Skip to content

ojowwalker77/splus

Repository files navigation

Splus

Makes your coding agent a disciplined, precision-first reviewer — open source, 100% local.

Splus turns Claude Code · Codex · OpenCode into a reviewer that only looks at new lines, reasons from grounded facts (secrets, security sinks, cross-file blast radius) instead of vibes, runs a real review protocol (detect → impact → triage → remediate → verify), and learns what your team waves off and what it cares about. A deterministic Rust engine supplies the grounding; your agent does the reviewing. No account, no token, nothing leaves your machine.

CI


Install

curl -fsSL https://splus.sh/install.sh | sh

This downloads the engine + a local MCP server into ~/.splus and wires it into every coding agent it finds (Claude Code, Codex, OpenCode). Then, in your agent:

"review my staged changes with splus"

Requirements: git and node ≥ 20. Update anytime with:

splus update

Updates preserve existing agent wiring and use compact output. Re-run the install one-liner if upgrading from a release that predates the splus update command.

Wire an agent manually
# Claude Code
claude mcp add --scope user splus -- ~/.splus/bin/splus-mcp
# Codex — ~/.codex/config.toml
[mcp_servers.splus]
command = "~/.splus/bin/splus-mcp"
// OpenCode — ~/.config/opencode/opencode.json
{ "mcp": { "splus": { "type": "local", "command": ["~/.splus/bin/splus-mcp"], "enabled": true } } }

Why

Every AI reviewer races on catch-rate, and the market is begging for the opposite. Independent measurement (the Martian Code Review Bench — real PRs scored by whether the developer actually fixed the flagged line) puts well-known tools around 26–56% precision — most of their comments get ignored. Noise — not missed bugs — is the #1 reason teams turn these tools off.

Splus doesn't try to be a smarter model than the one you already run. It makes your agent a disciplined reviewer:

  • Grounded, not guessing — a deterministic Rust engine surfaces high-precision facts (secrets, injection / deserialization / TLS sinks, cross-file blast radius) the agent reasons from.
  • Diff-scoped — only newly-added lines are ever flagged (clean-as-you-code).
  • A protocol, not one prompt — detect → impact → triage → remediate → verify, where a skeptical pass refutes plausible-but-wrong comments before they're ever posted.
  • Quiet by default — zero config, and every kept finding earned it; complexity is scored as a delta, so unchanged code never generates noise.
  • Dynamically grounded — reads the artifacts your test runs already produce (lcov / Cobertura / Istanbul / Go coverage, Stryker / cargo-mutants mutation reports): untested added lines and surviving mutants become deterministic floor findings, staleness-guarded so a stale report can never produce a false claim. Git history adds fix-churn and missing co-change signals.
  • Checked, not trusted — the report step runs a deterministic protocol audit over the session's actual tool calls: changed exports that were never inspected and floor findings with no explicit fate are called out before the deliverable renders.
  • Learns both ways — per-repo memory suppresses the noise you dismiss and reinforces the findings you accept, so the review fits your team over time; aged dismissals resurface once for re-validation, so a stale wave-off can't hide a new bug forever.

Nothing leaves your machine — there's no cloud step and no API key. The coding agent already in your editor is the reviewer.

The MCP tools

Your agent connects to the local server and calls these:

Tool What it does
review Read SPLUS.md, return the deterministic floor + a directive, drive the review.
inspect The engine on tap: definition · callers · blast_radius · complexity · exports · imports — investigate on demand.
floor Re-ground on the deterministic finding floor for a scope (no directive).
preferences Show the merged SPLUS.md contract (repo + ~/.splus).
recall Surface past confirmed findings / conventions relevant to a hunk.
note Remember a repo convention you discovered (→ recall).
dismiss Teach Splus a finding is noise — it generalizes to close variants.
accept Teach Splus a finding was real — reinforces, and becomes recallable.
mute Mute an entire rule for this repo.
learnings List what's been learned on this repo.
report Deterministic protocol audit (uninspected exports, unaccounted floor findings), then the offline HTML report.
index Build a SCIP index locally for the precise (compiler-grade) blast-radius tier.

Agent-led, one flow: review injects the repo's SPLUS.md contract and returns the grounded deterministic floor; you drive the review — pull signal on demand with inspect, verify before posting, then report and teach. No API key, ever — the model already in your editor does the reasoning. Learnings stay per-repo in .splus-cache/ (suppressions in learnings.json, memory in memory.json) — they never leave your checkout.

SPLUS.md — the repo's review contract

Drop a SPLUS.md at the repo root (layered over your personal ~/.splus/SPLUS.md). Splus reads it first on every review: prose preferences/nits guide the reviewer, and binding mute: <ruleId> / skip: <glob> lines drop matching findings (and say so — never silently). The prefs skill scaffolds one.

