Audit a codebase
A repeatable, end-to-end health assessment of any repository — from first index to prioritized findings.
The PR review loop
Catch what a change introduced — named defects, new cycles with witness edges, and a pass/fail verdict for CI.
Security analysis
Secrets, insecure patterns, weak crypto, taint tracking from HTTP routes to dangerous sinks, and offline dependency auditing.
Dead code & mechanical fixes
Find unused exports, unreachable files, and phantom dependencies — then let ovecc apply the safe fixes itself.
Drift & trends
Is the codebase getting worse? Compare snapshots, trend any metric over time, and catch erosion before it compounds.
Explore the graph
Query dependencies, trace blast radius, explain any element, and render an interactive offline dependency-graph viewer.
Governance rules
Declare architecture boundaries and banned imports in config.toml; ovecc enforces them at index time, in CI, and in reviews.