生成代码Review报告。支持两种模式: 模式一:分支对比模式(需要 target_branch) 对比开发分支与目标分支的代码差异。 模式二:Commit Hash 模式(需要 from_commit,不需要 target_branch) 指定一个起始 commit hash,获取该 commit 之后到开发分支的所有变更并生成报告。 使用场景: - 迭代结束后,需要在小组内分享代码改动 - 代码评审会议前准备Review材料 - 记录本次迭代的技术细节 使用方式: 直接调用此工具即可。如果不传 file_descriptions,系统会返回变更文件列表,你需要根据每个文件的完整路径理...
AI agents use generate_code_review to create or update resources in MCP Code Review Server — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your MCP Code Review Server environment.
An AI agent can call generate_code_review faster than any human can review — one bad instruction and it creates or modifies resources in MCP Code Review Server by the hundred, each call as confident as the last.
Attacks that exploit this kind of access
生成代码Review报告。支持两种模式: 模式一:分支对比模式(需要 target_branch) 对比开发分支与目标分支的代码差异。 模式二:Commit Hash 模式(需要 from_commit,不需要 target_branch) 指定一个起始 commit hash,获取该 commit 之后到开发分支的所有变更并生成报告。 使用场景: - 迭代结束后,需要在小组内分享代码改动 - 代码评审会议前准备Review材料 - 记录本次迭代的技术细节 使用方式: 直接调用此工具即可。如果不传 file_descriptions,系统会返回变更文件列表,你需要根据每个文件的完整路径理解其功能,生成简短的中文功能描述(50字以内),然后再次调用此工具传入 file_descriptions 参数。 参数说明: - repo_path: Git仓库的本地路径 - dev_branch: 开发分支名称(你的工作分支) - target_branch: 目标对比分支(通常是main/master/develop),使用 from_commit 模式时可不传 - from_commit: 起始 commit hash,指定后无需 target_branch - author: 你的Git用户名或邮箱(用于筛选你的提交,可选) - output_path: HTML报告输出路径(可选,默认生成在仓库根目录) - file_descriptions: 文件功能描述列表(可选,不传则返回文件列表供你生成描述). It is categorised as a Write tool in the MCP Code Review Server MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the MCP Code Review Server MCP server in PolicyLayer and add a rule for generate_code_review: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches MCP Code Review Server. Nothing to install.
generate_code_review is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the generate_code_review rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for generate_code_review. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
generate_code_review is provided by the MCP Code Review Server MCP server (xlian-fe/mcp-xl-code-review). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →