mcp.swiss.software │ JSON-RPC 2.0 over Streamable HTTP │ Bearer auth │ tools: 3 │ uptime: live

$ swiss --help review_pr

review_pr — code review,
grounded.

An MCP tool that reads a GitHub pull request's diff and returns a focused review. Three things make it different from any other AI reviewer: it reads your plugin's docs, it follows your repo's conventions, and it remembers your past findings. Works in Claude Desktop, Cursor, Continue, Zed, or anything that speaks MCP.

three modes, stacked

mode 01 · grounded

plugin-aware

The reviewer reads your plugin's documentation and flags violations of documented invariants — citing both path:line and the docs file. Nobody else's review tool can do this.

mode 02 · per-repo

config-aware

Drop a .swiss-review.json in your repo. Define forbidden patterns, ignored paths, required checks, default focus. The reviewer applies them as additional rules.

mode 03 · accumulating

memory

Patterns flagged ≥2× in past reviews of the same repo are surfaced into every new review. Switching to a competitor loses the accumulated memory.

quick start

Get a license. Email mcp@swiss.software for an early-access key. Format: SW-XXXX-XXXX-XXXX-XXXX.
Generate a fine-grained GitHub PAT. At github.com/settings/personal-access-tokens/new. Permissions: Pull requests: Read, Contents: Read, Metadata: Read. For post: true add Pull requests: Write.
Save the PAT against your license via the admin panel (operator does this for you on early-access). Stored encrypted with AES-256-GCM. Never leaves the server.
Add the MCP server to your client — copy a snippet below.
Optional but recommended: drop a .swiss-review.json in the repo's default branch.

tool reference

review_pr(args)

prstringrequired. PR URL, owner/repo#N, or owner/repo/pull/N.

focusstring?optional. "security" · "performance" · "tests" · or any free text. Steers reviewer attention.

postbooleanwhen true, posts the review as a PR comment. Requires the license to have github_write capability AND the PAT to have write scope.

Each call counts as 1 question against your monthly quota. The same accounting unit as the support agent's ask tool.

.swiss-review.json

Drop this in the repo's default branch. Every field is optional; the reviewer applies whatever's present and ignores the rest.

json .swiss-review.json

{
  "tone": "blunt",
  "ignored_paths": ["vendor/", "dist/", "*.lock"],
  "forbidden_patterns": [
    { "pattern": "console\\.log\\(", "severity": "must", "note": "no debug logs" },
    { "pattern": "\\b(TODO|FIXME)\\b", "severity": "nit" }
  ],
  "required_checks": [
    "new code paths covered by tests",
    "public APIs documented"
  ],
  "default_focus": "security"
}

Bounds: ≤50 forbidden patterns, ≤100 ignored paths, ≤20 required checks. Schema violations are logged on the server but never block a review — the reviewer falls back to no-config.

client configs

Pick your tool. License key YOUR-LICENSE-KEY is pre-filled if you arrived from ?license=….

claude desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

json claude_desktop_config.json

{
  "mcpServers": {
    "swiss-review": {
      "transport": "streamable-http",
      "url": "https://mcp.swiss.software",
      "headers": {
        "Authorization": "Bearer YOUR-LICENSE-KEY"
      }
    }
  }
}

cursor

Settings → MCP → Add server:

json.cursor/mcp.json

{
  "mcpServers": {
    "swiss-review": {
      "url": "https://mcp.swiss.software",
      "headers": { "Authorization": "Bearer YOUR-LICENSE-KEY" }
    }
  }
}

continue

yaml~/.continue/config.yaml

mcpServers:
  - name: swiss-review
    url: https://mcp.swiss.software
    headers:
      Authorization: Bearer YOUR-LICENSE-KEY

zed

json~/.config/zed/settings.json

"context_servers": {
  "swiss-review": {
    "url": "https://mcp.swiss.software",
    "headers": { "Authorization": "Bearer YOUR-LICENSE-KEY" }
  }
}

raw json-rpc (curl)

For scripts and CI:

bashreview.sh

# list available tools
curl -sS -X POST https://mcp.swiss.software/ \
  -H "Authorization: Bearer YOUR-LICENSE-KEY" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'

# review a PR
curl -sS -X POST https://mcp.swiss.software/ \
  -H "Authorization: Bearer YOUR-LICENSE-KEY" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{
        "name":"review_pr",
        "arguments":{"pr":"owner/repo#42","focus":"security"}
     }}'

what a review looks like

Every review carries a metadata header so you know exactly which modes fired:

markdownreview output

**Review of acme/widget#42** — Refactor settings page
_jane · feat/settings → main · 6 files, +210/-45_

_Mode: **plugin-aware** (acme-widget v2.4.0, 8 doc files)_
_Config: `.swiss-review.json` @main (3 forbidden, 2 ignored)_
_Memory: 2 recurring patterns from this repo's history_
_PAT: license-scoped_
_Posted: [PR comment](https://github.com/acme/widget/pull/42#issuecomment-…)_

## Summary
Migrates the legacy settings handler to the new SettingsRegistry…

## Must fix
**handlers/settings.php:88** — Missing CSRF token check on POST.
   _Recurring pattern (×3 in this repo)._
   **handlers/auth.php:42** — violates docs/05-rest-api.md
…

privacy & security

License keys travel only as Authorization: Bearer …. Never in URLs.
Per-license PAT is encrypted at rest with AES-256-GCM. Tampered ciphertext fails the auth tag, never decrypts.
Diff content goes to the active LLM provider you chose at setup (Anthropic by default; pluggable). It does not get retained server-side past the conversation log.
post: true requires two independent locks: (1) the operator-set github_write capability flag on your license, (2) Pull requests: Write scope on your PAT.
Open the conversation log at /admin/conversations to see every review the agent ever produced for your license.