@cyanheads/git-mcp-server 2.0.7 → 2.0.9

package/README.md

@@ -2,7 +2,7 @@
 
 [![TypeScript](https://img.shields.io/badge/TypeScript-^5.8.3-blue.svg)](https://www.typescriptlang.org/)
 [![Model Context Protocol](https://img.shields.io/badge/MCP%20SDK-^1.11.0-green.svg)](https://modelcontextprotocol.io/)
-[![Version](https://img.shields.io/badge/Version-2.0.7-blue.svg)](./CHANGELOG.md)
+[![Version](https://img.shields.io/badge/Version-2.0.9-blue.svg)](./CHANGELOG.md)
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![Status](https://img.shields.io/badge/Status-Stable-green.svg)](https://github.com/cyanheads/git-mcp-server/issues)
 [![GitHub](https://img.shields.io/github/stars/cyanheads/git-mcp-server?style=social)](https://github.com/cyanheads/git-mcp-server)
@@ -183,7 +183,7 @@ _Note: The `path` parameter for most tools defaults to the session's working dir
 
 ## Resources
 
-**MCP Resources are not implemented in this version (v2.0.2).**
+**MCP Resources are not implemented in this version (v2.0.8).**
 
 This version focuses on the refactored Git tools implementation based on the latest `mcp-ts-template` and MCP SDK v1.11.0. Resource capabilities, previously available, have been temporarily removed during this major update.
 
@@ -191,7 +191,7 @@ If you require MCP Resource access (e.g., for reading file content directly via
 
 Future development may reintroduce resource capabilities in a subsequent release.
 
-> **Note:** This version (v2.0.2) focuses on refactoring and updating the core Git tools based on the latest MCP SDK. MCP Resource capabilities are not implemented in this version. For resource access, please use [v1.2.4](https://github.com/cyanheads/git-mcp-server/releases/tag/v1.2.4).
+> **Note:** This version (v2.0.0) focuses on refactoring and updating the core Git tools based on the latest MCP SDK. MCP Resource capabilities are not implemented in this version. For resource access, please use [v1.2.4](https://github.com/cyanheads/git-mcp-server/releases/tag/v1.2.4).
 
 ## Development
 

package/dist/mcp-server/tools/gitAdd/logic.js

@@ -44,9 +44,9 @@ export async function addGitFiles(input, context // Add getter to context
             logger.debug(`Using session working directory: ${targetPath}`, { ...context, operation, sessionId: context.sessionId });
         }
         // Sanitize the resolved path
-        const sanitizedPath = sanitization.sanitizePath(targetPath);
-        logger.debug('Sanitized repository path', { ...context, operation, sanitizedPath });
-        targetPath = sanitizedPath; // Use the sanitized path going forward
+        const sanitizedPathInfo = sanitization.sanitizePath(targetPath, { allowAbsolute: true });
+        logger.debug('Sanitized repository path', { ...context, operation, sanitizedPathInfo });
+        targetPath = sanitizedPathInfo.sanitizedPath; // Use the sanitized path going forward
     }
     catch (error) {
         logger.error('Path resolution or sanitization failed', { ...context, operation, error });

package/dist/mcp-server/tools/gitBranch/logic.js

@@ -56,7 +56,7 @@ export async function gitBranchLogic(input, context) {
         else {
             logger.debug(`Using provided path: ${targetPath}`, { ...context, operation });
         }
-        targetPath = sanitization.sanitizePath(targetPath);
+        targetPath = sanitization.sanitizePath(targetPath, { allowAbsolute: true }).sanitizedPath;
         logger.debug('Sanitized path', { ...context, operation, sanitizedPath: targetPath });
     }
     catch (error) {

package/dist/mcp-server/tools/gitCheckout/logic.js

@@ -41,7 +41,7 @@ export async function checkoutGit(input, context) {
             }
             targetPath = workingDir;
         }
-        targetPath = sanitization.sanitizePath(targetPath);
+        targetPath = sanitization.sanitizePath(targetPath, { allowAbsolute: true }).sanitizedPath;
         logger.debug('Sanitized path', { ...context, operation, sanitizedPath: targetPath });
     }
     catch (error) {

package/dist/mcp-server/tools/gitCherryPick/logic.js

@@ -47,7 +47,7 @@ export async function gitCherryPickLogic(input, context) {
         else {
             logger.debug(`Using provided path: ${targetPath}`, { ...context, operation });
         }
-        targetPath = sanitization.sanitizePath(targetPath);
+        targetPath = sanitization.sanitizePath(targetPath, { allowAbsolute: true }).sanitizedPath;
         logger.debug('Sanitized path', { ...context, operation, sanitizedPath: targetPath });
     }
     catch (error) {

package/dist/mcp-server/tools/gitClean/logic.js

@@ -55,7 +55,7 @@ export async function gitCleanLogic(input, context) {
         else {
             logger.debug(`Using provided path: ${targetPath}`, { ...context, operation });
         }
-        targetPath = sanitization.sanitizePath(targetPath);
+        targetPath = sanitization.sanitizePath(targetPath, { allowAbsolute: true }).sanitizedPath;
         logger.debug('Sanitized path', { ...context, operation, sanitizedPath: targetPath });
     }
     catch (error) {

package/dist/mcp-server/tools/gitClone/logic.js

@@ -33,7 +33,7 @@ export async function gitCloneLogic(input, context) {
     let sanitizedRepoUrl;
     try {
         // Sanitize the target path (must be absolute)
-        sanitizedTargetPath = sanitization.sanitizePath(input.targetPath);
+        sanitizedTargetPath = sanitization.sanitizePath(input.targetPath, { allowAbsolute: true }).sanitizedPath;
         logger.debug('Sanitized target path', { ...context, operation, sanitizedTargetPath });
         // Basic sanitization/validation for URL (Zod already checks format)
         // Further sanitization might be needed depending on how it's used in the shell command

