Documentation

Commands, change classification, risk scoring, and supported languages.

Commands

All commands support --format json and --format markdown for machine-readable output.

inspect diff <ref>Review entity-level changes for a commit or range

--context Show dependency details for each entity

--min-risk <level> Filter by minimum risk (low, medium, high, critical)

--format <fmt> terminal (default), json, or markdown

inspect pr <number>Review all changes in a GitHub pull request

inspect file <path>Review uncommitted changes in a specific file

inspect bench --repo <path>Benchmark entity-level review across a repo's commit history

Change classification

Based on ConGra (arXiv:2409.14121). Every change is classified along three dimensions: text, syntax, and functional.

Classification	What changed	Review needed?
Text	Comments, whitespace, docs only	usually skip
Syntax	Signatures, types, declarations (no logic)	check API surface
Functional	Logic or behavior	careful review
Mixed	Combinations of the above	careful review

Risk scoring

Graph-centric. Dependents and blast radius are the primary discriminators. Entities at the center of the dependency graph score highest. Cosmetic-only changes get an 80% discount.

Dependent count (primary)

How many other entities call or reference this one. Logarithmic scale. An entity with 10 dependents scores significantly higher than one with 0.

Blast radius (primary)

Transitive impact via BFS through the dependency graph. Normalized by repo size, sqrt-scaled.

Classification

Functional changes score higher than syntax changes, which score higher than text-only changes.

Public API

Exported functions, pub methods, capitalized Go/Java names. Changes to public surface area are riskier.

Change type

Deletions and modifications score higher than additions. Cosmetic changes (structural hash unchanged) get an 80% discount.

Risk levels: Critical (>= 0.7) · High (>= 0.5) · Medium (>= 0.3) · Low (< 0.3)

13 languages

Entity extraction powered by sem-core and tree-sitter. All parsers compiled into the binary.

Language	Extensions	Entities
Rust	.rs	functions, structs, enums, impls, traits
TypeScript	.ts .tsx	functions, classes, interfaces, types, enums
JavaScript	.js .jsx .mjs .cjs	functions, classes, variables
Python	.py	functions, classes, decorators
Go	.go	functions, methods, types
Java	.java	classes, methods, interfaces, enums, fields
C	.c .h	functions, structs, enums, unions, typedefs
C++	.cpp .cc .cxx .hpp	functions, classes, structs, enums, namespaces
Ruby	.rb	methods, classes, modules
C#	.cs	methods, classes, interfaces, enums, structs
PHP	.php	functions, classes, methods, interfaces, traits, enums
Fortran	.f90 .f95 .f03 .f08	functions, subroutines, modules, programs

HTTP API

REST API for integrating inspect into CI pipelines, bots, and custom workflows. Submit a PR, get back findings. Uses the deep_v2 strategy: two-temperature LLM review with diff-aware validation.

POST /api/reviewSubmit a PR for review. Returns findings.

$ curl -X POST https://inspect-review.vercel.app/api/review \
    -H "Content-Type: application/json" \
    -d '{"repo":"owner/repo","pr_number":123}'

// Response
{
  "pr": { "number": 123, "title": "Fix auth bypass", ... },
  "findings": [
    {
      "issue": "Missing origin validation in CORS handler",
      "evidence": "if (origin.indexOf('example.com') !== -1)",
      "severity": "critical",
      "file": "src/middleware/cors.ts"
    }
  ],
  "summary": { "total_findings": 3, "files_analyzed": 12 },
  "timing": { "triage_ms": 1200, "review_ms": 18000, "total_ms": 19200 }
}

POST /api/triageFile-level triage only. No LLM call. Returns in 1-3s.

$ curl -X POST https://inspect-review.vercel.app/api/triage \
    -H "Content-Type: application/json" \
    -d '{"repo":"owner/repo","pr_number":123}'

// Response
{
  "pr": { "number": 123, "title": "Fix auth bypass" },
  "files_analyzed": 8,
  "files": [
    { "file": "src/auth.ts", "additions": 45, "deletions": 12 }
  ],
  "timing_ms": 1400
}

GET /api/healthHealth check

$ curl https://inspect-review.vercel.app/api/health
{"status": "ok"}

MCP server

inspect ships an MCP server so any coding agent (Claude Code, Cursor, etc.) can use entity-level review as a tool. Build with cargo build -p inspect-mcp.

Tool	Purpose
`inspect_triage`	Primary entry point. Full analysis sorted by risk with verdict.
`inspect_entity`	Drill into one entity: before/after content, dependents, dependencies.
`inspect_group`	Get all entities in a logical change group.
`inspect_file`	Scope review to a single file.
`inspect_stats`	Lightweight summary: stats, verdict, timing. No entity details.
`inspect_risk_map`	File-level risk heatmap with per-file aggregate scores.

Review verdict

Returned by inspect_triage and inspect_stats. A quick signal for agents and humans.

Verdict	Meaning
likely_approvable	All changes are cosmetic (comments, whitespace, formatting)
standard_review	Normal changes, no high-risk entities
requires_review	High-risk entities present
requires_careful_review	Critical-risk entities present

Installation

Rust toolchain required. Single binary, no runtime dependencies.

From source

$ cargo install --git https://github.com/Ataraxy-Labs/inspect inspect-cli

Build from repo

$ git clone https://github.com/Ataraxy-Labs/inspect
$ cd inspect && cargo build --release
$ ./target/release/inspect diff HEAD~1