@j0hanz/code-review-analyst-mcp 1.5.1 → 1.5.2

package/dist/lib/diff-store.d.ts

@@ -16,9 +16,9 @@ export interface DiffSlot {
 }
 /** Call once during server setup so the store can emit resource-updated notifications. */
 export declare function initDiffStore(server: McpServer): void;
-export declare function storeDiff(data: DiffSlot): void;
-export declare function getDiff(): DiffSlot | undefined;
-export declare function hasDiff(): boolean;
+export declare function storeDiff(data: DiffSlot, key?: string): void;
+export declare function getDiff(key?: string): DiffSlot | undefined;
+export declare function hasDiff(key?: string): boolean;
 /** Test-only: directly set or clear the diff slot without emitting resource-updated. */
-export declare function setDiffForTesting(data: DiffSlot | undefined): void;
+export declare function setDiffForTesting(data: DiffSlot | undefined, key?: string): void;
 export declare function createNoDiffError(): ReturnType<typeof createErrorToolResponse>;

package/dist/lib/diff-store.js

@@ -1,27 +1,32 @@
 import { createErrorToolResponse } from './tool-response.js';
 export const DIFF_RESOURCE_URI = 'diff://current';
-let slot;
+const diffSlots = new Map();
 let sendResourceUpdated;
 /** Call once during server setup so the store can emit resource-updated notifications. */
 export function initDiffStore(server) {
     const inner = server.server;
     sendResourceUpdated = inner.sendResourceUpdated.bind(inner);
 }
-export function storeDiff(data) {
-    slot = data;
+export function storeDiff(data, key = process.cwd()) {
+    diffSlots.set(key, data);
     void sendResourceUpdated?.({ uri: DIFF_RESOURCE_URI }).catch(() => {
-        // Notification is best-effort; never block the tool response.
+        // Ignore errors sending resource-updated, which can happen if the server is not fully initialized yet.
     });
 }
-export function getDiff() {
-    return slot;
+export function getDiff(key = process.cwd()) {
+    return diffSlots.get(key);
 }
-export function hasDiff() {
-    return slot !== undefined;
+export function hasDiff(key = process.cwd()) {
+    return diffSlots.has(key);
 }
 /** Test-only: directly set or clear the diff slot without emitting resource-updated. */
-export function setDiffForTesting(data) {
-    slot = data;
+export function setDiffForTesting(data, key = process.cwd()) {
+    if (data) {
+        diffSlots.set(key, data);
+    }
+    else {
+        diffSlots.delete(key);
+    }
 }
 export function createNoDiffError() {
     return createErrorToolResponse('E_NO_DIFF', 'No diff cached. You must call the generate_diff tool before using any review tool. Run generate_diff with mode="unstaged" or mode="staged" to capture the current branch changes, then retry this tool.', undefined, { retryable: false, kind: 'validation' });

