depwire/depwire

What's new

This release adds a new CLI command — depwire diff — that compares the dependency graph between two git commits. Pure deterministic graph comparison. No LLM, no embeddings, no token cost.

New CLI command: depwire diff

Compare two git commits and see what changed structurally — not what git diff shows (line-by-line text changes), but what changed in the dependency graph: symbols added, removed, modified, edges created or broken, blast radius, health score delta, and security findings diff.

Usage

depwire diff <commit-a> <commit-b> [options]

Examples

# Compare two branches
depwire diff main feature/auth-refactor

# Compare against the last 5 commits
depwire diff HEAD~5 HEAD --verbose

# Compare two tagged releases, JSON output for scripting
depwire diff v1.5.0 v1.6.0 --json | jq

Flags

• --json — JSON output for scripting
• --verbose — show every changed symbol and edge by name
• --no-color — disable terminal colors
• --no-security — skip security diff (faster)
• --no-health — skip health score comparison (faster)
• --path <path> — limit diff to a specific subdirectory

Output

The command returns:

• Symbols — added, removed, modified (with file locations in verbose mode)
• Edges — added, removed
• Blast radius — files transitively affected by the structural changes
• Health score delta — before, after, and the change in grade
• Security findings diff — new findings introduced, existing findings fixed

Safety design

depwire diff checks out other commits in your working tree to analyze them. The command is designed to never leave your repo in a dirty state:

• Uncommitted changes are stashed before checkout and restored after
• The original branch/commit is always restored, even if errors occur
• Failures are caught with try/finally to guarantee cleanup
• No leftover stashes, no leftover branch switches

Tested explicitly to preserve uncommitted changes across both successful runs and forced error scenarios.

Architecture

Like verify-change, this command shares its core logic with a new module at src/core/diff.ts so the same logic can be exposed as an MCP tool in a future release.

Why this matters

Most developers and AI agents look at git diff to understand what a change did. Git diff shows lines. It does not show what depends on what. depwire diff answers a different question: what changed in the structural meaning of the code, what symbols moved, what dependencies broke or formed, what's the blast radius.

This is useful for:

• Code review (what did this PR actually change at the architecture level)
• Multi-agent coordination (what did agent A produce on this branch)
• CI integration (block merges with large blast radius or security regressions)
• Debugging (compare a working commit to a broken one structurally, not just textually)

CLI command count

12 total commands now: parse, query, viz, temporal, mcp, docs, health, dead-code, whatif, security, verify-change, diff.

Install

npm install -g [email protected]

Tested on

• Depwire's own repo (v1.5.0 → v1.6.0 comparison: 114 added, 66 removed, 47 modified symbols)
• honojs/hono (HEAD~10 → HEAD comparison: 352 files, repo state preserved)

Supported languages (16)

TypeScript · JavaScript · Python · Go · Rust · C · C# · Java · C++ · Kotlin · PHP · Swift · Mojo · Ruby · Dart · R