@j0hanz/code-review-analyst-mcp 1.3.0 → 1.4.1

package/dist/lib/diff-cleaner.d.ts

@@ -0,0 +1,12 @@
+export declare const NOISY_EXCLUDE_PATHSPECS: readonly [":(exclude)package-lock.json", ":(exclude)yarn.lock", ":(exclude)pnpm-lock.yaml", ":(exclude)bun.lockb", ":(exclude)*.lock", ":(exclude)dist/", ":(exclude)build/", ":(exclude)out/", ":(exclude).next/", ":(exclude)coverage/", ":(exclude)*.min.js", ":(exclude)*.min.css", ":(exclude)*.map"];
+/**
+ * Split raw unified diff into per-file sections and strip:
+ * - Binary file sections ("Binary files a/... and b/... differ")
+ * - GIT binary patch sections
+ * - Mode-only sections (permission changes with no content hunks)
+ *
+ * Does NOT modify content lines (+ / - / space) to preserve verbatim
+ * accuracy required by suggest_search_replace.
+ */
+export declare function cleanDiff(raw: string): string;
+export declare function isEmptyDiff(diff: string): boolean;

package/dist/lib/diff-cleaner.js

@@ -0,0 +1,51 @@
+export const NOISY_EXCLUDE_PATHSPECS = [
+    ':(exclude)package-lock.json',
+    ':(exclude)yarn.lock',
+    ':(exclude)pnpm-lock.yaml',
+    ':(exclude)bun.lockb',
+    ':(exclude)*.lock',
+    ':(exclude)dist/',
+    ':(exclude)build/',
+    ':(exclude)out/',
+    ':(exclude).next/',
+    ':(exclude)coverage/',
+    ':(exclude)*.min.js',
+    ':(exclude)*.min.css',
+    ':(exclude)*.map',
+];
+// Regex patterns to identify noisy diff file sections.
+const BINARY_FILE_LINE = /^Binary files .+ differ$/m;
+const GIT_BINARY_PATCH = /^GIT binary patch/m;
+const HAS_HUNK = /^@@/m;
+const HAS_OLD_MODE = /^old mode /m;
+/**
+ * Split raw unified diff into per-file sections and strip:
+ * - Binary file sections ("Binary files a/... and b/... differ")
+ * - GIT binary patch sections
+ * - Mode-only sections (permission changes with no content hunks)
+ *
+ * Does NOT modify content lines (+ / - / space) to preserve verbatim
+ * accuracy required by suggest_search_replace.
+ */
+export function cleanDiff(raw) {
+    if (!raw)
+        return '';
+    // Split on the start of each "diff --git" header, keeping the header.
+    const sections = raw.split(/(?=^diff --git )/m);
+    const cleaned = sections.filter((section) => {
+        if (!section.trim())
+            return false;
+        if (BINARY_FILE_LINE.test(section))
+            return false;
+        if (GIT_BINARY_PATCH.test(section))
+            return false;
+        // Drop mode-only sections that have no actual content hunks.
+        if (HAS_OLD_MODE.test(section) && !HAS_HUNK.test(section))
+            return false;
+        return true;
+    });
+    return cleaned.join('').trim();
+}
+export function isEmptyDiff(diff) {
+    return diff.trim().length === 0;
+}

package/dist/lib/diff-store.d.ts

@@ -0,0 +1,22 @@
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { createErrorToolResponse } from './tool-response.js';
+export declare const DIFF_RESOURCE_URI = "diff://current";
+export interface DiffStats {
+    files: number;
+    added: number;
+    deleted: number;
+}
+export interface DiffSlot {
+    diff: string;
+    stats: DiffStats;
+    generatedAt: string;
+    mode: string;
+}
+/** Call once during server setup so the store can emit resource-updated notifications. */
+export declare function initDiffStore(server: McpServer): void;
+export declare function storeDiff(data: DiffSlot): void;
+export declare function getDiff(): DiffSlot | undefined;
+export declare function hasDiff(): boolean;
+/** Test-only: directly set or clear the diff slot without emitting resource-updated. */
+export declare function setDiffForTesting(data: DiffSlot | undefined): void;
+export declare function createNoDiffError(): ReturnType<typeof createErrorToolResponse>;

