@cyanheads/git-mcp-server 2.0.2 → 2.0.3

package/dist/mcp-server/tools/gitCommit/logic.js

@@ -1,13 +1,17 @@
 import { exec } from 'child_process';
 import { promisify } from 'util';
 import { z } from 'zod';
-import { BaseErrorCode, McpError } from '../../../types-global/errors.js';
-import { logger } from '../../../utils/logger.js';
-import { sanitization } from '../../../utils/sanitization.js';
+import { BaseErrorCode, McpError } from '../../../types-global/errors.js'; // Keep direct import for types-global
+// Import utils from barrel (logger from ../utils/internal/logger.js)
+import { logger } from '../../../utils/index.js';
+// Import utils from barrel (sanitization from ../utils/security/sanitization.js)
+import { sanitization } from '../../../utils/index.js';
+// Import config to check signing flag
+import { config } from '../../../config/index.js';
 const execAsync = promisify(exec);
 // Define the input schema for the git_commit tool using Zod
 export const GitCommitInputSchema = z.object({
-    path: z.string().min(1).optional().default('.').describe("Path to the Git repository. Defaults to the session's working directory if set via `git_set_working_dir`, otherwise defaults to the server's current working directory (`.`)."),
+    path: z.string().min(1).optional().default('.').describe("Path to the Git repository. Defaults to the directory set via `git_set_working_dir` for the session; set 'git_set_working_dir' if not set."),
     message: z.string().min(1).describe('Commit message. Follow Conventional Commits format: `type(scope): subject`. Example: `feat(api): add user signup endpoint`'),
     author: z.object({
         name: z.string().describe('Author name for the commit'),
@@ -15,6 +19,7 @@ export const GitCommitInputSchema = z.object({
     }).optional().describe('Overrides the commit author information (name and email). Use only when necessary (e.g., applying external patches).'),
     allowEmpty: z.boolean().default(false).describe('Allow creating empty commits'),
     amend: z.boolean().default(false).describe('Amend the previous commit instead of creating a new one'),
+    forceUnsignedOnFailure: z.boolean().default(false).describe('If true and signing is enabled but fails, attempt the commit without signing instead of failing.'),
 });
 /**
  * Executes the 'git commit' command and returns structured JSON output.
@@ -56,8 +61,14 @@ export async function commitGitChanges(input, context // Add getter to context
         throw new McpError(BaseErrorCode.VALIDATION_ERROR, `Invalid path: ${error instanceof Error ? error.message : String(error)}`, { context, operation, originalError: error });
     }
     try {
+        // Escape message for shell safety
+        const escapeShellArg = (arg) => {
+            // Escape backslashes first, then other special chars
+            return arg.replace(/\\/g, '\\\\').replace(/"/g, '\\"').replace(/`/g, '\\`').replace(/\$/g, '\\$');
+        };
+        const escapedMessage = escapeShellArg(input.message);
         // Construct the git commit command using the resolved targetPath
-        let command = `git -C "${targetPath}" commit -m "${input.message.replace(/"/g, '\\"')}"`; // Escape double quotes
+        let command = `git -C "${targetPath}" commit -m "${escapedMessage}"`;
         if (input.allowEmpty) {
             command += ' --allow-empty';
         }
@@ -65,17 +76,84 @@ export async function commitGitChanges(input, context // Add getter to context
             command += ' --amend --no-edit';
         }
         if (input.author) {
-            // Ensure author details are properly escaped if needed, though exec usually handles this
-            command = `git -C "${targetPath}" -c user.name="${input.author.name.replace(/"/g, '\\"')}" -c user.email="${input.author.email.replace(/"/g, '\\"')}" commit -m "${input.message.replace(/"/g, '\\"')}"`;
-            if (input.allowEmpty)
-                command += ' --allow-empty';
-            if (input.amend)
-                command += ' --amend --no-edit';
+            // Escape author details as well
+            const escapedAuthorName = escapeShellArg(input.author.name);
+            const escapedAuthorEmail = escapeShellArg(input.author.email); // Email typically safe, but escape anyway
+            // Use -c flags to override author for this commit, using the already escaped message
+            command = `git -C "${targetPath}" -c user.name="${escapedAuthorName}" -c user.email="${escapedAuthorEmail}" commit -m "${escapedMessage}"`;
+        }
+        // Append common flags (ensure they are appended to the potentially modified command from author block)
+        if (input.allowEmpty && !command.includes(' --allow-empty'))
+            command += ' --allow-empty';
+        if (input.amend && !command.includes(' --amend'))
+            command += ' --amend --no-edit'; // Avoid double adding if author block modified command
+        // Append signing flag if configured via GIT_SIGN_COMMITS env var
+        if (config.gitSignCommits) {
+            command += ' -S'; // Add signing flag (-S)
+            logger.info('Signing enabled via GIT_SIGN_COMMITS=true, adding -S flag.', { ...context, operation });
+        }
+        logger.debug(`Executing initial command attempt: ${command}`, { ...context, operation });
+        let stdout;
+        let stderr;
+        let commitResult;
+        try {
+            // Initial attempt (potentially with -S flag)
+            const execResult = await execAsync(command);
+            stdout = execResult.stdout;
+            stderr = execResult.stderr;
         }
