@foundation0/git 1.2.1 → 1.2.3

package/mcp/src/cli.ts

@@ -41,14 +41,18 @@ if (hasFlag('--help') || hasFlag('-h')) {
   process.exit(0)
 }
 
-const owner = getArgValue('--default-owner', process.env.GITEA_TEST_OWNER ?? 'example-org')
-const repo = getArgValue('--default-repo', process.env.GITEA_TEST_REPO ?? 'example-repo')
-const host = getArgValue('--gitea-host', process.env.GITEA_HOST ?? process.env.EXAMPLE_GITEA_HOST ?? 'https://gitea.example.com')?.trim()
+const owner = getArgValue('--default-owner')?.trim()
+const repo = getArgValue('--default-repo')?.trim()
+const host = getArgValue('--gitea-host', process.env.GITEA_HOST)?.trim()
 const token = process.env.GITEA_TOKEN
 const serverName = getArgValue('--server-name', 'f0-git-mcp')
 const serverVersion = getArgValue('--server-version', '1.0.0')
 const toolsPrefix = getArgValue('--tools-prefix') ?? process.env.MCP_TOOLS_PREFIX
 
+if (!host) {
+  throw new Error('GITEA_HOST is required. Set process.env.GITEA_HOST or pass --gitea-host.')
+}
+
 if (isInsecureHttpUrl(host) && !hasFlag('--allow-insecure-http')) {
   throw new Error(
     'Refusing to send requests to an insecure http:// Gitea host. Use https:// or pass --allow-insecure-http if you really need this for local testing.',
@@ -63,8 +67,8 @@ void runGitMcpServer({
     giteaHost: host,
     giteaToken: token,
   },
-  defaultOwner: owner,
-  defaultRepo: repo,
+  ...(owner ? { defaultOwner: owner } : {}),
+  ...(repo ? { defaultRepo: repo } : {}),
   toolsPrefix,
 }).catch((error) => {
   console.error('Failed to start MCP git server', error)

