
Modern software projects accumulate dependency vulnerabilities quickly. Security alerts pile up through transitive packages, unused frameworks, and outdated tooling, increasing risk and maintenance overhead. RepoMedic was developed as an AI-powered repository maintenance agent designed to triage real GitHub security alerts, remove unused framework dependencies safely, apply low-risk dependency updates, validate builds locally before proposing changes, and create scoped pull requests with human oversight. In a live production repository, RepoMedic reduced 20 active security alerts to zero using controlled, validated remediation. This project validates a conservative AI approach: small changes, tested upgrades, and no blind major version jumps.
Audited repository alert profile and dependency graph. Identified unused ecosystem packages (Svelte, Vue, Remix, Vite remnants) in a Next.js project.
Architected a Docker-based runtime using OpenClaw with fine-grained GitHub PAT authentication. Implemented conservative remediation guardrails.
Created isolated remediation branches. Removed unused dependencies. Applied surgical version pinning for vulnerable packages. Maintained minimal change scope.
Verified clean pnpm install. Confirmed successful production build. Validated Vercel preview deployments. Ensured no route regressions.
Published controlled pull requests: 19 alerts cleared in a single hygiene PR. Final high-severity alert resolved via targeted version pin.
Established repeatable workflow for future repository hygiene automation.
Autonomous Dependency Hygiene Remediation
Removed unused framework ecosystem packages. Closed 19 security alerts in a single validated PR.
High-Severity Patch Pinning
Pinned vulnerable terser dependency to secure version. Final alert cleared. All checks passed.
CI/CD Validation Fix
Resolved commit author identity mismatch to ensure Vercel verification compliance.


Let's discuss how we can create a customised solution for your specific needs.
Get in Touch