{"id":34520180,"url":"https://github.com/clouatre-labs/aptu","last_synced_at":"2026-06-07T01:01:46.511Z","repository":{"id":330528515,"uuid":"1116049833","full_name":"clouatre-labs/aptu","owner":"clouatre-labs","description":"AI-powered GitHub automation: issue triage, PR review, PR labeling, and security scanning -- CLI and GitHub Action","archived":false,"fork":false,"pushed_at":"2026-05-29T16:23:18.000Z","size":6433,"stargazers_count":4,"open_issues_count":6,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-29T17:08:43.705Z","etag":null,"topics":["ai","cli","developer-tools","github-action","github-api","issue-triage","open-source","openrouter","pr-review","rust"],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/clouatre-labs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":"GOVERNANCE.md","roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2025-12-14T04:56:37.000Z","updated_at":"2026-05-29T16:23:33.000Z","dependencies_parsed_at":"2026-03-03T16:05:26.754Z","dependency_job_id":null,"html_url":"https://github.com/clouatre-labs/aptu","commit_stats":null,"previous_names":["clouatre-labs/aptu"],"tags_count":50,"template":false,"template_full_name":null,"purl":"pkg:github/clouatre-labs/aptu","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clouatre-labs%2Faptu","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clouatre-labs%2Faptu/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clouatre-labs%2Faptu/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clouatre-labs%2Faptu/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/clouatre-labs","download_url":"https://codeload.github.com/clouatre-labs/aptu/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clouatre-labs%2Faptu/sbom","scorecard":{"id":1240820,"data":{"date":"2025-12-29T09:18:11Z","repo":{"name":"github.com/clouatre-labs/aptu","commit":"7ba69e62eece12a7d069e5a6e4c1d517f4415120"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":6.4,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"project was created within the last 90 days. Please review its contents carefully","details":["Warn: Repository was created within the last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: RenovateBot: renovate.json:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:18","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:19","Info: jobLevel 'contents' permission set to 'read': .github/workflows/issue-triage.yml:14","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr-triage.yml:16","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:77","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:120","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/require-labels.yml:14","Info: jobLevel 'contents' permission set to 'read': .github/workflows/reuse.yml:18","Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecard.yml:17","Warn: topLevel 'contents' permission set to 'write': .github/workflows/build-and-attest.yml:29","Info: found token with 'none' permissions: .github/workflows/ci.yml:1","Info: found token with 'none' permissions: .github/workflows/codeql.yml:1","Info: found token with 'none' permissions: .github/workflows/issue-triage.yml:1","Info: found token with 'none' permissions: .github/workflows/pr-triage.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:20","Info: found token with 'none' permissions: .github/workflows/require-labels.yml:1","Info: found token with 'none' permissions: .github/workflows/reuse.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/scorecard.yml:10"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":10,"reason":"all dependencies are pinned","details":["Info:  27 out of  27 GitHub-owned GitHubAction dependencies pinned","Info:  24 out of  24 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: RUSTSEC-2023-0071"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (27) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.2.10 not signed: https://api.github.com/repos/clouatre-labs/aptu/releases/273152848","Warn: release artifact v0.2.9 not signed: https://api.github.com/repos/clouatre-labs/aptu/releases/273133169","Warn: release artifact v0.2.8 not signed: https://api.github.com/repos/clouatre-labs/aptu/releases/273011663","Warn: release artifact v0.2.7 not signed: https://api.github.com/repos/clouatre-labs/aptu/releases/272954398","Warn: release artifact v0.2.6 not signed: https://api.github.com/repos/clouatre-labs/aptu/releases/272926444","Warn: release artifact v0.2.10 does not have provenance: https://api.github.com/repos/clouatre-labs/aptu/releases/273152848","Warn: release artifact v0.2.9 does not have provenance: https://api.github.com/repos/clouatre-labs/aptu/releases/273133169","Warn: release artifact v0.2.8 does not have provenance: https://api.github.com/repos/clouatre-labs/aptu/releases/273011663","Warn: release artifact v0.2.7 does not have provenance: https://api.github.com/repos/clouatre-labs/aptu/releases/272954398","Warn: release artifact v0.2.6 does not have provenance: https://api.github.com/repos/clouatre-labs/aptu/releases/272926444"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: RustCargoFuzzer integration found: fuzz/fuzz_targets/parse_toml.rs:6"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:289"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":3,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: branch 'main' does not require approvers","Info: codeowner review is required on branch 'main'","Warn: 'last push approval' is disabled on branch 'main'","Warn: 'up-to-date branches' is disabled on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"Contributors","score":6,"reason":"project has 2 contributing companies or organizations -- score normalized to 6","details":["Info: found contributions from: clouatre-labs, slalom hec montreal"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}},{"name":"CI-Tests","score":10,"reason":"27 out of 27 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}}]},"last_synced_at":"2025-12-29T09:46:18.553Z","repository_id":330528515,"created_at":"2025-12-29T09:46:18.554Z","updated_at":"2025-12-29T09:46:18.554Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34005030,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-06T02:00:07.033Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","cli","developer-tools","github-action","github-api","issue-triage","open-source","openrouter","pr-review","rust"],"created_at":"2025-12-24T04:46:14.040Z","updated_at":"2026-06-07T01:01:44.306Z","avatar_url":"https://github.com/clouatre-labs.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Aptu\n\n[![crates.io](https://img.shields.io/crates/v/aptu-cli.svg?style=flat-square\u0026color=fc8d62\u0026logo=rust)](https://crates.io/crates/aptu-cli) [![docs.rs](https://img.shields.io/badge/docs.rs-aptu--core-66c2a5?style=flat-square\u0026labelColor=555555\u0026logo=docs.rs)](https://docs.rs/aptu-core) [![REUSE](https://img.shields.io/reuse/compliance/github.com/clouatre-labs/aptu?style=flat-square)](https://api.reuse.software/info/github.com/clouatre-labs/aptu) [![SLSA Level 3](https://img.shields.io/badge/SLSA-Level%203-green?style=flat-square)](https://slsa.dev) [![OpenSSF Best Practices](https://img.shields.io/cii/level/11662?style=flat-square)](https://www.bestpractices.dev/projects/11662)\n\n**AI-Powered Triage Utility** - A CLI for OSS issue triage with AI assistance.\n\nAptu is a context-engineering experiment: instead of throwing big models at problems, it crafts tight prompts that let smaller models do the job with fewer tokens and surprising precision.\n\n## Benchmarks\n\nHead-to-head comparison of `aptu+mercury-2` ([Mercury 2](https://openrouter.ai/inception/mercury-2), a small diffusion-based LLM by Inception Labs) vs a raw `claude-opus-4.6` call (no schema, no rubric, no AST context) across 6 fixtures (3 triage, 3 PR review).\n\n| Arm | Quality (mean, /5) | Cost/call | Latency p50 |\n|-----|----------------|-----------|-------------|\n| aptu+mercury-2 | 4.8/5 | $0.0011 | 1,934 ms |\n| raw claude-opus-4.6 | 2.2/5 | $0.0193 | 16,032 ms |\n\n*Measured across aptu #737, #850, #1094 (triage) and #1091, #1098, #1101 (PR review); n=1 per fixture.*\n\naptu+mercury-2 is **17x cheaper** and **8x faster** than a raw `claude-opus-4.6` call, while scoring more than twice as high on the structured rubric.\n\nSee [docs/BENCHMARKS.md](https://github.com/clouatre-labs/aptu/blob/main/docs/BENCHMARKS.md) for full methodology, fixture breakdown, and C1-C5 scores.\n\n## Demo\n\n![Aptu Demo](https://raw.githubusercontent.com/clouatre-labs/aptu/main/assets/demo.gif)\n\n## Features\n\n- **AI Triage** - Summaries, suggested labels, clarifying questions, and contributor guidance\n- **Issue Discovery** - Find good-first-issues from curated repositories\n- **PR Analysis** - AI-powered pull request review and feedback; `aptu pr create --diff \u003cfile\u003e` applies a patch, commits, and opens a PR\n- **Prompt Customization** - Override built-in system prompts per operation or append custom guidance via config\n- **GitHub Action** - Auto-triage incoming issues with labels and comments\n- **Multiple Providers** - Anthropic, Cerebras, Gemini, Groq, OpenRouter (default), Z.AI, and ZenMux\n- **Local History** - Track your contributions offline\n- **Multiple Outputs** - Text, JSON, YAML, Markdown, and SARIF\n- **Claude OAuth** - Authenticate with Anthropic via `~/.claude/credentials.json` (written by the Claude desktop app); no API key required\n- **Dependency Enrichment** - Automatically