From b73d4b666846fe5d8313eed274132b8855c90cd8 Mon Sep 17 00:00:00 2001 From: Dennis P Date: Mon, 13 Apr 2026 10:38:26 +0800 Subject: [PATCH 1/2] fix: ssl download issue --- Cargo.toml | 2 +- README.md | 257 +++++++++++++++++++++++++++++------------------------ 2 files changed, 141 insertions(+), 118 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index b47410c..f15e404 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,7 +20,7 @@ tokio = { version = "1", features = ["full"] } anyhow = "1" clap = { version = "4", features = ["derive"] } regex = "1" -reqwest = { version = "0.12", default-features = false, features = ["blocking", "json", "stream", "rustls-tls"] } +reqwest = { version = "0.12", default-features = false, features = ["blocking", "json", "stream", "rustls-tls-native-roots"] } indicatif = "0.17" walkdir = "2" chrono = { version = "0.4", features = ["serde"] } diff --git a/README.md b/README.md index 23b5b00..b8b980b 100644 --- a/README.md +++ b/README.md @@ -1,46 +1,57 @@ -# diffmind +# Diffmind — Local AI Code Review for the Terminal -**Local-first AI code review agent — on-device inference, no cloud required.** +[![CI](https://github.com/thinkgrid-labs/diffmind/actions/workflows/ci.yml/badge.svg)](https://github.com/thinkgrid-labs/diffmind/actions/workflows/ci.yml) +[![Latest Release](https://img.shields.io/github/v/release/thinkgrid-labs/diffmind)](https://github.com/thinkgrid-labs/diffmind/releases/latest) +[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE) +[![Rust](https://img.shields.io/badge/built%20with-Rust-orange.svg)](https://www.rust-lang.org) -Diffmind runs a quantized [Qwen2.5-Coder](https://huggingface.co/Qwen/Qwen2.5-Coder-1.5B-Instruct-GGUF) model directly on your machine. Your code never leaves your environment. No API keys. No subscriptions. No network round-trips. +**diffmind** is a free, open-source AI code review tool that runs entirely on your machine — no cloud, no API keys, no subscription. It analyzes your `git diff` using a local [Qwen2.5-Coder](https://huggingface.co/Qwen/Qwen2.5-Coder-1.5B-Instruct-GGUF) model and reports security issues, bugs, and code quality problems directly in your terminal. -Ships as a **single self-contained Rust binary** with an optional interactive [ratatui](https://ratatui.rs) TUI. +Your source code never leaves your environment. Works offline. Ships as a **single self-contained binary** for Linux, macOS, and Windows. --- -## Why diffmind? +## Why Diffmind? -| | diffmind | Cloud AI review | -| ----------- | ---------------------------------- | -------------------------------- | -| **Privacy** | Code stays on your machine | Code sent to third-party servers | -| **Latency** | No network — instant diff intake | API round-trips add seconds | -| **Cost** | Free after one-time model download | Per-token billing | -| **Offline** | Works with no internet after setup | Requires connectivity | -| **CI** | Single binary, no runtime deps | Needs API key management | +> The only AI code reviewer that keeps your code 100% private. + +| | **Diffmind** | Cloud AI review (Copilot, CodeRabbit, etc.) | +| -------------- | ---------------------------------- | ------------------------------------------- | +| **Privacy** | Code stays on your machine | Code sent to third-party servers | +| **Cost** | Free — one-time model download | Per-token billing or subscription | +| **Latency** | No network — instant diff intake | API round-trips add 5–30 seconds | +| **Offline** | Works with no internet after setup | Requires connectivity | +| **CI/CD** | Single binary, no runtime deps | Needs API key management and secrets | +| **Compliance** | No data residency concerns | Data may cross jurisdictions | --- ## Features -- **Security analysis** — hardcoded secrets, injection vectors, insecure data flow -- **Quality review** — logical bugs, anti-patterns, API misuse -- **Performance hints** — inefficient loops, memory overhead, unnecessary allocations -- **Maintainability** — naming, readability, architectural