package/dist/lib/diff-store.js

@@ -0,0 +1,28 @@
+import { createErrorToolResponse } from './tool-response.js';
+export const DIFF_RESOURCE_URI = 'diff://current';
+let slot;
+let sendResourceUpdated;
+/** Call once during server setup so the store can emit resource-updated notifications. */
+export function initDiffStore(server) {
+    const inner = server.server;
+    sendResourceUpdated = inner.sendResourceUpdated.bind(inner);
+}
+export function storeDiff(data) {
+    slot = data;
+    void sendResourceUpdated?.({ uri: DIFF_RESOURCE_URI }).catch(() => {
+        // Notification is best-effort; never block the tool response.
+    });
+}
+export function getDiff() {
+    return slot;
+}
+export function hasDiff() {
+    return slot !== undefined;
+}
+/** Test-only: directly set or clear the diff slot without emitting resource-updated. */
+export function setDiffForTesting(data) {
+    slot = data;
+}
+export function createNoDiffError() {
+    return createErrorToolResponse('E_NO_DIFF', 'No diff cached. You must call the generate_diff tool before using any review tool. Run generate_diff with mode="unstaged" or mode="staged" to capture the current branch changes, then retry this tool.', undefined, { retryable: false, kind: 'validation' });
+}

package/dist/lib/tool-contracts.d.ts

@@ -8,9 +8,12 @@ export interface ToolParameterContract {
 export interface ToolContract {
     name: string;
     purpose: string;
+    /** Set to 'none' for synchronous (non-Gemini) tools. */
     model: string;
+    /** Set to 0 for synchronous (non-Gemini) tools. */
     timeoutMs: number;
     thinkingBudget?: number;
+    /** Set to 0 for synchronous (non-Gemini) tools. */
     maxOutputTokens: number;
     params: readonly ToolParameterContract[];
     outputShape: string;
@@ -19,18 +22,28 @@ export interface ToolContract {
     constraints?: readonly string[];
 }
 export declare const TOOL_CONTRACTS: readonly [{
+    readonly name: "generate_diff";
+    readonly purpose: "Generate a diff of current changes and cache it server-side. MUST be called before any other tool. Uses git to capture unstaged or staged changes in the current working directory.";
+    readonly model: "none";
+    readonly timeoutMs: 0;
+    readonly maxOutputTokens: 0;
+    readonly params: readonly [{
+        readonly name: "mode";
+        readonly type: "string";
+        readonly required: true;
+        readonly constraints: "'unstaged' | 'staged'";
+        readonly description: "'unstaged': working tree changes not yet staged. 'staged': changes added to the index (git add).";
+    }];
+    readonly outputShape: "{ok, result: {diffRef, stats{files, added, deleted}, generatedAt, mode, message}}";
+    readonly gotchas: readonly ["Must be called first — all other tools return E_NO_DIFF if no diff is cached.", "Noisy files (lock files, dist/, build/, minified assets) are excluded automatically.", "Empty diff (no changes) returns E_NO_CHANGES."];
+    readonly crossToolFlow: readonly ["Caches diff at diff://current — consumed automatically by all review tools."];
+}, {
     readonly name: "analyze_pr_impact";
     readonly purpose: "Assess severity, categories, breaking changes, and rollback complexity.";
     readonly model: "gemini-2.5-flash";
     readonly timeoutMs: 90000;
     readonly maxOutputTokens: 2048;
     readonly params: readonly [{
-        readonly name: "diff";
-        readonly type: "string";
-        readonly required: true;
-        readonly constraints: "10-120K chars";
-        readonly description: "Unified diff text.";
-    }, {
         readonly name: "repository";
         readonly type: "string";
         readonly required: true;
@@ -44,7 +57,7 @@ export declare const TOOL_CONTRACTS: readonly [{
         readonly description: "Primary language hint.";
