overreach MCP Server

Công cụ MCP kiểm tra diff mã nguồn so với prompt gốc và đánh dấu các thay đổi ngoài phạm vi do tác nhân AI thực hiện.

Tài liệu

Overreach

See whether your AI changed more than you asked it to.

npm version license

You asked for a login form. Your AI agent also added Stripe, a secret key, and a checkout endpoint. Overreach tells you exactly what changed beyond your request — so you know what to review before you merge.

See it

$ npx -y overreach demo

  Overreach — AI PR Review
  ─────────────────────────────────────────────────
  You asked: "add a login form to the settings page"
  5 files changed · 4 in scope · 1 outside scope

  Findings

  ✗ New environment variable: STRIPE_SECRET
    .env.example
  ✗ New API endpoint: /api/checkout
    src/app/api/checkout/route.ts
  ✗ Scheduled job added
    cron.config.ts
  ⚠ File outside scope: cron.config.ts
    cron.config.ts
  ⚠ Added dependency: stripe
    package.json

  Heads Up

  → New API route added but no test file updated
  → Dependencies changed but lockfile not updated
  → 3 source files changed but no tests updated

  ─────────────────────────────────────────────────
  5 findings · review carefully · deterministic

You asked for a login form. Overreach found a payment system. Review those files before you merge.

Install

# Just run it — zero setup
cd your-project
npx -y overreach

That's it. It auto-detects your changes, asks what you told the AI to do, and shows the review. No config files, no flags to memorize.

Or install it permanently:

npm install -g overreach

# Pipe a diff with an explicit prompt
git diff | overreach --prompt "add user authentication"

# Install as a pre-commit hook
overreach init

No API key? No problem. Without a key, Overreach regex-parses your prompt offline. Instant, free, fully deterministic.

Works with

  • Claude Code
  • Cursor
  • Codex
  • GitHub Copilot
  • Windsurf
  • Aider

Any tool that writes code from a prompt. Overreach reviews the output, not the tool.

What it catches

Unexpected changes (things the AI did that you didn't ask for)

CheckExample
DependenciesAdded stripe when you asked for a login form
Environment variablesSTRIPE_SECRET appeared in .env
API endpoints/api/checkout route you never requested
Scheduled jobsCron jobs or background tasks added silently
Runtime listenersServers, WebSocket handlers, process.on hooks
Out-of-scope filesFiles modified that your prompt didn't mention
Feature creepNew functions/classes beyond what was requested

Every finding is deterministic — derived from your prompt and the diff by set arithmetic. No AI opinions. Just: "you asked for X, the diff also contains Y, and Y wasn't in X."

Heads Up (things you probably need to check)

Overreach also scans for practical cross-file issues that developers miss during review:

WarningWhat it catches
Schema without migrationChanged schema.prisma but didn't add a migration
Env var mismatchCode uses process.env.FOO but .env doesn't define it
Route without testsNew API route added but no test file updated
No tests at all3+ source files changed, zero test files touched
Deps without lockfilepackage.json changed but no package-lock.json
Auth/middleware changedSecurity-sensitive files modified
Hardcoded secretsAPI keys or tokens written directly in source code
Large file200+ lines added to one file — might need splitting
Dead new filesNew file created but never imported anywhere
Tech debt addedTODO/FIXME/HACK in 2+ files
API without docsAPI routes changed but docs not updated
Orphan stylesCSS changed but no component updated
Config sprawl3+ config files changed at once
Infra-onlyDocker/CI changed but no source code

These aren't scope creep — they're the stuff you forget at 2am and find out about in production.

Why deterministic

Most AI code reviewers use another AI to judge your code. That means opinions, hallucinations, and results that change between runs.

Overreach doesn't do that.

It runs a 3-stage pipeline:

  1. Extract scope — One cheap LLM call reads your prompt and extracts what you authorized (files, deps, env vars, endpoints). Or skip the LLM entirely with zero-key mode.

  2. Parse the diff — Regex-based extraction. No LLM. Finds every file changed, dependency added, env var set, endpoint created. Runs in milliseconds.

  3. Compareactual − authorized = findings. Pure set arithmetic. Everything in the diff that wasn't in your prompt is a finding.

Stages 2 and 3 are pure functions — same input, same output, every time. No inference, no model drift.

CI Gate

Use Overreach as a GitHub Action to block AI scope creep on every PR:

# .github/workflows/overreach.yml
- uses: Naveja00/Overreach@v1

Exit code 1 when unexpected changes are found — the AI agent can't skip this check.

MCP Server (for AI agents)

AI agents can use Overreach to check their own work before committing:

# Claude Code
claude mcp add overreach -- npx -y overreach --serve

# Claude Desktop / Cursor — add to MCP config:
{ "mcpServers": { "overreach": { "command": "npx", "args": ["-y", "overreach", "--serve"] } } }

Internals

API key (optional)

Overreach auto-detects your AI provider:

ProviderEnv var
AnthropicANTHROPIC_API_KEY
OpenAI / compatibleOPENAI_API_KEY
Ollama (local)No key needed

CLI flags

overreach                          # Interactive mode (recommended)
overreach demo                     # Zero-key demo with sample diff
overreach init                     # Install as pre-commit hook

git diff | overreach --prompt "…"  # Pipe a diff with explicit prompt
overreach --diff file.diff --prompt "…"   # Read diff from file
overreach --scope scope.json --prompt "…" # Skip LLM, use pre-extracted scope
overreach --json                   # Machine-readable JSON output
overreach --serve                  # Start as MCP server

JSON output

Add --json for structured output (CI, piping, integrations):

{
  "scope": { "files_allowed": [], "features_allowed": [] },
  "actual": { "files_changed": [], "symbols_added": [] },
  "findings": [
    {
      "kind": "scope.env",
      "detail": "New environment variable STRIPE_SECRET not in authorized scope",
      "file": ".env.example",
      "severity": "high",
      "evidence": "STRIPE_SECRET"
    }
  ],
  "scope_creep_score": "HIGH",
  "blast_radius": {
    "warnings": [
      {
        "pattern": "route-no-test",
        "message": "New API route added but no test file updated",
        "files": ["src/app/api/checkout/route.ts"],
        "suggestion": "Add tests for the new endpoint"
      }
    ]
  }
}

Finding kinds

KindSeverityWhat triggered it
scope.envHIGHEnvironment variable not mentioned in prompt
scope.endpointHIGHAPI route added without authorization
scope.cronHIGHScheduled job added
scope.listenerHIGHRuntime listener (server, WebSocket, process.on)
scope.depMEDIUMPackage dependency added
scope.fileMEDIUMFile changed outside prompt's scope
scope.featureLOWNew symbol not matching any authorized feature

Tests

npm test    # 444 deterministic assertions, zero API calls

License

MIT — free and open source.

Links