complexity -- **Local RAG** — indexes your project's symbols so the model understands function and type definitions referenced in the diff -- **Interactive TUI** — ratatui-powered terminal UI with navigable findings and detail panel (`--tui`) -- **CI-friendly** — pipe any diff via stdin, filter by severity, exit-code ready +- **Security analysis** — hardcoded secrets, injection vectors, disabled auth, insecure data handling +- **Bug detection** — removed variables still in use, commented-out logic, logical errors +- **Quality review** — anti-patterns, dead code, API misuse +- **Performance hints** — inefficient algorithms, memory overhead, unnecessary allocations +- **Maintainability** — naming, readability, complexity +- **Ticket-aware review** — provide a Jira/Linear/GitHub ticket and diffmind checks if the diff actually implements the requirements (`--ticket`) +- **Local RAG** — indexes your project's symbols so the model understands function and type definitions referenced in the diff (`diffmind index`) +- **Interactive TUI** — ratatui terminal UI with navigable findings and detail panel (`--tui`) +- **CI/CD gate** — pipe any `git diff` via stdin, filter by severity, exits with code 1 on findings +- **JSON output** — machine-readable results for dashboards and tooling (`--format json`) --- ## Installation -### One-line installer — Linux & macOS +### Linux & macOS — one command ```bash curl -fsSL https://github.com/thinkgrid-labs/diffmind/releases/latest/download/install.sh | bash ``` -Auto-detects your OS and CPU (Intel or Apple Silicon), downloads the right binary, and installs to `/usr/local/bin`. Pin a specific version: +Auto-detects your OS and CPU architecture (Intel or Apple Silicon), downloads the right binary, and installs to `/usr/local/bin`. No dependencies required. + +Pin a specific version: ```bash VERSION=v0.6.0 curl -fsSL https://github.com/thinkgrid-labs/diffmind/releases/latest/download/install.sh | bash @@ -48,9 +59,17 @@ VERSION=v0.6.0 curl -fsSL https://github.com/thinkgrid-labs/diffmind/releases/la ### Windows -Download `diffmind-x86_64-pc-windows-msvc.zip` from [GitHub Releases](https://github.com/thinkgrid-labs/diffmind/releases), extract it, and place `diffmind.exe` on your `PATH`. +Download `diffmind-x86_64-pc-windows-msvc.zip` from [GitHub Releases](https://github.com/thinkgrid-labs/diffmind/releases), extract it, and place `diffmind.exe` anywhere on your `PATH`. + +### Build from source (Rust) + +```bash +git clone https://github.com/thinkgrid-labs/diffmind +cd diffmind +cargo install --path apps/tui-cli +``` -### Manual download +### Pre-built binaries | Platform | Asset | | ------------------- | ------------------------------------------- | @@ -71,85 +90,105 @@ diffmind --version ## Quick Start ```bash -# 1. Download the model (one-time setup, ~1.1 GB) +# 1. Download the AI model (one-time setup, ~1.1 GB) diffmind download -# 2. (Optional) Index your project's symbols for context-aware reviews -# Run once per project, then re-run when the codebase changes significantly +# 2. (Optional) Index your project for context-aware reviews diffmind index # 3. Review your current branch against main -diffmind +diffmind --branch main -# 4. Or launch the interactive TUI +# 4. Or review only your last commit +diffmind --last + +# 5. Launch the interactive TUI diffmind --tui ``` --- -## Model Setup +## AI Model Setup -Diffmind downloads GGUF model weights to `~/.diffmind/models/`. All models are **Qwen2.5-Coder** — coding-optimised only, no generic chat models. +diffmind downloads GGUF model weights to `~/.diffmind/models/`. All models are **Qwen2.5-Coder** — coding-optimised only, no generic chat models. Inference runs fully on CPU via [candle](https://github.com/huggingface/candle) — no GPU required. ```bash -# Interactive picker — shows all models with sizes and hardware requirements +# Interactive picker with hardware requirements check diffmind download -# Skip the picker and