Overreach catches AI-agent scope creep. You give it the prompt you gave your coding agent and the diff it produced; it flags every part of the diff the prompt didn't authorize — unauthorized dependencies, env vars, endpoints, cron jobs, files, and features. Every finding is deterministic set arithmetic (actual − authorized), not a probabilistic opinion. Ships a GitHub Action that fails PRs on scope_creep_score=HIGH. MIT, free to use.
Server Config
{
"mcpServers": {
"overreach": {
"command": "npx",
"args": [
"-y",
"overreach"
]
}
}
}