prompt-provenance-diff is a pure-transform library and CLI: it reads two JSON files and emits structured diff output. No network listener, no remote fetch, no execution of user-supplied code.
The input may include internal prompt content URIs, evaluation result URIs, and approver identities that are sensitive in your environment. The diff output includes those values verbatim — be deliberate about where you publish the rendered diff (e.g., consider redacting before posting to public PR comments).
Only the latest tagged release is supported.
Please use GitHub Security Advisories for private disclosure:
Do not file public issues for security reports.