download a specific model directly -diffmind download --model 7b +# Download a specific model directly +diffmind download --model 3b -# Force re-download (e.g. after corruption) +# Force re-download after corruption diffmind download --model 1.5b --force ``` -When no `--model` is given, diffmind shows an interactive list and checks your RAM and free disk space against each model's requirements before downloading. +Available models (**Q4_K_M quantisation**): ``` # Model Size Min RAM Description ──────────────────────────────────────────────────────────────────────────────── - [1] Qwen2.5-Coder-0.5B 0.4 GB 2 GB Fastest — lint-style checks, CI / low-end hardware + [1] Qwen2.5-Coder-0.5B 0.4 GB 2 GB Fastest — lint-style, CI / low-end hardware [2] * Qwen2.5-Coder-1.5B 1.1 GB 4 GB Recommended — balanced quality and speed [3] Qwen2.5-Coder-3B 2.1 GB 6 GB Better — deeper reasoning, complex codebases - [4] Qwen2.5-Coder-7B 4.7 GB 8 GB High quality — strong security & logic analysis - [5] Qwen2.5-Coder-14B 9.0 GB 16 GB Expert — deep code understanding, workstation - [6] Qwen2.5-Coder-32B 20.0 GB 32 GB Maximum — near human-level review, server-grade + [4] Qwen2.5-Coder-7B 4.7 GB 8 GB High quality — security & logic analysis + [5] Qwen2.5-Coder-14B 9.0 GB 16 GB Expert — deep code understanding + [6] Qwen2.5-Coder-32B 20.0 GB 32 GB Maximum — near human-level review quality * recommended default ``` -All models use **Q4_K_M quantisation**. CPU only — no GPU required. Inference via [candle](https://github.com/huggingface/candle). - --- ## Usage -### Basic review +### Basic code review ```bash -# Diff current branch against main (default) -diffmind +# Review current branch vs main +diffmind --branch main -# Diff against a different branch -diffmind --branch develop +# Review only your last commit (fastest) +diffmind --last -# Review specific files or directories only +# Review specific files or directories diffmind src/auth/ src/payments/ -# Use the 3B model for deeper analysis -diffmind --model 3b +# Use a larger model for deeper analysis +diffmind --model 3b --branch main + +# Debug: see raw model output +diffmind --model 3b --branch main --debug +``` + +### Ticket-aware review + +Provide the user story or acceptance criteria from your Jira / Linear / GitHub ticket. diffmind checks that the diff actually implements what was asked — missing or incomplete requirements are flagged as `compliance` findings. + +```bash +# Pass a ticket file +diffmind --ticket ticket.md --branch main + +# Or paste acceptance criteria inline +diffmind --ticket "User can reset password via email link. +Acceptance criteria: +- Reset link expires after 1 hour +- Link is single-use +- Confirmation email sent after reset" + +# Combine with other options +diffmind --branch feature/auth --ticket ticket.md --model 3b --format json ``` ### Interactive TUI -Launch the ratatui terminal UI for navigable, interactive results: +Navigate findings in a full-screen terminal UI: ```bash diffmind --tui diffmind --tui --branch staging --model 3b ``` -**TUI keybindings:** - | Key | Action | | --------- | ---------------- | | `a` | Run analysis | @@ -157,53 +196,32 @@ diffmind --tui --branch staging --model 3b | `k` / `↑` | Previous finding | | `q` | Quit | -### Stdin mode (CI / pipe) +### Stdin / pipe mode -Pipe any `git diff` output directly: +Pipe any `git diff` output for flexible integration: ```bash git diff main...HEAD | diffmind --stdin -# With a specific model -git diff main...HEAD | diffmind --stdin --model 3b - -# Filter to high-severity only +# High-severity only git diff main...HEAD | diffmind --stdin --min-severity high -``` - -### Ticket-aware review (`--ticket`) - -Provide the user story or acceptance criteria from your Jira / Linear / GitHub ticket and diffmind will check whether the diff actually implements what was asked — in addition to its standard security and quality review. - -```bash -# Pass a ticket file -diffmind --ticket ticket.md - -# Or paste inline text directly -diffmind --ticket "As a user I want password reset emails so that I can recover my account. -Acceptance criteria: -- Reset link expires after 1 hour -- Link is single-use -- User receives confirmation email after reset" -# Works with all other flags -diffmind --branch feature/auth --ticket ticket.md --model 3b --format json +# JSON output for tooling +git diff main...HEAD | diffmind --stdin --format json | jq '.