimizer)
│ │ ├── review/ # Review team (PRReviewer, GitAnalyst)
│ │ ├── brownfield/ # Brownfield team (Ingestion, Retrieval, Analysis, Migration)
│ │ ├── docs/ # Documentation agent
│ │ └── supervisors/ # Supervisor agents
│ ├── providers/ # LLM provider implementations
│ ├── tools/ # Agent tools
│ │ ├── file/ # File operations (read, write, edit)
│ │ ├── search/ # Search tools (grep, glob, semantic)
│ │ ├── code/ # Code tools (AST, lint)
│ │ ├── shell/ # Shell command execution
│ │ ├── git/ # Git and GitHub tools
│ │ ├── docs/ # Documentation tools (JSDoc, Markdown, Diagram)
│ │ ├── test/ # Test runner tool
│ │ ├── security/ # Security tools (CVE, Exploit-DB)
│ │ └── brownfield/ # Brownfield tools (Chunking, Metadata)
│ ├── memory/ # SQLite + Vector store
│ ├── evals/ # Evaluation framework
│ └── utils/ # Utilities
├── tests/ # Test files
├── docs/ # Documentation
├── package.json
└── README.md
`
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
1. Fork the repository
2. Create your feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add amazing feature')
4. Push to the branch (git push origin feature/amazing-feature`)