State-of-the-art AI code review.
Open source.

Top-tier review quality with full control. Self-host or use our cloud. Bring your own model. See every prompt.

Open source · Self-host or Cloud · Setup in 60 seconds

Openfeat: add user authentication middleware#142

d1ff-botreviewed just now

Summary

Adds JWT-based authentication middleware with role-based access control. The implementation handles token validation, refresh logic, and attaches user context to requests. Generally well-structured, but found a potential security issue in token verification.

src/middleware/auth.ts:47bug

jwt.verify(token, secret) doesn't specify the algorithm, allowing algorithm confusion attacks. Use jwt.verify(token, secret, { algorithms: ['HS256'] }) to enforce the expected algorithm.

reviewed by d1ff·model: claude-sonnet-4.6·cost: $0.04·2 issues found

The Problem

AI review tools today are broken.

// Problem 1: Low quality

Generic comments, hallucinated bugs, noise you learn to ignore

→ d1ff: state-of-the-art review quality, smart model routing, verification pass

// Problem 2: No control

Closed-source, can't self-host, can't choose your model

→ d1ff: open source, self-host anywhere, bring any model from any provider

// Problem 3: Black box

Hidden prompts, opaque logic, no way to improve or audit

→ d1ff: every prompt in the repo, visible reasoning, community-driven quality

How it works

Three steps. Sixty seconds.

Get Started

Two clicks. Select repos. Done.

→ 2 clicks

Add your API key

Paste your key from any provider into the dashboard.

→ paste in dashboard

Open a PR

d1ff reviews automatically. Results in 60 seconds.

→ review in 60 seconds

Why d1ff

Best-in-class quality. Total ownership.

State-of-the-Art Quality

Smart model routing — right model for every PR
Verification pass to eliminate hallucinations and noise
New model released yesterday? Review through it today
A/B test models on your real PRs

"More signal. Less noise."

Full Control & Self-Hosting

Self-host on your infrastructure — your data never leaves
BYOK: use your own API keys from any provider
No vendor lock-in, no per-seat pricing
Works with OpenAI, Anthropic, Google, DeepSeek, Mistral

"Your infra. Your keys. Your rules."

Open Source Transparency

Every prompt visible in the repo
Community-driven quality improvement
Enterprise audit-ready — passes compliance
Fork it, extend it, make it yours

"Trust through transparency."

Cost

Better reviews. Fraction of the cost.

Because you own the infra and bring your own keys, you pay only for tokens — not per-seat licenses. A side effect of full control.

Developers20

PRs / month200

CodeRabbit

$480/mo

20 seats × $24

d1ff

$6/mo

200 PRs × $0.03

You save 99%($5,688/year)

Actual costs depend on model choice and PR complexity. Based on average PR of ~500 lines using Claude Sonnet 4.6.

State-of-the-art AI review.
Running in 60 seconds.

Install the GitHub App or self-host. Add your API key. Open a PR.

Get Started View on GitHub

Open source · Self-host or Cloud · Free for open source

State-of-the-art AI code review.Open source.