torjus/labmcp
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add git-explorer MCP server for read-only repository access #8

Merged
torjus merged 1 commits from feature/git-explorer into master 2026-02-08 03:30:29 +00:00
Conversation 0 Commits 1 Files Changed 16 +2814 -11
torjus commented 2026-02-08 03:30:25 +00:00
Owner
Copy Link

Summary

Add a new read-only MCP server (git-explorer) that provides access to git repository information. Primary use case: deployment verification — comparing deployed flake revisions against source repositories.

Features

  • 9 MCP tools: resolve_ref, get_log, get_commit_info, get_diff_files, get_file_at_commit, is_ancestor, commits_between, list_branches, search_commits
  • Pure Go implementation using go-git library (no shell command execution)
  • Strictly read-only — will never modify the repository
  • CLI commands for manual use: resolve, log, show, diff, cat, branches, search
  • NixOS module with systemd hardening and read-only path enforcement
  • Comprehensive tests for validation and client operations

Security Review

Security review completed with no critical or high severity issues:

  • ✓ Path traversal protection (rejects .., absolute paths, null bytes)
  • ✓ Read-only guarantees enforced in code and at OS level
  • ✓ Resource limits (100KB max file, 100 max log entries, etc.)
  • ✓ Comprehensive systemd hardening in NixOS module
  • ✓ HTTP security inherited from shared MCP transport

Files Changed

  • internal/gitexplorer/ — Core implementation (client, handlers, types, validation, format)
  • cmd/git-explorer/main.go — CLI entry point
  • internal/mcp/server.go — Added DefaultGitExplorerConfig()
  • flake.nix — Added git-explorer package and NixOS module
  • nix/git-explorer-module.nix — NixOS module
  • nix/package.nix — Updated vendorHash for go-git dependency
  • README.md, CLAUDE.md — Documentation updates

Test plan

  • Unit tests pass (go test ./...)
  • Linting passes (golangci-lint run ./...)
  • All packages build with Nix
  • CLI commands tested against this repo
  • MCP server responds correctly to tool calls
  • Security review completed

🤖 Generated with Claude Code

## Summary Add a new read-only MCP server (`git-explorer`) that provides access to git repository information. Primary use case: deployment verification — comparing deployed flake revisions against source repositories. ### Features - **9 MCP tools**: resolve_ref, get_log, get_commit_info, get_diff_files, get_file_at_commit, is_ancestor, commits_between, list_branches, search_commits - **Pure Go implementation** using go-git library (no shell command execution) - **Strictly read-only** — will never modify the repository - **CLI commands** for manual use: resolve, log, show, diff, cat, branches, search - **NixOS module** with systemd hardening and read-only path enforcement - **Comprehensive tests** for validation and client operations ### Security Review Security review completed with **no critical or high severity issues**: - ✓ Path traversal protection (rejects `..`, absolute paths, null bytes) - ✓ Read-only guarantees enforced in code and at OS level - ✓ Resource limits (100KB max file, 100 max log entries, etc.) - ✓ Comprehensive systemd hardening in NixOS module - ✓ HTTP security inherited from shared MCP transport ### Files Changed - `internal/gitexplorer/` — Core implementation (client, handlers, types, validation, format) - `cmd/git-explorer/main.go` — CLI entry point - `internal/mcp/server.go` — Added DefaultGitExplorerConfig() - `flake.nix` — Added git-explorer package and NixOS module - `nix/git-explorer-module.nix` — NixOS module - `nix/package.nix` — Updated vendorHash for go-git dependency - `README.md`, `CLAUDE.md` — Documentation updates ### Test plan - [x] Unit tests pass (`go test ./...`) - [x] Linting passes (`golangci-lint run ./...`) - [x] All packages build with Nix - [x] CLI commands tested against this repo - [x] MCP server responds correctly to tool calls - [x] Security review completed 🤖 Generated with [Claude Code](https://claude.com/claude-code)
torjus added 1 commit 2026-02-08 03:30:25 +00:00
feat: add git-explorer MCP server for read-only repository access 75673974a2 
Implements a new MCP server that provides read-only access to git
repositories using go-git. Designed for deployment verification by
comparing deployed flake revisions against source repositories.

9 tools: resolve_ref, get_log, get_commit_info, get_diff_files,
get_file_at_commit, is_ancestor, commits_between, list_branches,
search_commits.

Includes CLI commands, NixOS module, and comprehensive tests.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
torjus merged commit a0be405b76 into master 2026-02-08 03:30:29 +00:00
torjus deleted branch feature/git-explorer 2026-02-08 03:30:30 +00:00
This repo is archived. You cannot comment on pull requests.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
torjus
No Assignees
1 Participants
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: torjus/labmcp#8
Delete Branch "feature/git-explorer"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?