DiffPilot
Provides AI-powered code review, commit message generation, secret scanning, and changelog creation for git repositories, accessible via GitHub Copilot prompts.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@DiffPilotreview my changes before pushing"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
๐ DiffPilot
Local AI Code Review Before You Push
๐ก Why DiffPilot?
Review your code locally before creating a PR. DiffPilot is an MCP server that lets you:
Self-Review Before PR - Run AI code review on your local changes after your last commit, before pushing
Reviewer Workflow - As a code reviewer, checkout the source branch locally and get AI-assisted review
Auto Branch Detection - No need to specify
main- DiffPilot finds your base branch automatically
๐ 100% Local - No cloud, no external APIs. Works with Azure DevOps, TFS, air-gapped environments.
Related MCP server: grippy-code-review
๐ Quick Start
Install
# VS Code Marketplace
ext install BurakKalafat.diffpilot
# Or NuGet (.NET tool)
dotnet tool install -g DiffPilotUse with GitHub Copilot
# Review my changes (auto-detects base branch)
@workspace #review_pr_changes
# Review with focus areas
@workspace #review_pr_changes focus on security and error handling
# Generate commit message
@workspace #generate_commit_message
# Scan for secrets before committing
@workspace #scan_secrets๐ ๏ธ 9 MCP Tools
PR Review Tools
Tool | Example Prompt |
| "Show diff between my branch and main" |
| "Review my PR for security issues" |
| "Generate a conventional PR title" |
| "Create PR description with checklist" |
Developer Tools
Tool | Example Prompt |
| "Generate commit message for staged changes" |
| "Check for API keys in my changes" |
| "Show change statistics" |
| "What tests should I write?" |
| "Generate changelog from commits" |
โจ Key Features
Feature | Description |
๐ Auto Branch Detection | Automatically finds |
๐ Secret Scanning | Detects API keys, passwords, tokens, JWT |
๐ Diff Statistics | Lines added/removed, file breakdown by type |
๐งช Test Suggestions | Pattern-based test case recommendations |
๐ Conventional Commits | Generate |
๐ก๏ธ Enterprise Security | Bank-grade input validation, rate limiting, output sanitization |
๐ก๏ธ Security
DiffPilot implements enterprise-grade security features:
Security Feature | Description |
Input Validation | All parameters validated against strict patterns |
Injection Prevention | Command injection, path traversal protection |
Output Sanitization | Auto-redacts secrets from tool outputs |
Rate Limiting | Prevents DoS attacks (120 req/min) |
Secure Errors | No internal details exposed to clients |
Audit Logging | Security events logged to stderr |
Auto-Redacted Patterns: API keys, AWS credentials, GitHub/Slack tokens, JWTs, passwords, private keys, connection strings.
See SECURITY.md for full documentation.
๐ Use Cases
1. Self-Review Before PR
# After finishing your work, before creating PR:
@workspace #review_pr_changes
# AI reviews your changes and provides feedback
# Fix issues locally, then push with confidence2. Code Reviewer Workflow
# Checkout the feature branch locally
git checkout feature/user-auth
# Use DiffPilot to review
@workspace #review_pr_changes focus on security
# Get structured review with AI assistance3. Pre-Commit Secret Check
@workspace #scan_secrets
# Catches API keys, passwords, tokens before they're committedโ๏ธ Configuration
{
"diffpilot.defaultBaseBranch": "main",
"diffpilot.prTitleStyle": "conventional",
"diffpilot.commitMessageStyle": "conventional"
}๐ฆ Installation Options
Method | Command |
VS Code |
|
NuGet |
|
Manual |
|
Requirements: .NET 9 SDK, VS Code 1.101+, Git
๐ Version History
1.2.0 (2025-12-09)
Security Hardening - Bank-grade security features
Input validation (CWE-20)
Command injection prevention (CWE-78)
Path traversal protection (CWE-22)
Output sanitization - auto-redacts secrets (CWE-200)
Rate limiting (CWE-400)
Secure error handling
Added SECURITY.md documentation
80 new security unit tests
1.1.5 (2025-12-08)
Updated README with use cases and
#toolpromptsHighlighted auto branch detection
1.1.4 (2025-12-07)
Icon refinements
1.1.3 (2025-12-07)
New extension icon (lens with plus/minus)
1.1.2 (2025-12-07)
Optimized package size
1.1.1 (2025-12-07)
Updated extension icon
1.1.0 (2025-12-07)
Improved tool documentation
1.0.9 (2025-12-07)
Fixed: Server uses workspace folder for git operations
1.0.8 (2025-12-07)
Shortened tool descriptions for cleaner UI
1.0.7 (2025-12-07)
Fixed: Bundled server includes TargetFramework
1.0.6 (2025-12-07)
Fixed: MCP auto-registration for VS Code 1.101+
1.0.5 (2025-12-07)
Published to NuGet and MCP Registry
1.0.0 (2025-12-06)
Initial release with 9 MCP tools
๐ License
MIT License - Burak Kalafat
GitHub โข VS Code Marketplace โข NuGet
โญ Star if useful!
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/bkalafat/DiffPilot'
If you have feedback or need assistance with the MCP directory API, please join our Discord server