whatdiditdo

You let the AI cook.
Now find out what it actually did.

vibe-coded, obviously

47M+

lines analyzed

2,341

secrets caught

∞

trust issues

whatdiditdo

$ npx whatdiditdo_

FILES CHANGED

✚ src/auth.ts (new, 45 lines)

✎ src/app.ts +12 -3

✖ src/old-auth.ts (deleted)

STATS — Files changed: 3 , Lines +57 -30 , New deps: express, zod

WHAT HAPPENED

"Added a new REST API endpoint for user authentication

using Express and Zod. Removed the old hand-rolled

auth middleware."

⚠️ SECURITY src/config.ts:12 — possible hardcoded API key

🔗 Quick share: whatdiditdo.dev/share/a3f8c

View on GitHub

Star on GitHub · Free & open source · MIT License

The problem

AI agents are powerful. But they move fast and break things.

40 files changed

Your AI agent touched half the codebase. Good luck reviewing that manually.

Secrets leaked

It added your API key to a config file. You didn't notice until production.

Silent reverts

Cursor silently reverted your changes. Your code from yesterday? Gone.

Everything your AI changed, at a glance

One command. Full audit. No more guessing what happened.

File Tracking

Every add, edit, and delete with exact line counts. Know exactly which files were created, modified, or removed.

AI Summary

Plain-English explanation of what changed and why, AI-powered. Understand the intent, not just the diff.

Security Scanner

Automatically catches hardcoded secrets, API keys, and credentials before they hit your repo.

Shareable Reports

Export as markdown for PRs and Slack. Share a link so your team knows what the AI built.

Works with every AI coding tool

If it uses git, whatdiditdo can track it.

AI Agents

Cursor

Copilot

Aider

Windsurf

+ any tool that uses git

Why we built this

We let an AI agent run for 10 minutes. It touched 43 files.

We spent the next hour trying to figure out what it actually did. Reading diffs line by line. Checking if it broke anything. Wondering if it committed our API key.

That hour should have been 10 seconds.

So we built the tool we wished existed.

Try it now

One command. No install needed.

# run in any git repo after an AI session

npx whatdiditdo

# review last 3 commits

npx whatdiditdo --last 3

# or clone for development

git clone https://github.com/peaktwilight/whatdiditdo && cd whatdiditdo && npm i && npm run build

Requires Node.js 18+ · AI summary optional (--no-ai works without it)

Your team needs this

Everyone using AI agents should know what they changed.

Share on X

Frequently asked questions

Everything you need to know.

Is this free?

Yes. Open source, MIT licensed, free forever.

Does it send my code anywhere?

The diff is sent to an AI model for summarization. Use --no-ai to skip this entirely — it still shows file changes, stats, and security flags with zero network calls.

What AI tools does it work with?

Anything that uses git. Cursor, GitHub Copilot, Aider, Windsurf, Cody, or even manual coding sessions.

Can I use it in CI/CD?

Yes — use --json for machine-readable output. Use --no-ai in CI to avoid AI dependency.

Does it catch all security issues?

It catches common patterns (hardcoded keys, .env files, private keys). It's not a replacement for a proper security audit, but it catches the mistakes AI agents make most often.

What if there are no changes?

It shows a friendly "No changes detected" message and exits cleanly.

Was this tool built by AI?

Yes. An AI agent built this tool that audits what AI agents build. We ran whatdiditdo on itself. It reported 6 files changed, +400 lines, and 0 security flags. We trust it. Mostly.