package/dist/mcp-server/tools/gitCommit/logic.js

@@ -50,9 +50,9 @@ export async function commitGitChanges(input, context // Add getter to context
             logger.debug(`Using session working directory: ${targetPath}`, { ...context, operation, sessionId: context.sessionId });
         }
         // Sanitize the resolved path
-        const sanitizedPath = sanitization.sanitizePath(targetPath);
-        logger.debug('Sanitized path', { ...context, operation, sanitizedPath });
-        targetPath = sanitizedPath; // Use the sanitized path going forward
+        const sanitizedPathInfo = sanitization.sanitizePath(targetPath, { allowAbsolute: true });
+        logger.debug('Sanitized path', { ...context, operation, sanitizedPathInfo });
+        targetPath = sanitizedPathInfo.sanitizedPath; // Use the sanitized path going forward
     }
     catch (error) {
         logger.error('Path resolution or sanitization failed', { ...context, operation, error });
@@ -67,7 +67,7 @@ export async function commitGitChanges(input, context // Add getter to context
             logger.debug(`Attempting to stage specific files: ${input.filesToStage.join(', ')}`, { ...context, operation });
             try {
                 // Correctly pass targetPath as rootDir in options object
-                const sanitizedFiles = input.filesToStage.map(file => sanitization.sanitizePath(file, { rootDir: targetPath })); // Sanitize relative to repo root
+                const sanitizedFiles = input.filesToStage.map(file => sanitization.sanitizePath(file, { rootDir: targetPath }).sanitizedPath); // Sanitize relative to repo root
                 const filesToAddString = sanitizedFiles.map(file => `"${file}"`).join(' '); // Quote paths for safety
                 const addCommand = `git -C "${targetPath}" add -- ${filesToAddString}`;
                 logger.debug(`Executing git add command: ${addCommand}`, { ...context, operation });

package/dist/mcp-server/tools/gitDiff/logic.js

@@ -48,7 +48,7 @@ export async function diffGitChanges(input, context) {
             }
             targetPath = workingDir;
         }
-        targetPath = sanitization.sanitizePath(targetPath);
+        targetPath = sanitization.sanitizePath(targetPath, { allowAbsolute: true }).sanitizedPath;
         logger.debug('Sanitized path', { ...context, operation, sanitizedPath: targetPath });
     }
     catch (error) {
@@ -88,10 +88,12 @@ export async function diffGitChanges(input, context) {
             // Log stderr as warning, as it might contain non-fatal info
             logger.warning(`Git diff stderr: ${stderr}`, { ...context, operation });
         }
-        const diffOutput = stdout;
-        const message = diffOutput.trim() === '' ? 'No changes found.' : 'Diff generated successfully.';
+        const rawDiffOutput = stdout;
+        const isNoChanges = rawDiffOutput.trim() === '';
+        const finalDiffOutput = isNoChanges ? 'No changes found.' : rawDiffOutput;
+        const message = isNoChanges ? 'No changes found.' : 'Diff generated successfully.';
         logger.info(`${operation} completed successfully. ${message}`, { ...context, operation, path: targetPath });
-        return { success: true, diff: diffOutput, message };
+        return { success: true, diff: finalDiffOutput, message };
     }
     catch (error) {
         logger.error(`Failed to execute git diff command`, { ...context, operation, path: targetPath, error: error.message, stderr: error.stderr, stdout: error.stdout });

package/dist/mcp-server/tools/gitFetch/logic.js

@@ -41,7 +41,7 @@ export async function fetchGitRemote(input, context) {
             }
             targetPath = workingDir;
         }
-        targetPath = sanitization.sanitizePath(targetPath);
+        targetPath = sanitization.sanitizePath(targetPath, { allowAbsolute: true }).sanitizedPath;
         logger.debug('Sanitized path', { ...context, operation, sanitizedPath: targetPath });
     }
     catch (error) {

package/dist/mcp-server/tools/gitInit/logic.js

@@ -31,7 +31,7 @@ export async function gitInitLogic(input, context) {
     let targetPath;
     try {
         // Sanitize the provided absolute path
-        targetPath = sanitization.sanitizePath(input.path);
+        targetPath = sanitization.sanitizePath(input.path, { allowAbsolute: true }).sanitizedPath;
         logger.debug('Sanitized path', { ...context, operation, sanitizedPath: targetPath });
         // Ensure the target directory exists before trying to init inside it
         // git init creates the directory if it doesn't exist, but we might want to ensure the parent exists

package/dist/mcp-server/tools/gitInit/registration.js

@@ -55,11 +55,11 @@ export const registerGitInitTool = async (server) => {
                 let resolvedPath;
                 try {
                     if (path.isAbsolute(inputPath)) {
-                        resolvedPath = sanitization.sanitizePath(inputPath);
+                        resolvedPath = sanitization.sanitizePath(inputPath, { allowAbsolute: true }).sanitizedPath;
                         logger.debug(`Using absolute path: ${resolvedPath}`, requestContext);
                     }
                     else if (sessionWorkingDirectory) {
-                        resolvedPath = sanitization.sanitizePath(path.resolve(sessionWorkingDirectory, inputPath));
+                        resolvedPath = sanitization.sanitizePath(path.resolve(sessionWorkingDirectory, inputPath), { allowAbsolute: true }).sanitizedPath;
                         logger.debug(`Resolved relative path '${inputPath}' to absolute path: ${resolvedPath} using session CWD`, requestContext);
                     }
                     else {