     }];
     readonly outputShape: "{severity, categories[], summary, breakingChanges[], affectedAreas[], rollbackComplexity}";
-    readonly gotchas: readonly ["Flash triage tool optimized for speed.", "Diff-only analysis (no full-file context)."];
+    readonly gotchas: readonly ["Requires generate_diff to be called first.", "Flash triage tool optimized for speed."];
     readonly crossToolFlow: readonly ["severity/categories feed triage and merge-gate decisions."];
 }, {
     readonly name: "generate_review_summary";
@@ -53,12 +66,6 @@ export declare const TOOL_CONTRACTS: readonly [{
     readonly timeoutMs: 90000;
     readonly maxOutputTokens: 2048;
     readonly params: readonly [{
-        readonly name: "diff";
-        readonly type: "string";
-        readonly required: true;
-        readonly constraints: "10-120K chars";
-        readonly description: "Unified diff text.";
-    }, {
         readonly name: "repository";
         readonly type: "string";
         readonly required: true;
@@ -72,7 +79,7 @@ export declare const TOOL_CONTRACTS: readonly [{
         readonly description: "Primary language hint.";
     }];
     readonly outputShape: "{summary, overallRisk, keyChanges[], recommendation, stats{filesChanged, linesAdded, linesRemoved}}";
-    readonly gotchas: readonly ["stats are computed locally from the diff.", "Flash triage tool optimized for speed."];
+    readonly gotchas: readonly ["Requires generate_diff to be called first.", "stats are computed locally from the diff."];
     readonly crossToolFlow: readonly ["Use before deep review to decide whether Pro analysis is needed."];
 }, {
     readonly name: "inspect_code_quality";
@@ -82,12 +89,6 @@ export declare const TOOL_CONTRACTS: readonly [{
     readonly thinkingBudget: 16384;
     readonly maxOutputTokens: 8192;
     readonly params: readonly [{
-        readonly name: "diff";
-        readonly type: "string";
-        readonly required: true;
-        readonly constraints: "10-120K chars";
-        readonly description: "Unified diff text.";
-    }, {
         readonly name: "repository";
         readonly type: "string";
         readonly required: true;
@@ -119,7 +120,7 @@ export declare const TOOL_CONTRACTS: readonly [{
         readonly description: "Optional full file content context.";
     }];
     readonly outputShape: "{summary, overallRisk, findings[], testsNeeded[], contextualInsights[], totalFindings}";
-    readonly gotchas: readonly ["Combined diff + file context is bounded by MAX_CONTEXT_CHARS.", "maxFindings caps output after generation."];
+    readonly gotchas: readonly ["Requires generate_diff to be called first.", "Combined diff + file context is bounded by MAX_CONTEXT_CHARS.", "maxFindings caps output after generation."];
     readonly crossToolFlow: readonly ["findings[].title -> suggest_search_replace.findingTitle", "findings[].explanation -> suggest_search_replace.findingDetails"];
     readonly constraints: readonly ["Context budget (diff + files) < 500K chars."];
 }, {
@@ -130,12 +131,6 @@ export declare const TOOL_CONTRACTS: readonly [{
     readonly thinkingBudget: 16384;
     readonly maxOutputTokens: 4096;
     readonly params: readonly [{
-        readonly name: "diff";
-        readonly type: "string";
-        readonly required: true;
-        readonly constraints: "10-120K chars";
-        readonly description: "Unified diff containing the target issue.";
-    }, {
         readonly name: "findingTitle";
         readonly type: "string";
         readonly required: true;
@@ -149,7 +144,7 @@ export declare const TOOL_CONTRACTS: readonly [{
         readonly description: "Detailed finding context.";
     }];
     readonly outputShape: "{summary, blocks[], validationChecklist[]}";
