Summary
Add a --git-diff mode to the CLI that validates only the changed lines in a git diff, making it perfect for pre-commit hooks and CI pipelines.
Usage
# Validate only staged changes
aitrust validate --git-diff staged
# Validate only uncommitted changes
aitrust validate --git-diff working
# Validate changes in a PR (compared to main)
aitrust validate --git-diff main
# Validate specific commit range
aitrust validate --git-diff HEAD~5..HEAD
Implementation
- Parse git diff output to get changed files and line ranges
- Run validation only on changed files
- Filter issues to only report those on changed lines
- Show context (3 lines above/below) for each issue
- Add exit code 1 if any critical issues found on changed lines
Example Output
🔍 Validating git diff (staged) — 3 files changed
📄 src/auth.py
L24 [CRITICAL] SQL injection via f-string
cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")
Only validates changed lines → reduces noise
📄 src/api.py
L45 [HIGH] Hardcoded API key detected
api_key = "sk-abc123..."
📊 2 issues found in diff — trust score: 45/100
Acceptance Criteria
Difficulty
Intermediate — requires git diff parsing but the validation engine already exists.
Summary
Add a
--git-diffmode to the CLI that validates only the changed lines in a git diff, making it perfect for pre-commit hooks and CI pipelines.Usage
Implementation
Example Output
Acceptance Criteria
--git-diff staged|working|<ref>worksDifficulty
Intermediate — requires git diff parsing but the validation engine already exists.