package/dist/mcp-server/tools/gitLog/logic.js

@@ -37,7 +37,7 @@ const GIT_LOG_FORMAT = `--pretty=format:%H${FIELD_SEP}%an${FIELD_SEP}%ae${FIELD_
  *
  * @param {GitLogInput} input - The validated input object.
  * @param {RequestContext} context - The request context for logging and error handling.
- * @returns {Promise<GitLogResult>} A promise that resolves with the structured log result.
+ * @returns {Promise<GitLogResult>} A promise that resolves with the structured log result (either flat or grouped).
  * @throws {McpError} Throws an McpError if path resolution, validation, or the git command fails unexpectedly.
  */
 export async function logGitHistory(input, context) {
@@ -56,7 +56,7 @@ export async function logGitHistory(input, context) {
             }
             targetPath = workingDir;
         }
-        targetPath = sanitization.sanitizePath(targetPath);
+        targetPath = sanitization.sanitizePath(targetPath, { allowAbsolute: true }).sanitizedPath;
         logger.debug('Sanitized path', { ...context, operation, sanitizedPath: targetPath });
     }
     catch (error) {
@@ -124,11 +124,11 @@ export async function logGitHistory(input, context) {
         if (isRawOutput) {
             const message = `Raw log output (showSignature=true):\n${stdout}`;
             logger.info(`${operation} completed successfully (raw output).`, { ...context, operation, path: targetPath });
-            // Return without the 'commits' field
+            // Return without the 'commits' or 'groupedCommits' field
             return { success: true, message: message };
         }
-        // Otherwise, parse the structured output
-        const commits = [];
+        // --- Parse the structured output into a flat list first ---
+        const flatCommits = [];
         const commitRecords = stdout.split(RECORD_SEP).filter(record => record.trim() !== ''); // Split records and remove empty ones
         for (const record of commitRecords) {
             const trimmedRecord = record.trim(); // Trim leading/trailing whitespace (like newlines)
@@ -145,9 +145,9 @@ export async function logGitHistory(input, context) {
                         subject: fields[4],
                         body: fields[5] || undefined, // Body might be empty
                     };
-                    // Validate parsed entry (optional but recommended)
+                    // Validate parsed entry
                     CommitEntrySchema.parse(commitEntry);
-                    commits.push(commitEntry);
+                    flatCommits.push(commitEntry);
                 }
                 catch (parseError) {
                     logger.warning(`Failed to parse commit record field`, { ...context, operation, fieldIndex: fields.findIndex((_, i) => i > 5), recordFragment: record.substring(0, 100), parseError });
@@ -158,9 +158,33 @@ export async function logGitHistory(input, context) {
                 logger.warning(`Skipping commit record due to unexpected number of fields (${fields.length})`, { ...context, operation, recordFragment: record.substring(0, 100) });
             }
         }
-        const message = commits.length > 0 ? `${commits.length} commit(s) found.` : 'No commits found matching criteria.';
-        logger.info(`${operation} completed successfully. ${message}`, { ...context, operation, path: targetPath, commitCount: commits.length });
-        return { success: true, commits, message };
+        // --- Group the flat list by author ---
+        const groupedCommitsMap = new Map();
+        for (const commit of flatCommits) {
+            const authorKey = `${commit.authorName} <${commit.authorEmail}>`;
+            const groupedInfo = {
+                hash: commit.hash,
+                timestamp: commit.timestamp,
+                subject: commit.subject,
+                body: commit.body,
+            };
+            if (groupedCommitsMap.has(authorKey)) {
+                groupedCommitsMap.get(authorKey).commits.push(groupedInfo);
+            }
+            else {
+                groupedCommitsMap.set(authorKey, {
+                    authorName: commit.authorName,
+                    authorEmail: commit.authorEmail,
+                    commits: [groupedInfo],
+                });
+            }
+        }
+        const groupedCommits = Array.from(groupedCommitsMap.values());
+        // --- Prepare final result ---
+        const commitCount = flatCommits.length;
+        const message = commitCount > 0 ? `${commitCount} commit(s) found.` : 'No commits found matching criteria.';
+        logger.info(`${operation} completed successfully. ${message}`, { ...context, operation, path: targetPath, commitCount: commitCount, authorGroupCount: groupedCommits.length });
+        return { success: true, groupedCommits, message }; // Return the grouped structure
     }
     catch (error) {
         logger.error(`Failed to execute git log command`, { ...context, operation, path: targetPath, error: error.message, stderr: error.stderr, stdout: error.stdout });
@@ -175,10 +199,11 @@ export async function logGitHistory(input, context) {
         if (errorMessage.includes('fatal: ambiguous argument')) {
             throw new McpError(BaseErrorCode.VALIDATION_ERROR, `Ambiguous argument provided (e.g., branch/tag/file conflict): '${input.branchOrFile}'. Error: ${errorMessage}`, { context, operation, originalError: error });
         }
-        // Check if it's just that no commits were found (which git might treat as an error in some cases, though usually not for log)
+        // Check if it's just that no commits were found
         if (errorMessage.includes('does not have any commits yet')) {
             logger.info('Repository has no commits yet.', { ...context, operation, path: targetPath });
-            return { success: true, commits: [], message: 'Repository has no commits yet.' };
+            // Return the grouped structure even for no commits
+            return { success: true, groupedCommits: [], message: 'Repository has no commits yet.' };
         }
         // Generic internal error for other failures
         throw new McpError(BaseErrorCode.INTERNAL_ERROR, `Failed to get git log for path: ${targetPath}. Error: ${errorMessage}`, { context, operation, originalError: error });

