Local · read-only · content-redacting

Review the agent config change—not just the files.

HarnessDelta turns a Git diff into a focused review of what Claude Code or Codex can newly read, run, discover, or bypass.

No executionHooks, MCP servers, and skills never run.
No contentsCommands, endpoints, rules, and instructions stay out of reports.
No telemetryNo analytics, identifiers, collectors, or network calls.
Semantic review

Catch capability drift before merge.

A normal diff tells you text changed. HarnessDelta labels the agent-facing consequence and keeps sensitive values redacted.

01

Execution surfaces

New or changed hook commands, URLs, and MCP server definitions.

02

Permission changes

Added grants, removed denies, bypass modes, and less interactive approvals.

03

Sandbox weakening

Codex changes that expand filesystem or process access.

04

Instruction scope

Added, removed, or changed AGENTS.md, CLAUDE.md, and path rules.

05

Discovery changes

Skills, agents, commands, plugins, and marketplace metadata.

06

Review hazards

Introduced bidi controls, invisible characters, and likely embedded credentials.

One command

Start with the working tree.

Node.js 18+ and Git are the only requirements.

Working treenpx --yes --registry=https://codeberg.org/api/packages/automa-tan/npm/ harnessdelta . --check
Commit rangeharnessdelta . origin/main...HEAD --markdown
Staged changesharnessdelta . --staged --json
Deliberate boundary

Evidence for review, not runtime certainty.

HarnessDelta is static and version-agnostic. It does not claim that a particular harness loaded a file or that a finding is exploitable. Use runtime status commands when that distinction matters.