Back to blog
2026-06-19 3 min read

Your AI wrote the code. Did anyone check it?

Your AI wrote 200 lines in 10 seconds and you shipped it. One free command checks first — npx delimit-cli check. No setup, no AI nitpicks, just the breaking changes and leaked secrets that are actually wrong.

You prompted an AI. It wrote 200 lines in ten seconds. You skimmed it, it looked fine, you shipped it — and quietly hoped it was fine.

Be honest: did anyone actually read all of it? You're generating code faster than any human can carefully review it. The hard part stopped being writing the code. The hard part is trusting what got written.

The usual fix is to bolt an AI reviewer onto your pull requests. You know how that goes — pages of nitpicks, half of them pointless, until someone turns it off.

We went the other way. Delimit only speaks up when something is actually, verifiably wrong. No AI opinions. No nitpick spam. Two things it catches:

  • A change that quietly breaks everyone who depends on your API. It diffs your API spec against the base branch and tells you the exact change that'll break callers — before they find out the hard way.
  • A secret you didn't mean to commit. AWS, GitHub, Stripe, Slack, Google, GitLab keys, private-key headers. High-precision patterns, almost no false alarms.

Because it's rule-based, it doesn't cry wolf. When it blocks a merge, there's a real reason.

Try it right now. One command.

npx delimit-cli check

No setup. No config file. No API key. It figures out what to check against your base branch and prints a clean pass or fail:

  Delimit Check
  Zero-config mode — deterministic defaults

  X api/openapi.yaml — 1 breaking, 0 warning(s)
    Semver: MAJOR

  BLOCKED — 1 breaking change(s)
  0.1s

Accidentally commit an AWS key in that pile of AI-written code? It catches that too — any repo, no spec required:

  X config.env — AWS access key ID detected
  BLOCKED — 1 leaked secret(s)

Run it locally, or drop it into CI with the GitHub Action. It exits non-zero on a finding, so a bad change can't sneak through the merge.

Want a receipt? Add one flag.

Add --record and the check writes down exactly what it looked at and what it found — pinned to the content, so you can re-verify it later by hash. Think of it as the start of a tamper-proof receipt: proof that an AI-assisted change actually got checked, the kind of thing you could one day hand an auditor.

npx delimit-cli check --record

Get it

npx delimit-cli check          # try it now

Don't want to install anything yet? We run the same check against real public API specs — OpenAI, Stripe, Twilio, and more — and publish the results at delimit.ai/reports. Go look before you type a single command.

A merge gate for AI-written code that only speaks up when it's sure. No setup. No noise.

delimit-cli on npm Worked examples

Try the GitHub Action

Add breaking change detection to any repo with an OpenAPI spec.

- uses: delimit-ai/delimit-action@v1
  with:
    spec: path/to/openapi.yaml
View on Marketplace

Install the MCP server

Persistent memory, ledger, and governance for your AI coding agent.

npx delimit-cli setup
Read the quickstart
#merge-gate#secrets#breaking-changes#zero-config#ai-written-code