Sally reviews a PR diff like a senior engineer with time, opinions, and no reason to be polite — catching what automated tools miss. Use when the user wants a pull request, commit, or unified diff reviewed before merging. Sends only the provided diff to the Cynical Sally backend — never stored, n...
AI agents call sally_review_pr to retrieve information from Cynical Sally without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
This tool retrieves and analyzes code diff data provided by the user and returns analytical feedback (a review). It has no capability to modify, execute, delete, or create persistent changes. The explicit read-only guarantee and lack of side effects place it firmly in the Read category.
From the tool's definition Tool description explicitly states 'Read-only: never modifies files' and 'Sends only the provided diff to the Cynical Sally backend'. The tool analycts and returns a markdown review with findings, performing no side effects on data or systems.
Documented attack patterns abuse exactly the kind of access sally_review_pr gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and Cynical Sally, and nothing reaches the server without passing your rules. This is the rule we recommend for sally_review_pr:
{
"version": "1",
"default": "deny",
"tools": {
"sally_review_pr": {}
}
}sally_review_pr is read-only, so it stays allowed — but everything else on the server is denied unless you say otherwise.
Free to start. No card required.
Sally reviews a PR diff like a senior engineer with time, opinions, and no reason to be polite — catching what automated tools miss. Use when the user wants a pull request, commit, or unified diff reviewed before merging. Sends only the provided diff to the Cynical Sally backend — never stored, never used for training. Read-only: never modifies files. Returns a markdown review with a verdict and concrete findings. Premium tool: one free use per month on the free tier, unlimited with Full Suite. It is categorised as a Read tool in the Cynical Sally MCP Server, which means it retrieves data without modifying state.
Register the Cynical Sally MCP server in PolicyLayer and add a rule for sally_review_pr: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Cynical Sally. Nothing to install.
sally_review_pr is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the sally_review_pr rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for sally_review_pr. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
sally_review_pr is provided by the Cynical Sally MCP server (w1ckedxt/cynical-sally). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 8 Cynical Sally tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
8 Cynical Sally tools catalogued and risk-classified — across an index of 42,500+ MCP servers.