-    readonly gotchas: readonly ["One finding per call to avoid mixed patch intent.", "search must be exact whitespace-preserving match."];
+    readonly gotchas: readonly ["Requires generate_diff to be called first.", "One finding per call to avoid mixed patch intent.", "search must be exact whitespace-preserving match."];
     readonly crossToolFlow: readonly ["Consumes findings from inspect_code_quality for targeted fixes."];
     readonly constraints: readonly ["One finding per call; verbatim search match required."];
 }, {
@@ -160,12 +155,6 @@ export declare const TOOL_CONTRACTS: readonly [{
     readonly thinkingBudget: 8192;
     readonly maxOutputTokens: 4096;
     readonly params: readonly [{
-        readonly name: "diff";
-        readonly type: "string";
-        readonly required: true;
-        readonly constraints: "10-120K chars";
-        readonly description: "Unified diff text.";
-    }, {
         readonly name: "repository";
         readonly type: "string";
         readonly required: true;
@@ -191,7 +180,7 @@ export declare const TOOL_CONTRACTS: readonly [{
         readonly description: "Post-generation cap applied to test cases.";
     }];
     readonly outputShape: "{summary, testCases[], coverageSummary}";
-    readonly gotchas: readonly ["maxTestCases caps output after generation."];
+    readonly gotchas: readonly ["Requires generate_diff to be called first.", "maxTestCases caps output after generation."];
     readonly crossToolFlow: readonly ["Pair with inspect_code_quality to validate high-risk paths."];
 }, {
     readonly name: "analyze_time_space_complexity";
@@ -201,12 +190,6 @@ export declare const TOOL_CONTRACTS: readonly [{
     readonly thinkingBudget: 8192;
     readonly maxOutputTokens: 2048;
     readonly params: readonly [{
-        readonly name: "diff";
-        readonly type: "string";
-        readonly required: true;
-        readonly constraints: "10-120K chars";
-        readonly description: "Unified diff text.";
-    }, {
         readonly name: "language";
         readonly type: "string";
         readonly required: false;
@@ -214,7 +197,7 @@ export declare const TOOL_CONTRACTS: readonly [{
         readonly description: "Primary language hint.";
     }];
     readonly outputShape: "{timeComplexity, spaceComplexity, explanation, potentialBottlenecks[], isDegradation}";
-    readonly gotchas: readonly ["Analyzes only changed code visible in the diff."];
+    readonly gotchas: readonly ["Requires generate_diff to be called first.", "Analyzes only changed code visible in the diff."];
     readonly crossToolFlow: readonly ["Use for algorithmic/performance-sensitive changes."];
 }, {
     readonly name: "detect_api_breaking_changes";
@@ -223,12 +206,6 @@ export declare const TOOL_CONTRACTS: readonly [{
     readonly timeoutMs: 90000;
     readonly maxOutputTokens: 4096;
     readonly params: readonly [{
-        readonly name: "diff";
-        readonly type: "string";
-        readonly required: true;
-        readonly constraints: "10-120K chars";
-        readonly description: "Unified diff text.";
-    }, {
         readonly name: "language";
         readonly type: "string";
         readonly required: false;
@@ -236,7 +213,7 @@ export declare const TOOL_CONTRACTS: readonly [{
         readonly description: "Primary language hint.";
     }];
     readonly outputShape: "{hasBreakingChanges, breakingChanges[]}";
-    readonly gotchas: readonly ["Targets public API contracts over internal refactors."];
+    readonly gotchas: readonly ["Requires generate_diff to be called first.", "Targets public API contracts over internal refactors."];
     readonly crossToolFlow: readonly ["Run before merge for API-surface-sensitive changes."];
 }];
 export declare function getToolContracts(): readonly ToolContract[];

