Skip to main content
GitWhisper’s analyze command provides intelligent code review powered by AI. Get detailed insights about your changes, including what was modified, potential issues, and suggestions for improvements.

Quick Start

Analyze your staged changes: 
gw analyze
Analyze unstaged changes: 
# Make changes without staging
echo "console.log('debug');" >> app.js

# Analyze will automatically check unstaged files if nothing is staged
gw analyze
The analyze command automatically detects whether you have staged or unstaged changes and analyzes accordingly.

Basic Usage

Use your configured default model:
gw analyze
Output:
Analyzing changes using openai (gpt-4o)...

 Analysis complete:

## Summary
Added JWT authentication system with user registration and login
endpoints. Implemented secure password hashing and token generation.

## Key Changes
- New authentication middleware using JWT tokens
- User model with bcrypt password hashing
- Login endpoint with token generation
- Registration endpoint with validation

## Potential Issues
⚠️  No rate limiting on authentication endpoints
⚠️  Missing password strength validation
⚠️  Token expiration not configured

## Recommendations
1. Add rate limiting to prevent brute force attacks
2. Implement password complexity requirements
3. Configure JWT token expiration (recommend 1h)
4. Add refresh token mechanism for better UX

Command Options

gw analyze [options]

Available Flags

--model
string
default:"configured default"
AI model to use for analysisAllowed values: claude, openai, gemini, grok, llama, deepseek, github, ollama, free
gw analyze --model claude
--key
string
default:"saved or env key"
API key for the selected model (optional if already configured)
gw analyze --model openai --key sk-proj-...
--model-variant
string
default:"model default"
Specific variant of the AI model
gw analyze --model openai --model-variant gpt-4o-mini
-m
string
Short form of --model
gw analyze -m gemini
-k
string
Short form of --key
gw analyze -m claude -k sk-ant-...
-v
string
Short form of --model-variant
gw analyze -m openai -v gpt-4o

Multi-Language Support

Analysis output respects your configured language: 
# Set language to Spanish
gw change-language
> Spanish

# Analysis will be in Spanish
gw analyze

Analizando cambios usando openai (gpt-4o)...

 Análisis completado:

## Resumen
Se agregó sistema de autenticación JWT con endpoints de registro
e inicio de sesión. Se implementó hash seguro de contraseñas.

## Cambios Principales
- Middleware de autenticación usando tokens JWT
- Modelo de usuario con hash bcrypt de contraseñas
...
GitWhisper supports 20+ languages. Change your language with gw change-language.

Real-World Examples

Example 1: Performance Optimization

$ git add src/api/queries.js
$ gw analyze --model claude

Analyzing staged changes using claude (claude-sonnet-4-5)...

 Analysis complete:

## Performance Optimization Analysis

### Changes Made
Optimized database queries in the user dashboard endpoint:

1. **Added Compound Index**
   - Columns: `user_id`, `created_at`
   - Impact: 92% query time reduction
   - Before: 2,300ms After: 180ms

2. **Query Optimization**
   - Replaced N+1 query pattern with single JOIN
   - Reduced database round trips from 50+ to 1
   - Added eager loading for related entities

### Performance Impact
- Response time: 2.5s 200ms (92% faster)
- Database load: -95%
- Memory usage: Unchanged

### Verification
 Index created successfully
 Query plan shows index usage
 Load tested with 1000 concurrent users

### Recommendations
1. Monitor index size growth over time
2. Consider adding cache layer for top 10% of users
3. Set up query performance tracking

Example 2: Bug Fix Analysis

$ git add src/payment/processor.js
$ gw analyze

Analyzing staged changes using openai (gpt-4o)...

 Analysis complete:

## Bug Fix: Race Condition in Payment Processing

### Issue Identified
Race condition when processing concurrent payments for the same user.
Multiple payment requests could be processed simultaneously, leading
to duplicate charges.

### Solution Implemented
1. **Database-Level Locking**
   ```javascript
   // Added FOR UPDATE lock
   const user = await User.findByPk(userId, {
     transaction,
     lock: Transaction.LOCK.UPDATE
   });
  1. Idempotency Key
    • Added unique constraint on payment_id
    • Prevents duplicate payment records
    • Returns existing payment if retry detected
  2. Transaction Wrapping
    • Entire payment flow in single transaction
    • Rollback on any failure
    • Ensures data consistency

Testing

✅ Added test case for concurrent payment attempts ✅ Verified idempotency with duplicate requests ✅ Confirmed proper error handling

Potential Concerns

⚠️ Transaction locks could impact performance under high load
  • Consider using optimistic locking for read-heavy workloads
  • Monitor transaction wait times
💡 Consider adding payment request queue for better scalability 

### Example 3: Feature Addition Analysis

```bash
$ git add src/notifications/
$ gw analyze --model claude

Analyzing staged changes using claude (claude-sonnet-4-5)...

