Skip to content

Feature/secure repository discovery #2236

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
hoyt-harness wants to merge 5 commits into from
Closed

Feature/secure repository discovery #2236

hoyt-harness wants to merge 5 commits into from

Conversation

@hoyt-harness
Copy link

@hoyt-harness hoyt-harness commented Jun 28, 2025

Description

Adds secure repository auto-discovery with multi-repository support to the Git MCP server. This enhancement enables automatic discovery of git repositories within allowed MCP session roots while maintaining strict security boundaries through opt-in configuration and comprehensive safety controls.

Server Details

  • Server: git
  • Changes to: tools, CLI interface, repository discovery mechanism
  • New tool: git_discover_repositories for manual repository discovery
  • Enhanced CLI: multi-repository support and auto-discovery configuration options

Motivation and Context

Previously, users had to manually configure each git repository path, requiring Claude Desktop restarts for new repositories. This created friction when working across multiple projects. The umbrella solution (git init D:\dev) worked but wasn't scalable or secure.

This enhancement enables:

  • Automatic discovery of git repositories within secure boundaries
  • Seamless git tool availability when working in any repository subdirectory
  • Multi-repository support without manual configuration
  • Intelligent path resolution (file paths auto-resolve to git repository roots)

How Has This Been Tested?

✅ Tested with Claude Desktop using the enhanced MCP server

  • Auto-discovery successfully found 13+ repositories in test directory structure
  • Intelligent path resolution works correctly (subdirectory paths resolve to git roots)
  • Multi-repository CLI arguments function properly
  • Security boundaries respected (only scans within MCP session roots)
  • Performance acceptable with caching and timeout protections

Test scenarios:

  • Repository discovery across nested directory structures
  • Path resolution from subdirectories to git roots
  • Security boundary enforcement
  • Cache TTL and performance optimization
  • Error handling for permission-denied directories

Breaking Changes

None. All existing functionality preserved:

  • Single --repository argument still supported
  • All existing tools work identically
  • No changes to tool schemas or behavior
  • Auto-discovery is opt-in only (disabled by default)

Types of changes

  • New feature (non-breaking change which adds functionality)
  • Documentation update

Checklist

  • I have read the MCP Protocol Documentation
  • My changes follows MCP security best practices
  • I have updated the server's README accordingly
  • I have tested this with an LLM client
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have documented all environment variables and configuration options

Additional context

Security-First Design

  • Explicit opt-in: --enable-discovery flag required
  • Bounded scanning: Only within MCP session roots
  • Configurable limits: --max-discovery-depth (default: 2)
  • Pattern exclusions: Automatic exclusion of node_modules, .venv, etc.
  • Audit logging: Comprehensive security logging
  • Performance protection: 30s timeouts, async processing

Implementation Highlights

  • Leverages existing MCP RootsCapability for security boundaries
  • Async directory scanning with concurrent processing
  • TTL-based caching (5 minutes) for performance
  • Intelligent git repository validation using GitPython
  • Graceful error handling for permission and access issues

Co-developed with AI

This enhancement demonstrates AI-enhanced infrastructure development, where Claude AI identified the limitation in the existing single-repository approach and designed a comprehensive, security-conscious solution that maintains backward compatibility while adding powerful new capabilities.

Example usage:

# Multi-repository explicit
mcp-server-git -r /repo1 -r /repo2

# Auto-discovery with security controls  
mcp-server-git --enable-discovery --max-discovery-depth 2

# Combined approach
mcp-server-git -r /important/repo --enable-discovery

@hoyt-harness
Merge upstream changes from modelcontextprotocol/servers
7bdf46d 
Sync fork with latest upstream changes including:
- Updated CI/CD workflows
- Git server improvements and type annotations
- Filesystem server enhancements with path utilities
- Removal of deprecated/moved servers
- Various dependency and documentation updates

Prepares fork for dynamic repository discovery feature development
@hoyt-harness
feat: Add secure repository auto-discovery with multi-repository support
0cf291c 
Introduces opt-in repository discovery with security-first design:
- Multi-repository CLI support (--repository can be used multiple times)
- Auto-discovery within MCP roots (--enable-discovery flag required)
- Configurable depth limits and exclude patterns for security
- New git_discover_repositories tool for manual discovery
- Intelligent path resolution (file paths auto-resolve to git roots)
- Async scanning with caching and timeout protection