package/dist/lib/gemini.js

@@ -352,8 +352,6 @@ function buildGenerationConfig(request, abortSignal) {
         responseMimeType: 'application/json',
         responseSchema: applyResponseKeyOrdering(request.responseSchema, request.responseKeyOrdering),
         safetySettings: getSafetySettings(getSafetyThreshold()),
-        topP: 0.95,
-        topK: 40,
         abortSignal,
     };
     if (request.systemInstruction) {
@@ -416,6 +414,14 @@ async function executeAttempt(request, model, timeoutMs, attempt, onLog) {
     const response = await generateContentWithTimeout(request, model, timeoutMs);
     const latencyMs = Math.round(performance.now() - startedAt);
     const finishReason = response.candidates?.[0]?.finishReason;
+    let thoughts;
+    const parts = response.candidates?.[0]?.content?.parts;
+    if (Array.isArray(parts)) {
+        const thoughtParts = parts.filter((p) => p.thought === true && typeof p.text === 'string');
+        if (thoughtParts.length > 0) {
+            thoughts = thoughtParts.map((p) => p.text).join('\n\n');
+        }
+    }
     await emitGeminiLog(onLog, 'info', {
         event: 'gemini_call',
         details: {
@@ -423,6 +429,7 @@ async function executeAttempt(request, model, timeoutMs, attempt, onLog) {
             latencyMs,
             finishReason: finishReason ?? null,
             usageMetadata: response.usageMetadata ?? null,
+            ...(thoughts ? { thoughts } : {}),
         },
     });
     if (finishReason === FinishReason.MAX_TOKENS) {
@@ -457,33 +464,34 @@ async function waitBeforeRetry(attempt, error, onLog, requestSignal) {
         throw sleepError;
     }
 }
-async function throwGeminiFailure(maxRetries, lastError, onLog) {
-    const attempts = maxRetries + 1;
+async function throwGeminiFailure(attemptsMade, lastError, onLog) {
     const message = getErrorMessage(lastError);
     await emitGeminiLog(onLog, 'error', {
         event: 'gemini_failure',
         details: {
             error: message,
-            attempts,
+            attempts: attemptsMade,
         },
     });
-    throw new Error(`Gemini request failed after ${attempts} attempts: ${message}`, { cause: lastError });
+    throw new Error(`Gemini request failed after ${attemptsMade} attempts: ${message}`, { cause: lastError });
 }
 async function runWithRetries(request, model, timeoutMs, maxRetries, onLog) {
     let lastError;
-    for (let attempt = 0; attempt <= maxRetries; attempt += 1) {
+    let attempt = 0;
+    for (; attempt <= maxRetries; attempt += 1) {
         try {
             return await executeAttempt(request, model, timeoutMs, attempt, onLog);
         }
         catch (error) {
             lastError = error;
             if (!canRetryAttempt(attempt, maxRetries, error)) {
+                attempt += 1; // Count this attempt before breaking
                 break;
             }
             await waitBeforeRetry(attempt, error, onLog, request.signal);
         }
     }
-    return throwGeminiFailure(maxRetries, lastError, onLog);
+    return throwGeminiFailure(attempt, lastError, onLog);
 }
 function canRetryAttempt(attempt, maxRetries, error) {
     return attempt < maxRetries && shouldRetry(error);

package/dist/lib/model-config.d.ts

@@ -20,7 +20,7 @@ export declare const PRO_THINKING_LEVEL: "high";
 /** Output cap for Flash API breaking-change detection. */
 export declare const FLASH_API_BREAKING_MAX_OUTPUT_TOKENS: 4096;
 /** Output cap for Flash complexity analysis. */
-export declare const FLASH_COMPLEXITY_MAX_OUTPUT_TOKENS: 2048;
+export declare const FLASH_COMPLEXITY_MAX_OUTPUT_TOKENS: 4096;
 /** Output cap for Flash test-plan generation. */
 export declare const FLASH_TEST_PLAN_MAX_OUTPUT_TOKENS: 8192;
 /** Output cap for Flash triage tools. */

package/dist/lib/model-config.js

@@ -28,7 +28,7 @@ const THINKING_LEVELS = {
 // Thinking budget in tokens for Flash and Pro tools. Note that these are not hard limits, but rather guidelines to encourage concise responses and manage latency/cost.
 const OUTPUT_TOKEN_BUDGET = {
     flashApiBreaking: 4_096,
-    flashComplexity: 2_048,
+    flashComplexity: 4_096,
     flashTestPlan: 8_192,
     flashTriage: 4_096,
     proPatch: 8_192,

package/dist/lib/tool-contracts.d.ts

@@ -18,9 +18,7 @@ export interface ToolContract {
     maxOutputTokens: number;
     /**
      * Sampling temperature for the Gemini call.
-     * Lower values (0.0–0.1) favour deterministic structured output;
-     * higher values (0.2) add diversity for creative synthesis tasks.
-     * Omit to use the global default (0.2).
+     * Gemini 3 recommends 1.0 for all tasks.
      */
     temperature?: number;
     /** Enables deterministic JSON guidance and schema key ordering. */
@@ -210,7 +208,7 @@ export declare const TOOL_CONTRACTS: readonly [{
     readonly model: "gemini-3-flash-preview";
     readonly timeoutMs: 90000;
     readonly thinkingLevel: "medium";
-    readonly maxOutputTokens: 2048;
+    readonly maxOutputTokens: 4096;
     readonly temperature: 1;
     readonly deterministicJson: true;
     readonly params: readonly [{

