{"id":48609890,"url":"https://github.com/eersnington/diff0","last_synced_at":"2026-04-09T00:33:52.448Z","repository":{"id":316435608,"uuid":"1063369390","full_name":"eersnington/diff0","owner":"eersnington","description":"AI Code Review for GitHub - OSS Coderabbit and Greptile (applied for Vercel's OSS Program)","archived":false,"fork":false,"pushed_at":"2026-02-26T11:27:42.000Z","size":4230,"stargazers_count":22,"open_issues_count":5,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-26T17:36:27.823Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://diff0.dev","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/eersnington.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2025-09-24T14:28:54.000Z","updated_at":"2026-02-26T11:27:47.000Z","dependencies_parsed_at":"2025-10-26T11:19:34.612Z","dependency_job_id":null,"html_url":"https://github.com/eersnington/diff0","commit_stats":null,"previous_names":["eersnington/diff0"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/eersnington/diff0","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eersnington%2Fdiff0","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eersnington%2Fdiff0/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eersnington%2Fdiff0/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eersnington%2Fdiff0/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/eersnington","download_url":"https://codeload.github.com/eersnington/diff0/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eersnington%2Fdiff0/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31580111,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-08T14:31:17.711Z","status":"ssl_error","status_checked_at":"2026-04-08T14:31:17.202Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-09T00:33:52.251Z","updated_at":"2026-04-09T00:33:52.418Z","avatar_url":"https://github.com/eersnington.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# diff0\n\n\u003cimg width=\"886\" height=\"633\" alt=\"389c7d29-f3d3-405a-a115-b69e774c24a0\" src=\"https://github.com/user-attachments/assets/144be2af-1c61-4726-b296-92c3a0bc5447\" /\u003e\n\nAn open-source AI code review agent for GitHub. Automatically analyzes pull requests, detects bugs, security issues, and performance problems, then posts actionable inline comments with one-click fixes.\n\nCode reviews that catch bugs before they reach production.\n\n### AI-Powered Code Analysis\n- Multi-provider LLM support (OpenAI, AWS Bedrock, Google Gemini)\n- Automatic PR analysis on open, reopen, synchronize, and ready_for_review\n- Detects bugs, security vulnerabilities, performance issues, style problems\n- Inline comments with GitHub's native suggestion blocks for one-click fixes\n- Intelligent suggestion sanitization (code-only, no English instructions)\n\n### Sandbox Execution Environment\n- Ephemeral Daytona sandboxes for safe code analysis\n- Isolated Git operations in secure containers\n- Automatic workspace setup and cleanup (5-minute auto-delete)\n- 3-tier diff retrieval fallback for reliability\n\n### Review Pipeline\n- Webhook-driven architecture with signature verification\n- Idempotent event processing (prevents duplicate reviews)\n- Real-time status tracking (pending → analyzing → reviewing → completed)\n- Graceful degradation at every stage\n- Summary-only fallback when inline positions fail\n\n## How It Works\n\ndiff0 uses a webhook-driven pipeline to automatically review pull requests:\n\n```\nGitHub PR Event → Convex Webhook Handler → Event Router → PR Analysis Pipeline\n ↓\n Sandbox Creation → Git Clone → Diff Analysis\n ↓\n AI Code Review → Issue Detection → Comment Posting\n ↓\n Credits Deduction → Status Update → Cleanup\n```\n\n### Review Pipeline Stages\n\n1. **Webhook Processing** - Receives GitHub events, verifies signatures, logs idempotently\n2. **Validation** - Checks PR triggers, skips drafts, verifies auto-review enabled\n3. **Haiku Introduction** - Posts creative 3-line haiku (non-blocking)\n4. **Sandbox Setup** - Creates ephemeral Daytona container, clones