package/dist/lib/tool-contracts.js

@@ -1,6 +1,31 @@
 import { DEFAULT_TIMEOUT_PRO_MS, FLASH_API_BREAKING_MAX_OUTPUT_TOKENS, FLASH_COMPLEXITY_MAX_OUTPUT_TOKENS, FLASH_MODEL, FLASH_TEST_PLAN_MAX_OUTPUT_TOKENS, FLASH_THINKING_BUDGET, FLASH_TRIAGE_MAX_OUTPUT_TOKENS, PRO_MODEL, PRO_PATCH_MAX_OUTPUT_TOKENS, PRO_REVIEW_MAX_OUTPUT_TOKENS, PRO_THINKING_BUDGET, } from './model-config.js';
 const DEFAULT_TIMEOUT_FLASH_MS = 90_000;
 export const TOOL_CONTRACTS = [
+    {
+        name: 'generate_diff',
+        purpose: 'Generate a diff of current changes and cache it server-side. MUST be called before any other tool. Uses git to capture unstaged or staged changes in the current working directory.',
+        model: 'none',
+        timeoutMs: 0,
+        maxOutputTokens: 0,
+        params: [
+            {
+                name: 'mode',
+                type: 'string',
+                required: true,
+                constraints: "'unstaged' | 'staged'",
+                description: "'unstaged': working tree changes not yet staged. 'staged': changes added to the index (git add).",
+            },
+        ],
+        outputShape: '{ok, result: {diffRef, stats{files, added, deleted}, generatedAt, mode, message}}',
+        gotchas: [
+            'Must be called first — all other tools return E_NO_DIFF if no diff is cached.',
+            'Noisy files (lock files, dist/, build/, minified assets) are excluded automatically.',
+            'Empty diff (no changes) returns E_NO_CHANGES.',
+        ],
+        crossToolFlow: [
+            'Caches diff at diff://current — consumed automatically by all review tools.',
+        ],
+    },
     {
         name: 'analyze_pr_impact',
         purpose: 'Assess severity, categories, breaking changes, and rollback complexity.',
@@ -8,13 +33,6 @@ export const TOOL_CONTRACTS = [
         timeoutMs: DEFAULT_TIMEOUT_FLASH_MS,
         maxOutputTokens: FLASH_TRIAGE_MAX_OUTPUT_TOKENS,
         params: [
-            {
-                name: 'diff',
-                type: 'string',
-                required: true,
-                constraints: '10-120K chars',
-                description: 'Unified diff text.',
-            },
             {
                 name: 'repository',
                 type: 'string',
@@ -32,8 +50,8 @@ export const TOOL_CONTRACTS = [
         ],
         outputShape: '{severity, categories[], summary, breakingChanges[], affectedAreas[], rollbackComplexity}',
         gotchas: [
+            'Requires generate_diff to be called first.',
             'Flash triage tool optimized for speed.',
-            'Diff-only analysis (no full-file context).',
         ],
         crossToolFlow: [
             'severity/categories feed triage and merge-gate decisions.',
@@ -46,13 +64,6 @@ export const TOOL_CONTRACTS = [
         timeoutMs: DEFAULT_TIMEOUT_FLASH_MS,
         maxOutputTokens: FLASH_TRIAGE_MAX_OUTPUT_TOKENS,
         params: [
-            {
-                name: 'diff',
-                type: 'string',
-                required: true,
-                constraints: '10-120K chars',
-                description: 'Unified diff text.',
-            },
             {
                 name: 'repository',
                 type: 'string',
@@ -70,8 +81,8 @@ export const TOOL_CONTRACTS = [
         ],
         outputShape: '{summary, overallRisk, keyChanges[], recommendation, stats{filesChanged, linesAdded, linesRemoved}}',
         gotchas: [
+            'Requires generate_diff to be called first.',
             'stats are computed locally from the diff.',
-            'Flash triage tool optimized for speed.',
         ],
         crossToolFlow: [
             'Use before deep review to decide whether Pro analysis is needed.',
@@ -85,13 +96,6 @@ export const TOOL_CONTRACTS = [
         thinkingBudget: PRO_THINKING_BUDGET,
         maxOutputTokens: PRO_REVIEW_MAX_OUTPUT_TOKENS,
         params: [
-            {
-                name: 'diff',
-                type: 'string',
-                required: true,
-                constraints: '10-120K chars',
-                description: 'Unified diff text.',
-            },
             {
                 name: 'repository',
                 type: 'string',