-        logger.debug(`Executing command: ${command}`, { ...context, operation });
-        const { stdout, stderr } = await execAsync(command);
+        catch (error) {
+            const initialErrorMessage = error.stderr || error.message || '';
+            const isSigningError = initialErrorMessage.includes('gpg failed to sign') || initialErrorMessage.includes('signing failed');
+            if (isSigningError && input.forceUnsignedOnFailure) {
+                logger.warning('Initial commit attempt failed due to signing error. Retrying without signing as forceUnsignedOnFailure=true.', { ...context, operation, initialError: initialErrorMessage });
+                // Construct command *without* -S flag, using escaped message/author
+                const escapeShellArg = (arg) => {
+                    return arg.replace(/\\/g, '\\\\').replace(/"/g, '\\"').replace(/`/g, '\\`').replace(/\$/g, '\\$');
+                };
+                const escapedMessage = escapeShellArg(input.message);
+                let unsignedCommand = `git -C "${targetPath}" commit -m "${escapedMessage}"`;
+                if (input.allowEmpty)
+                    unsignedCommand += ' --allow-empty';
+                if (input.amend)
+                    unsignedCommand += ' --amend --no-edit';
+                if (input.author) {
+                    const escapedAuthorName = escapeShellArg(input.author.name);
+                    const escapedAuthorEmail = escapeShellArg(input.author.email);
+                    unsignedCommand = `git -C "${targetPath}" -c user.name="${escapedAuthorName}" -c user.email="${escapedAuthorEmail}" commit -m "${escapedMessage}"`;
+                    // Re-append common flags if author block overwrote command
+                    if (input.allowEmpty && !unsignedCommand.includes(' --allow-empty'))
+                        unsignedCommand += ' --allow-empty';
+                    if (input.amend && !unsignedCommand.includes(' --amend'))
+                        unsignedCommand += ' --amend --no-edit';
+                }
+                logger.debug(`Executing unsigned fallback command: ${unsignedCommand}`, { ...context, operation });
+                try {
+                    // Retry commit without signing
+                    const fallbackResult = await execAsync(unsignedCommand);
+                    stdout = fallbackResult.stdout;
+                    stderr = fallbackResult.stderr;
+                    // Add a note to the status message indicating signing was skipped
+                    commitResult = {
+                        success: true,
+                        statusMessage: `Commit successful (unsigned, signing failed): ${stdout.trim()}`, // Default message, hash parsed below
+                        commitHash: undefined // Will be parsed below
+                    };
+                }
+                catch (fallbackError) {
+                    // If the unsigned commit *also* fails, re-throw that error
+                    logger.error('Unsigned fallback commit attempt also failed.', { ...context, operation, fallbackError: fallbackError.message, stderr: fallbackError.stderr });
+                    throw fallbackError; // Re-throw the error from the unsigned attempt
+                }
+            }
+            else {
+                // If it wasn't a signing error, or forceUnsignedOnFailure is false, re-throw the original error
+                throw error;
+            }
+        }
+        // Process result (either from initial attempt or fallback)
         // Check stderr first for common non-error messages
-        if (stderr) {
+        if (stderr && !commitResult) { // Don't overwrite fallback message if stderr also exists
             if (stderr.includes('nothing to commit, working tree clean') || stderr.includes('no changes added to commit')) {
                 const msg = stderr.includes('nothing to commit') ? 'Nothing to commit, working tree clean.' : 'No changes added to commit.';
                 logger.info(msg, { ...context, operation, path: targetPath });
@@ -95,18 +173,18 @@ export async function commitGitChanges(input, context // Add getter to context
             // Fallback parsing if needed, or rely on success message
             logger.warning('Could not parse commit hash from stdout', { ...context, operation, stdout });
         }
-        // Use statusMessage
-        const statusMsg = commitHash
+        // Use statusMessage, potentially using the one set during fallback
+        const finalStatusMsg = commitResult?.statusMessage || (commitHash
             ? `Commit successful: ${commitHash}`
-            : `Commit successful (stdout: ${stdout.trim()})`;
-        logger.info(`${operation} executed successfully`, { ...context, operation, path: targetPath, commitHash });
+            : `Commit successful (stdout: ${stdout.trim()})`);
+        logger.info(`${operation} executed successfully`, { ...context, operation, path: targetPath, commitHash, signed: !commitResult }); // Log if it was signed (not fallback)
         return {
             success: true,
-            statusMessage: statusMsg,
+            statusMessage: finalStatusMsg, // Use potentially modified message
             commitHash: commitHash
         };
     }
-    catch (error) {
+    catch (error) { // This catch block now primarily handles non-signing errors or errors from the fallback attempt
         logger.error(`Failed to execute git commit command`, { ...context, operation, path: targetPath, error: error.message, stderr: error.stderr });
         const errorMessage = error.stderr || error.message || '';
         // Handle specific error cases first

