A 100% deterministic PR gate. It reads both sides of your pull request from source, names the exact frontend call site your backend change orphans — file and line — and attaches a repro that fails until it's fixed.
No LLM in the pipeline. No spec to keep honest. Same refs in, byte-identical verdict out — in CI, in review, in six months.
Free for public repos + one private repo · installs in one click · first verdict in ~1 min.
Agents don't write bad syntax — they break contracts. A route gets renamed. Call sites keep calling the old one. Unit tests pass. CI is green. Production 404s. Every existing check said this PR was fine.
An LLM reviewer says "this might break something." DACIP hands your reviewer a test that fails because it's broken — and passes the moment it's fixed. Nobody argues with a red test.
One class of bug, done exhaustively — not every class, done shallowly.
Diffs the contract graph between your PR's two refs — routes removed, methods changed, auth dropped, required fields added — each with every affected caller at file:line.
Flask, Flask-RESTX, Django/DRF (nested routers, re_path), Express, Next.js handlers — matched against real fetch/axios calls. No OpenAPI required; wrong specs can't lie to it.
A generated pytest file that fails iff the defect is real — auth walls skip rather than fail, assumptions listed. verify upgrades high → proven on reproduction.
Inside Claude Code, a resident gate judges each edit's contract impact before it hits disk — denying unauthorized breaks in under 500ms, naming the orphaned callers. A human override always wins.
One idempotent PR comment (edited in place — never a comment stack), a contract-gate check run, and SARIF into code scanning. Silent on clean PRs.
Dynamic paths, unresolved prefixes, unsupported frameworks: counted and labelled in every verdict. When DACIP can't see, it says so — it never pads the report with guesses.
Standalone, it's the deterministic gate on every pull request. Paired with Claude Code, it becomes the fact layer and enforcement loop your agent runs inside.
Push a PR; DACIP derives both sides from source and proves what broke.
The agent reasons; DACIP supplies facts and enforces them.
Hallucination and token burn share one root cause: the agent guessing about your codebase. DACIP removes the guessing — it hands the agent verified facts, and refuses the edits those facts forbid.
Plans that reference an endpoint or symbol that doesn't exist are rejected before a single edit. Facts arrive over MCP — indexed routes and symbols — so the agent reads truth instead of guessing.
A resident guardrail judges every edit's effect on the contract graph before the write hits disk — a breaking edit is denied in ~470ms, naming the orphaned callers. Authorize it in the plan, or don't break it.
Indexed facts replace repo-crawling. The agent asks DACIP for the route or symbol instead of reading half the tree to find it — dramatically less context, dramatically lower spend.
Latency measured on a 500-file pilot (p50 476ms / p95 566ms, breaking-edit deny 474ms). Guardrail covers file-edit tools (Edit / Write / MultiEdit); when the daemon is absent it fails open, loudly — uncertainty never blocks, and a human override always outranks the gate.
LLM reviewers are useful — keep yours. DACIP is a different instrument: a deterministic gate for the one class of bug that survives green CI.
| DACIP | CodeRabbit | Greptile | Cursor BugBot | Copilot Review | |
|---|---|---|---|---|---|
| Engine | Deterministic — no LLM | LLM | LLM + graph | 8-pass voting | LLM |
| Same input → same output | Always — byte-identical | No | No | Majority vote | No |
| Cross-boundary contract breaks | Core — file:line blast radius | — | — | — | — |
| Runnable proof per finding | Every asserted finding | — | — | — | — |
| False-positive discipline | 0 across 9 audited repos | noisy on small PRs | 11 FPs in benchmark | — | surface-level |
| Blocks agent edits pre-write | Yes — in-session guardrail | — | — | post-hoc fix | — |
| Your code + LLMs | Never leaves the runner | Sent to LLM | Indexed + LLM | Sent to LLM | Sent to LLM |
| Review breadth | One bug class, done exhaustively — contracts, imports, routes, schedules. Zero overlap with your reviewer. | Broad | Broad | Broad | Broad |
| Pricing | $15/active contributor · free tier | $24–30/seat | $30/seat + usage | $40/seat + Cursor | bundled $19+ |
Competitor rows compiled from vendor pages and third-party comparisons (Jan 2026); corrections welcome. The last two rows are where the field beats us — on purpose. DACIP does one class of failure exhaustively rather than every class shallowly, and complements whichever reviewer you already run.
We ran DACIP cold on nine large open-source repos we'd never seen, and hand-audited every asserted defect against source.
| Repository | Routes | Asserted | Hand-audit verdict |
|---|---|---|---|
| getsentry/sentry | 151 | 0 | 0 FP largest — 36s cold |
| zulip/zulip | 445 | 0 | 0 FP |
| posthog/posthog | 85 | 0 | 0 FP weak coverage declared, not guessed |
| Flagsmith/flagsmith | 549 | 0 | 0 FP |
| netbox-community/netbox | 235 | 0 | 0 FP |
| mathesar-foundation/mathesar | 24 | 0 | 0 FP unsupported frontend: says so, loudly |
| getredash/redash | 123 | 1 | real bug verified below |
| apache/superset | 307 | 1 | real bug verified below |
| HumanSignal/label-studio | 185 | 1 | real bug verified below |
GET api/dashboards/recent — the client ships a service method for it; no backend route serves it. Zero hits across the entire server tree — the first caller gets a 404.
A TYPE_CHECKING import references a path that stopped existing after a refactor. Every type-check of that file has been broken since.
“I can verify the fix is correct … CI's green now. LGTM”
io_storages/filesystem.py imports .base, which doesn't exist — a dead module that crashes on first import. Pure debt.
Full methodology, per-repo write-ups, and the 19 extractor gap classes we fixed to get here ship with the beta. All three bugs were disclosed upstream before publication — receipts linked above; the Superset fix was verified by a maintainer and merged the same day.
Whatever static analysis can't resolve is counted and labelled in every verdict — never silently filled in. That discipline is why the false-positive count is zero.
Bounded checks with provable answers. Run it under your LLM reviewer; they don't overlap.
No LLM anywhere in the pipeline. Clones are wiped when the job ends; we persist finding fingerprints, never source.
Clean PR → silent green check. One comment per PR, edited in place, flipped to "resolved" when you fix it.
There's no per-token inference bill underneath a deterministic engine — the pricing passes that through.
An active contributor is anyone whose pull requests DACIP gates in a given month — counted automatically from PR authors, never self-reported. Bots don’t count. Repos are unlimited because repos aren’t the unit of value; people are.
Private beta opens with the GitHub App. If your stack is Django/Flask + React/Next and your team ships with agents, you're exactly who this was built for.
One email when the beta opens — nothing else. No analytics on this site. Privacy.