npm - @cyanheads/git-mcp-server - Versions diffs - 2.8.1 → 2.8.2 - Mend

@cyanheads/git-mcp-server 2.8.1 → 2.8.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -7,7 +7,7 @@
 <div align="center">
-[![Version](https://img.shields.io/badge/Version-2.8.1-blue.svg?style=flat-square)](./CHANGELOG.md) [![MCP Spec](https://img.shields.io/badge/MCP%20Spec-2025--11--25-8A2BE2.svg?style=flat-square)](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/main/docs/specification/2025-11-25/changelog.mdx) [![MCP SDK](https://img.shields.io/badge/MCP%20SDK-^1.26.0-green.svg?style=flat-square)](https://modelcontextprotocol.io/) [![License](https://img.shields.io/badge/License-Apache%202.0-orange.svg?style=flat-square)](./LICENSE) [![Status](https://img.shields.io/badge/Status-Stable-brightgreen.svg?style=flat-square)](https://github.com/cyanheads/git-mcp-server/issues) [![TypeScript](https://img.shields.io/badge/TypeScript-^5.9.3-3178C6.svg?style=flat-square)](https://www.typescriptlang.org/) [![Bun](https://img.shields.io/badge/Bun-v1.2.21-blueviolet.svg?style=flat-square)](https://bun.sh/)
+[![Version](https://img.shields.io/badge/Version-2.8.2-blue.svg?style=flat-square)](./CHANGELOG.md) [![MCP Spec](https://img.shields.io/badge/MCP%20Spec-2025--11--25-8A2BE2.svg?style=flat-square)](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/main/docs/specification/2025-11-25/changelog.mdx) [![MCP SDK](https://img.shields.io/badge/MCP%20SDK-^1.26.0-green.svg?style=flat-square)](https://modelcontextprotocol.io/) [![License](https://img.shields.io/badge/License-Apache%202.0-orange.svg?style=flat-square)](./LICENSE) [![Status](https://img.shields.io/badge/Status-Stable-brightgreen.svg?style=flat-square)](https://github.com/cyanheads/git-mcp-server/issues) [![TypeScript](https://img.shields.io/badge/TypeScript-^5.9.3-3178C6.svg?style=flat-square)](https://www.typescriptlang.org/) [![Bun](https://img.shields.io/badge/Bun-v1.2.21-blueviolet.svg?style=flat-square)](https://bun.sh/)
 </div>