✓ Analysis complete:

## New Feature: Real-time Notifications System

### Architecture Overview
Implemented WebSocket-based real-time notification system with:
- Server-Sent Events (SSE) fallback
- Redis pub/sub for multi-server support
- Notification persistence in PostgreSQL

### Components Added

1. **WebSocket Server** (`notifications/server.js`)
   - Socket.io integration
   - JWT authentication on connection
   - Room-based subscriptions per user
   - Automatic reconnection handling

2. **Notification Service** (`notifications/service.js`)
   - Create, read, mark-as-read operations
   - Redis pub/sub for distribution
   - Database persistence with TTL
   - Type-based routing (email, push, in-app)

3. **Client SDK** (`notifications/client.js`)
   - Auto-reconnection with exponential backoff
   - Offline queue for missed notifications
   - React hooks for easy integration

### Code Quality Assessment

✅ **Strengths:**
- Comprehensive error handling
- Well-structured with clear separation of concerns
- Good test coverage (85%)
- Documentation included
- TypeScript types defined

⚠️  **Areas for Improvement:**
1. **Scalability Concerns:**
   - No connection limit set (could exhaust server resources)
   - Missing rate limiting on notification creation
   - Consider adding connection pooling

2. **Security:**
   - Missing CORS configuration for WebSocket endpoint
   - No validation on notification payload size
   - Consider adding message signing for integrity

3. **Observability:**
   - Missing metrics for connection count
   - No alerting for Redis pub/sub failures
   - Add distributed tracing

### Recommendations

1. **Immediate:**
   ```javascript
   // Add connection limits
   const io = new Server(server, {
     maxHttpBufferSize: 1e6,
     pingTimeout: 60000,
     connectionStateRecovery: {}
   });
  1. Short-term:
    • Implement rate limiting (max 100 notifications/user/minute)
    • Add monitoring dashboard
    • Set up Redis cluster for HA
  2. Long-term:
    • Consider moving to managed service (e.g., Pusher, Ably)
    • Implement notification batching for high-volume users
    • Add A/B testing framework for notification effectiveness

## Multi-Repository Analysis

Analyze multiple repositories at once:

```bash
$ cd workspace/
$ gw analyze

Not a git repository. Checking subfolders for git repos...

GitWhisper has discovered git repositories in subfolders, continue?
> continue

Analysis complete for 3 git repos.

----------- frontend -----------

✓ UI component refactoring:
- Extracted reusable Button component
- Added TypeScript prop types
- Improved accessibility with ARIA labels

⚠️  Missing unit tests for new component

----------------------------------

----------- backend -----------

✓ API endpoint optimization:
- Reduced response payload size by 60%
- Added response compression
- Implemented field filtering

----------------------------------

----------- mobile -----------

✓ Offline support implementation:
- Added local SQLite cache
- Sync queue for pending requests
- Conflict resolution strategy

⚠️  No handling for large sync backlogs

----------------------------------

Analysis vs Commit

Use gw analyze when you:
Want feedback before committing
  • Get suggestions for improvements
  • Identify potential issues early
  • Understand the impact of changes
Need detailed review
  • Complex refactoring
  • Security-sensitive changes
  • Performance optimizations
Learning or teaching
  • Understand code patterns
  • Get best practice recommendations
  • Educational code reviews

Code Implementation

The analyze command is implemented in analyze_command.dart:74: 
@override
Future<int> run() async {
  final configManager = ConfigManager();
  await configManager.load();

  // Get the language to use for analysis
  final language = configManager.getWhisperLanguage();

  // Check if we're in a git repository
  if (!await GitUtils.isGitRepository()) {
    // Check subfolders for git repos
    subGitRepos = await GitUtils.findGitReposInSubfolders();
  }

  // Get staged or unstaged diff
  late final String diff;
  if (await GitUtils.hasStagedChanges()) {
    diff = await GitUtils.getStagedDiff();
  } else {
    diff = await GitUtils.getUnstagedDiff();
  }

  // Generate analysis with AI
  final analysis = await generator.analyzeChanges(diff, language);
  
  _logger.success(analysis);
  return ExitCode.success.code;
}
The analysis prompt is generated in commit_utils.dart: 
String getAnalysisPrompt(String diff, Language language) {
  return '''
Analyze the following code changes and provide insights:

1. Summary of changes
2. Key modifications
3. Potential issues or concerns
4. Recommendations for improvements
5. Security considerations (if applicable)
6. Performance impact (if applicable)

Provide the analysis in ${language.name}.

$diff
''';
}

Best Practices

Analyze Before Committing

Use gw analyze to review changes before creating commits.

Use Appropriate Models

Claude and GPT-4o provide the most detailed analysis.

Act on Recommendations

Take AI suggestions seriously - they often catch real issues.

Combine with Code Review

AI analysis complements, doesn’t replace, human code review.

Limitations

AI analysis has limitations:
  • May miss context-specific issues
  • Suggestions aren’t always applicable
  • No understanding of business logic
  • Cannot test code execution
  • Limited by diff size (max 8,000 tokens)
Always use professional judgment when applying AI recommendations.

AI Models

Learn about different models for analysis

Commit Messages

Generate commit messages after analysis

Multi-Language

Get analysis in your preferred language

Build docs developers (and LLMs) love

Get started for freeTalk to us