package/dist/mcp-server/tools/gitCommit/registration.js

@@ -1,8 +1,11 @@
-import { ErrorHandler } from '../../../utils/errorHandler.js';
-import { logger } from '../../../utils/logger.js';
-import { requestContextService } from '../../../utils/requestContext.js';
+// Import utils from barrel (ErrorHandler from ../utils/internal/errorHandler.js)
+import { ErrorHandler } from '../../../utils/index.js';
+// Import utils from barrel (logger from ../utils/internal/logger.js)
+import { logger } from '../../../utils/index.js';
+// Import utils from barrel (requestContextService from ../utils/internal/requestContext.js)
+import { requestContextService } from '../../../utils/index.js';
 // Import the result type along with the function and input schema
-import { BaseErrorCode } from '../../../types-global/errors.js'; // Import BaseErrorCode
+import { BaseErrorCode } from '../../../types-global/errors.js'; // Keep direct import for types-global
 import { commitGitChanges, GitCommitInputSchema } from './logic.js';
 let _getWorkingDirectory;
 let _getSessionId;
@@ -26,28 +29,32 @@ Write clear, concise commit messages using the Conventional Commits format: \`ty
 - \`(scope)\`: Optional context (e.g., \`auth\`, \`ui\`, filename).
 - \`subject\`: Imperative, present tense description (e.g., "add login button", not "added login button").
 
+I want to understand what you did and why. Use the body for detailed explanations, if necessary.
+
 **Example Commit Message:**
 \`\`\`
 feat(auth): implement password reset endpoint
 
-Adds the /api/auth/reset-password endpoint to allow users
-to reset their password via an email link. Includes input
-validation and rate limiting.
+- Adds the /api/auth/reset-password endpoint to allow users to reset their password via an email link. 
+- Includes input validation and rate limiting.
 
 Closes #123 (if applicable).
 \`\`\`
 
 **Best Practice:** Commit related changes together in logical units. If you've modified multiple files for a single feature or fix, stage and commit them together with a message that describes the overall change.
 
-**Path Handling:** If the 'path' parameter is omitted or set to '.', the tool uses the working directory set by 'git_set_working_dir'. Providing a full, absolute path overrides this default and ensures explicitness.`;
+**Path Handling:** If the 'path' parameter is omitted or set to '.', the tool uses the working directory set by 'git_set_working_dir'. Providing a full, absolute path overrides this default and ensures explicitness.
+
+**Commit Signing:** If the server is configured with the \`GIT_SIGN_COMMITS=true\` environment variable, this tool adds the \`-S\` flag to the \`git commit\` command, requesting a signature. Signing requires proper GPG or SSH key setup and Git configuration on the server machine.
+- **Fallback:** If signing is enabled but fails (e.g., key not found, agent issue), the commit will **fail by default**. However, if the optional \`forceUnsignedOnFailure: true\` parameter is provided in the tool call, the tool will attempt the commit again *without* the \`-S\` flag, resulting in an unsigned commit.`;
 /**
- * Registers the git_commit tool with the MCP server.
- * Uses the high-level server.tool() method for registration, schema validation, and routing.
- *
- * @param {McpServer} server - The McpServer instance to register the tool with.
- * @returns {Promise<void>}
- * @throws {Error} If registration fails or state accessors are not initialized.
- */
+* Registers the git_commit tool with the MCP server.
+* Uses the high-level server.tool() method for registration, schema validation, and routing.
+*
+* @param {McpServer} server - The McpServer instance to register the tool with.
+* @returns {Promise<void>}
+* @throws {Error} If registration fails or state accessors are not initialized.
+*/
 export const registerGitCommitTool = async (server) => {
     if (!_getWorkingDirectory || !_getSessionId) {
         throw new Error('State accessors for git_commit must be initialized before registration.');