@@ -130,6 +134,7 @@ export const TOOL_CONTRACTS = [
         ],
         outputShape: '{summary, overallRisk, findings[], testsNeeded[], contextualInsights[], totalFindings}',
         gotchas: [
+            'Requires generate_diff to be called first.',
             'Combined diff + file context is bounded by MAX_CONTEXT_CHARS.',
             'maxFindings caps output after generation.',
         ],
@@ -147,13 +152,6 @@ export const TOOL_CONTRACTS = [
         thinkingBudget: PRO_THINKING_BUDGET,
         maxOutputTokens: PRO_PATCH_MAX_OUTPUT_TOKENS,
         params: [
-            {
-                name: 'diff',
-                type: 'string',
-                required: true,
-                constraints: '10-120K chars',
-                description: 'Unified diff containing the target issue.',
-            },
             {
                 name: 'findingTitle',
                 type: 'string',
@@ -171,6 +169,7 @@ export const TOOL_CONTRACTS = [
         ],
         outputShape: '{summary, blocks[], validationChecklist[]}',
         gotchas: [
+            'Requires generate_diff to be called first.',
             'One finding per call to avoid mixed patch intent.',
             'search must be exact whitespace-preserving match.',
         ],
@@ -187,13 +186,6 @@ export const TOOL_CONTRACTS = [
         thinkingBudget: FLASH_THINKING_BUDGET,
         maxOutputTokens: FLASH_TEST_PLAN_MAX_OUTPUT_TOKENS,
         params: [
-            {
-                name: 'diff',
-                type: 'string',
-                required: true,
-                constraints: '10-120K chars',
-                description: 'Unified diff text.',
-            },
             {
                 name: 'repository',
                 type: 'string',
@@ -224,7 +216,10 @@ export const TOOL_CONTRACTS = [
             },
         ],
         outputShape: '{summary, testCases[], coverageSummary}',
-        gotchas: ['maxTestCases caps output after generation.'],
+        gotchas: [
+            'Requires generate_diff to be called first.',
+            'maxTestCases caps output after generation.',
+        ],
         crossToolFlow: [
             'Pair with inspect_code_quality to validate high-risk paths.',
         ],
@@ -237,13 +232,6 @@ export const TOOL_CONTRACTS = [
         thinkingBudget: FLASH_THINKING_BUDGET,
         maxOutputTokens: FLASH_COMPLEXITY_MAX_OUTPUT_TOKENS,
         params: [
-            {
-                name: 'diff',
-                type: 'string',
-                required: true,
-                constraints: '10-120K chars',
-                description: 'Unified diff text.',
-            },
             {
                 name: 'language',
                 type: 'string',
@@ -253,7 +241,10 @@ export const TOOL_CONTRACTS = [
             },
         ],
         outputShape: '{timeComplexity, spaceComplexity, explanation, potentialBottlenecks[], isDegradation}',
-        gotchas: ['Analyzes only changed code visible in the diff.'],
+        gotchas: [
+            'Requires generate_diff to be called first.',
+            'Analyzes only changed code visible in the diff.',
+        ],
         crossToolFlow: ['Use for algorithmic/performance-sensitive changes.'],
     },
     {
@@ -263,13 +254,6 @@ export const TOOL_CONTRACTS = [
         timeoutMs: DEFAULT_TIMEOUT_FLASH_MS,
         maxOutputTokens: FLASH_API_BREAKING_MAX_OUTPUT_TOKENS,
         params: [
-            {
-                name: 'diff',
-                type: 'string',
-                required: true,
-                constraints: '10-120K chars',
-                description: 'Unified diff text.',
-            },
             {
                 name: 'language',
                 type: 'string',
@@ -279,7 +263,10 @@ export const TOOL_CONTRACTS = [
             },
         ],
         outputShape: '{hasBreakingChanges, breakingChanges[]}',
-        gotchas: ['Targets public API contracts over internal refactors.'],
+        gotchas: [
+            'Requires generate_diff to be called first.',
+            'Targets public API contracts over internal refactors.',
+        ],
         crossToolFlow: ['Run before merge for API-surface-sensitive changes.'],
     },
 ];