[] | select(.severity == "high")' ``` -Missing or incorrectly implemented requirements appear as **`[Req]`** findings with category `compliance` — distinct from the standard security/quality findings. - -### Symbol indexing (Local RAG) +### Local symbol indexing (RAG) -Build a local symbol index so the model understands the definitions of functions and types referenced in your diff. Run once per project, then keep it updated: +Build a symbol index so the model understands definitions of functions and types referenced in your diff: ```bash -# Build or refresh the index +# Build or refresh the symbol index diffmind index -# Index is stored at .diffmind/symbols.json in your project root +# Stored at .diffmind/symbols.json in your project root ``` -The indexer supports: TypeScript, JavaScript, Go, Python, Rust. +Supported languages: TypeScript, JavaScript, Go, Python, Rust. --- @@ -214,32 +232,33 @@ Usage: diffmind [OPTIONS] [FILES]... [COMMAND] Commands: download Download or refresh the local AI model files - index Build a symbol index of the local repository for context-aware reviews - help Print help for a subcommand + index Build a symbol index for context-aware reviews Arguments: [FILES]... Specific files or directories to review (optional) Options: -b, --branch Base branch to diff against [default: main] - -m, --model Model size: 1.5b or 3b [default: 1.5b] - -t, --tui Launch interactive ratatui TUI - --stdin Read diff from stdin instead of running git diff - --ticket User story / acceptance criteria to validate against (file path or inline text) - --min-severity Minimum severity to report — also sets the CI exit-code threshold [default: low] + -m, --model Model size: 0.5b, 1.5b, 3b, 7b, 14b, 32b [default: 1.5b] + -l, --last Review the last commit only (HEAD~1..HEAD) + -t, --tui Launch the interactive ratatui TUI + --stdin Read diff from stdin + --ticket User story / acceptance criteria (file path or inline text) + --min-severity Minimum severity to report: low, medium, high [default: low] -f, --format Output format: text or json [default: text] - --max-tokens Max output tokens per diff chunk [default: 1024] + --max-tokens Max output tokens per diff chunk [default: 1024] + --debug Print raw model output and token counts to stderr -h, --help Print help -V, --version Print version ``` --- -## CI / CD Integration +## CI/CD Integration -diffmind works well in CI pipelines. No API keys or network access needed after the model is cached. +diffmind is designed for CI pipelines. No API keys needed. Cache the model between runs. -### GitHub Actions example +### GitHub Actions ```yaml - name: Cache diffmind model @@ -250,17 +269,16 @@ diffmind works well in CI pipelines. No API keys or network access needed after - name: Install diffmind run: | - curl -sSL https://github.com/thinkgrid-labs/diffmind/releases/latest/download/diffmind-x86_64-unknown-linux-gnu.tar.gz \ - | tar -xz -C /usr/local/bin + curl -fsSL https://github.com/thinkgrid-labs/diffmind/releases/latest/download/install.sh | bash - name: Download model (if not cached) - run: diffmind download + run: diffmind download --model 1.5b -- name: Review PR diff +- name: AI code review run: git diff origin/main...HEAD | diffmind --stdin --min-severity high ``` -### Pre-commit hook +### Git pre-push hook ```bash #!