fetches upstream release notes for dependency bump PRs (Renovate / Dependabot)\n- **Observability** - Per-review context JSONL (`APTU_CONTEXT_FILE`) and token usage metrics (`APTU_METRICS_FILE`) for explainability and budget debugging (see [Observability](docs/GITHUB_ACTION.md#observability) and [Environment Variables](docs/CONFIGURATION.md#environment-variables))\n\n## Installation\n\n```bash\n# Homebrew (macOS/Linux)\nbrew install clouatre-labs/tap/aptu\n\n# Cargo-binstall (fast)\ncargo binstall aptu-cli\n\n# Cargo\ncargo install aptu-cli\n```\n\n\n\n## Quick Start\n\n```bash\naptu auth login            # Authenticate with GitHub\naptu repo list             # List curated repositories\naptu issue list block/goose          # Browse issues\naptu issue triage block/goose#123    # Triage with AI\naptu issue triage block/goose#123 --dry-run  # Preview\naptu history               # View your contributions\n```\n\n## Security Scanning\n\nAptu includes built-in security pattern detection for PR reviews. Scanning is performed locally, and no code is sent to external services.\n\n```bash\naptu pr review owner/repo#123                       # Review with security scanning\naptu scan-security . --output sarif                 # SARIF for GitHub Code Scanning\n```\n\nSee [docs/SECURITY_SCANNING.md](https://github.com/clouatre-labs/aptu/blob/main/docs/SECURITY_SCANNING.md) for SARIF upload and GitHub integration.\n\n## Prompt Customization\n\nAptu's built-in system prompts are compiled into the binary as defaults. You can override them per operation at runtime or append project-specific guidance globally.\n\nSee [docs/CONFIGURATION.md](https://github.com/clouatre-labs/aptu/blob/main/docs/CONFIGURATION.md#prompt-customization) for file paths, operation names, and examples.\n\n## GitHub Action\n\nAuto-triage new issues with AI using any supported provider.\n\n```yaml\n- uses: clouatre-labs/aptu@v0\n  with:\n    github-token: ${{ secrets.GITHUB_TOKEN }}\n    openrouter-api-key: ${{ secrets.OPENROUTER_API_KEY }}\n```\n\nOptions: `apply-labels`, `no-comment`, `skip-labeled`, `dry-run`, `model`, `provider`.\n\nSee [docs/GITHUB_ACTION.md](https://github.com/clouatre-labs/aptu/blob/main/docs/GITHUB_ACTION.md) for setup and examples.\n\n## Configuration\n\nSee [docs/CONFIGURATION.md](https://github.com/clouatre-labs/aptu/blob/main/docs/CONFIGURATION.md) for AI provider setup.\n\n## Models\n\nUse `aptu models list` to discover available models from all configured providers.\n\n### Discovering models\n\n```\naptu models list                                # all providers\naptu models list --provider openrouter          # OpenRouter only\n```\n\n### Filtering and sorting\n\n| Flag | Description |\n|------|-------------|\n| `--provider` | Filter to a specific provider |\n| `--sort name\\|context` | Sort by name or context window size |\n| `--min-context N` | Show only models with at least N tokens of context |\n| `--filter TEXT` | Filter by name or ID (case-insensitive substring match) |\n\n### Free-tier models\n\nOpenRouter exposes pricing data for each model. Models with zero prompt and completion cost are labeled **free** in the output. Use `--provider openrouter` to browse free models.\n\n## Security\n\n- **OpenSSF Best Practices Silver** - Fewer than 1% of open source projects reach this level\n- **SLSA Level 3** - Provenance attestations for all releases\n- **REUSE/SPDX** - License compliance for all files\n- **Signed Commits** - GPG-signed commits required\n- **Dependency Scanning** - Automated updates via Renovate\n\nSee [SECURITY.md](https://github.com/clouatre-labs/aptu/blob/main/SECURITY.md) for reporting and verification.\n\n## Architecture\n\nAptu is a multi-crate Rust workspace. See [docs/ARCHITECTURE.md](https://github.com/clouatre-labs/aptu/blob/main/docs/ARCHITECTURE.md) for the full crate structure, data flow, and key dependencies.\n\n## Roadmap\n\nSee [docs/ROADMAP.md](https://github.com/clouatre-labs/aptu/blob/main/docs/ROADMAP.md) for the project direction across near-term, medium-term, and long-term horizons.\n\n## Contributing\n\nWe welcome contributions! See [CONTRIBUTING.md](https://github.com/clouatre-labs/aptu/blob/main/CONTRIBUTING.md) for guidelines. See [docs/REPO-STANDARDS.md](https://github.com/clouatre-labs/aptu/blob/main/docs/REPO-STANDARDS.md) for a full artifact map and rationale covering CI workflows, tooling, and security controls.\n\n## License\n\nApache-2.0. See [LICENSE](https://github.com/clouatre-labs/aptu/blob/main/LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclouatre-labs%2Faptu","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fclouatre-labs%2Faptu","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclouatre-labs%2Faptu/lists"}