Skip to main content
Glama

codereview

Read-only

Performs systematic, step-by-step code review covering quality, security, performance, and architecture with expert validation.

Instructions

Performs systematic, step-by-step code review with expert validation. Use for comprehensive analysis covering quality, security, performance, and architecture. Guides through structured investigation to ensure thoroughness.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
stepYesReview narrative. Step 1: outline the review strategy. Later steps: report findings. MUST cover quality, security, performance, and architecture. Reference code via `relevant_files`; avoid dumping large snippets.
modelYesCurrently in auto model selection mode. CRITICAL: When the user names a model, you MUST use that exact name unless the server rejects it. If no model is provided, you may use the `listmodels` tool to review options and select an appropriate match. Top models: gemini-2.5-pro (score 100, 1.0M ctx, thinking, code-gen); gemini-3-pro-preview (score 100, 1.0M ctx, thinking, code-gen); gemini-2.5-flash (score 61, 1.0M ctx, thinking); gemini-2.0-flash (score 56, 1.0M ctx, thinking); gemini-2.0-flash-lite (score 42, 1.0M ctx).
imagesNoOptional diagram or screenshot paths that clarify review context.
findingsYesCapture findings (positive and negative) across quality, security, performance, and architecture; update each step.
focus_onNoOptional note on areas to emphasise (e.g. 'threading', 'auth flow').
standardsNoCoding standards or style guides to enforce.
confidenceNoConfidence level: exploring (just starting), low (early investigation), medium (some evidence), high (strong evidence), very_high (comprehensive understanding), almost_certain (near complete confidence), certain (100% confidence locally - no external validation needed)
hypothesisNoCurrent theory about issue/goal based on work
review_typeNoReview focus: full, security, performance, or quick.full
step_numberYesCurrent review step (starts at 1) – each step should build on the last.
temperatureNo0 = deterministic · 1 = creative.
total_stepsYesNumber of review steps planned. External validation: two steps (analysis + summary). Internal validation: one step. Use the same limits when continuing an existing review via continuation_id.
issues_foundNoIssues with severity (critical/high/medium/low) and descriptions.
files_checkedNoAbsolute paths of every file reviewed, including those ruled out.
thinking_modeNoReasoning depth: minimal, low, medium, high, or max.
relevant_filesNoStep 1: list all files/dirs under review. Must be absolute full non-abbreviated paths. Final step: narrow to files tied to key findings.
continuation_idNoUnique thread continuation ID for multi-turn conversations. Works across different tools. ALWAYS reuse the last continuation_id you were given—this preserves full conversation context, files, and findings so the agent can resume seamlessly.
severity_filterNoLowest severity to include when reporting issues (critical/high/medium/low/all).all
relevant_contextNoMethods/functions identified as involved in the issue
next_step_requiredYesTrue when another review step follows. External validation: step 1 → True, step 2 → False. Internal validation: set False immediately. Apply the same rule on continuation flows.
use_assistant_modelNoUse assistant model for expert analysis after workflow steps. False skips expert analysis, relies solely on your personal investigation. Defaults to True for comprehensive validation.
review_validation_typeNoSet 'external' (default) for expert follow-up or 'internal' for local-only review.external
Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already declare readOnlyHint=true, so the read-only nature is clear. The description adds 'step-by-step' and 'expert validation' but does not disclose other behavioral traits (e.g., auth needs, side effects, or what happens during the review process). The annotation covers the key safety aspect.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is concise at two sentences, front-loading the purpose. It avoids redundancy, but could be slightly more structured by mentioning the step process earlier.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

With 22 parameters and no output schema, the description should provide more context on how to use the multi-step review process (e.g., step lifecycle, continuation_id usage). It lacks sufficient guidance for such a complex tool.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, meaning all 22 parameters have individual descriptions in the schema. The description adds no additional parameter-level information. Baseline 3 is appropriate as the schema does the heavy lifting.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states it performs systematic, step-by-step code review covering quality, security, performance, and architecture. It distinguishes itself from siblings like 'secaudit' or 'debug' by emphasizing a structured process and expert validation, but does not explicitly differentiate from all siblings.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description says 'Use for comprehensive analysis' but provides no explicit guidance on when to use this tool versus alternatives (e.g., secaudit for security, debug for debugging). No when-not-to-use or conditions are mentioned.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/bigl34/pal-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server