package/dist/lib/tool-factory.d.ts

@@ -55,6 +55,10 @@ export interface StructuredToolTaskConfig<TInput extends object = Record<string,
     transformResult?: (input: TInput, result: TResult, ctx: ToolExecutionContext) => TFinal;
     /** Optional validation hook for input parameters. */
     validateInput?: (input: TInput, ctx: ToolExecutionContext) => Promise<ReturnType<typeof createErrorToolResponse> | undefined> | ReturnType<typeof createErrorToolResponse> | undefined;
+    /** Optional flag to enforce diff presence and budget check before tool execution. */
+    requiresDiff?: boolean;
+    /** Optional override for schema validation retries. Defaults to GEMINI_SCHEMA_RETRIES env var. */
+    schemaRetries?: number;
     /** Optional Gemini model to use (e.g. 'gemini-3-pro-preview'). */
     model?: string;
     /** Optional thinking level. */
@@ -65,9 +69,7 @@ export interface StructuredToolTaskConfig<TInput extends object = Record<string,
     maxOutputTokens?: number;
     /**
      * Optional sampling temperature for this tool's Gemini call.
-     * Lower values (0.0–0.1) favour determinism for structured extraction;
-     * higher values (0.2) add useful diversity for creative synthesis tasks.
-     * Falls back to the global default (0.2) when omitted.
+     * Gemini 3 recommends 1.0 for all tasks.
      */
     temperature?: number;
     /** Optional opt-in to Gemini thought output. Defaults to false. */