/bin/sh @@ -270,20 +288,32 @@ git diff origin/main...HEAD | diffmind --stdin --min-severity high --- +## How It Works + +1. **Diff capture** — runs `git diff ...HEAD` (or reads stdin) and splits per-file +2. **Deterministic rules** — fast, regex-based checks run before the model: commented-out code blocks, removed variable declarations still in use, and other high-confidence patterns +3. **Symbol context (RAG)** — if `.diffmind/symbols.json` exists, relevant function/type definitions are prepended as context +4. **Chunked inference** — each file diff is independently passed to the local GGUF model; the model generates a JSON array of findings +5. **Early exit** — token generation stops as soon as the JSON array is syntactically complete +6. **Output** — coloured findings printed to stdout (text) or emitted as a JSON array (`--format json`) + +--- + ## Project Structure ``` diffmind/ ├── Cargo.toml # Workspace root +├── install.sh # One-line installer for Linux / macOS ├── packages/ -│ └── core-engine/ # Rust inference library (candle + GGUF) -│ └── src/lib.rs # ReviewAnalyzer, chunking, JSON parsing +│ └── core-engine/ # Rust inference library (candle + GGUF + deterministic rules) +│ └── src/lib.rs └── apps/ └── tui-cli/ # diffmind binary └── src/ - ├── main.rs # Entry point, TUI + static dispatch + ├── main.rs # Entry point, TUI + static runner ├── cli.rs # Clap argument definitions - ├── download.rs # Model download with progress bar + ├── download.rs # Model download, interactive picker, hardware check ├── git.rs # git diff integration ├── indexer.rs # Symbol indexer (Local RAG) └── rag.rs # RAG context builder @@ -291,21 +321,17 @@ diffmind/ --- -## How It Works +## Roadmap -1. **Diff capture** — runs `git diff ...HEAD` (or reads stdin) and splits output per file -2. **Symbol context** — if an index exists, relevant function/type definitions are prepended as context -3. **Chunked inference** — each file diff is independently passed to the local GGUF model via [candle](https://github.com/huggingface/candle); the model generates a JSON array of findings -4. **Early exit** — generation stops as soon as the JSON array is syntactically complete (no wasted tokens) -5. **Output** — findings are printed to stdout (static mode) or rendered in the ratatui TUI +- [ ] `--output ` — write Markdown or HTML report to disk +- [ ] Incremental model updates — version-check HuggingFace before re-download +- [ ] Custom rule file (`.diffmind/rules.toml`) — team-specific review baselines --- -## Roadmap +## Contributing -- [ ] `--output ` to write Markdown or JSON report to disk -- [ ] Incremental model updates (version-check against HuggingFace before re-download) -- [ ] Custom rule file (`.diffmind/rules.toml`) for team-specific review baselines +Issues, bug reports, and pull requests are welcome at [github.com/thinkgrid-labs/diffmind](https://github.com/thinkgrid-labs/diffmind). --- @@ -315,7 +341,4 @@ MIT — see [LICENSE](LICENSE). --- -✨ Support the Local-First Movement -If you believe code reviews should be private and fast, consider contributing to the diffmind core. - -Built with ❤️ by Tech Lead, for Tech Leads. +> **diffmind** — AI-powered local code review. Security analysis, bug detection, and code quality feedback in your terminal. Private by design. Free forever. From a9917c709e0e8b346b63156cd2c5efd1b252f83f Mon Sep 17 00:00:00 2001 From: Dennis P Date: Mon, 13 Apr 2026 10:38:56 +0800 Subject: [PATCH 2/2] fix: ssl download issue --- apps/tui-cli/Cargo.toml | 2 +- packages/core-engine/Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/tui-cli/Cargo.toml b/apps/tui-cli/Cargo.toml index 75d4d2e..5d8bdfa 100644 --- a/apps/tui-cli/Cargo.toml +++ b/apps/tui-cli/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "diffmind" -version = "0.6.1" +version = "0.6.2" edition = "2021" description = "Local-first AI code review agent — powered by on-device inference" diff --git a/packages/core-engine/Cargo.toml b/packages/core-engine/Cargo.toml index dee5528..fecf44e 100644 --- a/packages/core-engine/Cargo.toml +++ b/packages/core-engine/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "core-engine" -version = "0.6.1" +version = "0.6.2" edition = "2021" description = "diffmind shared AI engine core"