repo\n5. **Diff Retrieval** - Fetches PR diff via GitHub API with 2-tier fallback\n6. **AI Analysis** - Sends diff to LLM for bug/security/performance detection\n7. **Position Mapping** - Maps line numbers to GitHub diff positions\n8. **Review Posting** - Posts inline comments with suggestions or summary fallback\n9. **Cleanup** - Deducts credits, updates status, deletes sandbox\n\n## Development Setup\n\n### Repository Structure\n\n- **Frontend** (`apps/web/`) - Next.js application with dashboard, billing, and settings\n- **Backend** (`packages/backend/convex/`) - Convex serverless functions handling webhooks, reviews, and database\n- **AI** (`packages/ai/`) - LLM integration with OpenAI, Bedrock, and Gemini\n- **Sandbox** (`packages/sandbox/`) - Daytona sandbox management for isolated execution\n- **Analytics** (`packages/analytics/`) - Vercel Analytics and DataBuddy integration\n\n### Prerequisites\n- Node.js 22+\n- pnpm\n- Convex account\n- GitHub App (for webhook integration)\n\n### Installation\n\n1. Clone the repository and install dependencies:\n```bash\ngit clone https://github.com/eersnington/diff0.git\ncd diff0\npnpm install\n```\n\n2. Set up Convex backend:\n```bash\npnpm dev:setup\n```\n\nFollow the prompts to create a new Convex project and connect it to your application.\n\n3. Set up environment variables:\n```bash\n# Copy example environment files\ncp apps/web/.env.example apps/web/.env.local\ncp packages/backend/.env.example packages/backend/.env.local\ncp packages/ai/.env.example packages/ai/.env.local\n```\n\n4. Configure environment variables:\n\n`apps/web/.env.local`\n```bash\n# Convex\nNEXT_PUBLIC_CONVEX_URL=https://your-deployment.convex.cloud\n\n# Better Auth\nBETTER_AUTH_SECRET=your-secret-key\nBETTER_AUTH_URL=http://localhost:3001\n\n# GitHub OAuth\nGITHUB_CLIENT_ID=your-github-client-id\nGITHUB_CLIENT_SECRET=your-github-client-secret\n\n# DodoPayments\nNEXT_PUBLIC_DODO_PAYMENTS_API_KEY=your-dodo-api-key\nNEXT_PUBLIC_100_CREDITS_PRODUCT_ID=prod_xxx\nNEXT_PUBLIC_200_CREDITS_PRODUCT_ID=prod_xxx\nNEXT_PUBLIC_500_CREDITS_PRODUCT_ID=prod_xxx\nNEXT_PUBLIC_1000_CREDITS_PRODUCT_ID=prod_xxx\n```\n\n`packages/backend/.env.local`\n```bash\n# Convex\nCONVEX_DEPLOYMENT=your-deployment\n\n# GitHub App\nGITHUB_APP_ID=your-app-id\nGITHUB_PRIVATE_KEY=\"-----BEGIN RSA PRIVATE KEY-----\\n...\\n-----END RSA PRIVATE KEY-----\"\nGITHUB_WEBHOOK_SECRET=your-webhook-secret\nGITHUB_CLIENT_ID=your-client-id\nGITHUB_CLIENT_SECRET=your-client-secret\n\n# DodoPayments\nDODO_PAYMENTS_API_KEY=your-api-key\nDODO_PAYMENTS_ENVIRONMENT=production\n\n# Site URL\nSITE_URL=http://localhost:3001\n```\n\n`packages/ai/.env.local`\n```bash\n# AI Provider (openai or bedrock)\nAI_PROVIDER=openai\n\n# OpenAI\nOPENAI_API_KEY=sk-proj-xxx\n\n# AWS Bedrock (alternative)\nAWS_ACCESS_KEY_ID=your-access-key\nAWS_SECRET_ACCESS_KEY=your-secret-key\nAWS_REGION=us-east-1\n\n# Google Gemini (for haiku generation)\nGOOGLE_GENERATIVE_AI_API_KEY=your-api-key\n\n# Firecrawl (optional, for documentation search)\nFIRECRAWL_API_KEY=fc-xxx\n\n# Scorecard AI (optional, for evaluation)\nSCORECARD_API_KEY=your-api-key\nSCORECARD_PROJECT_ID=your-project-id\n```\n\n5. Start development servers:\n```bash\n# Start all services\npnpm dev\n\n# Or start specific services\npnpm dev:web # Frontend only\npnpm dev:backend # Convex backend only\n```\n\n### GitHub App Setup\n\n1. Create a new GitHub App at https://github.com/settings/apps/new\n2. Configure webhook URL: `https://your-domain.com/github/webhook`\n3. Set webhook secret and add to environment variables\n4. Configure permissions (see tables below)\n5. Subscribe to webhook events (see tables below)\n6. Generate and download private key\n7. Install app on your repositories\n\n### Linting and Formatting\n\n```bash\n# Check and fix code with Biome\npnpm check\n\n# Type checking across all packages\npnpm check-types\n\n# Ultracite (linting rules)\npnpm dlx ultracite init # Initialize Ultracite in your project\npnpm dlx ultracite fix # Format and fix code automatically\npnpm