package/dist/lib/tool-factory.js

@@ -1,6 +1,7 @@
 import { z } from 'zod';
 import { DefaultOutputSchema } from '../schemas/outputs.js';
-import { getDiff } from './diff-store.js';
+import { validateDiffBudget } from './diff-budget.js';
+import { createNoDiffError, getDiff } from './diff-store.js';
 import { createCachedEnvInt } from './env-config.js';
 import { getErrorMessage, RETRYABLE_UPSTREAM_ERROR_PATTERN } from './errors.js';
 import { stripJsonSchemaConstraints } from './gemini-schema.js';
@@ -14,7 +15,8 @@ const CANCELLED_ERROR_PATTERN = /cancelled|canceled/i;
 const TIMEOUT_ERROR_PATTERN = /timed out|timeout/i;
 const BUDGET_ERROR_PATTERN = /exceeds limit|max allowed size|input too large/i;
 const BUSY_ERROR_PATTERN = /too many concurrent/i;
-const MAX_SCHEMA_RETRIES = 1;
+const DEFAULT_SCHEMA_RETRIES = 1;
+const geminiSchemaRetriesConfig = createCachedEnvInt('GEMINI_SCHEMA_RETRIES', DEFAULT_SCHEMA_RETRIES);
 const DEFAULT_SCHEMA_RETRY_ERROR_CHARS = 1_500;
 const schemaRetryErrorCharsConfig = createCachedEnvInt('MAX_SCHEMA_RETRY_ERROR_CHARS', DEFAULT_SCHEMA_RETRY_ERROR_CHARS);
 const DETERMINISTIC_JSON_RETRY_NOTE = 'Deterministic JSON mode: keep key names exactly as schema-defined and preserve stable field ordering.';
@@ -134,30 +136,15 @@ function isRetryableUpstreamMessage(message) {
     return (RETRYABLE_UPSTREAM_ERROR_PATTERN.test(message) ||
         BUSY_ERROR_PATTERN.test(message));
 }
-async function sendTaskProgress(extra, payload) {
-    const progressToken = extra._meta?.progressToken;
-    if (typeof progressToken !== 'string' && typeof progressToken !== 'number') {
+function ignoreProgressInput(value) {
+    if (value === null) {
         return;
     }
-    try {
-        const params = {
-            progressToken,
-            progress: payload.current,
-        };
-        if (payload.total !== undefined) {
-            params.total = payload.total;
-        }
-        if (payload.message !== undefined) {
-            params.message = payload.message;
-        }
-        await extra.sendNotification({
-            method: 'notifications/progress',
-            params,
-        });
-    }
-    catch {
-        // Progress is best-effort; never fail the tool call.
-    }
+}
+function sendTaskProgress(extra, payload) {
+    ignoreProgressInput(extra);
+    ignoreProgressInput(payload);
+    return Promise.resolve();
 }
 function createProgressReporter(extra) {
     let lastCurrent = 0;
@@ -195,21 +182,26 @@ function normalizeProgressContext(context) {
     return `${compact.slice(0, 77)}...`;
 }
 function formatProgressStep(toolName, context, metadata) {
-    const prefix = metadata === 'starting' ? '▸' : '◦';
-    return `${prefix} ${toolName}: ${context} [${metadata}]`;
+    return `${toolName}: ${context} [${metadata}]`;
 }
 function friendlyModelName(model) {
     if (!model)
-        return 'model';
-    if (model.includes('pro'))
-        return 'Pro';
-    if (model.includes('flash'))
-        return 'Flash';
-    return 'model';
+        return 'calling model';
+    const normalized = model.toLowerCase();
+    if (normalized.includes('pro'))
+        return 'calling Pro';
+    if (normalized.includes('flash'))
+        return 'calling Flash';
+    return 'calling model';
+}
+function formatProgressCompletion(toolName, context, outcome) {
+    return `🗒 ${toolName}: ${context} • ${outcome}`;
 }
-function formatProgressCompletion(toolName, context, outcome, success = true) {
-    const prefix = success ? '◆' : '◇';
-    return `${prefix} ${toolName}: ${context} • ${outcome}`;
+function createFailureStatusMessage(outcome, errorMessage) {
+    if (outcome === 'cancelled') {
+        return `cancelled: ${errorMessage}`;
+    }
+    return errorMessage;
 }
 async function reportProgressStepUpdate(reportProgress, toolName, context, current, metadata) {
     await reportProgress({
@@ -218,13 +210,21 @@ async function reportProgressStepUpdate(reportProgress, toolName, context, curre
         message: formatProgressStep(toolName, context, metadata),
     });
 }
-async function reportProgressCompletionUpdate(reportProgress, toolName, context, outcome, success = true) {
+async function reportProgressCompletionUpdate(reportProgress, toolName, context, outcome) {
     await reportProgress({
         current: TASK_PROGRESS_TOTAL,
         total: TASK_PROGRESS_TOTAL,
-        message: formatProgressCompletion(toolName, context, outcome, success),
+        message: formatProgressCompletion(toolName, context, outcome),
     });
 }
+async function reportSchemaRetryProgressBestEffort(reportProgress, toolName, context, retryCount, maxRetries) {
+    try {
+        await reportProgressStepUpdate(reportProgress, toolName, context, 3, `repairing schema retry ${retryCount}/${maxRetries}`);
+    }
+    catch {
+        // Progress updates are best-effort and must not interrupt retries.
+    }
+}
 function toLoggingLevel(level) {
     switch (level) {
         case 'debug':
@@ -277,21 +277,23 @@ export function wrapToolHandler(options, handler) {
             const result = await handler(input, extra);
             // End progress (1/1)
             const outcome = result.isError ? 'failed' : 'completed';
-            const success = !result.isError;
             await sendTaskProgress(extra, {
                 current: 1,
                 total: 1,
-                message: formatProgressCompletion(options.toolName, context, outcome, success),
+                message: formatProgressCompletion(options.toolName, context, outcome),
             });
             return result;
         }
         catch (error) {
+            const errorMessage = getErrorMessage(error);
+            const failureMeta = classifyErrorMeta(error, errorMessage);
+            const outcome = failureMeta.kind === 'cancelled' ? 'cancelled' : 'failed';
             // Progress is best-effort; must never mask the original error.
             try {
                 await sendTaskProgress(extra, {
                     current: 1,
                     total: 1,
-                    message: formatProgressCompletion(options.toolName, context, 'failed', false),