package/dist/mcp-server/tools/gitDiff/logic.js

@@ -1,13 +1,16 @@
-import { z } from 'zod';
-import { promisify } from 'util';
 import { exec } from 'child_process';
-import { logger } from '../../../utils/logger.js';
-import { McpError, BaseErrorCode } from '../../../types-global/errors.js';
-import { sanitization } from '../../../utils/sanitization.js';
+import { promisify } from 'util';
+import { z } from 'zod';
+// Import utils from barrel (logger from ../utils/internal/logger.js)
+import { logger } from '../../../utils/index.js';
+// Import utils from barrel (RequestContext from ../utils/internal/requestContext.js)
+import { BaseErrorCode, McpError } from '../../../types-global/errors.js'; // Keep direct import for types-global
+// Import utils from barrel (sanitization from ../utils/security/sanitization.js)
+import { sanitization } from '../../../utils/index.js';
 const execAsync = promisify(exec);
 // Define the base input schema without refinement
 const GitDiffInputBaseSchema = z.object({
-    path: z.string().min(1).optional().default('.').describe("Path to the Git repository. Defaults to the session's working directory if set."),
+    path: z.string().min(1).optional().default('.').describe("Path to the Git repository. Defaults to the directory set via `git_set_working_dir` for the session; set 'git_set_working_dir' if not set."),
     commit1: z.string().optional().describe("First commit, branch, or ref for comparison. If omitted, compares against the working tree or index (depending on 'staged')."),
     commit2: z.string().optional().describe("Second commit, branch, or ref for comparison. If omitted, compares commit1 against the working tree or index."),
     staged: z.boolean().optional().default(false).describe("Show diff of changes staged for the next commit (compares index against HEAD). Overrides commit1/commit2 if true."),

package/dist/mcp-server/tools/gitDiff/registration.js

@@ -1,9 +1,12 @@
-import { ErrorHandler } from '../../../utils/errorHandler.js';
-import { logger } from '../../../utils/logger.js';
-import { requestContextService } from '../../../utils/requestContext.js';
+// Import utils from barrel (ErrorHandler from ../utils/internal/errorHandler.js)
+import { ErrorHandler } from '../../../utils/index.js';
+// Import utils from barrel (logger from ../utils/internal/logger.js)
+import { logger } from '../../../utils/index.js';
+// Import utils from barrel (requestContextService, RequestContext from ../utils/internal/requestContext.js)
+import { requestContextService } from '../../../utils/index.js';
 // Import the shape and the final schema/types
-import { GitDiffInputShape, diffGitChanges } from './logic.js';
-import { BaseErrorCode } from '../../../types-global/errors.js';
+import { BaseErrorCode } from '../../../types-global/errors.js'; // Keep direct import for types-global
+import { diffGitChanges, GitDiffInputShape } from './logic.js';
 let _getWorkingDirectory;
 let _getSessionId;
 /**

package/dist/mcp-server/tools/gitFetch/logic.js

@@ -1,13 +1,16 @@
-import { z } from 'zod';
-import { promisify } from 'util';
 import { exec } from 'child_process';
-import { logger } from '../../../utils/logger.js';
-import { McpError, BaseErrorCode } from '../../../types-global/errors.js';
-import { sanitization } from '../../../utils/sanitization.js';
+import { promisify } from 'util';
+import { z } from 'zod';
+// Import utils from barrel (logger from ../utils/internal/logger.js)
+import { logger } from '../../../utils/index.js';
+// Import utils from barrel (RequestContext from ../utils/internal/requestContext.js)
+import { BaseErrorCode, McpError } from '../../../types-global/errors.js'; // Keep direct import for types-global
+// Import utils from barrel (sanitization from ../utils/security/sanitization.js)
+import { sanitization } from '../../../utils/index.js';
 const execAsync = promisify(exec);
 // Define the input schema for the git_fetch tool using Zod
 export const GitFetchInputSchema = z.object({
-    path: z.string().min(1).optional().default('.').describe("Path to the Git repository. Defaults to the session's working directory if set."),
+    path: z.string().min(1).optional().default('.').describe("Path to the Git repository. Defaults to the directory set via `git_set_working_dir` for the session; set 'git_set_working_dir' if not set."),
     remote: z.string().optional().describe("The remote repository to fetch from (e.g., 'origin'). If omitted, fetches from 'origin' or the default configured remote."),
     prune: z.boolean().optional().default(false).describe("Before fetching, remove any remote-tracking references that no longer exist on the remote."),
     tags: z.boolean().optional().default(false).describe("Fetch all tags from the remote (in addition to whatever else is fetched)."),
@@ -99,7 +102,7 @@ export async function fetchGitRemote(input, context) {
             throw new McpError(BaseErrorCode.NOT_FOUND, `Path is not a Git repository: ${targetPath}`, { context, operation, originalError: error });
         }
         if (errorMessage.includes('resolve host') || errorMessage.includes('Could not read from remote repository') || errorMessage.includes('Connection timed out')) {
-            throw new McpError(BaseErrorCode.NETWORK_ERROR, `Failed to connect to remote repository '${input.remote || 'default'}'. Error: ${errorMessage}`, { context, operation, originalError: error });
+            throw new McpError(BaseErrorCode.SERVICE_UNAVAILABLE, `Failed to connect to remote repository '${input.remote || 'default'}'. Error: ${errorMessage}`, { context, operation, originalError: error });
         }
         if (errorMessage.includes('fatal: ') && errorMessage.includes('couldn\'t find remote ref')) {
             throw new McpError(BaseErrorCode.NOT_FOUND, `Remote ref not found. Error: ${errorMessage}`, { context, operation, originalError: error });