dlx ultracite check # Check for issues without fixing\n```\n\n### Building and Deployment\n\n```bash\n# Build all packages and apps\npnpm build\n\n# Deploy Convex backend\npnpm deploy:convex\n```\n\n## AI Agent System\n\ndiff0 provides a comprehensive AI agent for code review:\n\n### Code Analysis\n- `codeAnalysisAgent` - Analyzes diffs for bugs, security, performance, style issues\n- `fixGenerationAgent` - Generates complete fixes for detected issues\n- `explainIssueAgent` - Provides clear explanations of code problems\n- `agenticReviewLoop` - Multi-step reasoning with tool use\n\n### Creative Features\n- `generatePrHaiku` - Creates welcoming 3-line haikus for PRs\n- Tone: encouraging, playful, anticipatory\n\n### Documentation Search\n- `searchDocs` - Firecrawl-powered documentation search\n- `searchFrameworkDocs` - Framework-specific documentation retrieval\n- `scrapePage` - Extract markdown/HTML from documentation pages\n\n### Sandbox Tools\n- `createPrSandbox` - Ephemeral sandbox with auto-delete\n- `cloneRepo` - Git clone with authentication\n- `execCommand` - Safe command execution in containers\n- `manageLifecycle` - Start, stop, archive, delete sandboxes\n\n## Development Guidelines\n\n### Code Organization\n- TypeScript throughout with strict type checking\n- Convex for serverless backend and real-time database\n- Shared packages for AI, sandbox, and analytics\n- Clean separation between frontend and backend\n\n### Security\n- Webhook signature verification (HMAC-SHA256)\n- Scoped GitHub installation tokens (short-lived)\n- User authorization checks (userId matching)\n- Sandbox isolation (ephemeral, auto-delete)\n- Command validation and path traversal protection\n\n### Error Handling\n- Idempotent webhook processing (delivery ID tracking)\n- Graceful degradation at every pipeline stage\n- 3-tier diff retrieval fallback\n- Summary-only review fallback for position errors\n- Guaranteed sandbox cleanup via finally blocks\n\n---\n\n# diff0 Agent (GitHub Bot's Permissions)\n\n## Repository Permissions\n\n| Permission | Access Level | Purpose |\n| --------------- | ----------------------- | --------------------------------------------------------- |\n| Pull requests | Read \u0026 Write | Fetch PRs, post comments, and track PR lifecycle events. |\n| Contents | Read | Access repository files/diffs to analyze code. |\n| Checks | Read \u0026 Write | Create and update GitHub check runs and annotations. |\n| Issues | Read \u0026 Write | Open or manage issues for detected problems. |\n| Metadata | Read | Access basic repository info (required). |\n| Commit statuses | Read \u0026 Write | Update commit status if using checks or CI-like feedback. |\n\n\n---\n\n## Subscribed Webhook Events\n\n| Event | Triggers / Use |\n| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------ |\n| Pull request | PR opened, reopened, synchronized, ready for review, edited, labeled, unlocked, etc. → main trigger for running your agent. |\n| Pull request review comment | Inline diff comments created, edited, deleted → respond to line-specific human feedback or commands. |\n| Issue comment | Issue or PR comment created, edited, deleted → handle `/fix` or other bot commands. |\n| Issues | Issue opened, edited, closed, reopened, labeled, assigned, etc. → optional, for creating or managing issues from bot findings. |\n| Check run | Check run created, requested, rerequested, completed → post inline analysis results. |\n| Check suite | Check suite requested, rerequested, completed → update overall PR check status. |\n\n\n---\n\n## Contributing\n\n1. Fork the repository\n2. Create a feature branch\n3. Make your changes with proper TypeScript types\n4. Test webhook integration and review pipeline\n5. Submit a pull request\n\nWe're excited to see what you build with diff0!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feersnington%2Fdiff0","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feersnington%2Fdiff0","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feersnington%2Fdiff0/lists"}