Brutally honest AI code reviews. Your code called. It's crying.
Code reviews are polite, diplomatic, and often useless. Your senior dev says "looks good" when it absolutely does not look good. You merge, ship, and regret at 2am when the thing falls over in production.
Your code deserves the truth. ai-code-roast delivers it β five categories, scored 0β10, with receipts.
# Roast a GitHub repo
npx ai-code-roast https://github.com/someone/their-repo
# Roast a local project
npx ai-code-roast ./my-projectSet your API key first:
export ANTHROPIC_API_KEY=your-key-here ββββββββββββββββββββββββββββββββββββββββββββ
β π₯ AI CODE ROAST π₯ β
ββββββββββββββββββββββββββββββββββββββββββββ
Target: some-startup-api
βΈ ARCHITECTURE
Score: [ββββββββββ] 4/10
"You've discovered a new design pattern: the Spaghetti Singleton.
Controllers doing database calls directly β Gordon is weeping."
Evidence: UserController.js:47 β raw SQL in a route handler
βΈ CODE QUALITY
Score: [ββββββββββ] 3/10
"This function has 340 lines and 11 levels of nesting.
It's not a function, it's a feature film."
Evidence: processOrder() in orders.js
βΈ SECURITY
Score: [ββββββββββ] 2/10
"Your API key is hardcoded in config.js and committed to GitHub.
Somewhere, a hacker is sending you a thank-you card."
Evidence: config.js:12 β STRIPE_SECRET_KEY='sk_live_...'
βΈ NAMING
Score: [ββββββββββ] 6/10
"Who is 'x'? What does 'doThing' do? 'temp2' β a sequel nobody asked for."
Evidence: helpers.js β 14 single-letter variables in 80 lines
βΈ TESTS
Score: [ββββββββββ] 0/10
"Zero test files found. You are speed-running technical debt."
Evidence: No test/ or __tests__/ directory anywhere
ββββββββββββββββββββββββββββββββββββββββββββ
OVERALL ROAST GRADE
π₯π₯π₯π₯π₯π₯
ββββββββββββββββββββββββββββββββββββββββββββββββββ
β ROAST GRADE: D+ β
ββββββββββββββββββββββββββββββββββββββββββββββββββ
π₯π₯π₯π₯π₯π₯
ββββββββββββββββββββββββββββββββββββββββββββ
Final Verdict:
"This codebase has the structure of a fever dream and the security
posture of a screen door. It works, which is somehow the most
damning thing I can say. Ship it, just not to production."
- Roasts GitHub repos by URL or local directories
- Five scored categories: Architecture, Code Quality, Security, Naming, Tests
- Evidence-backed verdicts β not vibes, actual file:line citations
- Gordon Ramsay caliber system prompt (perfected over 40+ iterations)
- Reads up to 50 files, 200 lines each β enough signal without blowing context
- Colored output with ASCII score bars
- Works on JS, TS, Python, Go, Rust, PHP, Ruby, and more
- Accepts a GitHub URL or local path
- Clones the repo (if URL) to a temp directory
- Scans for source files across 10+ languages
- Reads up to 50 files, 200 lines each
- Sends to Claude with a Gordon Ramsay-caliber system prompt
- Parses the structured roast response
- Formats and displays with color-coded scores and emoji fire
| Category | What It Judges |
|---|---|
| Architecture | Structure, patterns, separation of concerns, folder organization |
| Code Quality | Readability, DRY violations, complexity, dead code, anti-patterns |
| Security | Hardcoded secrets, injection risks, unvalidated input, CORS misconfig |
| Naming | Variables, functions, files β self-documenting or a cry for help? |
| Tests | Coverage, quality, edge cases β or the glorious absence thereof |
| Score | Meaning |
|---|---|
| 9β10 | Gordon himself would approve. Genuinely rare. |
| 7β8 | Decent. Could be worse. Faint praise is still praise. |
| 5β6 | Edible but not enjoyable. Steak cooked medium-well. |
| 3β4 | Concerning. Technical debt with interest accumulating daily. |
| 1β2 | A disaster. No offense to the junior who wrote this. |
| 0 | You've made coding history, and not in a good way. |
- Node.js 18+
ANTHROPIC_API_KEYenvironment variable (get one here)
- pr-poet β PR descriptions that are actually good. Also: haikus.
- readme-surgeon β README feedback and surgical fixes
- blame-ai β
git blame, but make it AI's fault
MIT β NickCirv