Install-free · CI · Automation

Run CodeDelta seamlessly and securely on your GitHub

Increasingly, corporate teams can't put new executables on developer machines — and they don't need to. CodeDelta runs in your own pipeline: a GitHub Action on every pull request, an on-demand or scheduled job, a Docker container, or a Codespace in the browser. Same engine, same numbers as the desktop app — measuring churn and scanning for AI-generated and AI-agent code, all inside your environment. Your source never leaves it.

Two steps to wire in, then it's invisible: it runs on every pull request and can block a merge on excess churn or new AI findings — no sign-up wall, nothing for developers to install. New to GitHub Actions? You'll be running in minutes. (GitHub start guide · get the GitHub Action)

The GitHub Action, on a pull request
Click play. The Action runs in your own runner, comments on the pull request, and blocks the merge on new findings (exit 3).

Ways to run it — most install nothing

One engine underneath: identical scans, identical numbers. Only the wrapper changes. The first four below put nothing on anyone's machine.

01

GitHub Action

CI · every PR

Drop it into a workflow and every pull request is measured and scanned automatically. Posts a comment and can block a merge.

Nothing installed
02

On-demand / scheduled

Actions tab · cron

The same Action run from a manual button or on a nightly schedule — a one-off scan or a trend run, with no pull-request coupling.

Nothing installed
03

Docker container

any machine / runner

Pull one image and run it anywhere Docker runs — local, CI, or a locked-down corporate runner. No tool to install.

Nothing installed
04

Codespaces

in the browser

Open a Codespace and CodeDelta is ready in the terminal — try it on your own repo from a browser tab, on your own GitHub account.

Nothing installed
05

Headless CLI

terminal / cron

For teams that can install: one command from the downloaded bundle on macOS, Windows or Linux. Writes HTML, CSV and JSON.

Local install
06

Any other CI

GitLab · Jenkins · Azure

The engine is just a binary. Fetch the public bundle in any pipeline or self-hosted runner and run it — the Action is a GitHub convenience, not a requirement.

Self-hosted

The GitHub Action — measured on every PR

The headline path: once it's in a team's CI, every pull request is measured — no one has to remember to run anything. Two steps to set up, then it's invisible. New to GitHub Actions? Follow the step-by-step quickstart →

  1. Add the workflow file

    Drop ~12 lines into .github/workflows/codedelta.yml. It references the published Action by tag.

  2. Open a pull request

    That's it — free and fully unlocked during the beta (to 31 July 2026), no license, no secrets. To run past the beta or bring your own license sooner, add a CODEDELTA_LICENSE secret; it overrides the beta license automatically.

# .github/workflows/codedelta.yml name: CodeDelta on: [pull_request] jobs: codedelta: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: { fetch-depth: 0 } - uses: code-delta-app/action@v1 with: mode: churn # churn (default) · both · ai_audit · agent # license: — not needed during the free beta; add your own to run past it

When a developer opens a pull request, GitHub spins up a throwaway Linux machine, downloads the CodeDelta engine, runs the scan against the changed code, and reports back. The runner is then wiped — no install persists, and the code never leaves the customer's own GitHub account. Forks get no secrets (the workflow uses pull_request, never pull_request_target), so a stranger's PR can't exfiltrate your license.

CD codedelta commented · just now

The comment CodeDelta posts on the pull request

PR comment

A churn summary and any AI/agent findings posted straight onto the pull request, where reviewers already are. Works on every repo, public or private.

Security tab SARIF

Findings surfaced as code-scanning alerts — free on public repos, or with GitHub Advanced Security on private ones.

Merge gate

A non-zero exit can block the merge — fail the build on new findings against an accepted baseline, or on a policy-gate breach.

Artifacts

The full HTML reports and raw CSV saved as build artifacts for download or trend tracking.

Run it without the PR gate — on demand or on a schedule

Don't want it tied to pull requests? Trigger the same job manually from the Actions tab, or on a nightly cron — a one-off scan or a rolling trend, no PR required.

# manual "Run workflow" button + nightly schedule on: workflow_dispatch: # adds a Run button in the Actions tab schedule: - cron: "0 2 * * *" # 02:00 daily — append to a trend
Who pays for the compute? The customer — it runs on their own GitHub Actions minutes, inside their own account. Hosting the engine is free. There is no per-scan cost and nothing phones home.

Run it as a container

For environments that won't allow local installs but do allow pulling approved images — which is most hardened corporate CI. One image, runs anywhere Docker runs.

# one-time: put your license in an env var (base64 of codedelta.lic) export CODEDELTA_LICENSE_B64=$(base64 -w0 codedelta.lic) # pull once, run anywhere — no tool installed on the host docker run --rm -v "$PWD:/work" \ -e CODEDELTA_LICENSE_B64 \ ghcr.io/code-delta-app/codedelta scan /work/new /work/old --mode both --html --csv

The image carries the compiled engine and everything it needs — no Python setup, no dependencies to resolve. The license is passed in as an environment variable or a mounted file. The same image runs on a laptop, a CI runner, or a self-hosted box, identically.

…or in the browser with Codespaces

Open the repo in a GitHub Codespace and CodeDelta is ready in the terminal — evaluate it on your own code from a browser tab, with nothing installed locally. The Codespace runs on your own GitHub account's compute (within its free allowance), so there's no shared cost or sign-up wall.

The headless CLI

For teams that can install: terminals and cron jobs on any OS — macOS, Windows or Linux. The command is identical everywhere. Point it at two snapshots to measure churn; add a mode for the AI scans.

# churn only — the ~90% case, pure C++, no ML codedelta-gui scan ./new ./old --mode churn --out-dir ./reports --html --csv # everything in one pass — churn + AI audit + agent scan codedelta-gui scan ./new ./old --mode both --out-dir ./reports --html --csv --json --jobs auto # nightly cron — raw CSV accumulating one row per run codedelta ./old ./new -o /reports/$(date +%F).html --csv /reports/$(date +%F).csv
ModeWhat it runsUse it for
churnchurn only (no AI)the default — most runs
bothchurn + AI audit + agent scaneverything in one pass
ai_auditAI audit + agent (no churn)single-project AI review
agentagent scan onlywhere code calls AI at runtime
aiAI authorship scan onlygenerated-code detection alone

Licensing built for CI

One RSA-signed license file, verified entirely offline — no phone-home, no account, no network call.

During the free beta (to 31 July 2026) the GitHub Action needs no license at all — one is built in, fully unlocked. Beyond that: CI machines are different every run, so CodeDelta uses a time-limited license (gated by an expiry date, not locked to a hostname). In CI it lives as a GitHub secret; the Action decodes it to a file at runtime — and it overrides the built-in beta license automatically. The same license works in a container, on a developer's laptop, a build server, or a cron host — wherever the engine finds a CODEDELTA_LICENSE path, it uses it. The downloadable bundle is public; the license gates execution, not download.

How it fits together — architecture & run flow (diagrams)
THE FULL CODEDELTA APPLICATION (installer / bundle) PYTHON LAYER — the AI features + browser GUI AI Audit GSS · MLS · AIC Agent Scan AIS · SDK · rogue exec Browser GUI + headless batch CLI calls / wraps C++ ENGINE — the command-line tool Change measurement SLOC · LLOC · churn · diff Reports + license gate HTML · CSV · XML · DB

The C++ engine does the measurement. The AI features live in the Python layer above it.

Put CodeDelta in your pipeline

Add the Action to a repo, or pull the engine bundle into any CI. The license gates execution, so the artifacts can sit in the open — grab them and go.

Need a trial license? Try CodeDelta and we'll send one.