package/dist/mcp-server/tools/gitMerge/logic.js

@@ -63,7 +63,7 @@ export async function gitMergeLogic(input, context) {
         // Sanitize the resolved path
         // We assume the resolved path should be absolute for git commands.
         // sanitizePath checks for traversal and normalizes.
-        targetPath = sanitization.sanitizePath(resolvedPath, { allowAbsolute: true });
+        targetPath = sanitization.sanitizePath(resolvedPath, { allowAbsolute: true }).sanitizedPath;
         logger.debug(`Sanitized path: ${targetPath}`, { ...context, operation });
     }
     catch (error) {

package/dist/mcp-server/tools/gitPull/logic.js

@@ -44,7 +44,7 @@ export async function pullGitChanges(input, context) {
             logger.debug(`Using session working directory: ${targetPath}`, { ...context, operation, sessionId: context.sessionId });
         }
         // Sanitize the resolved path
-        targetPath = sanitization.sanitizePath(targetPath);
+        targetPath = sanitization.sanitizePath(targetPath, { allowAbsolute: true }).sanitizedPath;
         logger.debug('Sanitized path', { ...context, operation, sanitizedPath: targetPath });
     }
     catch (error) {

package/dist/mcp-server/tools/gitPush/logic.js

@@ -45,7 +45,7 @@ export async function pushGitChanges(input, context) {
             }
             targetPath = workingDir;
         }
-        targetPath = sanitization.sanitizePath(targetPath);
+        targetPath = sanitization.sanitizePath(targetPath, { allowAbsolute: true }).sanitizedPath;
         logger.debug('Sanitized path', { ...context, operation, sanitizedPath: targetPath });
     }
     catch (error) {

package/dist/mcp-server/tools/gitRebase/logic.js

@@ -55,7 +55,7 @@ export async function gitRebaseLogic(input, context) {
         else {
             logger.debug(`Using provided path: ${targetPath}`, { ...context, operation });
         }
-        targetPath = sanitization.sanitizePath(targetPath);
+        targetPath = sanitization.sanitizePath(targetPath, { allowAbsolute: true }).sanitizedPath;
         logger.debug('Sanitized path', { ...context, operation, sanitizedPath: targetPath });
     }
     catch (error) {

package/dist/mcp-server/tools/gitRemote/logic.js

@@ -42,7 +42,7 @@ export async function gitRemoteLogic(input, context) {
         else {
             logger.debug(`Using provided path: ${targetPath}`, { ...context, operation });
         }
-        targetPath = sanitization.sanitizePath(targetPath); // Sanitize the final resolved path
+        targetPath = sanitization.sanitizePath(targetPath, { allowAbsolute: true }).sanitizedPath; // Sanitize the final resolved path
         logger.debug('Sanitized path', { ...context, operation, sanitizedPath: targetPath });
     }
     catch (error) {

package/dist/mcp-server/tools/gitReset/logic.js

@@ -44,7 +44,7 @@ export async function resetGitState(input, context) {
             }
             targetPath = workingDir;
         }
-        targetPath = sanitization.sanitizePath(targetPath);
+        targetPath = sanitization.sanitizePath(targetPath, { allowAbsolute: true }).sanitizedPath;
         logger.debug('Sanitized path', { ...context, operation, sanitizedPath: targetPath });
     }
     catch (error) {

package/dist/mcp-server/tools/gitSetWorkingDir/logic.js

@@ -26,9 +26,9 @@ export async function gitSetWorkingDirLogic(input, context // Assuming context p
     logger.info('Executing git_set_working_dir logic', { ...context, operation, inputPath: input.path });
     let sanitizedPath;
     try {
-        // Sanitize the path. By default, sanitizePath allows absolute paths.
+        // Sanitize the path. Must explicitly allow absolute paths for this tool.
         // It normalizes and checks for traversal issues.
-        sanitizedPath = sanitization.sanitizePath(input.path);
+        sanitizedPath = sanitization.sanitizePath(input.path, { allowAbsolute: true }).sanitizedPath;
         logger.debug(`Sanitized path: ${sanitizedPath}`, { ...context, operation });
     }
     catch (error) {

package/dist/mcp-server/tools/gitShow/logic.js

@@ -41,7 +41,7 @@ export async function gitShowLogic(input, context) {
         else {
             logger.debug(`Using provided path: ${targetPath}`, { ...context, operation });
         }
-        targetPath = sanitization.sanitizePath(targetPath);
+        targetPath = sanitization.sanitizePath(targetPath, { allowAbsolute: true }).sanitizedPath;
         logger.debug('Sanitized path', { ...context, operation, sanitizedPath: targetPath });
     }
     catch (error) {

package/dist/mcp-server/tools/gitStash/logic.js

@@ -47,7 +47,7 @@ export async function gitStashLogic(input, context) {
         else {
             logger.debug(`Using provided path: ${targetPath}`, { ...context, operation });
         }
-        targetPath = sanitization.sanitizePath(targetPath);
+        targetPath = sanitization.sanitizePath(targetPath, { allowAbsolute: true }).sanitizedPath;
         logger.debug('Sanitized path', { ...context, operation, sanitizedPath: targetPath });
     }
     catch (error) {