Security controls: bounded scanning, audit logging, pattern exclusions
Performance: 5-min TTL cache, 30s timeouts, early termination
Backward compatible: all existing functionality preserved

Examples:
  mcp-server-git -r /repo1 -r /repo2
  mcp-server-git --enable-discovery --max-discovery-depth 2

Designed for contribution to official MCP servers repository.
Co-developed with Claude AI.
@hoyt-harness
feat: Add secure repository auto-discovery with multi-repository support
760991a 
Introduces opt-in repository discovery with security-first design:
- Multi-repository CLI support (--repository can be used multiple times)
- Auto-discovery within MCP roots (--enable-discovery flag required)
- Configurable depth limits and exclude patterns for security
- New git_discover_repositories tool for manual discovery
- Intelligent path resolution (file paths auto-resolve to git roots)
- Async scanning with caching and timeout protection

Security controls: bounded scanning, audit logging, pattern exclusions
Performance: 5-min TTL cache, 30s timeouts, early termination
Backward compatible: all existing functionality preserved

Examples:
  mcp-server-git -r /repo1 -r /repo2
  mcp-server-git --enable-discovery --max-discovery-depth 2

Updates main README to reflect new auto-discovery capabilities.
Designed for contribution to official MCP servers repository.
Co-developed with Claude AI as AI-enhanced infrastructure demo.
@hoyt-harness
Copy link
Author

hoyt-harness commented Jun 28, 2025

Additional Note on AI Collaboration

I want to highlight something unique about this contribution: Claude AI was instrumental in every aspect of this enhancement - from initial problem identification through final implementation.

What Claude directly handled:

  • Identified the core limitation in the existing single-repository approach
  • Designed the complete security-conscious architecture with opt-in discovery and bounded scanning
  • Wrote 100% of the enhanced code (~400+ lines across multiple files)
  • Implemented all security controls (depth limits, exclusion patterns, audit logging, timeouts)
  • Created comprehensive documentation (README updates, usage examples, migration guides)
  • Authored the entire PR description and commit message
  • Conducted security analysis to ensure alignment with Anthropic's security-first principles
  • Tested the implementation through the MCP interface and validated functionality

My role was primarily:

  • Providing the original vision ("git tools automatically available when working with repositories")
  • Testing the implementation in my development environment
  • Managing git operations (commits, PR creation)
  • Validating that the security approach met production standards

This represents a fascinating example of AI autonomously improving AI infrastructure - Claude identified limitations in MCP tooling and designed elegant solutions while maintaining security as the top priority. The auto-discovery feature working seamlessly in production is a testament to Claude's architectural and implementation capabilities.

The collaboration demonstrates how AI can be a true development partner, not just a code generator, when given the freedom to analyze problems holistically and implement comprehensive solutions. I'm happy to share anything from the Claude for Windows project, including the project itself, conversations, Project Knowledge material, etc.

@olaservo olaservo added server-git Reference implementation for the Git MCP server - src/git enhancement New feature or request labels Jun 30, 2025
olaservo
olaservo requested changes Jul 4, 2025
View reviewed changes
Copy link
Member

@olaservo olaservo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm seeing some failures here: https://github.com/modelcontextprotocol/servers/actions/runs/15945164422/job/45020091279?pr=2236

@hoyt-harness
fix: Address pyright type checking issues in repository discovery
4d7d61e 
- Filter out None values from root.uri.path to ensure type safety
- Initialize discovered variable in all code paths to prevent unbound variable error
- Maintains all functionality while satisfying strict type checking requirements

Fixes pyright errors:
- Argument type list[str | None] not assignable to Sequence[str]
- discovered is possibly unbound variable
@hoyt-harness
Copy link
Author

hoyt-harness commented Jul 4, 2025

Hi @olaservo! I've addressed the pyright type checking issues in commit 4d7d61e.
The errors you mentioned should now be resolved. Could you please re-run the CI when convenient?

@hoyt-harness
refactor: Add proper __main__ guard in __main__.py
f06e4cb 
- Use standard Python idiom for module execution guard
- Prevents unintended execution when module is imported
- Follows Python best practices for entry point modules
@hoyt-harness hoyt-harness deleted the feature/secure-repository-discovery branch July 13, 2025 01:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@olaservo olaservo olaservo requested changes

Assignees

No one assigned

Labels

enhancement New feature or request server-git Reference implementation for the Git MCP server - src/git

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hoyt-harness @olaservo