Makes your coding agent a disciplined, precision-first reviewer — open source, 100% local.
Splus turns Claude Code · Codex · OpenCode into a reviewer that only looks at new lines, reasons from grounded facts (secrets, security sinks, cross-file blast radius) instead of vibes, runs a real review protocol (detect → impact → triage → remediate → verify), and learns what your team waves off and what it cares about. A deterministic Rust engine supplies the grounding; your agent does the reviewing. No account, no token, nothing leaves your machine.
curl -fsSL https://splus.sh/install.sh | shThis downloads the engine + a local MCP server into ~/.splus and wires it into every coding
agent it finds (Claude Code, Codex, OpenCode). Then, in your agent:
"review my staged changes with splus"
Requirements: git and node ≥ 20. Update anytime with:
splus updateUpdates preserve existing agent wiring and use compact output. Re-run the install
one-liner if upgrading from a release that predates the splus update command.
Wire an agent manually
# Claude Code
claude mcp add --scope user splus -- ~/.splus/bin/splus-mcp# Codex — ~/.codex/config.toml
[mcp_servers.splus]
command = "~/.splus/bin/splus-mcp"// OpenCode — ~/.config/opencode/opencode.json
{ "mcp": { "splus": { "type": "local", "command": ["~/.splus/bin/splus-mcp"], "enabled": true } } }Every AI reviewer races on catch-rate, and the market is begging for the opposite. Independent measurement (the Martian Code Review Bench — real PRs scored by whether the developer actually fixed the flagged line) puts well-known tools around 26–56% precision — most of their comments get ignored. Noise — not missed bugs — is the #1 reason teams turn these tools off.
Splus doesn't try to be a smarter model than the one you already run. It makes your agent a disciplined reviewer:
- Grounded, not guessing — a deterministic Rust engine surfaces high-precision facts (secrets, injection / deserialization / TLS sinks, cross-file blast radius) the agent reasons from.
- Diff-scoped — only newly-added lines are ever flagged (clean-as-you-code).
- A protocol, not one prompt — detect → impact → triage → remediate → verify, where a skeptical pass refutes plausible-but-wrong comments before they're ever posted.
- Quiet by default — zero config, and every kept finding earned it; complexity is scored as a delta, so unchanged code never generates noise.
- Dynamically grounded — reads the artifacts your test runs already produce (lcov / Cobertura / Istanbul / Go coverage, Stryker / cargo-mutants mutation reports): untested added lines and surviving mutants become deterministic floor findings, staleness-guarded so a stale report can never produce a false claim. Git history adds fix-churn and missing co-change signals.
- Checked, not trusted — the
reportstep runs a deterministic protocol audit over the session's actual tool calls: changed exports that were neverinspected and floor findings with no explicit fate are called out before the deliverable renders. - Learns both ways — per-repo memory suppresses the noise you
dismissand reinforces the findings youaccept, so the review fits your team over time; aged dismissals resurface once for re-validation, so a stale wave-off can't hide a new bug forever.
Nothing leaves your machine — there's no cloud step and no API key. The coding agent already in your editor is the reviewer.
Your agent connects to the local server and calls these:
| Tool | What it does |
|---|---|
review |
Read SPLUS.md, return the deterministic floor + a directive, drive the review. |
inspect |
The engine on tap: definition · callers · blast_radius · complexity · exports · imports — investigate on demand. |
floor |
Re-ground on the deterministic finding floor for a scope (no directive). |
preferences |
Show the merged SPLUS.md contract (repo + ~/.splus). |
recall |
Surface past confirmed findings / conventions relevant to a hunk. |
note |
Remember a repo convention you discovered (→ recall). |
dismiss |
Teach Splus a finding is noise — it generalizes to close variants. |
accept |
Teach Splus a finding was real — reinforces, and becomes recallable. |
mute |
Mute an entire rule for this repo. |
learnings |
List what's been learned on this repo. |
report |
Deterministic protocol audit (uninspected exports, unaccounted floor findings), then the offline HTML report. |
index |
Build a SCIP index locally for the precise (compiler-grade) blast-radius tier. |
Agent-led, one flow: review injects the repo's SPLUS.md contract and returns the grounded
deterministic floor; you drive the review — pull signal on demand with inspect, verify before
posting, then report and teach. No API key, ever — the model already in your editor does the
reasoning. Learnings stay per-repo in .splus-cache/ (suppressions in learnings.json, memory in
memory.json) — they never leave your checkout.
Drop a SPLUS.md at the repo root (layered over your personal ~/.splus/SPLUS.md). Splus reads it
first on every review: prose preferences/nits guide the reviewer, and binding mute: <ruleId> /
skip: <glob> lines drop matching findings (and say so — never silently). The prefs skill scaffolds one.
