Plugs into Cursor, Claude Code, or any MCP client over stdio and exposes a single tool, check_scope_tool, that compares declared task scope (fnmatch globs and category tags like tests, docs, config) against the files an AI agent actually modified. Returns in_scope, over_reach, or empty, listing any files or categories that exceeded the declared boundary. This is an audit layer, not enforcement. It reports the mismatch but doesn't block writes or roll back changes. You'd wire this into a workflow where you want an AI agent to declare its intended scope upfront, then verify afterwards whether it stayed within bounds before merging or deploying.
claude mcp add --transport stdio choreoatlas-over_reach_detector -- uvx over-reach-detector