I ran my AI codebase triage tool on itself — here's what it found

I built Ghost Architect™ Open — a free, local AI tool that triages codebases and scores findings by severity. To test it properly, I ran it on its own source code. It found a Critical bug. The finding The redaction engine — the module that strips API keys and secrets before sending code to Claude — had a pointer offset bug. When replacing a secret pattern, it wasn't advancing the scan position after each replacement. On files with 50+ environment variables, it would stop redacting halfway through. Users were seeing "Redacted 12 patterns" and assuming their code was safe. Pattern 13 was their database password. The bug was fixed the same day. That's the point — you can't fix what you can't see. What Ghost Architect™ Open does Points at any local directory, ZIP file, or GitHub repo Triages the code and scores findings: Critical, High, Medium, Low Runs entirely on your machine — your code never leaves Uses the Anthropic API with your own key (new accounts get a $5 credit) Supports PHP, Py