package/dist/mcp-server/tools/gitFetch/registration.js

@@ -1,8 +1,11 @@
-import { ErrorHandler } from '../../../utils/errorHandler.js';
-import { logger } from '../../../utils/logger.js';
-import { requestContextService } from '../../../utils/requestContext.js';
-import { GitFetchInputSchema, fetchGitRemote } from './logic.js';
-import { BaseErrorCode } from '../../../types-global/errors.js';
+// Import utils from barrel (ErrorHandler from ../utils/internal/errorHandler.js)
+import { ErrorHandler } from '../../../utils/index.js';
+// Import utils from barrel (logger from ../utils/internal/logger.js)
+import { logger } from '../../../utils/index.js';
+// Import utils from barrel (requestContextService, RequestContext from ../utils/internal/requestContext.js)
+import { BaseErrorCode } from '../../../types-global/errors.js'; // Keep direct import for types-global
+import { requestContextService } from '../../../utils/index.js';
+import { fetchGitRemote, GitFetchInputSchema } from './logic.js';
 let _getWorkingDirectory;
 let _getSessionId;
 /**

package/dist/mcp-server/tools/gitInit/index.js

@@ -1,7 +1,7 @@
 /**
  * @fileoverview Barrel file for the git_init tool.
- * Exports the registration function.
+ * Exports the registration function and the state accessor initializer.
  */
-export { registerGitInitTool } from './registration.js';
+export { registerGitInitTool, initializeGitInitStateAccessors } from './registration.js';
 // Export types if needed elsewhere, e.g.:
 // export type { GitInitInput, GitInitResult } from './logic.js';

package/dist/mcp-server/tools/gitInit/logic.js

@@ -1,15 +1,18 @@
-import { z } from 'zod';
-import { promisify } from 'util';
 import { exec } from 'child_process';
 import fs from 'fs/promises';
 import path from 'path';
-import { logger } from '../../../utils/logger.js';
-import { McpError, BaseErrorCode } from '../../../types-global/errors.js';
-import { sanitization } from '../../../utils/sanitization.js';
+import { promisify } from 'util';
+import { z } from 'zod';
+// Import utils from barrel (logger from ../utils/internal/logger.js)
+import { logger } from '../../../utils/index.js';
+// Import utils from barrel (RequestContext from ../utils/internal/requestContext.js)
+import { BaseErrorCode, McpError } from '../../../types-global/errors.js'; // Keep direct import for types-global
+// Import utils from barrel (sanitization from ../utils/security/sanitization.js)
+import { sanitization } from '../../../utils/index.js';
 const execAsync = promisify(exec);
 // Define the input schema for the git_init tool using Zod
 export const GitInitInputSchema = z.object({
-    path: z.string().min(1).describe("The absolute path where the new Git repository should be initialized."),
+    path: z.string().min(1).optional().default('.').describe("Path where the new Git repository should be initialized. Can be relative or absolute. If relative or '.', it resolves against the directory set via `git_set_working_dir` for the session. If absolute, it's used directly. If omitted, defaults to '.' (resolved against session git working directory)."),
     initialBranch: z.string().optional().describe("Optional name for the initial branch (e.g., 'main'). Uses Git's default if not specified."),
     bare: z.boolean().default(false).describe("Create a bare repository (no working directory)."),
     quiet: z.boolean().default(false).describe("Only print error and warning messages; all other output will be suppressed."),