package/mcp/src/redaction.ts

@@ -0,0 +1,207 @@
+const REDACTED = '[REDACTED]'
+
+const normalizeKey = (value: string): string => value.toLowerCase().replace(/[^a-z0-9]/g, '')
+
+const SENSITIVE_OBJECT_KEYS = new Set(
+  [
+    'authorization',
+    'proxyauthorization',
+    'cookie',
+    'setcookie',
+    'xapikey',
+    'xauthtoken',
+    'xaccesstoken',
+    'apikey',
+    'accesstoken',
+    'refreshtoken',
+    'idtoken',
+    'clientsecret',
+    'secret',
+    'password',
+    'passphrase',
+    'privatekey',
+    'token',
+    'session',
+    'sessionid',
+  ].map(normalizeKey),
+)
+
+const SENSITIVE_QUERY_KEYS = new Set(
+  [
+    'access_token',
+    'refresh_token',
+    'id_token',
+    'token',
+    'api_key',
+    'apikey',
+    'key',
+    'auth',
+    'authorization',
+    'client_secret',
+  ].map(normalizeKey),
+)
+
+const isRecord = (value: unknown): value is Record<string, unknown> =>
+  typeof value === 'object' && value !== null && !Array.isArray(value)
+
+const isSensitiveObjectKey = (key: string): boolean => SENSITIVE_OBJECT_KEYS.has(normalizeKey(key))
+
+const isSensitiveQueryKey = (key: string): boolean => SENSITIVE_QUERY_KEYS.has(normalizeKey(key))
+
+const redactQueryEntry = (entry: string): string => {
+  const separatorIndex = entry.indexOf('=')
+  if (separatorIndex < 0) return entry
+
+  const key = entry.slice(0, separatorIndex).trim()
+  if (!key || !isSensitiveQueryKey(key)) return entry
+
+  return `${key}=${REDACTED}`
+}
+
+const redactHeaderLine = (entry: string): string => {
+  const separatorIndex = entry.indexOf(':')
+  if (separatorIndex < 0) return entry
+
+  const name = entry.slice(0, separatorIndex).trim()
+  if (!name || !isSensitiveObjectKey(name)) return entry
+
+  return `${name}: ${REDACTED}`
+}
+
+const redactHeaderRecord = (headers: Record<string, unknown>): Record<string, unknown> => {
+  const next: Record<string, unknown> = {}
+
+  for (const [key, value] of Object.entries(headers)) {
+    if (isSensitiveObjectKey(key)) {
+      next[key] = REDACTED
+      continue
+    }
+
+    next[key] = value
+  }
+
+  return next
+}
+
+const redactUrl = (value: string): string => {
+  const trimmed = value.trim()
+  if (!trimmed) return value
+
+  try {
+    const url = new URL(trimmed)
+    for (const key of Array.from(url.searchParams.keys())) {
+      if (isSensitiveQueryKey(key)) {
+        url.searchParams.set(key, REDACTED)
+      }
+    }
+    return url.toString()
+  } catch {
+    return value
+  }
+}
+
+const looksLikeHeaderList = (value: unknown[]): value is string[] =>
+  value.length === 0 || value.every((entry) => typeof entry === 'string' && entry.includes(':'))
+
+const looksLikeQueryList = (value: unknown[]): value is string[] =>
+  value.length === 0 || value.every((entry) => typeof entry === 'string' && entry.includes('='))
+
+const shouldTreatAsUrlKey = (key: string): boolean => normalizeKey(key) === 'url'
+
+const shouldTreatAsHeadersKey = (key: string): boolean => normalizeKey(key) === 'headers'
+
+const shouldTreatAsQueryKey = (key: string): boolean => normalizeKey(key) === 'query'
+
+export const redactSecretsForMcpOutput = (value: unknown): unknown => {
+  const seen = new WeakMap<object, unknown>()
+
+  const redact = (current: unknown, keyHint?: string): unknown => {
+    if (current === null || current === undefined) {
+      return current
+    }
+
+    if (typeof current === 'string') {
+      if (keyHint && shouldTreatAsUrlKey(keyHint)) {
+        return redactUrl(current)
+      }
+      return current
+    }
+
+    if (typeof current !== 'object') {
+      return current
+    }
+
+    if (seen.has(current as object)) {
+      return seen.get(current as object)
+    }
+
+    if (Array.isArray(current)) {
+      if (keyHint && shouldTreatAsHeadersKey(keyHint) && looksLikeHeaderList(current)) {
+        return current.map(redactHeaderLine)
+      }
+
+      if (keyHint && shouldTreatAsQueryKey(keyHint) && looksLikeQueryList(current)) {
+        return current.map(redactQueryEntry)
+      }
+
+      const next = current.map((entry) => redact(entry))
+      seen.set(current, next)
+      return next
+    }
+
+    if (!isRecord(current)) {
+      return current
+    }
+
+    if (keyHint && shouldTreatAsHeadersKey(keyHint)) {
+      const next = redactHeaderRecord(current)
+      seen.set(current, next)
+      return next
+    }
+
+    const next: Record<string, unknown> = {}
+    seen.set(current, next)
+
+    for (const [key, entryValue] of Object.entries(current)) {
+      if (isSensitiveObjectKey(key)) {
+        next[key] = REDACTED
+        continue
+      }
+
+      if (shouldTreatAsHeadersKey(key) && isRecord(entryValue)) {
+        next[key] = redactHeaderRecord(entryValue)
+        continue
+      }
+
+      if (shouldTreatAsHeadersKey(key) && Array.isArray(entryValue) && looksLikeHeaderList(entryValue)) {
+        next[key] = entryValue.map(redactHeaderLine)
+        continue
+      }
+
+      if (shouldTreatAsQueryKey(key) && Array.isArray(entryValue) && looksLikeQueryList(entryValue)) {
+        next[key] = entryValue.map(redactQueryEntry)
+        continue
+      }
+
+      next[key] = redact(entryValue, key)
+    }
+
+    return next
+  }
+
+  return redact(value)
+}
+
+export const redactSecretsInText = (text: string): string => {
+  if (!text) return text
+
+  const redactedHeaders = text.replace(
+    /(Authorization|Proxy-Authorization|Cookie|Set-Cookie|X-API-Key|X-Auth-Token|X-Access-Token)\s*:\s*([^\r\n]*)/gi,
+    (_match, name: string) => `${name}: ${REDACTED}`,
+  )
+
+  return redactedHeaders.replace(
+    /(access_token|refresh_token|id_token|token|api_key|apikey|client_secret)\s*=\s*([^&\s]+)/gi,
+    (_match, key: string) => `${key}=${REDACTED}`,
+  )
+}