+                    message: formatProgressCompletion(options.toolName, context, outcome),
                 });
             }
             catch {
@@ -301,6 +303,21 @@ export function wrapToolHandler(options, handler) {
         }
     };
 }
+async function validateRequest(config, inputRecord, ctx) {
+    if (config.requiresDiff) {
+        if (!ctx.diffSlot) {
+            return createNoDiffError();
+        }
+        const budgetError = validateDiffBudget(ctx.diffSlot.diff);
+        if (budgetError) {
+            return budgetError;
+        }
+    }
+    if (config.validateInput) {
+        return await config.validateInput(inputRecord, ctx);
+    }
+    return undefined;
+}
 export function registerStructuredToolTask(server, config) {
     const responseSchema = createGeminiResponseSchema({
         geminiSchema: config.geminiSchema,
@@ -350,18 +367,16 @@ export function registerStructuredToolTask(server, config) {
                     // could replace the slot and silently bypass the budget check.
                     const ctx = { diffSlot: getDiff() };
                     await reportProgressStepUpdate(reportProgress, config.name, progressContext, 0, 'starting');
-                    if (config.validateInput) {
-                        const validationError = await config.validateInput(inputRecord, ctx);
-                        if (validationError) {
-                            const validationMessage = validationError.structuredContent.error?.message ??
-                                INPUT_VALIDATION_FAILED;
-                            await updateStatusMessage(validationMessage);
-                            await reportProgressCompletionUpdate(reportProgress, config.name, progressContext, 'rejected', false);
-                            await storeResultSafely('completed', validationError);
-                            return;
-                        }
+                    const validationError = await validateRequest(config, inputRecord, ctx);
+                    if (validationError) {
+                        const validationMessage = validationError.structuredContent.error?.message ??
+                            INPUT_VALIDATION_FAILED;
+                        await updateStatusMessage(validationMessage);
+                        await reportProgressCompletionUpdate(reportProgress, config.name, progressContext, 'rejected');
+                        await storeResultSafely('completed', validationError);
+                        return;
                     }
-                    await reportProgressStepUpdate(reportProgress, config.name, progressContext, 1, 'preparing');
+                    await reportProgressStepUpdate(reportProgress, config.name, progressContext, 1, 'building prompt');
                     const promptParts = config.buildPrompt(inputRecord, ctx);
                     const { prompt } = promptParts;
                     const { systemInstruction } = promptParts;
@@ -369,18 +384,18 @@ export function registerStructuredToolTask(server, config) {
                     await reportProgressStepUpdate(reportProgress, config.name, progressContext, 2, modelLabel);
                     let parsed;
                     let retryPrompt = prompt;
-                    for (let attempt = 0; attempt <= MAX_SCHEMA_RETRIES; attempt += 1) {
+                    const maxRetries = config.schemaRetries ?? geminiSchemaRetriesConfig.get();
+                    for (let attempt = 0; attempt <= maxRetries; attempt += 1) {
                         try {
                             const raw = await generateStructuredJson(createGenerationRequest(config, { systemInstruction, prompt: retryPrompt }, responseSchema, onLog, extra.signal));
                             if (attempt === 0) {
-                                await reportProgressStepUpdate(reportProgress, config.name, progressContext, 3, 'processing response');
+                                await reportProgressStepUpdate(reportProgress, config.name, progressContext, 3, 'validating response');
                             }
                             parsed = config.resultSchema.parse(raw);
                             break;
                         }
                         catch (error) {
-                            if (attempt >= MAX_SCHEMA_RETRIES ||
-                                !(error instanceof z.ZodError)) {
+                            if (attempt >= maxRetries || !(error instanceof z.ZodError)) {
                                 throw error;
                             }
                             const errorMessage = getErrorMessage(error);
@@ -393,6 +408,8 @@ export function registerStructuredToolTask(server, config) {
                                     originalChars: errorMessage.length,
                                 },
                             });
+                            const retryCount = attempt + 1;
+                            await reportSchemaRetryProgressBestEffort(reportProgress, config.name, progressContext, retryCount, maxRetries);
                             retryPrompt = schemaRetryPrompt.prompt;
                         }
                     }
@@ -415,9 +432,10 @@ export function registerStructuredToolTask(server, config) {
                 catch (error) {
                     const errorMessage = getErrorMessage(error);
                     const errorMeta = classifyErrorMeta(error, errorMessage);
-                    await reportProgressCompletionUpdate(reportProgress, config.name, progressContext, 'failed', false);
-                    await updateStatusMessage(errorMessage);
+                    const outcome = errorMeta.kind === 'cancelled' ? 'cancelled' : 'failed';
+                    await updateStatusMessage(createFailureStatusMessage(outcome, errorMessage));
                     await storeResultSafely('failed', createErrorToolResponse(config.errorCode, errorMessage, undefined, errorMeta));
+                    await reportProgressCompletionUpdate(reportProgress, config.name, progressContext, outcome);
                 }
             };
             queueMicrotask(() => {

