A composable code review engine for automated diff analysis
DiffScope is a high-performance, composable code review engine built in Rust, designed specifically for automated diff analysis. Licensed under Apache-2.0, it supports cross-platform operation (Linux, macOS, Windows) with deployment options including Docker, GitHub Actions, and GitLab CI.
Core Capabilities#
Model-Agnostic Design: Seamlessly integrates with OpenAI (gpt-4o, etc.), Anthropic Claude (claude-3.5-sonnet, etc.), Ollama, and any OpenAI-compatible API. Supports OpenAI Responses API and fully local/offline operation.
Deep Git Integration: Commands like diffscope git staged / uncommitted / branch directly review staged, uncommitted, or branch changes. diffscope pr --post-comments automatically posts inline comments and summaries on GitHub PRs, with @diffscope interactive command support.
Smart Review Mode: Outputs confidence scores (0–100%), fix effort estimations (Low/Medium/High), automatic tag classification, code fix suggestions (diff preview), executive summaries, and code quality scores (0–10).
Symbol Indexing: Supports Regex and LSP indexing modes with automatic language server detection and multi-hop dependency graph expansion (symbol_index_graph_hops).
Signal & Context Control: Provides strictness levels (1–3), comment_types filtering (logic/syntax/style/informational), path-based custom_context, and cross-repository pattern_repositories rule libraries.
Auxiliary Features#
- Commit Message Suggestions:
diffscope git suggestgenerates Conventional Commits compliant messages - Changelog Generation: Automatically generates changelogs/release notes from git history
- Discuss Command:
diffscope discussenables threaded follow-up on generated comments - Multiple Output Formats: JSON, Markdown reports, inline patch annotations
Architecture & Extensibility#
Composable Architecture & Plugin System: Modular component design with built-in ESLint, Semgrep, and duplicate_filter plugins. Extensible pre-analyzer/post-processor pipeline. Built-in Semgrep plugin supports SQL injection/XSS/authentication vulnerability detection with custom rules_files.
Adaptive Learning: Automatically suppresses low-value repetitive comments based on accepted/rejected feedback history.
Evaluation Framework: diffscope eval --fixtures supports fixture-based regression testing with per-rule precision/recall/F1 output and CI gate thresholds to prevent model output degradation.
Observability: Optional otel feature enables OpenTelemetry distributed tracing.
Implementation Details#
Built on the Tokio async runtime with similar 2.4 for diff parsing, git2 0.20 for Git operations, and reqwest 0.12 (rustls-tls) for LLM API calls. Integrates axum 0.8 + tower-http for Web UI static file serving, and sqlx 0.8 + PostgreSQL for data persistence. CLI built with clap 4.4, configuration parsed from .diffscope.yml via serde_yaml. Release profile enables LTO thin, codegen-units 1, and strip true for optimized size and performance. Provides Dockerfile, docker-compose.yml, and Helm chart charts/diffscope for self-hosted deployment.
Quick Start#
# Precompiled binary (Linux/macOS)
curl -sSL https://raw.githubusercontent.com/evalops/diffscope/main/install.sh | sh
# Homebrew
brew tap evalops/diffscope && brew install diffscope
# Cargo
cargo install diffscope
# Docker
docker pull ghcr.io/evalops/diffscope:latest
# Quickest verification
export OPENAI_API_KEY=your-key
git diff | diffscope review