The problem

AI coding tools are now mainstream. Your team generates more code than ever. But every line that ships is your responsibility - not the AI's.

The bottleneck shifted. Writing code is no longer the hard part. Knowing whether the code is correct is.

When the author didn't write the code, there's no mental model. You're reverse-engineering intent from a diff, under pressure, with no context about why the agent made the choices it did. Tests pass, but tests don't encode architectural intent. Guards get removed. Boundaries get crossed. The code works today and breaks in ways nobody can explain next month.

Meanwhile, your auditor asks: "how do you verify AI-generated code?" Most teams don't have an answer.

What vdiff does

vdiff is a verification layer for AI-generated code. It analyzes git diffs and produces structured reports that tell your team where to look and what to question before merging.

Separates facts from inferences from unknowns. Every analysis clearly distinguishes what objectively changed, what might be risky (with confidence levels and evidence), and what can't be verified from the diff alone. Your team decides what to trust, not the tool.

Evidence-based findings. Every finding includes evidence from the actual diff, an explicit confidence level, and severity classification. No opaque "AI says it's fine." You see the reasoning and judge for yourselves.

Codebase-aware. vdiff understands your dependency structure. It knows when a 3-line change touches dozens of downstream files, so you don't find out in production.

Review memory. vdiff tracks findings across reviews. You see what resolved, what reopened, and what's new since your last run. Duplicates aren't re-flagged. Dismissed findings stay dismissed.

Risk-proportional. Not every change needs the same depth of review. vdiff gives a verdict (ready, caution, or not ready) so your team can spend cognitive budget where it actually matters.

Who it's for

Platform engineering teams. Enforce review policies in CI. vdiff runs as a GitHub Action on every PR, posts structured findings, and exits non-zero on high-risk changes. No manual steps, no workflow disruption.

Security-conscious organizations. Code never leaves your infrastructure. BYOK means your API keys, your models, your data. No vendor indexing, no remote memory, no code on third-party servers.

Teams scaling AI adoption. Your team uses multiple AI coding tools. Code ships faster than review can follow. vdiff provides governance: structured risk evidence, spec alignment verification, and an audit trail that answers "how do you verify AI-generated code?"

Privacy

No code, file paths, or personal information is collected. LLM calls use your own API key directly to the provider. All data stays on your machines. vdiff runs entirely locally.