{"id":50216327,"url":"https://github.com/rogerchappel/patchscope","last_synced_at":"2026-05-26T09:04:32.333Z","repository":{"id":356489341,"uuid":"1232764353","full_name":"rogerchappel/patchscope","owner":"rogerchappel","description":"Local-first git patch risk radar with deterministic Markdown and JSON output.","archived":false,"fork":false,"pushed_at":"2026-05-17T01:19:04.000Z","size":49,"stargazers_count":1,"open_issues_count":3,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-17T03:28:46.033Z","etag":null,"topics":["cli","code-review","developer-tools","diff","git","local-first","security-tools","typescript"],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rogerchappel.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-05-08T08:45:07.000Z","updated_at":"2026-05-08T17:33:13.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/rogerchappel/patchscope","commit_stats":null,"previous_names":["rogerchappel/patchscope"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/rogerchappel/patchscope","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rogerchappel%2Fpatchscope","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rogerchappel%2Fpatchscope/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rogerchappel%2Fpatchscope/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rogerchappel%2Fpatchscope/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rogerchappel","download_url":"https://codeload.github.com/rogerchappel/patchscope/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rogerchappel%2Fpatchscope/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33512344,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T03:12:49.672Z","status":"ssl_error","status_checked_at":"2026-05-26T03:12:47.976Z","response_time":63,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","code-review","developer-tools","diff","git","local-first","security-tools","typescript"],"created_at":"2026-05-26T09:04:13.801Z","updated_at":"2026-05-26T09:04:32.326Z","avatar_url":"https://github.com/rogerchappel.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PatchScope\n\nPatchScope is a tiny local-first review radar for git patches. Feed it a unified diff, a staged change, stdin, or your current worktree and it returns deterministic evidence: what changed, where the risk sits, which secret-like additions were caught, and what verification commands probably matter next.\n\nIt is built for developers and agentic coding loops that want a calm pre-review check before code hits GitHub.\n\n## Why it exists\n\nRaw diffs are noisy. PatchScope turns them into a compact map:\n\n- touched directories, extensions, and likely subsystems\n- review risk classes such as `secret`, `lockfile`, `generated`, and `missing-tests`\n- redacted secret-like additions\n- suggested local tests from changed paths and package scripts\n- Markdown or JSON output that stays stable for the same input\n\n## Install\n\n```sh\nnpm install -g patchscope\n```\n\nFor local development in this repository:\n\n```sh\nnpm install\nnpm run build\nnode dist/cli.js scan examples/feature.patch\n```\n\n## Quick start\n\n```sh\npatchscope scan --staged\npatchscope scan examples/feature.patch --json\npatchscope scan --stdin --fail-on secret,huge-generated \u003c feature.patch\npatchscope suggest-tests --staged\n```\n\nWrite a Markdown report for review:\n\n```sh\npatchscope scan --staged --out patchscope.md\n```\n\nUse it as a local gate:\n\n```sh\npatchscope scan --staged --fail-on secret,huge-generated\n```\n\n## CLI\n\n### `patchscope scan`\n\nInputs:\n\n- `patchscope scan path/to.patch`\n- `patchscope scan --stdin \u003c path/to.patch`\n- `patchscope scan --staged`\n- `patchscope scan --worktree` (default when no input is provided)\n\nOptions:\n\n- `--json` renders JSON instead of Markdown.\n- `--out \u003cfile\u003e` writes output to a file.\n- `--fail-on \u003cclasses\u003e` exits `1` when any listed class or risk level appears.\n\n### `patchscope suggest-tests`\n\nPrints likely verification commands only:\n\n```sh\npatchscope suggest-tests examples/feature.patch\n```\n\n## Risk classes\n\n- `secret` — secret-like added values, always redacted.\n- `huge-generated` — large generated or lockfile changes.\n- `generated` — generated, minified, map, or lock-like files changed.\n- `binary` — binary patch markers appeared.\n- `lockfile` — dependency lockfiles changed.\n- `large-change` — large non-generated file changes.\n- `missing-tests` — source/tooling/config changed without test files in the patch.\n- `missing-docs` — public surface changed without docs in the patch.\n- `delete-heavy` — deletion-heavy patch that deserves focused review.\n\n## Safety model\n\nPatchScope is intentionally local and boring:\n\n- no telemetry\n- no network calls\n- no hidden writes\n- no source modification\n- redacted secret reporting\n- deterministic output ordering\n\nIt is not a SAST scanner, an LLM reviewer, or a CI replacement. Treat it as fast pre-review evidence.\n\n## Verify this repo\n\n```sh\nnpm test\nnpm run check\nnpm run build\nnpm run smoke\nbash scripts/validate.sh\n```\n\n## Examples\n\nChecked-in patch fixtures live in [`examples/`](examples/):\n\n```sh\nnode dist/cli.js scan examples/feature.patch\nnode dist/cli.js scan examples/secret.patch --json\nnode dist/cli.js suggest-tests examples/generated.patch\n```\n\n## Contributing\n\nIssues and small PRs are welcome. Keep changes deterministic, fixture-backed, and local-first. See [CONTRIBUTING.md](CONTRIBUTING.md) and [docs/ORCHESTRATION.md](docs/ORCHESTRATION.md).\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frogerchappel%2Fpatchscope","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frogerchappel%2Fpatchscope","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frogerchappel%2Fpatchscope/lists"}