Is io.github.bkalafat/diffpilot safe to use?

io.github.bkalafat/diffpilot has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.bkalafat/diffpilot?

io.github.bkalafat/diffpilot can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with io.github.bkalafat/diffpilot?

io.github.bkalafat/diffpilot is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and http transport.

Is io.github.bkalafat/diffpilot actively maintained?

io.github.bkalafat/diffpilot is recently maintained — last commit was 80 days ago. It has 6 GitHub stars.

io.github.bkalafat/diffpilot

MCP server for PR code review, commit messages, changelogs, and secret detection.

MaintainedNot tested

Developer Tools

★ 6GitHub

29No CVEsmaintained

Quick Install

{
  "mcpServers": {
    "io-github-bkalafat-diffpilot": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Setup guide

No install config available. Check the server's README for setup instructions.

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-bkalafat-diffpilot)](https://mcppedia.org/s/io-github-bkalafat-diffpilot)

Should you use this server?

MCP server for PR code review, commit messages, changelogs, and secret detection.

✓

Is it safe?

No package registry to scan.

No authentication — any process on your machine can connect.

License not specified.

✓

Is it maintained?

Last commit 80 days ago. 6 stars.

Will it work with my client?

Transport: stdio, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Score Breakdown

MCPpedia Score

Click each category to see evidence

29D

Last scored 14h ago

How we score →

Security

3/30

No known vulnerabilities.

○

Known CVEs — No package registry to scan

○

Tool safety — No tools to analyze

○

Tool poisoning — No tools to analyze

○

Injection vectors — No tools to analyze

✓

Tool stability — Tool definitions stable

○

Dependency health — No package to analyze

✗

License — No license specified

○

Authentication — No authentication required

○

Frequently Asked Questions

Is io.github.bkalafat/diffpilot safe to use?: io.github.bkalafat/diffpilot has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.bkalafat/diffpilot?: io.github.bkalafat/diffpilot can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.bkalafat/diffpilot?: io.github.bkalafat/diffpilot is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and http transport.
Is io.github.bkalafat/diffpilot actively maintained?: io.github.bkalafat/diffpilot is recently maintained — last commit was 80 days ago. It has 6 GitHub stars.

README

# 🔍 DiffPilot

**Local AI Code Review Before You Push**

[![.NET 9](https://img.shields.io/badge/.NET-9.0-512BD4?style=for-the-badge&logo=dotnet&logoColor=white)](https://dotnet.microsoft.com/)
[![VS Code](https://img.shields.io/badge/VS%20Code-1.101+-007ACC?style=for-the-badge&logo=visualstudiocode&logoColor=white)](https://marketplace.visualstudio.com/items?itemName=BurakKalafat.diffpilot)
[![MCP](https://img.shields.io/badge/MCP-Protocol-00ADD8?style=for-the-badge)](https://modelcontextprotocol.io/)
[![License: MIT](https://img.shields.io/badge/License-MIT-green?style=for-the-badge)](LICENSE)

---

## 💡 Why DiffPilot?

**Review your code locally before creating a PR.** DiffPilot is an MCP server that lets you:

1. **Self-Review Before PR** - Run AI code review on your local changes after your last commit, before pushing
2. **Reviewer Workflow** - As a code reviewer, checkout the source branch locally and get AI-assisted review
3. **Auto Branch Detection** - No need to specify `main` - DiffPilot finds your base branch automatically

> 🔒 **100% Local** - No cloud, no external APIs. Works with Azure DevOps, TFS, air-gapped environments.

---

## 🚀 Quick Start

### Install
```bash
# VS Code Marketplace
ext install BurakKalafat.diffpilot

# Or NuGet (.NET tool)
dotnet tool install -g DiffPilot
```

### Use with GitHub Copilot
```
# Review my changes (auto-detects base branch)
@workspace #review_pr_changes

# Review with focus areas
@workspace #review_pr_changes focus on security and error handling

# Generate commit message
@workspace #generate_commit_message

# Scan for secrets before committing
@workspace #scan_secrets
```

---

## 🛠️ 9 MCP Tools

### PR Review Tools
| Tool | Example Prompt |
|------|----------------|
| `#get_pr_diff` | "Show diff between my branch and main" |
| `#review_pr_changes` | "Review my PR for security issues" |
| `#generate_pr_title` | "Generate a conventional PR title" |
| `#generate_pr_description` | "Create PR description with checklist" |

### Developer Tools
| Tool | Example Prompt |
|------|----------------|
| `#generate_commit_message` | "Generate commit message for staged changes" |
| `#scan_secrets` | "Check for API keys in my changes" |
| `#diff_stats` | "Show change statistics" |
| `#suggest_tests` | "What tests should I write?" |
| `#generate_changelog` | "Generate changelog from commits" |

---

## ✨ Key Features

| Feature | Description |
|---------|-------------|
| 🔄 **Auto Branch Detection** | Automatically finds `main`, `master`, or `develop` |
| 🔐 **Secret Scanning** | Detects API keys, passwords, tokens, JWT |
| 📊 **Diff Statistics** | Lines added/removed, file breakdown by type |
| 🧪 **Test Suggestions** | Pattern-based test case recommendations |
| 📝 **Conventional Commits** | Generate `feat:`, `fix:`, `refactor:` messages |
| 🛡️ **Enterprise Security** | Bank-grade input validation, rate limiting, output sanitization |

---

## 🛡️ Security

DiffPilot implements enterprise-grade security

... [View full README on GitHub]

io.github.bkalafat/diffpilot

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Help improve this page

Reviews

Frequently Asked Questions

Similar servers

XcodeBuildMCP

Gemini Cli

Nitrostack

Mcp Memory Service

Discussion