package/dist/lib/tool-factory.d.ts

@@ -1,11 +1,22 @@
 import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import type { ZodRawShapeCompat } from '@modelcontextprotocol/sdk/server/zod-compat.js';
 import { z } from 'zod';
+import { type DiffSlot } from './diff-store.js';
 import { createErrorToolResponse } from './tool-response.js';
 export interface PromptParts {
     systemInstruction: string;
     prompt: string;
 }
+/**
+ * Immutable snapshot of server-side state captured once at the start of a
+ * tool execution, before `validateInput` runs.  Threading it through both
+ * `validateInput` and `buildPrompt` eliminates the TOCTOU gap that would
+ * otherwise allow a concurrent `generate_diff` call to replace the cached
+ * diff between the budget check and prompt assembly.
+ */
+export interface ToolExecutionContext {
+    readonly diffSlot: DiffSlot | undefined;
+}
 export interface StructuredToolTaskConfig<TInput extends object = Record<string, unknown>, TResult extends object = Record<string, unknown>, TFinal extends TResult = TResult> {
     /** Tool name registered with the MCP server (e.g. 'analyze_pr_impact'). */
     name: string;
@@ -24,9 +35,9 @@ export interface StructuredToolTaskConfig<TInput extends object = Record<string,
     /** Stable error code returned on failure (e.g. 'E_INSPECT_QUALITY'). */
     errorCode: string;
     /** Optional post-processing hook called after resultSchema.parse(). The return value replaces the parsed result. */
-    transformResult?: (input: TInput, result: TResult) => TFinal;
+    transformResult?: (input: TInput, result: TResult, ctx: ToolExecutionContext) => TFinal;
     /** Optional validation hook for input parameters. */
-    validateInput?: (input: TInput) => Promise<ReturnType<typeof createErrorToolResponse> | undefined> | ReturnType<typeof createErrorToolResponse> | undefined;
+    validateInput?: (input: TInput, ctx: ToolExecutionContext) => Promise<ReturnType<typeof createErrorToolResponse> | undefined> | ReturnType<typeof createErrorToolResponse> | undefined;
     /** Optional Gemini model to use (e.g. 'gemini-2.5-pro'). */
     model?: string;
     /** Optional thinking budget in tokens. */
@@ -44,6 +55,6 @@ export interface StructuredToolTaskConfig<TInput extends object = Record<string,
     /** Optional short outcome suffix for the completion progress message (e.g., "3 findings"). */
     formatOutcome?: (result: TFinal) => string;
     /** Builds the system instruction and user prompt from parsed tool input. */
-    buildPrompt: (input: TInput) => PromptParts;
+    buildPrompt: (input: TInput, ctx: ToolExecutionContext) => PromptParts;
 }
 export declare function registerStructuredToolTask<TInput extends object, TResult extends object = Record<string, unknown>, TFinal extends TResult = TResult>(server: McpServer, config: StructuredToolTaskConfig<TInput, TResult, TFinal>): void;

package/dist/lib/tool-factory.js

@@ -1,5 +1,6 @@
 import { z } from 'zod';
 import { DefaultOutputSchema } from '../schemas/outputs.js';
+import { getDiff } from './diff-store.js';
 import { getErrorMessage, RETRYABLE_UPSTREAM_ERROR_PATTERN } from './errors.js';
 import { stripJsonSchemaConstraints } from './gemini-schema.js';
 import { generateStructuredJson, getCurrentRequestId } from './gemini.js';
@@ -260,9 +261,14 @@ export function registerStructuredToolTask(server, config) {
                     const onLog = createGeminiLogger(server, task.taskId);
                     const inputRecord = parseToolInput(input, config.fullInputSchema);
                     progressContext = normalizeProgressContext(config.progressContext?.(inputRecord));
+                    // Snapshot the diff slot ONCE before any async work so that
+                    // validateInput and buildPrompt observe the same state. Without
+                    // this, a concurrent generate_diff call between the two awaits
+                    // could replace the slot and silently bypass the budget check.
+                    const ctx = { diffSlot: getDiff() };
                     await reportProgressStepUpdate(reportProgress, config.name, progressContext, 0, 'starting');
                     if (config.validateInput) {
-                        const validationError = await config.validateInput(inputRecord);
+                        const validationError = await config.validateInput(inputRecord, ctx);
                         if (validationError) {
                             const validationMessage = validationError.structuredContent.error?.message ??
                                 INPUT_VALIDATION_FAILED;
@@ -273,7 +279,7 @@ export function registerStructuredToolTask(server, config) {
                         }
                     }
                     await reportProgressStepUpdate(reportProgress, config.name, progressContext, 1, 'preparing');
-                    const promptParts = config.buildPrompt(inputRecord);
+                    const promptParts = config.buildPrompt(inputRecord, ctx);
                     const { prompt } = promptParts;
                     const { systemInstruction } = promptParts;
                     const modelLabel = friendlyModelName(config.model);
@@ -306,7 +312,7 @@ export function registerStructuredToolTask(server, config) {
                         throw new Error('Unexpected state: parsed result is undefined');
                     }
                     const finalResult = (config.transformResult
-                        ? config.transformResult(inputRecord, parsed)
+                        ? config.transformResult(inputRecord, parsed, ctx)
                         : parsed);
                     const textContent = config.formatOutput
                         ? config.formatOutput(finalResult)