package/dist/index.js CHANGED Viewed

@@ -15335,7 +15335,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "@cyanheads/git-mcp-server",
-    version: "2.8.1",
+    version: "2.8.2",
     mcpName: "io.github.cyanheads/git-mcp-server",
     description: "A secure and scalable Git MCP server enabling AI agents to perform comprehensive Git version control operations via STDIO and Streamable HTTP.",
     main: "dist/index.js",
@@ -15855,9 +15855,9 @@ var init_config = __esm(() => {
     git: exports_external.object({
       provider: exports_external.preprocess(emptyStringAsUndefined, exports_external.enum(["auto", "cli", "isomorphic"]).default("auto")),
       signCommits: exports_external.coerce.boolean().default(false),
-      authorName: exports_external.string().optional(),
+      authorName: exports_external.string().regex(/^[^\n\r\0]*$/, "Git author name must not contain newlines or null bytes").optional(),
       authorEmail: exports_external.string().email().optional(),
-      committerName: exports_external.string().optional(),
+      committerName: exports_external.string().regex(/^[^\n\r\0]*$/, "Git committer name must not contain newlines or null bytes").optional(),
       committerEmail: exports_external.string().email().optional(),
       wrapupInstructionsPath: exports_external.preprocess(expandTildePath, exports_external.string().optional()),
       baseDir: exports_external.preprocess((val) => expandTildePath(emptyStringAsUndefined(val)), exports_external.string().refine((p) => !p || isAbsolutePath(p), {
@@ -194057,6 +194057,25 @@ async function resolveWorkingDirectory(pathInput, appContext, storage) {
   });
   return sanitizedPath;
 }
+var DEFAULT_PROTECTION = {
+  protectedBranches: ["main", "master", "production", "prod", "develop", "dev"],
+  enforce: true
+};
+function isProtectedBranch(branchName, config3 = DEFAULT_PROTECTION) {
+  return config3.protectedBranches.includes(branchName.toLowerCase());
+}
+function validateProtectedBranchOperation(branchName, operation, confirmed, config3 = DEFAULT_PROTECTION) {
+  if (!config3.enforce) {
+    return;
+  }
+  if (isProtectedBranch(branchName, config3) && !confirmed) {
+    throw new McpError(-32007 /* ValidationError */, `Cannot perform '${operation}' on protected branch '${branchName}' without explicit confirmation.`, {
+      branch: branchName,
+      operation,
+      hint: "Set the confirmation parameter to true to proceed."
+    });
+  }
+}
 // src/mcp-server/tools/utils/toolHandlerFactory.ts
 function validateSdkContext(ctx) {
@@ -196243,7 +196262,8 @@ var InputSchema23 = exports_external.object({
   tags: exports_external.boolean().default(false).describe("Push all tags to the remote."),
   dryRun: DryRunSchema,
   delete: exports_external.boolean().default(false).describe("Delete the specified remote branch."),
-  remoteBranch: BranchNameSchema.optional().describe("Remote branch name to push to (if different from local branch name).")
+  remoteBranch: BranchNameSchema.optional().describe("Remote branch name to push to (if different from local branch name)."),
+  confirmed: exports_external.boolean().default(false).describe("Explicit confirmation required for force push or branch deletion on protected branches (main, master, production, etc.).")
 });
 var OutputSchema24 = exports_external.object({
   success: exports_external.boolean().describe("Indicates if the operation was successful."),
@@ -196254,6 +196274,21 @@ var OutputSchema24 = exports_external.object({
   rejectedRefs: exports_external.array(exports_external.string()).describe("References that were rejected by the remote.")
 });
 async function gitPushLogic(input, { provider, targetPath, appContext }) {
+  if (input.force || input.delete) {
+    let branchToCheck = input.branch;
+    if (!branchToCheck) {
+      const status = await provider.status({ includeUntracked: false }, {
+        workingDirectory: targetPath,
+        requestContext: appContext,
+        tenantId: appContext.tenantId || "default-tenant"
+      });
+      branchToCheck = status?.currentBranch ?? undefined;
+    }
+    if (branchToCheck) {
+      const operation = input.force ? "force push" : "branch deletion";
+      validateProtectedBranchOperation(branchToCheck, operation, input.confirmed);
+    }
+  }
   const pushOptions = {};
   if (input.remote !== undefined) {
     pushOptions.remote = input.remote;
@@ -196414,7 +196449,8 @@ var InputSchema25 = exports_external.object({
   path: PathSchema,
   mode: exports_external.enum(["soft", "mixed", "hard", "merge", "keep"]).default("mixed").describe("Reset mode: soft (keep changes staged), mixed (unstage changes), hard (discard all changes), merge (reset and merge), keep (reset but keep local changes)."),
   target: CommitRefSchema.optional().describe("Target commit to reset to (default: HEAD)."),
-  paths: exports_external.array(exports_external.string()).optional().describe("Specific file paths to reset (leaves HEAD unchanged).")
+  paths: exports_external.array(exports_external.string()).optional().describe("Specific file paths to reset (leaves HEAD unchanged)."),
+  confirmed: exports_external.boolean().default(false).describe("Explicit confirmation required for hard reset on protected branches (main, master, production, etc.).")
 });
 var OutputSchema26 = exports_external.object({
   success: exports_external.boolean().describe("Indicates if the operation was successful."),
@@ -196423,6 +196459,16 @@ var OutputSchema26 = exports_external.object({
   filesReset: exports_external.array(exports_external.string()).describe("Files that were affected by the reset.")
 });
 async function gitResetLogic(input, { provider, targetPath, appContext }) {
+  if (input.mode === "hard") {
+    const status = await provider.status({ includeUntracked: false }, {
+      workingDirectory: targetPath,
+      requestContext: appContext,
+      tenantId: appContext.tenantId || "default-tenant"
+    });
+    if (status?.currentBranch) {
+      validateProtectedBranchOperation(status.currentBranch, "reset --hard", input.confirmed);
+    }
+  }
   const resetOptions = {
     mode: input.mode
   };
@@ -202098,7 +202144,11 @@ function createHttpApp(mcpServer, parentContext) {
     ...transportContext,
     staleTimeoutMs: config2.mcpStatefulSessionStaleTimeoutMs
   });
-  const allowedOrigin = Array.isArray(config2.mcpAllowedOrigins) && config2.mcpAllowedOrigins.length > 0 ? config2.mcpAllowedOrigins : "*";
+  const explicitOrigins = config2.mcpAllowedOrigins;
+  const allowedOrigin = explicitOrigins && explicitOrigins.length > 0 ? explicitOrigins : "*";
+  if (allowedOrigin === "*" && config2.environment === "production") {
+    logger.warning("MCP_ALLOWED_ORIGINS is not configured. CORS will allow all origins. " + "Set MCP_ALLOWED_ORIGINS to restrict cross-origin access in production.", transportContext);
+  }
   app.use("*", cors({
     origin: allowedOrigin,
     allowMethods: ["GET", "POST", "DELETE", "OPTIONS"],
@@ -202132,7 +202182,6 @@ function createHttpApp(mcpServer, parentContext) {
         name: config2.mcpServerName,
         version: config2.mcpServerVersion,
         description: config2.mcpServerDescription,
-        environment: config2.environment,
         transport: config2.mcpTransportType,
         sessionMode: config2.mcpSessionMode
       }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cyanheads/git-mcp-server",
-  "version": "2.8.1",
+  "version": "2.8.2",
   "mcpName": "io.github.cyanheads/git-mcp-server",
   "description": "A secure and scalable Git MCP server enabling AI agents to perform comprehensive Git version control operations via STDIO and Streamable HTTP.",
   "main": "dist/index.js",