npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

aggrowal-pr-review-mcp

v0.1.5

Published

MCP server: multi-track PR reviews from local git diffs + Anthropic/OpenAI (not GitHub API)

Downloads

560

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

aggrowalaggrowal

Keywords

mcpmodel-context-protocolprcode-reviewgitanthropicopenai

Readme

pr-review-mcp

MCP server for multi-track PR reviews from local git diffs.

npm package: aggrowal-pr-review-mcp

Documentation

Quickstart

  1. Run via npx:
npx -y aggrowal-pr-review-mcp
  1. Attach in your MCP client (Cursor/Claude-style example):
{
  "mcpServers": {
    "pr-review": {
      "command": "npx",
      "args": ["-y", "aggrowal-pr-review-mcp"],
      "env": {}
    }
  }
}

This server is keyless by default. No Anthropic/OpenAI keys are required.

  1. Configure project once:
configure_project
  name: your-repo-folder
  repoUrl: https://github.com/org/repo
  mainBranch: main
  1. Run review:
@pr_review branch: feature/my-branch
@pr_review branch: feature/my-branch format: markdown

pr_review now uses a strict staged loop:

  • Stage prepare: server returns sessionId, assembled prompt, coverage contract, and nextAction.callTemplate.
  • Stage validate: host sends a draft report back; server validates schema + contract.
  • Stage repair (if needed): server returns exact gaps and a correction prompt.
  • Stage final: server returns validated review JSON (and optional markdown summary).

Most IDE agents can chain this automatically after the initial @pr_review branch: ... call.
If your host does not auto-chain, call pr_review again with sessionId + draftReport.

Troubleshooting: checks do not kick in

Common bypass symptoms:

  • Host returns free-form findings directly, but you do not see staged JSON envelopes with ok, stage, and meta.
  • Response lacks nextAction.callTemplate from prepare or repair.
  • MCP logs do not show pr_review: prepare stage starting and pr_review: validate stage starting.

Manual recovery flow:

  1. Run @pr_review branch: <branch-name>.
  2. Copy nextAction.callTemplate from the returned prepare payload.
  3. Fill draftReport with your generated JSON report.
  4. Call pr_review again with that payload.
  5. Repeat with the returned repair call template until stage final.

Debug checklist:

  • Set PR_REVIEW_LOG=debug in the MCP server environment.
  • Re-run @pr_review branch: <branch-name>.
  • Confirm stage logs appear in order: prepare start -> validate start -> (repair or final).
  • If no stage logs appear, your host likely bypassed the MCP tool call.

Review contract enforcement

Detailed reference: docs/architecture.md#review-contract-enforcement.

Core guarantees:

  • Server builds a per-track execution contract from matched skill checklists.
  • Final model output must satisfy schema and contract coverage checks.
  • Missing/extra track, heading, or subpoint coverage causes correction retry and then structured error if unresolved.
  • Status taxonomy remains: blocker | needs_improvement | nudge | looks_good.

Token efficiency strategy

Detailed reference: docs/architecture.md#token-efficiency-strategy.

Current strategy:

  • Keep a single pr_review call from IDE.
  • Inject shared changed-files payload once for all tracks.
  • Remove repeated per-track prompt boilerplate while preserving checklist semantics.
  • Emit prompt telemetry (static, payload, tracks, total) for visibility.
  • Retry through explicit staged validation when output fails schema/contract checks.

Skill prompt format contract (must keep)

Each skill prompt must keep this shape so parser and coverage validation remain stable:

  • ## What to check
  • heading lines in ### <Letter>. <Title> format
  • numbered checks (1., 2., ...)
  • ## Rules

If you change this format, update parser logic in src/prompt/assemble.ts and related tests.

Prompt-injection hardening

Detailed reference: docs/architecture.md#prompt-injection-hardening.

Hardening model:

  • Treat diff and file payloads as untrusted data.
  • Wrap untrusted content in sentinel boundaries.
  • Escape sentinel collisions in payload.
  • Keep reviewer reviewInstructions in trusted section only.

Future change checklist

Before finalizing behavior changes:

  1. Keep coverage-contract integrity for track/heading/subpoint accounting.
  2. Keep skill parseability (### Letter. Heading + numbered checks).
  3. Preserve token discipline via dedupe and concise wording.
  4. Preserve trusted/untrusted boundary model and path sanitization.
  5. Run npm test and npm run build.

Development

npm run build
npm run dev
npm test
npm start
npm run smoke:mcp