package/dist/resources/index.js

@@ -1,4 +1,5 @@
 import { ResourceTemplate, } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { DIFF_RESOURCE_URI, getDiff } from '../lib/diff-store.js';
 import { buildServerConfig } from './server-config.js';
 import { buildToolCatalog } from './tool-catalog.js';
 import { getToolInfo, getToolInfoNames } from './tool-info.js';
@@ -76,10 +77,28 @@ function registerToolInfoResources(server) {
         return { contents: [createMarkdownContent(uri, text)] };
     });
 }
+function registerDiffResource(server) {
+    server.registerResource('diff-current', new ResourceTemplate(DIFF_RESOURCE_URI, { list: undefined }), {
+        title: 'Current Diff',
+        description: 'The most recently generated diff, cached by generate_diff. Read by all review tools automatically.',
+        mimeType: 'text/x-patch',
+        annotations: {
+            audience: ['assistant'],
+            priority: 1.0,
+        },
+    }, (uri) => {
+        const slot = getDiff();
+        const text = slot
+            ? `# Diff — ${slot.mode} — ${slot.generatedAt}\n# ${slot.stats.files} file(s), +${slot.stats.added} -${slot.stats.deleted}\n\n${slot.diff}`
+            : '# No diff cached. Call generate_diff first.';
+        return { contents: [{ uri: uri.href, mimeType: 'text/x-patch', text }] };
+    });
+}
 export function registerAllResources(server, instructions) {
     for (const def of STATIC_RESOURCES) {
         const override = def.id === 'server-instructions' ? instructions : undefined;
         registerStaticResource(server, def, override);
     }
     registerToolInfoResources(server);
+    registerDiffResource(server);
 }

package/dist/resources/instructions.js

@@ -10,6 +10,7 @@ const RESOURCE_LIST = [
     '- `internal://workflows`: Recommended multi-step tool workflows.',
     '- `internal://server-config`: Runtime limits and model configuration.',
     '- `internal://tool-info/{toolName}`: Per-tool contract details.',
+    '- `diff://current`: Cached diff from the most recent generate_diff run.',
 ];
 function formatParameterLine(parameter) {
     const required = parameter.required ? 'required' : 'optional';
@@ -17,6 +18,15 @@ function formatParameterLine(parameter) {
 }
 function formatToolSection(contract) {
     const parameterLines = contract.params.map((parameter) => formatParameterLine(parameter));
+    if (contract.model === 'none') {
+        // Synchronous built-in tool (no Gemini call)
+        return `### \`${contract.name}\`
+- Purpose: ${contract.purpose}
+- Model: \`none\` (synchronous built-in)
+- Parameters:
+${parameterLines.join('\n')}
+- Output shape: \`${contract.outputShape}\``;
+    }
     const thinkingLine = contract.thinkingBudget === undefined
         ? '- Thinking budget: disabled'
         : `- Thinking budget: ${contract.thinkingBudget}`;

package/dist/resources/server-config.js

@@ -35,6 +35,7 @@ export function buildServerConfig() {
     const defaultModel = getModelOverride();
     const safetyThreshold = getSafetyThreshold();
     const toolRows = getToolContracts()
+        .filter((contract) => contract.model !== 'none')
         .map((contract) => {
         return `| \`${contract.name}\` | \`${contract.model}\` | ${formatThinkingBudget(contract.thinkingBudget)} | ${formatTimeout(contract.timeoutMs)} | ${formatNumber(contract.maxOutputTokens)} |`;
     })