git-mcp-server
Verified Safeby cyanheads
Overview
A Model Context Protocol (MCP) server that provides Git-specific tools and resources for AI/LLM agents to interact with version control systems.
Installation
bun run src/index.tsEnvironment Variables
- OPENROUTER_API_KEY
- MCP_AUTH_MODE
- MCP_AUTH_SECRET_KEY
- OAUTH_ISSUER_URL
- OAUTH_AUDIENCE
- GIT_BASE_DIR
- SPEECH_TTS_API_KEY
- SPEECH_STT_API_KEY
Security Notes
The server demonstrates strong security awareness, implementing detailed path sanitization (`sanitizePath` to prevent directory traversal and enforce `GIT_BASE_DIR`), robust authentication via JWT/OAuth, and scope-based authorization. Critical secrets are loaded from environment variables. Direct execution of native Git CLI commands (via `CliGitProvider`) is a potential attack surface, but the codebase uses a command builder with argument validation and a `SAFE_GIT_OPTIONS` set, significantly mitigating risks. A 'development mode' bypass for authentication is present for convenience, but the `JwtStrategy` explicitly warns and enforces `MCP_AUTH_SECRET_KEY` in production, which is good practice. Proper configuration of `MCP_AUTH_MODE` and `GIT_BASE_DIR` is crucial for production deployments.
Similar Servers
mcp-servers
A curated collection of Model Context Protocol (MCP) server configurations to integrate various developer tools and services with AI agents.
dev-kit-mcp-server
A Model Context Protocol (MCP) server targeted for agent development tools, providing scoped authorized operations in the root project directory.
tenets
Provides intelligent, token-optimized code context and automatically injects guiding principles to AI coding assistants for enhanced understanding and consistent interactions.
mcp-http-agent-md
This server acts as a central hub for AI agents, managing project knowledge (AGENTS.md), structured tasks, version history, and ephemeral scratchpads, with capabilities to spawn context-isolated subagents for focused tasks.