package/dist/mcp-server/tools/gitStatus/logic.js

@@ -160,9 +160,9 @@ export async function getGitStatus(input, context // Add getter to context
             logger.debug(`Using session working directory: ${targetPath}`, { ...context, operation, sessionId: context.sessionId });
         }
         // Sanitize the resolved path
-        const sanitizedPath = sanitization.sanitizePath(targetPath);
-        logger.debug('Sanitized path', { ...context, operation, sanitizedPath });
-        targetPath = sanitizedPath; // Use the sanitized path going forward
+        const sanitizedPathInfo = sanitization.sanitizePath(targetPath, { allowAbsolute: true });
+        logger.debug('Sanitized path', { ...context, operation, sanitizedPathInfo });
+        targetPath = sanitizedPathInfo.sanitizedPath; // Use the sanitized path going forward
     }
     catch (error) {
         logger.error('Path resolution or sanitization failed', { ...context, operation, error });

package/dist/mcp-server/tools/gitTag/logic.js

@@ -55,7 +55,7 @@ export async function gitTagLogic(input, context) {
         else {
             logger.debug(`Using provided path: ${targetPath}`, { ...context, operation });
         }
-        targetPath = sanitization.sanitizePath(targetPath);
+        targetPath = sanitization.sanitizePath(targetPath, { allowAbsolute: true }).sanitizedPath;
         logger.debug('Sanitized path', { ...context, operation, sanitizedPath: targetPath });
     }
     catch (error) {