package/mcp/src/server.ts

@@ -8,6 +8,7 @@ import type {
 import { Server } from '@modelcontextprotocol/sdk/server/index.js'
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js'
 import { CallToolRequestSchema, ListToolsRequestSchema } from '@modelcontextprotocol/sdk/types.js'
+import { redactSecretsForMcpOutput, redactSecretsInText } from './redaction'
 
 type ToolInvocationPayload = {
   args?: unknown[]
@@ -299,7 +300,7 @@ export const createGitMcpServer = (options: GitMcpServerOptions = {}): GitMcpSer
                 index,
                 tool,
                 isError: false,
-                data,
+                data: redactSecretsForMcpOutput(data),
               } as BatchResult
             } catch (error) {
               if (continueOnError) {
@@ -307,7 +308,7 @@ export const createGitMcpServer = (options: GitMcpServerOptions = {}): GitMcpSer
                   index,
                   tool,
                   isError: true,
-                  data: error instanceof Error ? error.message : String(error),
+                  data: redactSecretsInText(error instanceof Error ? error.message : String(error)),
                 } as BatchResult
               }
               throw error
@@ -320,7 +321,7 @@ export const createGitMcpServer = (options: GitMcpServerOptions = {}): GitMcpSer
           content: [
             {
               type: 'text',
-              text: JSON.stringify(results, null, 2),
+              text: JSON.stringify(redactSecretsForMcpOutput(results), null, 2),
             },
           ],
         }
@@ -330,7 +331,7 @@ export const createGitMcpServer = (options: GitMcpServerOptions = {}): GitMcpSer
           content: [
             {
               type: 'text',
-              text: error instanceof Error ? error.message : String(error),
+              text: redactSecretsInText(error instanceof Error ? error.message : String(error)),
             },
           ],
         }
@@ -345,11 +346,12 @@ export const createGitMcpServer = (options: GitMcpServerOptions = {}): GitMcpSer
 
     try {
       const result = await invokeTool(tool, request.params.arguments)
+      const sanitized = redactSecretsForMcpOutput(result)
       return {
         content: [
           {
             type: 'text',
-            text: JSON.stringify(result, null, 2),
+            text: JSON.stringify(sanitized, null, 2),
           },
         ],
       }
@@ -359,7 +361,7 @@ export const createGitMcpServer = (options: GitMcpServerOptions = {}): GitMcpSer
         content: [
           {
             type: 'text',
-            text: error instanceof Error ? error.message : String(error),
+            text: redactSecretsInText(error instanceof Error ? error.message : String(error)),
           },
         ],
       }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@foundation0/git",
-  "version": "1.2.1",
+  "version": "1.2.3",
   "description": "Foundation 0 Git API and MCP server",
   "type": "module",
   "bin": {

package/src/git-service-api.ts

@@ -218,6 +218,22 @@ const buildUrl = (
   return url.toString()
 }
 
+const unresolvedPathParamPattern = /^\{[^{}]+\}$/
+
+const assertResolvedMappedPath = (
+  mappedPath: string[],
+  featurePath: string[],
+): void => {
+  const unresolved = mappedPath.filter((segment) => unresolvedPathParamPattern.test(segment))
+  if (unresolved.length === 0) {
+    return
+  }
+
+  throw new Error(
+    `Missing required path arguments for "${featurePath.join('.')}". Unresolved parameters: ${unresolved.join(', ')}`,
+  )
+}
+
 const canUseAbortSignalTimeout = (): boolean =>
   typeof AbortSignal !== 'undefined' && typeof (AbortSignal as unknown as { timeout?: unknown }).timeout === 'function'
 
@@ -369,6 +385,7 @@ const createMethod = (
 
       return segment
     })
+    assertResolvedMappedPath(hydratedPath, feature.path)
 
     const requestBody = buildRequestBody(mapping.method, bodyOptions, unhandled)
     const headers = {
@@ -530,8 +547,8 @@ export const createGitServiceApi = (options: GitServiceApiFactoryOptions = {}):
   const log = options.log
 
   const defaults = {
-    defaultOwner: options.defaultOwner ?? process.env.GITEA_TEST_OWNER ?? 'example-org',
-    defaultRepo: options.defaultRepo ?? process.env.GITEA_TEST_REPO ?? 'example-repo',
+    defaultOwner: options.defaultOwner,
+    defaultRepo: options.defaultRepo,
   }
 
   const root: GitServiceApi = {}
@@ -562,4 +579,24 @@ export const createGitServiceApi = (options: GitServiceApiFactoryOptions = {}):
   return root
 }
 