package/dist/tools/analyze-complexity.js

@@ -1,5 +1,3 @@
-import { validateDiffBudget } from '../lib/diff-budget.js';
-import { createNoDiffError } from '../lib/diff-store.js';
 import { requireToolContract } from '../lib/tool-contracts.js';
 import { registerStructuredToolTask } from '../lib/tool-factory.js';
 import { AnalyzeComplexityInputSchema } from '../schemas/inputs.js';
@@ -32,12 +30,7 @@ export function registerAnalyzeComplexityTool(server) {
         ...(TOOL_CONTRACT.deterministicJson !== undefined
             ? { deterministicJson: TOOL_CONTRACT.deterministicJson }
             : undefined),
-        validateInput: (_input, ctx) => {
-            const slot = ctx.diffSlot;
-            if (!slot)
-                return createNoDiffError();
-            return validateDiffBudget(slot.diff);
-        },
+        requiresDiff: true,
         formatOutcome: (result) => result.isDegradation
             ? 'Performance degradation detected'
             : 'No degradation',

package/dist/tools/analyze-pr-impact.js

@@ -1,6 +1,4 @@
-import { validateDiffBudget } from '../lib/diff-budget.js';
 import { computeDiffStatsAndSummaryFromFiles } from '../lib/diff-parser.js';
-import { createNoDiffError } from '../lib/diff-store.js';
 import { requireToolContract } from '../lib/tool-contracts.js';
 import { registerStructuredToolTask } from '../lib/tool-factory.js';
 import { AnalyzePrImpactInputSchema } from '../schemas/inputs.js';
@@ -36,12 +34,7 @@ export function registerAnalyzePrImpactTool(server) {
         ...(TOOL_CONTRACT.deterministicJson !== undefined
             ? { deterministicJson: TOOL_CONTRACT.deterministicJson }
             : undefined),
-        validateInput: (_input, ctx) => {
-            const slot = ctx.diffSlot;
-            if (!slot)
-                return createNoDiffError();
-            return validateDiffBudget(slot.diff);
-        },
+        requiresDiff: true,
         formatOutcome: (result) => `severity: ${result.severity}`,
         formatOutput: (result) => `Impact Analysis (${result.severity}): ${result.summary}`,
         buildPrompt: (input, ctx) => {

package/dist/tools/detect-api-breaking.js

@@ -1,5 +1,3 @@
-import { validateDiffBudget } from '../lib/diff-budget.js';
-import { createNoDiffError } from '../lib/diff-store.js';
 import { requireToolContract } from '../lib/tool-contracts.js';
 import { registerStructuredToolTask } from '../lib/tool-factory.js';
 import { DetectApiBreakingInputSchema } from '../schemas/inputs.js';
@@ -32,12 +30,7 @@ export function registerDetectApiBreakingTool(server) {
         ...(TOOL_CONTRACT.deterministicJson !== undefined
             ? { deterministicJson: TOOL_CONTRACT.deterministicJson }
             : undefined),
-        validateInput: (_input, ctx) => {
-            const slot = ctx.diffSlot;
-            if (!slot)
-                return createNoDiffError();
-            return validateDiffBudget(slot.diff);
-        },
+        requiresDiff: true,
         formatOutcome: (result) => `${result.breakingChanges.length} breaking change(s) found`,
         formatOutput: (result) => result.hasBreakingChanges
             ? `API Breaking Changes: ${result.breakingChanges.length} found.`