Skills

The skills/ bundle IS the review protocol: review (fans out fresh, unbiased sub-agents per unit — finder ≠ verifier — and degrades to a sequential pass where sub-agents aren't available) and prefs (author SPLUS.md). The installer puts them directly into every agent it finds — Claude Code (~/.claude/skills/splus-review, splus-prefs), Codex (/splus-review, /splus-prefs prompts), OpenCode (/splus-review, /splus-prefs commands) — with the canonical copy at ~/.splus/skills, refreshed on every splus update. The protocol is loaded explicitly, never inferred from tool descriptions.

Full reference: docs/TOOLS.md — every tool, parameter, and return shape.

In CI / pre-commit

The installer also puts the deterministic engine, splus-engine, on your PATH — no account, no token, runs in milliseconds. Use it as a non-blocking gate or in a hook:

splus-engine review --staged --format pretty             # pretty, deterministic, $0
splus-engine review --staged --format json               # JSON for an agent / tooling
splus-engine review --base origin/main --format sarif    # PR-style → GitHub code scanning
splus-engine review --staged --fail-on high              # exit non-zero at/above a severity

The engine emits only grounded, diff-scoped findings. The actual reviewing — the protocol (triage → discover → verify) and the learned memory (dismiss / accept / mute) — lives in the agent flow over MCP, where the agent in the chair is the reviewer.

How it works — the deterministic pipeline (zero inference)

Stage Does Saves inference by
0 Guard size/generated/vendored circuit breakers bounding cost on huge/monorepo diffs
1 Diff git clean-as-you-code added-line set never touching legacy/unchanged code
2 Collectors secrets (regex+entropy) · native security sinks (injection/deser/shell/TLS) · diff heuristics · test adequacy (coverage + mutation reports already on disk, staleness-guarded) · git history (fix-churn, missing co-change partner) · optional external SARIF (Semgrep/ast-grep/gitleaks/OSV, offline) high-confidence findings with no LLM
3 Blast radius cross-file caller graph for changed exports — precise (SCIP, compiler-grade) where an index.scip exists, name+import heuristic otherwise structured impact facts, not guesses
4 Metrics cognitive-complexity delta base→head — delta-only, so unchanged code stays silent (--no-metrics to disable) maintainability signal with zero config
5 Memory per-repo learned filter — suppress what you dismiss (exact · rule · semantic) · reinforce what you accept · aged dismissals resurface once for re-validation (semantic 90d, exact 180d; mutes never decay) dropping known noise + ranking known signal

Every finding carries an anchor (secret / metric / graph-edge / sarif / heuristic) and a stable fingerprint. Cross-file claims always show an explicit resolution confidence — Splus never presents a name+import heuristic as compiler-grade truth.

Language support

Deep analysis (tree-sitter symbols + cognitive-complexity + per-language security heuristics) covers the top 15 languages:

TypeScript · JavaScript (+ TSX/JSX) · Python · Java · C# · C++ · C · Go · Rust · PHP · Ruby · Kotlin · Swift · Scala · Shell/Bash

Blast radius is precise (SCIP, compiler-grade) for any of these when an index.scip exists; for the JS/TS family it also falls back to a name+import heuristic graph. Anything outside the 15 still degrades gracefully — secrets + the universal heuristics (merge markers, TODOs, disabled TLS) always apply.

Privacy

100% local. No account, no token, no API key, no telemetry, no phone-home. The engine runs on your checkout; diffs are never uploaded. The reasoning is done by the coding agent already in your editor — Splus itself makes no network calls.

Build from source

cargo build --release        # the engine → target/release/splus-engine
cargo test                   # engine tests
pnpm install && pnpm -r build
pnpm build:release           # bundle the MCP server → dist-release/mcp.cjs

Run the engine directly if you like:

target/release/splus-engine review --staged --format pretty
target/release/splus-engine review --base main --format sarif   # GitHub code scanning

Cutting a release: tag v* and push — .github/workflows/release.yml cross-compiles the engine for macOS/Linux, bundles the MCP server, and publishes a GitHub Release that install.sh pulls from. See CONTRIBUTING.md.

Docs

  • docs/ARCHITECTURE.md — how the engine + review protocol work (with diagrams).
  • docs/TOOLS.md — the MCP tools your agent calls (every param + return).
  • CONTRIBUTING.md — build, test, and the release process.
  • AGENTS.md — working on this repo with a coding agent (build, verify, conventions).

Repo layout

crates/splus-engine/   # the deterministic engine (Rust) — the source of truth
packages/
  shared/              # canonical Finding model (TS, mirrors Rust) + engine runner
  suppression/         # per-repo memory — suppress (dismiss) + reinforce (accept)
  mcp/                 # the local MCP server your agent talks to — the one and only way to use Splus
skills/                # the review protocol as skills — installed into your agents by install.sh
docs/                  # ARCHITECTURE.md · TOOLS.md
AGENTS.md              # instructions for coding agents working ON this repo (CLAUDE.md imports it)
install.sh             # the one-line installer

The marketing site (splus.sh) lives in its own repo: kiwi-init/splus-lp.

License

MIT.

About

Makes your coding agent a disciplined, precision-first reviewer — open source, 100% local.

Resources

License

Contributing

Stars

Watchers

Forks

Contributors