-export const gitServiceApi = createGitServiceApi()
+const createUnavailableGitServiceApi = (error: Error): GitServiceApi => {
+  return new Proxy(
+    {},
+    {
+      get: (): never => {
+        throw error
+      },
+    },
+  ) as GitServiceApi
+}
+
+export const gitServiceApi: GitServiceApi = (() => {
+  try {
+    return createGitServiceApi()
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error)
+    return createUnavailableGitServiceApi(
+      new Error(`Failed to initialize gitServiceApi singleton: ${message}`),
+    )
+  }
+})()

package/src/issue-dependencies.ts

@@ -2,7 +2,6 @@ import type { GitServiceApiExecutionResult } from './git-service-api'
 import { spawn } from 'node:child_process'
 import crypto from 'node:crypto'
 
-const DEFAULT_GITEA_HOST = 'https://gitea.example.com'
 const DEFAULT_REQUEST_TIMEOUT_MS = 60_000
 
 const parseRequestTimeoutMs = (value: unknown): number | null => {
@@ -274,6 +273,14 @@ const resolveGiteaApiBase = (host: string): string => {
   return trimmed.endsWith('/api/v1') ? trimmed : `${trimmed}/api/v1`
 }
 
+const resolveRequiredGiteaHost = (host: string | undefined): string => {
+  const resolved = host?.trim() ?? process.env.GITEA_HOST?.trim()
+  if (!resolved) {
+    throw new Error('GITEA_HOST is required. Pass host explicitly or set process.env.GITEA_HOST.')
+  }
+  return resolved
+}
+
 const buildIssueDependenciesUrl = (host: string, owner: string, repo: string, issueNumber: number): string => {
   return `${resolveGiteaApiBase(host)}/repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}/issues/${issueNumber}/dependencies`
 }
@@ -283,11 +290,12 @@ export async function callIssueDependenciesApi(
   owner: string,
   repo: string,
   issueNumber: number,
-  host: string = DEFAULT_GITEA_HOST,
+  host: string | undefined,
   token: string | undefined,
   payload?: GitIssueDependencyPayload
 ): Promise<GitServiceApiExecutionResult<unknown>> {
-  const requestUrl = buildIssueDependenciesUrl(host, owner, repo, issueNumber)
+  const resolvedHost = resolveRequiredGiteaHost(host)
+  const requestUrl = buildIssueDependenciesUrl(resolvedHost, owner, repo, issueNumber)
   const headers = {
     Accept: 'application/json',
     ...(token ? { Authorization: `token ${token}` } : {}),
@@ -343,7 +351,7 @@ export async function callIssueDependenciesApi(
       method,
       query: [],
       headers: [],
-      apiBase: resolveGiteaApiBase(host),
+      apiBase: resolveGiteaApiBase(resolvedHost),
       swaggerPath: '/repos/{owner}/{repo}/issues/{index}/dependencies',
       mapped: true,
     },

package/src/platform/config.ts

@@ -8,7 +8,6 @@ export interface GitPlatformConfig {
   giteaSwaggerPath?: string
 }
 
-const DEFAULT_GITEA_HOST = 'https://gitea.example.com'
 const DEFAULT_PLATFORM: PlatformName = 'GITEA'
 const DEFAULT_GITEA_SWAGGER_PATH = '/swagger.v1.json'
 
@@ -34,8 +33,7 @@ export const getGitPlatformConfig = (overrides: Partial<GitPlatformConfig> = {})
 
   const giteaHost =
     overrides.giteaHost ??
-    process.env.GITEA_HOST ??
-    DEFAULT_GITEA_HOST
+    process.env.GITEA_HOST
 
   const giteaToken =
     overrides.giteaToken ??
@@ -50,9 +48,13 @@ export const getGitPlatformConfig = (overrides: Partial<GitPlatformConfig> = {})
     process.env.GITEA_SWAGGER_PATH ??
     DEFAULT_GITEA_SWAGGER_PATH
 
+  if (!giteaHost || giteaHost.trim().length === 0) {
+    throw new Error('GITEA_HOST is required. Set process.env.GITEA_HOST or pass config.giteaHost explicitly.')
+  }
+
   return {
     platform,
-    giteaHost,
+    giteaHost: giteaHost.trim(),
     giteaToken,
     giteaApiVersion,
     giteaSwaggerPath,