package/dist/tools/generate-diff.js

@@ -1,4 +1,5 @@
-import { spawnSync } from 'node:child_process';
+import { execFile } from 'node:child_process';
+import { promisify } from 'node:util';
 import { z } from 'zod';
 import { cleanDiff, isEmptyDiff, NOISY_EXCLUDE_PATHSPECS, } from '../lib/diff-cleaner.js';
 import { computeDiffStatsFromFiles, parseDiffFiles, } from '../lib/diff-parser.js';
@@ -7,6 +8,7 @@ import { wrapToolHandler } from '../lib/tool-factory.js';
 import { createErrorToolResponse, createToolResponse, } from '../lib/tool-response.js';
 const GIT_TIMEOUT_MS = 30_000;
 const GIT_MAX_BUFFER = 10 * 1024 * 1024; // 10 MB
+const execFileAsync = promisify(execFile);
 function buildGitArgs(mode) {
     const args = ['diff', '--no-color', '--no-ext-diff'];
     if (mode === 'staged') {
@@ -33,43 +35,45 @@ export function registerGenerateDiffTool(server) {
     }, wrapToolHandler({
         toolName: 'generate_diff',
         progressContext: (input) => input.mode,
-    }, (input) => {
+    }, async (input) => {
         const { mode } = input;
         const args = buildGitArgs(mode);
-        // spawnSync with an explicit args array — no shell, no interpolation.
-        // 'git' is resolved via PATH which is controlled by the server environment.
-        // eslint-disable-next-line sonarjs/no-os-command-from-path
-        const result = spawnSync('git', args, {
-            cwd: process.cwd(),
-            encoding: 'utf8',
-            maxBuffer: GIT_MAX_BUFFER,
-            timeout: GIT_TIMEOUT_MS,
-        });
-        if (result.error) {
-            return createErrorToolResponse('E_GENERATE_DIFF', `Failed to run git: ${result.error.message}. Ensure git is installed and the working directory is a git repository.`, undefined, { retryable: false, kind: 'internal' });
+        try {
+            // execFileAsync with an explicit args array — no shell, no interpolation.
+            // 'git' is resolved via PATH which is controlled by the server environment.
+            const { stdout } = await execFileAsync('git', args, {
+                cwd: process.cwd(),
+                encoding: 'utf8',
+                maxBuffer: GIT_MAX_BUFFER,
+                timeout: GIT_TIMEOUT_MS,
+            });
+            const cleaned = cleanDiff(stdout);
+            if (isEmptyDiff(cleaned)) {
+                return createErrorToolResponse('E_NO_CHANGES', `No ${mode} changes found in the current branch. Make sure you have changes that are ${describeModeHint(mode)}.`, undefined, { retryable: false, kind: 'validation' });
+            }
+            const parsedFiles = parseDiffFiles(cleaned);
+            const stats = computeDiffStatsFromFiles(parsedFiles);
+            const generatedAt = new Date().toISOString();
+            storeDiff({ diff: cleaned, parsedFiles, stats, generatedAt, mode });
+            const summary = `Diff cached at ${DIFF_RESOURCE_URI} — ${stats.files} file(s), +${stats.added} -${stats.deleted}. All review tools are now ready.`;
+            return createToolResponse({
+                ok: true,
+                result: {
+                    diffRef: DIFF_RESOURCE_URI,
+                    stats,
+                    generatedAt,
+                    mode,
+                    message: summary,
+                },
+            }, summary);
         }
-        if (result.status !== 0) {
-            const stderr = result.stderr.trim();
-            return createErrorToolResponse('E_GENERATE_DIFF', `git exited with code ${String(result.status)}: ${stderr || 'unknown error'}. Ensure the working directory is a git repository.`, undefined, { retryable: false, kind: 'internal' });
+        catch (error) {
+            const err = error;
+            if (err.code && typeof err.code === 'number') {
+                const stderr = err.stderr ? err.stderr.trim() : '';
+                return createErrorToolResponse('E_GENERATE_DIFF', `git exited with code ${String(err.code)}: ${stderr || 'unknown error'}. Ensure the working directory is a git repository.`, undefined, { retryable: false, kind: 'internal' });
+            }
+            return createErrorToolResponse('E_GENERATE_DIFF', `Failed to run git: ${err.message}. Ensure git is installed and the working directory is a git repository.`, undefined, { retryable: false, kind: 'internal' });
         }
-        const cleaned = cleanDiff(result.stdout);
-        if (isEmptyDiff(cleaned)) {
-            return createErrorToolResponse('E_NO_CHANGES', `No ${mode} changes found in the current branch. Make sure you have changes that are ${describeModeHint(mode)}.`, undefined, { retryable: false, kind: 'validation' });
-        }
-        const parsedFiles = parseDiffFiles(cleaned);
-        const stats = computeDiffStatsFromFiles(parsedFiles);
-        const generatedAt = new Date().toISOString();
-        storeDiff({ diff: cleaned, parsedFiles, stats, generatedAt, mode });
-        const summary = `Diff cached at ${DIFF_RESOURCE_URI} — ${stats.files} file(s), +${stats.added} -${stats.deleted}. All review tools are now ready.`;
-        return createToolResponse({
-            ok: true,
-            result: {
-                diffRef: DIFF_RESOURCE_URI,
-                stats,
-                generatedAt,
-                mode,
-                message: summary,
-            },
-        }, summary);
     }));
 }

package/dist/tools/generate-review-summary.js

@@ -1,5 +1,3 @@
-import { validateDiffBudget } from '../lib/diff-budget.js';
-import { createNoDiffError } from '../lib/diff-store.js';
 import { requireToolContract } from '../lib/tool-contracts.js';
 import { registerStructuredToolTask, } from '../lib/tool-factory.js';
 import { GenerateReviewSummaryInputSchema } from '../schemas/inputs.js';
@@ -49,12 +47,7 @@ export function registerGenerateReviewSummaryTool(server) {
         ...(TOOL_CONTRACT.deterministicJson !== undefined
             ? { deterministicJson: TOOL_CONTRACT.deterministicJson }
             : undefined),
-        validateInput: (_input, ctx) => {
-            const slot = ctx.diffSlot;
-            if (!slot)
-                return createNoDiffError();
-            return validateDiffBudget(slot.diff);
-        },
+        requiresDiff: true,
         formatOutcome: (result) => `risk: ${result.overallRisk}`,
         transformResult: (_input, result, ctx) => {
             const { files, added, deleted } = getDiffStats(ctx);