package/dist/mcp-server/tools/gitInit/registration.js

@@ -1,10 +1,31 @@
-import { ErrorHandler } from '../../../utils/errorHandler.js';
-import { logger } from '../../../utils/logger.js';
-import { requestContextService } from '../../../utils/requestContext.js';
+import path from 'path';
+import { z } from 'zod';
+import { BaseErrorCode, McpError } from '../../../types-global/errors.js';
+import { ErrorHandler, logger, requestContextService, sanitization } from '../../../utils/index.js';
 import { GitInitInputSchema, gitInitLogic } from './logic.js';
-import { BaseErrorCode } from '../../../types-global/errors.js';
 const TOOL_NAME = 'git_init';
-const TOOL_DESCRIPTION = 'Initializes a new Git repository at the specified absolute path. Can optionally set the initial branch name and create a bare repository.';
+const TOOL_DESCRIPTION = 'Initializes a new Git repository at the specified path. If path is relative or omitted, it resolves against the session working directory (if you have set the git_working_dir). Can optionally set the initial branch name and create a bare repository.';
+const RegistrationSchema = GitInitInputSchema.extend({
+    path: z.string().min(1).optional().default('.'),
+}).shape;
+// --- Module-level State Accessors ---
+// These will be populated by the initialize function called from server.ts
+let _getWorkingDirectory = () => undefined;
+let _getSessionIdFromContext = () => undefined;
+/**
+ * Initializes state accessor functions for the git_init tool.
+ * This function is called by the main server setup to provide the tool
+ * with a way to access session-specific state (like the working directory)
+ * without needing direct access to the server or transport layer internals.
+ *
+ * @param getWorkingDirectory - Function to retrieve the working directory for a given session ID.
+ * @param getSessionIdFromContext - Function to extract the session ID from a tool's execution context.
+ */
+export function initializeGitInitStateAccessors(getWorkingDirectory, getSessionIdFromContext) {
+    _getWorkingDirectory = getWorkingDirectory;
+    _getSessionIdFromContext = getSessionIdFromContext;
+    logger.debug(`State accessors initialized for ${TOOL_NAME}`);
+}
 /**
  * Registers the git_init tool with the MCP server.
  *
@@ -16,15 +37,48 @@ export const registerGitInitTool = async (server) => {
     const operation = 'registerGitInitTool';
     const context = requestContextService.createRequestContext({ operation });
     await ErrorHandler.tryCatch(async () => {
-        server.tool(TOOL_NAME, TOOL_DESCRIPTION, GitInitInputSchema.shape, // Provide the Zod schema shape
-        async (validatedArgs, callContext) => {
+        server.tool(TOOL_NAME, TOOL_DESCRIPTION, RegistrationSchema, async (validatedArgs, callContext) => {
             const toolOperation = 'tool:git_init';
             const requestContext = requestContextService.createRequestContext({ operation: toolOperation, parentContext: callContext });
+            // Use the initialized accessor to get the session ID
+            const sessionId = _getSessionIdFromContext(requestContext); // Pass the created context
+            if (!sessionId && !path.isAbsolute(validatedArgs.path)) {
+                // If path is relative, we NEED a session ID to resolve against a potential working dir
+                logger.error('Session ID is missing in context, cannot resolve relative path', requestContext);
+                throw new McpError(BaseErrorCode.INTERNAL_ERROR, 'Session context is unavailable for relative path resolution.', { context: requestContext, operation: toolOperation });
+            }
             logger.info(`Executing tool: ${TOOL_NAME}`, requestContext);
             return await ErrorHandler.tryCatch(async () => {
-                // Call the core logic function
-                const initResult = await gitInitLogic(validatedArgs, requestContext);
-                // Format the result as a JSON string within TextContent
+                // Use the initialized accessor to get the working directory
+                const sessionWorkingDirectory = _getWorkingDirectory(sessionId);
+                const inputPath = validatedArgs.path;
+                let resolvedPath;
+                try {
+                    if (path.isAbsolute(inputPath)) {
+                        resolvedPath = sanitization.sanitizePath(inputPath);
+                        logger.debug(`Using absolute path: ${resolvedPath}`, requestContext);
+                    }
+                    else if (sessionWorkingDirectory) {
+                        resolvedPath = sanitization.sanitizePath(path.resolve(sessionWorkingDirectory, inputPath));
+                        logger.debug(`Resolved relative path '${inputPath}' to absolute path: ${resolvedPath} using session CWD`, requestContext);
+                    }
+                    else {
+                        // This case should now only be hit if the path is relative AND there's no session CWD set.
+                        logger.error(`Relative path '${inputPath}' provided but no session working directory is set.`, requestContext);
+                        throw new McpError(BaseErrorCode.VALIDATION_ERROR, `Relative path '${inputPath}' provided but no session working directory is set. Please provide an absolute path or set a working directory using git_set_working_dir.`, { context: requestContext, operation: toolOperation });
+                    }
+                }
+                catch (error) {
+                    logger.error('Path resolution or sanitization failed', { ...requestContext, operation: toolOperation, error });
+                    if (error instanceof McpError)
+                        throw error;
+                    throw new McpError(BaseErrorCode.VALIDATION_ERROR, `Invalid path processing: ${error instanceof Error ? error.message : String(error)}`, { context: requestContext, operation: toolOperation, originalError: error });
+                }
+                const logicArgs = {
+                    ...validatedArgs,
+                    path: resolvedPath,
+                };
+                const initResult = await gitInitLogic(logicArgs, requestContext);
                 const resultContent = {
                     type: 'text',
                     text: JSON.stringify(initResult, null, 2), // Pretty-print JSON
@@ -36,9 +90,9 @@ export const registerGitInitTool = async (server) => {
                 operation: toolOperation,
                 context: requestContext,
                 input: validatedArgs,
-                errorCode: BaseErrorCode.INTERNAL_ERROR, // Default if unexpected error occurs
+                errorCode: BaseErrorCode.INTERNAL_ERROR,
             });
         });
         logger.info(`Tool registered: ${TOOL_NAME}`, context);
-    }, { operation, context, critical: true }); // Mark registration as critical
+    }, { operation, context, critical: true });
 };