package/dist/utils/security/sanitization.js

@@ -5,7 +5,8 @@ import { BaseErrorCode, McpError } from '../../types-global/errors.js';
 // Import utils from the main barrel file (logger from ../internal/logger.js)
 import { logger } from '../index.js';
 /**
- * Sanitization class for handling various input sanitization tasks
+ * Sanitization class for handling various input sanitization tasks.
+ * Provides methods to clean and validate strings, HTML, URLs, paths, JSON, and numbers.
  */
 export class Sanitization {
     static instance;
@@ -29,14 +30,14 @@ export class Sanitization {
         preserveComments: false
     };
     /**
-     * Private constructor to enforce singleton pattern
+     * Private constructor to enforce singleton pattern.
      */
     constructor() {
-        // Removed logger call from constructor to prevent logging before initialization
+        // Constructor intentionally left blank for singleton.
     }
     /**
-     * Get the singleton Sanitization instance
-     * @returns Sanitization instance
+     * Get the singleton Sanitization instance.
+     * @returns {Sanitization} The singleton instance.
      */
     static getInstance() {
         if (!Sanitization.instance) {
@@ -45,37 +46,38 @@ export class Sanitization {
         return Sanitization.instance;
     }
     /**
-     * Set sensitive fields for log sanitization
-     * @param fields Array of field names to consider sensitive
+     * Set sensitive fields for log sanitization. These fields will be redacted when
+     * `sanitizeForLogging` is called.
+     * @param {string[]} fields - Array of field names to consider sensitive.
      */
     setSensitiveFields(fields) {
         this.sensitiveFields = [...new Set([...this.sensitiveFields, ...fields])]; // Ensure uniqueness
         logger.debug('Updated sensitive fields list', { count: this.sensitiveFields.length });
     }
     /**
-     * Get the current list of sensitive fields
-     * @returns Array of sensitive field names
+     * Get the current list of sensitive fields used for log sanitization.
+     * @returns {string[]} Array of sensitive field names.
      */
     getSensitiveFields() {
         return [...this.sensitiveFields];
     }
     /**
-     * Sanitize HTML content using sanitize-html library
-     * @param input HTML string to sanitize
-     * @param config Optional custom sanitization config
-     * @returns Sanitized HTML
+     * Sanitize HTML content using the `sanitize-html` library.
+     * Removes potentially malicious tags and attributes.
+     * @param {string} input - HTML string to sanitize.
+     * @param {HtmlSanitizeConfig} [config] - Optional custom sanitization configuration.
+     * @returns {string} Sanitized HTML string.
      */
     sanitizeHtml(input, config) {
         if (!input)
             return '';
-        // Create sanitize-html options from our config
+        const effectiveConfig = { ...this.defaultHtmlSanitizeConfig, ...config };
         const options = {
-            allowedTags: config?.allowedTags || this.defaultHtmlSanitizeConfig.allowedTags,
-            allowedAttributes: config?.allowedAttributes || this.defaultHtmlSanitizeConfig.allowedAttributes,
-            transformTags: config?.transformTags
+            allowedTags: effectiveConfig.allowedTags,
+            allowedAttributes: effectiveConfig.allowedAttributes,
+            transformTags: effectiveConfig.transformTags
         };
-        // Handle comments - if preserveComments is true, add '!--' to allowedTags
-        if (config?.preserveComments || this.defaultHtmlSanitizeConfig.preserveComments) {
+        if (effectiveConfig.preserveComments) {
             options.allowedTags = [...(options.allowedTags || []), '!--'];
         }
         return sanitizeHtml(input, options);
@@ -86,18 +88,16 @@ export class Sanitization {
      * **Important:** Using `context: 'javascript'` is explicitly disallowed and will throw an `McpError`.
      * This is a security measure to prevent accidental execution or ineffective sanitization of JavaScript code.
      *
-     * @param input String to sanitize
-     * @param options Sanitization options
-     * @returns Sanitized string
+     * @param {string} input - String to sanitize.
+     * @param {SanitizeStringOptions} [options={}] - Sanitization options.
+     * @returns {string} Sanitized string.
      * @throws {McpError} If `context: 'javascript'` is used.
      */
     sanitizeString(input, options = {}) {
         if (!input)
             return '';
-        // Handle based on context
         switch (options.context) {
             case 'html':
-                // Use sanitize-html with custom options
                 return this.sanitizeHtml(input, {
                     allowedTags: options.allowedTags,
                     allowedAttributes: options.allowedAttributes ?
@@ -105,51 +105,38 @@ export class Sanitization {
                         undefined
                 });
             case 'attribute':
-                // Strip HTML tags for attribute context
                 return sanitizeHtml(input, { allowedTags: [], allowedAttributes: {} });
             case 'url':
-                // Validate and sanitize URL
-                if (!validator.isURL(input, {
-                    protocols: ['http', 'https'],
-                    require_protocol: true
-                })) {
-                    // Return empty string for invalid URLs in this context
+                if (!validator.isURL(input, { protocols: ['http', 'https'], require_protocol: true })) {
                     logger.warning('Invalid URL detected during string sanitization', { input });
                     return '';
                 }
                 return validator.trim(input);
             case 'javascript':
-                // Reject any attempt to sanitize JavaScript
                 logger.error('Attempted JavaScript sanitization via sanitizeString', { input: input.substring(0, 50) });
                 throw new McpError(BaseErrorCode.VALIDATION_ERROR, 'JavaScript sanitization not supported through string sanitizer');
             case 'text':
             default:
-                // Strip HTML tags for basic text context
                 return sanitizeHtml(input, { allowedTags: [], allowedAttributes: {} });
         }
     }
     /**
-     * Sanitize URL with robust validation and sanitization
-     * @param input URL to sanitize
-     * @param allowedProtocols Allowed URL protocols
-     * @returns Sanitized URL
-     * @throws {McpError} If URL is invalid
+     * Sanitize URL with robust validation.
+     * Ensures the URL uses allowed protocols and is well-formed.
+     * @param {string} input - URL to sanitize.
+     * @param {string[]} [allowedProtocols=['http', 'https']] - Allowed URL protocols.
+     * @returns {string} Sanitized URL.
+     * @throws {McpError} If URL is invalid or uses a disallowed protocol.
      */
     sanitizeUrl(input, allowedProtocols = ['http', 'https']) {
         try {
-            // First validate the URL format
-            if (!validator.isURL(input, {
-                protocols: allowedProtocols,
-                require_protocol: true
-            })) {
+            if (!validator.isURL(input, { protocols: allowedProtocols, require_protocol: true })) {
                 throw new Error('Invalid URL format or protocol');
             }
-            // Double-check no javascript: protocol sneaked in
             const lowerInput = input.toLowerCase().trim();
-            if (lowerInput.startsWith('javascript:')) {
+            if (lowerInput.startsWith('javascript:')) { // Double-check against javascript:
                 throw new Error('JavaScript protocol not allowed');
             }
-            // Return the trimmed, validated URL
             return validator.trim(input);
         }
         catch (error) {
@@ -157,106 +144,136 @@ export class Sanitization {
         }
     }
     /**
-     * Sanitize file paths to prevent path traversal attacks
-     * @param input Path to sanitize
-     * @param options Options for path sanitization
-     * @returns Sanitized and normalized path
