diffsum/README.md

An AI-powered Git commit message generator

# DiffSum - AI-Powered Commit Message Generator

This package requires an openAI api key to work, which is saved to the commitMessage.js file. 

## Overview
DiffSum is an AI-powered Git commit message generator that analyzes your staged changes and suggests structured commit messages following the Conventional Commits format. It integrates with Git Hooks to automate commit message generation when no message is manually provided.

## Features
- Generates commit messages based on staged `git diff`
- Uses OpenAI API to create meaningful and structured messages
- Follows Conventional Commits format
- Automatically integrates with Git Hooks
- Skips AI-generated messages when a manual commit message is detected
- Configurable API key setup
- Toggle between concise (GPT-3.5) and verbose (GPT-4) commit messages

## Installation

To install DiffSum as a global package, run:
```sh
npm install -g diffsum
```

Or install it locally in your project:
```sh
npm install diffsum --save-dev
```

## Setup
After installation, configure your OpenAI API key:
```sh
npx diffsum-config
```
You will be prompted to enter your OpenAI API key, which will be stored for future use.

## Usage
DiffSum runs automatically when committing changes. To use it, simply stage your changes and commit without providing a message:
```sh
git add .
git commit
```
If a message is manually provided, DiffSum will respect it and not override it.

To toggle verbose mode (GPT-4 for detailed messages vs GPT-3.5 for concise messages):
```sh
npx diffsum-verbose
```

## Configuration
The `diffsum` binary is automatically hooked into Git. If needed, manually set it up in `.git/hooks/prepare-commit-msg`:
```sh
echo "npx diffsum" > .git/hooks/prepare-commit-msg
chmod +x .git/hooks/prepare-commit-msg
```

## Example Commit Message
A commit message generated by DiffSum might look like this:
```
feat: improve login validation

- Ensure password length validation matches frontend policy.
- Improve error messages for incorrect login attempts.
- Refactor validation logic for reusability.
```

## Changelog
### v1.2.0
- **Verbose Mode Toggle**: Users can now switch between concise (GPT-3.5) and detailed (GPT-4) commit messages using `npx diffsum-verbose`.
- **Improved API Key Management**: The `setup.js` script now securely replaces and manages the OpenAI API key.
- **Enhanced Error Handling**: Added more robust error messages for missing files and invalid configurations.
- **Performance Improvements**: Optimized `commitMessage.js` to ensure non-blocking operations for Git commits.

- NOTE: Verbose Mode will slow down the commit message generation considerably from ~500ms to ~2000+ms, depending on your commit size

## Dependencies
- `dotenv` ^16.0.0
- `openai` ^4.0.0
- `simple-git` ^3.0.0

## Security Concerns
- **Why save my key locally? Is that even safe?**
>Presumably your node_modules folder is in your .gitignore, so theoretically your key should be kept private. On the off chance you leak your key, Open AI will revoke your key within minutes. They are quite quick about this.

- **Why not save my api key in .env?**
>I had a lot of trouble creating an env file when one didn't exist already, and then I had even more trouble getting the package to be able to see environment variables. Then I had **even more** trouble when an env already existed at the time of install. At the end of the day, I gave up trying to save the key there.

- **Why not save my api key as a global variable?**
>Same as above, quite a bit of problems getting it to work, and in the end, your key isn't being siphoned or stolen. As long as you don't accidentally include your node_modules in a git push, you should be fine.

## Contributing
Contributions are welcome! Feel free to open an issue or submit a pull request.

## License
This project is licensed under the MIT License.

## Author
Christopher Antico