package/dist/mcp-server/tools/gitLog/logic.js

@@ -1,9 +1,12 @@
-import { z } from 'zod';
-import { promisify } from 'util';
 import { exec } from 'child_process';
-import { logger } from '../../../utils/logger.js';
-import { McpError, BaseErrorCode } from '../../../types-global/errors.js';
-import { sanitization } from '../../../utils/sanitization.js';
+import { promisify } from 'util';
+import { z } from 'zod';
+// Import utils from barrel (logger from ../utils/internal/logger.js)
+import { logger } from '../../../utils/index.js';
+// Import utils from barrel (RequestContext from ../utils/internal/requestContext.js)
+import { BaseErrorCode, McpError } from '../../../types-global/errors.js'; // Keep direct import for types-global
+// Import utils from barrel (sanitization from ../utils/security/sanitization.js)
+import { sanitization } from '../../../utils/index.js';
 const execAsync = promisify(exec);
 // Define the structure for a single commit entry
 export const CommitEntrySchema = z.object({
@@ -16,13 +19,14 @@ export const CommitEntrySchema = z.object({
 });
 // Define the input schema for the git_log tool using Zod
 export const GitLogInputSchema = z.object({
-    path: z.string().min(1).optional().default('.').describe("Path to the Git repository. Defaults to the session's working directory if set."),
+    path: z.string().min(1).optional().default('.').describe("Path to the Git repository. Defaults to the directory set via `git_set_working_dir` for the session; set 'git_set_working_dir' if not set."),
     maxCount: z.number().int().positive().optional().describe("Limit the number of commits to output."),
     author: z.string().optional().describe("Limit commits to those matching the specified author pattern."),
     since: z.string().optional().describe("Show commits more recent than a specific date (e.g., '2 weeks ago', '2023-01-01')."),
     until: z.string().optional().describe("Show commits older than a specific date."),
-    branchOrFile: z.string().optional().describe("Show logs for a specific branch, tag, or file path."),
-    // Note: We use a fixed pretty format for reliable parsing. Custom formats are not directly supported via input.
+    branchOrFile: z.string().optional().describe("Show logs for a specific branch (e.g., 'main'), tag, or file path (e.g., 'src/utils/logger.ts')."),
+    showSignature: z.boolean().optional().default(false).describe("Show signature verification status for commits. Returns raw output instead of parsed JSON."),
+    // Note: We use a fixed pretty format for reliable parsing unless showSignature is true.
 });
 // Delimiters for parsing the custom format
 const FIELD_SEP = '\x1f'; // Unit Separator
@@ -62,11 +66,29 @@ export async function logGitHistory(input, context) {
         throw new McpError(BaseErrorCode.VALIDATION_ERROR, `Invalid path: ${error instanceof Error ? error.message : String(error)}`, { context, operation, originalError: error });
     }
     try {
-        // Construct the git log command
-        // Use a specific format for reliable parsing
-        let command = `git -C "${targetPath}" log ${GIT_LOG_FORMAT}`;
-        if (input.maxCount) {
-            command += ` -n ${input.maxCount}`;
+        let command;
+        let isRawOutput = false; // Flag to indicate if we should parse or return raw
+        if (input.showSignature) {
+            isRawOutput = true;
+            command = `git -C "${targetPath}" log --show-signature`;
+            logger.info('Show signature requested, returning raw output.', { ...context, operation });
+            // Append other filters if provided
+            if (input.maxCount)
+                command += ` -n ${input.maxCount}`;
+            if (input.author)
+                command += ` --author="${input.author.replace(/[`"$&;*()|<>]/g, '')}"`;
+            if (input.since)
+                command += ` --since="${input.since.replace(/[`"$&;*()|<>]/g, '')}"`;
+            if (input.until)
+                command += ` --until="${input.until.replace(/[`"$&;*()|<>]/g, '')}"`;
+            if (input.branchOrFile)
+                command += ` ${input.branchOrFile.replace(/[`"$&;*()|<>]/g, '')}`;
+        }
+        else {
+            // Construct the git log command with the fixed format for parsing
+            command = `git -C "${targetPath}" log ${GIT_LOG_FORMAT}`;
+            if (input.maxCount)
+                command += ` -n ${input.maxCount}`;
         }
         if (input.author) {
             // Basic sanitization for author string
@@ -90,13 +112,28 @@ export async function logGitHistory(input, context) {
         const { stdout, stderr } = await execAsync(command, { maxBuffer: 1024 * 1024 * 10 }); // 10MB buffer
         if (stderr) {
             // Log stderr as warning, as git log might sometimes use it for non-fatal info
-            logger.warning(`Git log stderr: ${stderr}`, { ...context, operation });
+            // Exception: If showing signature, stderr about allowedSignersFile is expected, treat as info
+            if (isRawOutput && stderr.includes('allowedSignersFile needs to be configured')) {
+                logger.info(`Git log stderr (signature verification note): ${stderr.trim()}`, { ...context, operation });
+            }
+            else {
+                logger.warning(`Git log stderr: ${stderr.trim()}`, { ...context, operation });
+            }
+        }
+        // If raw output was requested, return it directly
+        if (isRawOutput) {
+            const message = `Raw log output (showSignature=true):\n${stdout}`;
+            logger.info(`${operation} completed successfully (raw output).`, { ...context, operation, path: targetPath });
+            return { success: true, commits: [], message: message };
         }
-        // Parse the output
+        // Otherwise, parse the structured output
         const commits = [];
         const commitRecords = stdout.split(RECORD_SEP).filter(record => record.trim() !== ''); // Split records and remove empty ones
         for (const record of commitRecords) {
-            const fields = record.split(FIELD_SEP);
+            const trimmedRecord = record.trim(); // Trim leading/trailing whitespace (like newlines)
+            if (!trimmedRecord)
+                continue; // Skip empty records after trimming
+            const fields = trimmedRecord.split(FIELD_SEP); // Split the trimmed record
             if (fields.length >= 5) { // Need at least hash, name, email, timestamp, subject
                 try {
                     const commitEntry = {