-     * @throws {McpError} If path is invalid or unsafe
+     * Sanitizes a file path to prevent path traversal and other common attacks.
+     * Normalizes the path, optionally converts to POSIX style, and can restrict
+     * the path to a root directory.
+     *
+     * @param {string} input - The file path to sanitize.
+     * @param {PathSanitizeOptions} [options={}] - Options to control sanitization behavior.
+     * @returns {SanitizedPathInfo} An object containing the sanitized path and metadata about the sanitization process.
+     * @throws {McpError} If the path is invalid, unsafe (e.g., contains null bytes, attempts traversal).
      */
     sanitizePath(input, options = {}) {
+        const originalInput = input;
+        const effectiveOptions = {
+            toPosix: options.toPosix ?? false,
+            allowAbsolute: options.allowAbsolute ?? false,
+            rootDir: options.rootDir
+        };
+        let wasAbsoluteInitially = false;
+        let convertedToRelative = false;
         try {
             if (!input || typeof input !== 'string') {
                 throw new Error('Invalid path input: must be a non-empty string');
             }
-            // Apply path normalization using built-in path module
             let normalized = path.normalize(input);
-            // Prevent null byte injection
+            wasAbsoluteInitially = path.isAbsolute(normalized);
             if (normalized.includes('\0')) {
                 throw new Error('Path contains null byte');
             }
-            // Convert backslashes to forward slashes if toPosix is true
-            if (options.toPosix) {
+            if (effectiveOptions.toPosix) {
                 normalized = normalized.replace(/\\/g, '/');
             }
-            // Handle absolute paths based on allowAbsolute option
-            if (!options.allowAbsolute && path.isAbsolute(normalized)) {
-                // Remove leading slash or drive letter to make it relative
-                normalized = normalized.replace(/^(?:[A-Za-z]:)?[/\\]/, '');
+            if (!effectiveOptions.allowAbsolute && path.isAbsolute(normalized)) {
+                // Original path was absolute, but absolute paths are not allowed.
+                // Convert to relative by stripping leading slash or drive letter.
+                normalized = normalized.replace(/^(?:[A-Za-z]:)?[/\\]+/, '');
+                convertedToRelative = true;
             }
-            // If rootDir is specified, ensure the path doesn't escape it
-            if (options.rootDir) {
-                const rootDir = path.resolve(options.rootDir);
-                // Resolve the normalized path against the root dir
-                const fullPath = path.resolve(rootDir, normalized);
-                // More robust check for path traversal: ensure fullPath starts with rootDir + separator
-                // or is exactly rootDir
-                if (!fullPath.startsWith(rootDir + path.sep) && fullPath !== rootDir) {
-                    throw new Error('Path traversal detected');
+            let finalSanitizedPath;
+            if (effectiveOptions.rootDir) {
+                const rootDirResolved = path.resolve(effectiveOptions.rootDir);
+                // If 'normalized' is absolute (and allowed), path.resolve uses it as the base.
+                // If 'normalized' is relative, it's resolved against 'rootDirResolved'.
+                const fullPath = path.resolve(rootDirResolved, normalized);
+                if (!fullPath.startsWith(rootDirResolved + path.sep) && fullPath !== rootDirResolved) {
+                    throw new Error('Path traversal detected (escapes rootDir)');
                 }
-                // Return the path relative to the root
-                return path.relative(rootDir, fullPath);
+                // Path is within rootDir, return it relative to rootDir.
+                finalSanitizedPath = path.relative(rootDirResolved, fullPath);
+                // Ensure empty string result from path.relative (if fullPath equals rootDirResolved) becomes '.'
+                finalSanitizedPath = finalSanitizedPath === '' ? '.' : finalSanitizedPath;
             }
-            // Final validation - check for relative path traversal attempts if not rooted
-            if (normalized.includes('..')) {
-                // Resolve the path to see if it escapes the current working directory conceptually
-                const resolvedPath = path.resolve(normalized);
-                const currentWorkingDir = path.resolve('.'); // Or use a safer base if needed
-                if (!resolvedPath.startsWith(currentWorkingDir)) {
-                    throw new Error('Relative path traversal detected');
+            else { // No rootDir specified
+                if (path.isAbsolute(normalized)) {
+                    if (effectiveOptions.allowAbsolute) {
+                        // Absolute path is allowed and no rootDir to constrain it.
+                        finalSanitizedPath = normalized;
+                    }
+                    else {
+                        // Should not happen if logic above is correct (already made relative or was originally relative)
+                        // but as a safeguard:
+                        throw new Error('Absolute path encountered when not allowed and not rooted');
+                    }
+                }
+                else { // Path is relative and no rootDir
+                    if (normalized.includes('..')) {
+                        const resolvedPath = path.resolve(normalized); // Resolves relative to CWD
+                        const currentWorkingDir = path.resolve('.');
+                        if (!resolvedPath.startsWith(currentWorkingDir)) {
+                            throw new Error('Relative path traversal detected (escapes CWD)');
+                        }
+                    }
+                    finalSanitizedPath = normalized;
                 }
             }
-            return normalized;
+            return {
+                sanitizedPath: finalSanitizedPath,
+                originalInput,
+                wasAbsolute: wasAbsoluteInitially,
+                convertedToRelative,
+                optionsUsed: effectiveOptions
+            };
         }
         catch (error) {
             logger.warning('Path sanitization error', {
-                input,
+                input: originalInput,
+                options: effectiveOptions,
                 error: error instanceof Error ? error.message : String(error)
             });
-            throw new McpError(BaseErrorCode.VALIDATION_ERROR, error instanceof Error ? error.message : 'Invalid or unsafe path', { input });
+            throw new McpError(BaseErrorCode.VALIDATION_ERROR, error instanceof Error ? error.message : 'Invalid or unsafe path', { input: originalInput } // Provide original input in error details
+            );
         }
     }
     /**
-     * Sanitize a JSON string
-     * @param input JSON string to sanitize
-     * @param maxSize Maximum allowed size in bytes
-     * @returns Parsed and sanitized object
-     * @throws {McpError} If JSON is invalid or too large
+     * Sanitize a JSON string. Validates format and optionally checks size.
+     * @template T - The expected type of the parsed JSON object.
+     * @param {string} input - JSON string to sanitize.
+     * @param {number} [maxSize] - Maximum allowed size in bytes.
+     * @returns {T} Parsed and sanitized object.
+     * @throws {McpError} If JSON is invalid, too large, or input is not a string.
      */
     sanitizeJson(input, maxSize) {
         try {
             if (typeof input !== 'string') {
                 throw new Error('Invalid input: expected a JSON string');
             }
-            // Check size limit if specified
             if (maxSize !== undefined && Buffer.byteLength(input, 'utf8') > maxSize) {
                 throw new McpError(BaseErrorCode.VALIDATION_ERROR, `JSON exceeds maximum allowed size of ${maxSize} bytes`, { size: Buffer.byteLength(input, 'utf8'), maxSize });
             }