The skills/ bundle IS the review protocol: review (fans out fresh, unbiased sub-agents per
unit — finder ≠ verifier — and degrades to a sequential pass where sub-agents aren't available) and
prefs (author SPLUS.md). The installer puts them directly into every agent it finds — Claude Code
(~/.claude/skills/splus-review, splus-prefs), Codex (/splus-review, /splus-prefs prompts),
OpenCode (/splus-review, /splus-prefs commands) — with the canonical copy at ~/.splus/skills,
refreshed on every splus update. The protocol is loaded explicitly, never inferred from tool
descriptions.
Full reference: docs/TOOLS.md — every tool, parameter, and return shape.
The installer also puts the deterministic engine, splus-engine, on your PATH — no
account, no token, runs in milliseconds. Use it as a non-blocking gate or in a hook:
splus-engine review --staged --format pretty # pretty, deterministic, $0
splus-engine review --staged --format json # JSON for an agent / tooling
splus-engine review --base origin/main --format sarif # PR-style → GitHub code scanning
splus-engine review --staged --fail-on high # exit non-zero at/above a severityThe engine emits only grounded, diff-scoped findings. The actual reviewing — the protocol
(triage → discover → verify) and the learned memory (dismiss / accept / mute) — lives in the
agent flow over MCP, where the agent in the chair is the reviewer.
| Stage | Does | Saves inference by |
|---|---|---|
| 0 Guard | size/generated/vendored circuit breakers | bounding cost on huge/monorepo diffs |
| 1 Diff | git clean-as-you-code added-line set |
never touching legacy/unchanged code |
| 2 Collectors | secrets (regex+entropy) · native security sinks (injection/deser/shell/TLS) · diff heuristics · test adequacy (coverage + mutation reports already on disk, staleness-guarded) · git history (fix-churn, missing co-change partner) · optional external SARIF (Semgrep/ast-grep/gitleaks/OSV, offline) | high-confidence findings with no LLM |
| 3 Blast radius | cross-file caller graph for changed exports — precise (SCIP, compiler-grade) where an index.scip exists, name+import heuristic otherwise |
structured impact facts, not guesses |
| 4 Metrics | cognitive-complexity delta base→head — delta-only, so unchanged code stays silent (--no-metrics to disable) |
maintainability signal with zero config |
| 5 Memory | per-repo learned filter — suppress what you dismiss (exact · rule · semantic) · reinforce what you accept · aged dismissals resurface once for re-validation (semantic 90d, exact 180d; mutes never decay) |
dropping known noise + ranking known signal |
Every finding carries an anchor (secret / metric / graph-edge / sarif /
heuristic) and a stable fingerprint. Cross-file claims always show an explicit resolution
confidence — Splus never presents a name+import heuristic as compiler-grade truth.
Deep analysis (tree-sitter symbols + cognitive-complexity + per-language security heuristics) covers the top 15 languages:
TypeScript · JavaScript (+ TSX/JSX) · Python · Java · C# · C++ · C · Go · Rust · PHP · Ruby · Kotlin · Swift · Scala · Shell/Bash
Blast radius is precise (SCIP, compiler-grade) for any of these when an index.scip exists;
for the JS/TS family it also falls back to a name+import heuristic graph. Anything outside the 15
still degrades gracefully — secrets + the universal heuristics (merge markers, TODOs, disabled
TLS) always apply.
100% local. No account, no token, no API key, no telemetry, no phone-home. The engine runs on your checkout; diffs are never uploaded. The reasoning is done by the coding agent already in your editor — Splus itself makes no network calls.
cargo build --release # the engine → target/release/splus-engine
cargo test # engine tests
pnpm install && pnpm -r build
pnpm build:release # bundle the MCP server → dist-release/mcp.cjsRun the engine directly if you like:
target/release/splus-engine review --staged --format pretty
target/release/splus-engine review --base main --format sarif # GitHub code scanningCutting a release: tag v* and push — .github/workflows/release.yml cross-compiles the
engine for macOS/Linux, bundles the MCP server, and publishes a GitHub Release that install.sh
pulls from. See CONTRIBUTING.md.
- docs/ARCHITECTURE.md — how the engine + review protocol work (with diagrams).
- docs/TOOLS.md — the MCP tools your agent calls (every param + return).
- CONTRIBUTING.md — build, test, and the release process.
- AGENTS.md — working on this repo with a coding agent (build, verify, conventions).
crates/splus-engine/ # the deterministic engine (Rust) — the source of truth
packages/
shared/ # canonical Finding model (TS, mirrors Rust) + engine runner
suppression/ # per-repo memory — suppress (dismiss) + reinforce (accept)
mcp/ # the local MCP server your agent talks to — the one and only way to use Splus
skills/ # the review protocol as skills — installed into your agents by install.sh
docs/ # ARCHITECTURE.md · TOOLS.md
AGENTS.md # instructions for coding agents working ON this repo (CLAUDE.md imports it)
install.sh # the one-line installer
The marketing site (splus.sh) lives in its own repo: kiwi-init/splus-lp.
MIT.