Documentation

Commands, change classification, risk scoring, and supported languages.

Commands

All commands support --format json and --format markdown for machine-readable output.

inspect diff <ref>Review entity-level changes for a commit or range

--context Show dependency details for each entity

--min-risk <level> Filter by minimum risk (low, medium, high, critical)

--format <fmt> terminal (default), json, or markdown

inspect pr <number>Review all changes in a GitHub pull request

inspect file <path>Review uncommitted changes in a specific file

inspect bench --repo <path>Benchmark entity-level review across a repo's commit history

inspect review <ref>Triage + LLM review. Triages entities by risk, sends the highest-risk ones to an LLM.

--provider <name> anthropic, openai, or ollama. Auto-inferred from --api-base if omitted.

--model <model> Model name (e.g. claude-sonnet-4-5-20250929, gpt-4o, llama3)

--api-base <url> Custom endpoint URL. Automatically uses the OpenAI-compatible client.

--api-key <key> API key (overrides env var)

--min-risk <level> Minimum risk to review (default: high)

--max-entities <n> Cap on entities sent to LLM (default: 10)

LLM providers

inspect review works with Anthropic, OpenAI, and any OpenAI-compatible server. Use a local LLM for air-gapped or regulated environments.

Anthropic (default)Uses ANTHROPIC_API_KEY from env

$ export ANTHROPIC_API_KEY=sk-ant-...
$ inspect review HEAD~1

OpenAIUses OPENAI_API_KEY from env

$ export OPENAI_API_KEY=sk-...
$ inspect review HEAD~1 --provider openai --model gpt-4o

Ollama (local)No API key needed. Runs against localhost.

# Start Ollama, then:
$ inspect review HEAD~1 --provider ollama --model llama3

Any OpenAI-compatible servervLLM, LM Studio, llama.cpp, etc.

$ inspect review HEAD~1 \
    --api-base http://localhost:8000/v1 \
    --model my-model

Provider	API key env var	Default base URL
`anthropic`	ANTHROPIC_API_KEY	api.anthropic.com
`openai`	OPENAI_API_KEY	api.openai.com/v1
`ollama`	none	localhost:11434/v1

Change classification

Based on ConGra (arXiv:2409.14121). Every change is classified along three dimensions: text, syntax, and functional.

Classification	What changed	Review needed?
Text	Comments, whitespace, docs only	usually skip
Syntax	Signatures, types, declarations (no logic)	check API surface
Functional	Logic or behavior	careful review
Mixed	Combinations of the above	careful review

Risk scoring

Graph-centric. Dependents and blast radius are the primary discriminators. Entities at the center of the dependency graph score highest. Cosmetic-only changes get an 80% discount.

Dependent count (primary)

How many other entities call or reference this one. Logarithmic scale. An entity with 10 dependents scores significantly higher than one with 0.

Blast radius (primary)

Transitive impact via BFS through the dependency graph. Normalized by repo size, sqrt-scaled.

Classification

Functional changes score higher than syntax changes, which score higher than text-only changes.

Public API

Exported functions, pub methods, capitalized Go/Java names. Changes to public surface area are riskier.

Change type

Deletions and modifications score higher than additions. Cosmetic changes (structural hash unchanged) get an 80% discount.

Risk levels: Critical (>= 0.7) · High (>= 0.5) · Medium (>= 0.3) · Low (< 0.3)

13 languages

Entity extraction powered by sem-core and tree-sitter. All parsers compiled into the binary.

