Core concepts
Six ideas cover most of OpenThunder. Each is described exactly as it ships today.
Missions
A mission is a change with a verification loop around it: a builder implements it, an independent reviewer challenges it, and your repo's real checks run before the result is accepted. The output is not just a diff; it is a diff plus evidence. Create and run missions from the app or with openthunder mission.
The Lenses
The Lenses are deterministic, local analysis; they read your code on your machine and need no AI key to understand a repo.
- Architecture Lens: maps the system as it exists; components, dependencies, critical flows, hotspots, and an architecture scorecard.
openthunder lens. - Security Lens: traditional security (secrets, injection, insecure config, weak crypto) plus AI security (prompt injection, unsafe RAG, excessive agency, MCP and tool risk).
openthunder security,openthunder traditional-security,openthunder ai-security. - Code Health Lens: maintainability, reliability, complexity, duplication, and test posture, with a new-code focus.
openthunder code-health.
Run them together with openthunder scan.
Change Verification and Can-I-Ship
openthunder verify detects and runs the repo's own checks (typecheck, tests, lint, build) and reports results. The Can-I-Ship decision condenses verification, security findings, and confidence into one of three verdicts: ship, ship with caution, or do not ship yet. Every verdict is backed by the evidence that produced it; openthunder evidence and openthunder pr-evidence assemble it into a PR-ready pack.
AI Context Packs
A Context Pack is paste-ready repo context for the AI tool you already use: Claude Code, Cursor, Copilot, or Codex. It is built from the same repo intelligence as the Lenses (stack, key files, risks, constraints), so the agent starts grounded instead of guessing. openthunder context-pack; openthunder analyze generates the full agent context set for the repo.
Blast Radius
Blast radius is security multiplied by architecture: the same finding matters more in a file that everything depends on. openthunder fusion re-ranks security findings by architectural blast radius so you fix what can actually hurt you first.
The MCP Context Brain
A local MCP server (stdio, no network) that gives AI agents grounded repo context as tools: understand the repo, query architecture constraints, compute blast radius, and fetch security findings. Register it with Claude Code:
claude mcp add openthunder -- node <repo>/packages/mcp/dist/index.js
Point it at a specific repo with --env OT_REPO_PATH=/path/to/your/repo.