A SECOND OPINION ON EVERY PR.
ONLY WHEN YOU ASK.
Scope Creeper for GitHub is a manually-triggered drift auditor. You type /scope-creeper in any PR comment, and the bot replies with a creep score, the top 3 drift findings, and one- click links to materialize a KILL or SHIPPABLE artifact in the web app.
No auto-comments. No PR-comment spam. The bot is invisible until you summon it. That's the entire design.
▸ How it works
On any pull request, leave a comment containing the trigger:
/scope-creeper
The bot reads three things — the PR description, the actual diff (summarized down to file changes), and the repo's declared scope (see below) — and writes back a comment like this:
## 🌀 Scope Creeper · PR drift audit **Creep score:** `073 / 100` — **ABYSS** **Verdict:** SCOPE EXPANDS UNCONTROLLABLY **Expected:** A PR that adds the post-call CRM auto-write loop described in the README. **Actual:** Adds the auto-write loop PLUS a new web dashboard, a billing page, and a referral system. ### Drift findings - ■ **Dashboard never declared** — `apps/web/dashboard/*` is not mentioned in .scopecreeper.md - ▲ **Billing page added silently** — `apps/web/billing/*` is a Pro-tier surface not in any prior PR/issue - · **Referral system mid-PR** — appears mid-diff, no associated test --- **Generate KILL artifact** · **Generate SHIPPABLE v0** · Re-run with /scope-creeper
▸ Sharpen the audit with .scopecreeper.md
Drop a .scopecreeper.mdat your repo root declaring what your project IS and what it's NOT. The bot uses it as the canonical scope-of-truth — every PR gets diffed against it.
# .scopecreeper.md ## What this project IS - A local-first CRM for sales founders - Voice-first practice + post-call transcription - File-based org graph, MIT, no telemetry ## What this project is NOT - A SaaS subscription product - A team-management platform - A general-purpose AI agent framework ## In-flight scope for next 30 days - Adapter v2 for Google Places - Whisper.cpp upgrade to 1.6 - Bulk-import CSV mapping UI ## Explicitly deferred - Mobile app - Multi-tenant team accounts - Cloud-hosted variant
Without this file, the bot falls back to your README. Without that, it scores conservatively and warns in the comment.
▸ What it returns
- Creep score (0-100) — how much this PR drifts from declared scope.
- Tier badge — CORPSE / SWEETSPOT / ABYSS / DELUSION.
- Verdict — a single terminal-style line.
- Expected vs actual — one sentence each.
- Drift findings — 2-5 specific items with severity (info / warn / high) and file-level evidence.
- One-click artifact links — generate a
KILLorSHIPPABLEin the Scope Creeper web app, pre-loaded with this PR's context. - Status check — auto-runs on PR open + new commits, adds a
scope-creeper / drift: NNstatus next to your other CI checks.
▸ When the bot does NOT comment
The bot is deliberately quiet. It comments only when you explicitly ask via /scope-creeper, OR on PR open / new commits to drop the status check. It will never:
- Comment on every push.
- Comment on individual commits.
- Block your merge (status check is informational, not required).
- Read private repos you didn't grant access to.
▸ Permissions requested
- Repository contents — read: to fetch
.scopecreeper.md+ README. - Pull requests — read & write: to post the audit comment.
- Issues — read & write: PRs are issues in GitHub's data model, same scope.
- Checks — read & write: for the status check on PR open / sync.
▸ Pricing
Free for public repos. Pro ($9/mo) unlocks private repos and removes the per-installation rate limit. Same tier system as the rest of Scope Creeper — pair this with the Claude Code MCP and you have a creep auditor both inside your editor and inside every PR.