-            // Validate JSON format using JSON.parse for stricter validation than validator.isJSON
             const parsed = JSON.parse(input);
             // Optional: Add recursive sanitization of parsed object values if needed
             // this.sanitizeObjectRecursively(parsed); 
             return parsed;
         }
         catch (error) {
-            if (error instanceof McpError) {
+            if (error instanceof McpError)
                 throw error;
-            }
             throw new McpError(BaseErrorCode.VALIDATION_ERROR, error instanceof Error ? error.message : 'Invalid JSON format', { input: input.length > 100 ? `${input.substring(0, 100)}...` : input });
         }
     }
     /**
-     * Ensure input is within a numeric range
-     * @param input Number or string to validate
-     * @param min Minimum allowed value (inclusive)
-     * @param max Maximum allowed value (inclusive)
-     * @returns Sanitized number within range
-     * @throws {McpError} If input is not a valid number
+     * Ensure input is a valid number and optionally within a numeric range.
+     * Clamps the number to the range if min/max are provided and value is outside.
+     * @param {number | string} input - Number or string to validate.
+     * @param {number} [min] - Minimum allowed value (inclusive).
+     * @param {number} [max] - Maximum allowed value (inclusive).
+     * @returns {number} Sanitized number.
+     * @throws {McpError} If input is not a valid number or parsable string.
      */
     sanitizeNumber(input, min, max) {
         let value;
-        // Handle string input
         if (typeof input === 'string') {
-            // Use validator for initial check, but rely on parseFloat for conversion
             if (!validator.isNumeric(input.trim())) {
                 throw new McpError(BaseErrorCode.VALIDATION_ERROR, 'Invalid number format', { input });
             }
@@ -268,38 +285,37 @@ export class Sanitization {
         else {
             throw new McpError(BaseErrorCode.VALIDATION_ERROR, 'Invalid input type: expected number or string', { input: String(input) });
         }
-        // Check if parsing resulted in NaN
         if (isNaN(value) || !isFinite(value)) {
             throw new McpError(BaseErrorCode.VALIDATION_ERROR, 'Invalid number value (NaN or Infinity)', { input });
         }
-        // Clamp the value to the specified range
+        let clamped = false;
         if (min !== undefined && value < min) {
             value = min;
-            logger.debug('Number clamped to minimum value', { input, min, value });
+            clamped = true;
         }
         if (max !== undefined && value > max) {
             value = max;
-            logger.debug('Number clamped to maximum value', { input, max, value });
+            clamped = true;
+        }
+        if (clamped) {
+            logger.debug('Number clamped to range', { input, min, max, finalValue: value });
         }
         return value;
     }
     /**
-     * Sanitize input for logging to protect sensitive information
-     * @param input Input to sanitize
-     * @returns Sanitized input safe for logging
+     * Sanitize input for logging to protect sensitive information.
+     * Deep clones the input and redacts fields matching `this.sensitiveFields`.
+     * @param {unknown} input - Input to sanitize.
+     * @returns {unknown} Sanitized input safe for logging.
      */
     sanitizeForLogging(input) {
         try {
-            // Handle non-objects and null directly
             if (!input || typeof input !== 'object') {
                 return input;
             }
-            // Use structuredClone for deep copy if available (Node.js >= 17)
-            // Fallback to JSON stringify/parse for older versions
             const clonedInput = typeof structuredClone === 'function'
                 ? structuredClone(input)
-                : JSON.parse(JSON.stringify(input));
-            // Recursively sanitize the cloned object
+                : JSON.parse(JSON.stringify(input)); // Fallback for older Node versions
             this.redactSensitiveFields(clonedInput);
             return clonedInput;
         }
@@ -307,66 +323,51 @@ export class Sanitization {
             logger.error('Error during log sanitization', {
                 error: error instanceof Error ? error.message : String(error)
             });
-            // Return a placeholder if sanitization fails
             return '[Log Sanitization Failed]';
         }
     }
     /**
-     * Private helper to convert attribute format from record to sanitize-html format
+     * Private helper to convert attribute format for sanitize-html.
      */
     convertAttributesFormat(attrs) {
-        // sanitize-html directly supports Record<string, string[]> for allowedAttributes per tag
         return attrs;
     }
     /**
-     * Recursively redact sensitive fields in an object or array
+     * Recursively redact sensitive fields in an object or array.
+     * Modifies the object in place.
+     * @param {unknown} obj - The object or array to redact.
      */
     redactSensitiveFields(obj) {
         if (!obj || typeof obj !== 'object') {
             return;
         }
-        // Handle arrays: iterate and recurse
         if (Array.isArray(obj)) {
-            obj.forEach((item, index) => {
-                // If the item is an object/array, recurse. Otherwise, leave primitive values.
+            obj.forEach(item => {
                 if (item && typeof item === 'object') {
                     this.redactSensitiveFields(item);
                 }
             });
             return;
         }
-        // Handle regular objects: iterate through keys
         for (const key in obj) {
-            // Use hasOwnProperty to avoid iterating over prototype properties
             if (Object.prototype.hasOwnProperty.call(obj, key)) {
                 const value = obj[key];
-                // Check if this key matches any sensitive field pattern (case-insensitive)
                 const isSensitive = this.sensitiveFields.some(field => key.toLowerCase().includes(field.toLowerCase()));
                 if (isSensitive) {
-                    // Mask sensitive value
                     obj[key] = '[REDACTED]';
                 }
                 else if (value && typeof value === 'object') {
-                    // Recursively process nested objects/arrays
                     this.redactSensitiveFields(value);
                 }
-                // Primitive values are left as is if not sensitive
             }
         }
     }
 }
 // Create and export singleton instance
 export const sanitization = Sanitization.getInstance();
-// Removed the `sanitizeInput` object export for simplicity.
-// Users should import `sanitization` and call methods directly.
-// e.g., import { sanitization } from './sanitization.js';
-// sanitization.sanitizeHtml(input);
-// sanitization.sanitizePath(input);
 /**
- * Sanitize input for logging to protect sensitive information.
- * Kept as a separate export for convenience.
- * @param input Input to sanitize
- * @returns Sanitized input safe for logging
+ * Convenience function to sanitize input for logging.
+ * @param {unknown} input - Input to sanitize.
+ * @returns {unknown} Sanitized input safe for logging.
  */
 export const sanitizeInputForLogging = (input) => sanitization.sanitizeForLogging(input);
-// Removed default export

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cyanheads/git-mcp-server",
-  "version": "2.0.7",
+  "version": "2.0.9",
   "description": "An MCP (Model Context Protocol) server providing tools to interact with Git repositories. Enables LLMs and AI agents to perform Git operations like clone, commit, push, pull, branch, diff, log, status, and more via the MCP standard.",
   "type": "module",
   "license": "Apache-2.0",
@@ -38,7 +38,7 @@
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.11.0",
     "@types/jsonwebtoken": "^9.0.9",
-    "@types/node": "^22.15.9",
+    "@types/node": "^22.15.15",
     "@types/sanitize-html": "^2.16.0",
     "@types/validator": "^13.15.0",
     "chrono-node": "^2.8.0",