does anyone use https://osquery.io/schema/4.1.2#file_events to replace their FIM?

Yes, many folks use that for FIM.

Can I assume I would be able to see the diff of changes? or does it just show the sha of the change after the fact?

No diff, just hashes as described in https://osquery.readthedocs.io/en/stable/deployment/file-integrity-monitoring/

Yeah no file content. But I love using it instead of deploying something else to check that FIM box heh