Running mcp-server-git with uvx gives full disk access/--repository param is ignored #604
Description
Describe the bug
mcp-server-git does not restrict repo paths to the repo specified.
The docs have this code block:
"mcpServers": {
"git": {
"command": "uvx",
"args": ["mcp-server-git", "--repository", "path/to/git/repo"]
}
}Which would imply you are limiting the mcp server to that repository but in practice the only thing --repository is used for is this (link]:
if repository is not None:
try:
git.Repo(repository)
logger.info(f"Using repository at {repository}")
except git.InvalidGitRepositoryError:
logger.error(f"{repository} is not a valid Git repository")
returnAfter that codeblock it doesn't seem to be used. All the commands take a "repo_path" which can be anywhere on your machine. Coupled with "git_init" you can effectively read any file on the computer as long as you have the permissions to init a git repo.
If this is expected behavior then maybe it would be nice to add something to the docs about it.
To Reproduce
Steps to reproduce the behavior:
mkdir reproduce-repocd reproduce-repogit initnpx @modelcontextprotocol/inspector uvx mcp-server-git --repository "path/to/your/repo"- Open Browser and go to http://localhost:5173
- Select "STDIO" and click Connect
- List Tools
- Run the
git_statustool and enter a path different from what you passed in to the--repositoryflag
Expected behavior
One or more of the following:
- Either a clear message that this tool has full access and should only be use with Docker
or
- Allow for limiting the MCP server's access
Ideally you'd supply a base path (or paths) and it would be able to read/write to any repos in that path to allow for features like #188 (on purpose).
Logs
N/A
Additional context
N/A