package/dist/mcp-server/tools/gitLog/registration.js

@@ -1,8 +1,11 @@
-import { ErrorHandler } from '../../../utils/errorHandler.js';
-import { logger } from '../../../utils/logger.js';
-import { requestContextService } from '../../../utils/requestContext.js';
+// Import utils from barrel (ErrorHandler from ../utils/internal/errorHandler.js)
+import { ErrorHandler } from '../../../utils/index.js';
+// Import utils from barrel (logger from ../utils/internal/logger.js)
+import { logger } from '../../../utils/index.js';
+// Import utils from barrel (requestContextService, RequestContext from ../utils/internal/requestContext.js)
+import { BaseErrorCode } from '../../../types-global/errors.js'; // Keep direct import for types-global
+import { requestContextService } from '../../../utils/index.js';
 import { GitLogInputSchema, logGitHistory } from './logic.js';
-import { BaseErrorCode } from '../../../types-global/errors.js';
 let _getWorkingDirectory;
 let _getSessionId;
 /**
@@ -17,7 +20,7 @@ export function initializeGitLogStateAccessors(getWdFn, getSidFn) {
     logger.info('State accessors initialized for git_log tool registration.');
 }
 const TOOL_NAME = 'git_log';
-const TOOL_DESCRIPTION = "Shows commit logs for the repository. Supports limiting count, filtering by author, date range, and specific branch/file. Returns a list of commit objects.";
+const TOOL_DESCRIPTION = "Shows commit logs for the repository. Supports limiting count, filtering by author, date range, and specific branch/file. Returns a list of commit objects by default. Can optionally show signature verification status (`showSignature: true`), which returns raw text output instead of JSON.";
 /**
  * Registers the git_log tool with the MCP server.
  *