package/dist/tools/generate-test-plan.js

@@ -1,6 +1,4 @@
-import { validateDiffBudget } from '../lib/diff-budget.js';
 import { computeDiffStatsAndPathsFromFiles } from '../lib/diff-parser.js';
-import { createNoDiffError } from '../lib/diff-store.js';
 import { requireToolContract } from '../lib/tool-contracts.js';
 import { registerStructuredToolTask } from '../lib/tool-factory.js';
 import { GenerateTestPlanInputSchema } from '../schemas/inputs.js';
@@ -36,12 +34,7 @@ export function registerGenerateTestPlanTool(server) {
         ...(TOOL_CONTRACT.deterministicJson !== undefined
             ? { deterministicJson: TOOL_CONTRACT.deterministicJson }
             : undefined),
-        validateInput: (_input, ctx) => {
-            const slot = ctx.diffSlot;
-            if (!slot)
-                return createNoDiffError();
-            return validateDiffBudget(slot.diff);
-        },
+        requiresDiff: true,
         formatOutcome: (result) => `${result.testCases.length} test cases`,
         formatOutput: (result) => `Test Plan: ${result.summary}\n${result.testCases.length} cases proposed.`,
         transformResult: (input, result) => {

package/dist/tools/inspect-code-quality.js

@@ -1,7 +1,5 @@
 import { validateContextBudget } from '../lib/context-budget.js';
-import { validateDiffBudget } from '../lib/diff-budget.js';
 import { computeDiffStatsAndSummaryFromFiles } from '../lib/diff-parser.js';
-import { createNoDiffError } from '../lib/diff-store.js';
 import { requireToolContract } from '../lib/tool-contracts.js';
 import { registerStructuredToolTask } from '../lib/tool-factory.js';
 import { InspectCodeQualityInputSchema } from '../schemas/inputs.js';
@@ -76,14 +74,10 @@ export function registerInspectCodeQualityTool(server) {
             const fileCount = input.files?.length;
             return fileCount ? `+${fileCount} files` : '';
         },
+        requiresDiff: true,
         validateInput: (input, ctx) => {
-            const slot = ctx.diffSlot;
-            if (!slot)
-                return createNoDiffError();
-            const diffError = validateDiffBudget(slot.diff);
-            if (diffError)
-                return diffError;
-            return validateContextBudget(slot.diff, input.files);
+            // Diff presence and budget checked by requiresDiff: true
+            return validateContextBudget(ctx.diffSlot?.diff ?? '', input.files);
         },
         formatOutcome: (result) => `${result.findings.length} findings, risk: ${result.overallRisk}`,
         formatOutput: (result) => {

package/dist/tools/suggest-search-replace.js

@@ -1,6 +1,4 @@
-import { validateDiffBudget } from '../lib/diff-budget.js';
 import { extractChangedPathsFromFiles } from '../lib/diff-parser.js';
-import { createNoDiffError } from '../lib/diff-store.js';
 import { requireToolContract } from '../lib/tool-contracts.js';
 import { registerStructuredToolTask } from '../lib/tool-factory.js';
 import { SuggestSearchReplaceInputSchema } from '../schemas/inputs.js';
@@ -36,12 +34,7 @@ export function registerSuggestSearchReplaceTool(server) {
         ...(TOOL_CONTRACT.deterministicJson !== undefined
             ? { deterministicJson: TOOL_CONTRACT.deterministicJson }
             : undefined),
-        validateInput: (_input, ctx) => {
-            const slot = ctx.diffSlot;
-            if (!slot)
-                return createNoDiffError();
-            return validateDiffBudget(slot.diff);
-        },
+        requiresDiff: true,
         formatOutcome: (result) => formatPatchCount(result.blocks.length),
         formatOutput: (result) => {
             const count = result.blocks.length;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@j0hanz/code-review-analyst-mcp",
-  "version": "1.5.1",
+  "version": "1.5.2",
   "mcpName": "io.github.j0hanz/code-review-analyst",
   "description": "Gemini-powered MCP server for code review analysis.",
   "type": "module",