Language	Extensions	Entities
Rust	.rs	functions, structs, enums, impls, traits
TypeScript	.ts .tsx	functions, classes, interfaces, types, enums
JavaScript	.js .jsx .mjs .cjs	functions, classes, variables
Python	.py	functions, classes, decorators
Go	.go	functions, methods, types
Java	.java	classes, methods, interfaces, enums, fields
C	.c .h	functions, structs, enums, unions, typedefs
C++	.cpp .cc .cxx .hpp	functions, classes, structs, enums, namespaces
Ruby	.rb	methods, classes, modules
C#	.cs	methods, classes, interfaces, enums, structs
PHP	.php	functions, classes, methods, interfaces, traits, enums
Fortran	.f90 .f95 .f03 .f08	functions, subroutines, modules, programs

HTTP API

The CLI and MCP server run entirely locally with no network calls. The HTTP API is optional, for teams that want hosted review without managing LLM infrastructure. You can also self-host the API binary with your own OpenAI key.

REST API for integrating inspect into CI pipelines, bots, and custom workflows. Submit a PR, get back findings. Uses 9 specialized review lenses with entity-level triage and diff-aware validation.

AuthenticationAll API endpoints require a Bearer token

1. Create an account 2. Go to Dashboard > Keys 3. Create an API key 4. Pass it as Authorization: Bearer <key>

POST /api/reviewSubmit a PR for review. Returns findings.

$ curl -X POST https://inspect.ataraxy-labs.com/api/review \
    -H "Authorization: Bearer insp_your_key_here" \
    -H "Content-Type: application/json" \
    -d '{"repo":"owner/repo","pr_number":123}'

// Response
{
  "pr": { "number": 123, "title": "Fix auth bypass", ... },
  "findings": [
    {
      "issue": "Missing origin validation in CORS handler",
      "evidence": "if (origin.indexOf('example.com') !== -1)",
      "severity": "critical",
      "file": "src/middleware/cors.ts"
    }
  ],
  "usage": { "input_tokens": 85000, "output_tokens": 2400 },
  "timing": { "triage_ms": 1200, "review_ms": 18000, "total_ms": 19200 }
}

POST /api/triageEntity-level triage only. No LLM call. Returns in 1-3s.

$ curl -X POST https://inspect.ataraxy-labs.com/api/triage \
    -H "Authorization: Bearer insp_your_key_here" \
    -H "Content-Type: application/json" \
    -d '{"repo":"owner/repo","pr_number":123}'

// Response
{
  "pr": { "number": 123, "title": "Fix auth bypass" },
  "entities": [
    {
      "name": "validate_cors",
      "type": "function",
      "file": "src/middleware/cors.ts",
      "risk": "critical",
      "score": "0.85",
      "change_type": "modified"
    }
  ],
  "timing_ms": 1400
}

GET /api/healthHealth check (no auth required)

$ curl https://inspect.ataraxy-labs.com/api/health
{"status": "ok"}

Pricing: $0.20/M input tokens, $15.00/M output tokens. Track usage in the dashboard.

MCP server

inspect ships an MCP server so any coding agent (Claude Code, Cursor, etc.) can use entity-level review as a tool. Build with cargo build -p inspect-mcp.

Tool	Purpose
`inspect_triage`	Primary entry point. Full analysis sorted by risk with verdict.
`inspect_entity`	Drill into one entity: before/after content, dependents, dependencies.
`inspect_group`	Get all entities in a logical change group.
`inspect_file`	Scope review to a single file.
`inspect_stats`	Lightweight summary: stats, verdict, timing. No entity details.
`inspect_risk_map`	File-level risk heatmap with per-file aggregate scores.

Review verdict

Returned by inspect_triage and inspect_stats. A quick signal for agents and humans.

Verdict	Meaning
likely_approvable	All changes are cosmetic (comments, whitespace, formatting)
standard_review	Normal changes, no high-risk entities
requires_review	High-risk entities present
requires_careful_review	Critical-risk entities present

Installation

Rust toolchain required. Single binary, no runtime dependencies.

From source

$ cargo install --git https://github.com/Ataraxy-Labs/inspect inspect-cli

Build from repo

$ git clone https://github.com/Ataraxy-Labs/inspect
$ cd inspect && cargo build --release
$ ./target/release/inspect diff HEAD~1