DiffFox v0.1.4 — Commit Context + Smarter Resolution

DiffFox v0.1.4

What's New

Commit Message Context

Review agents now receive PR commit messages alongside the diff. This helps agents distinguish intentional changes (e.g., "restructure plugin to match discovery convention") from accidental regressions — reducing false positives on deliberate removals and restructuring.

LLM-Verified Comment Resolution

The resolver no longer uses heuristic matching to decide if old findings were fixed. Instead, it fetches the current code and asks the LLM to verify whether each issue was actually addressed. This prevents false "Addressed" replies caused by formatting-only changes or dedup filtering.

Bug Fixes

• Cap commit fetch at 50 — get_pr_commits() now makes a single API call with per_page=50 instead of unbounded paginated fetching
• Cap resolution checks at 20 — prevents unbounded LLM token cost on PRs with many old comments
• Exact bot reply matching — already-resolved check now matches the specific bot reply prefix (✅ **Addressed**) instead of bare substring, avoiding false skips if a user writes "Addressed" in their reply

Infrastructure

• Add .gitignore (excludes __pycache__/, build artifacts)

DiffFox v0.1.3 — Duplicate Reply Fix

DiffFox v0.1.3

Bug Fixes

• Prevent duplicate "Addressed" replies on re-review — When DiffFox re-reviews a PR, the resolver now checks for existing bot replies before posting. Previously, each re-review could post another "Addressed" comment on already-resolved threads.

Maintenance

• Bump actions/setup-python (Dependabot)

DiffFox v0.1.2 — CI/CD, Comment Resolution & Self-Review

DiffFox v0.1.2

What's New

Comment Resolution

DiffFox now resolves its own comments when issues are fixed. On re-review:

• Old findings no longer detected get a reply: "Addressed — this issue is no longer detected"
• If a developer replied in the thread, their feedback is acknowledged
• Matching uses both line location and title-based content matching to handle rebases

CI/CD Pipelines

• CI — Ruff lint + pytest on Python 3.12/3.13 for every PR
• Docker Build — Build + smoke test on Dockerfile/action/src changes
• Security — pip-audit + Trivy container scanning (weekly + on push)
• Release — Auto-updates v0 major tag when a release is published

Initial Test Suite

• 20 tests covering models, config parsing, and diff parsing
• Async test support with pytest-asyncio

Self-Reviewing

DiffFox successfully reviews its own PRs and catches real issues — including finding bugs in the comment resolution code it was reviewing.

Bug Fixes

• Fix TypeError crash when PR has review bodies with no line number
• Fix engineering_level validation error in semantic dedup (LLM returning invalid values)
• Fix model ID (claude-sonnet-4-6 not claude-sonnet-4-6-20250514)
• Fix Docker build context (Dockerfile at repo root)
• Fix GITHUB_TOKEN not passed to Docker container
• Fix action.yml at repo root for GitHub Actions discovery
• Ignore unfixed OS vulnerabilities in Trivy (glibc CVE with no fix available)

Infrastructure

• CODEOWNERS file (@mthooyavan)
• Dependabot with grouped updates (pip, GitHub Actions, Docker)
• Permissions hardened (contents: read) on all workflows
• Trivy pinned to @0.35.0 (was @master)
• actions/checkout upgraded to @v6
• Python base image bumped to 3.14-slim

Refactoring

• DiffFoxComment TypedDict for typed return contract
• resolve_addressed_comments moved to review/resolver.py (separation of concerns)
• Removed unused asyncio imports

Full Changelog

v0.1.0...v0.1.2

DiffFox v0.1.0 — AI Code Review with 6 Specialized Agents

DiffFox v0.1.0

AI-powered code review that analyzes changes from 6 engineering perspectives simultaneously.

What's Included

GitHub Action

Add DiffFox to any repo with 3 lines of YAML:

- uses: mthooyavan/diff-fox@v0.1.0
  with:
    anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}

Claude Code Plugin

Install locally for instant reviews without GitHub:

claude plugin add path/to/diff-fox/plugin
/review

6 Review Agents

Agent	Catches
Logic	Null handling, off-by-one, incorrect conditions, edge cases
Security	SQL injection, auth bypass, hardcoded secrets, XSS, SSRF
Architecture	DRY violations, broken API contracts, leaky abstractions
Performance	N+1 queries, O(n^2) algorithms, blocking I/O, resource leaks
Risk	Blast radius, breaking changes, unsafe migrations
COGS	Unbounded queries, LLM calls in loops, missing rate limits

Key Features

• 6 parallel agents with domain-specific exclusion rules and precedent rules to minimize false positives
• Deterministic context enrichment — symbol extraction (Python AST + regex), call graph analysis, impact detection
• Two-pass verification — second-opinion LLM filters false positives
• Semantic dedup — merges cross-agent and cross-file duplicates
• Configurable via .diff-fox/config.yml — enable/disable agents, per-agent file filtering, custom guidelines
• Jira integration (optional) — fetches ticket context and checks alignment
• Zero infrastructure — no database, no server, no webhooks. Just a Docker action.

Dependencies

anthropic, httpx, pyyaml, pydantic — that's it. No LangChain, no LangGraph, no FastAPI, no Temporal.