decodingtrust-agent-sdk 0.1.0__py3-none-any.whl

dt_arena/mcp_server/github/main.py

@@ -0,0 +1,441 @@
+"""GitHub Clone Sandbox MCP Server (Bearer-token based)."""
+from __future__ import annotations
+
+import os
+from pathlib import Path
+from typing import Any, Dict, List, Optional
+
+import httpx
+from fastmcp import FastMCP
+
+try:
+    import yaml
+except Exception:
+    yaml = None
+
+GITHUB_API_URL = os.getenv("GITHUB_API_URL", "http://127.0.0.1:8045")
+DEFAULT_USER_ACCESS_TOKEN = os.getenv("USER_ACCESS_TOKEN", "")
+
+mcp = FastMCP("GitHub Clone Sandbox MCP Server")
+
+
+def _port_from_registry(default_port: int) -> int:
+    try:
+        if yaml is None:
+            return default_port
+        registry_path = Path(__file__).resolve().parent.parent / "registry.yaml"
+        if not registry_path.exists():
+            return default_port
+        data = yaml.safe_load(registry_path.read_text()) or {}
+        service_name = Path(__file__).resolve().parent.name
+        for srv in (data.get("servers") or []):
+            if isinstance(srv, dict) and srv.get("name") == service_name:
+                env = srv.get("env") or {}
+                port_str = str(env.get("PORT") or "").strip().strip('"')
+                return int(port_str) if port_str else default_port
+    except Exception:
+        return default_port
+    return default_port
+
+
+def _resolve_token(token: Optional[str] = None) -> str:
+    return (token or DEFAULT_USER_ACCESS_TOKEN or "").strip()
+
+
+def _require_token(token: Optional[str] = None) -> str:
+    resolved = _resolve_token(token)
+    if not resolved:
+        raise ValueError("access_token is required (or set USER_ACCESS_TOKEN)")
+    return resolved
+
+
+def _headers(token: Optional[str] = None) -> Dict[str, str]:
+    headers = {"Accept": "application/json", "Content-Type": "application/json"}
+    resolved = _resolve_token(token)
+    if resolved:
+        headers["Authorization"] = f"Bearer {resolved}"
+    return headers
+
+
+async def _req(method: str, path: str, *, token: Optional[str] = None, params: Optional[Dict[str, Any]] = None, body: Optional[Dict[str, Any]] = None) -> Any:
+    async with httpx.AsyncClient() as client:
+        r = await client.request(method, f"{GITHUB_API_URL}{path}", params=params, json=body, headers=_headers(token))
+        r.raise_for_status()
+        return r.json()
+
+
+@mcp.tool()
+async def reset_environment() -> Any:
+    """Reset GitHub sandbox data via reset API."""
+    return await _req("POST", "/api/v1/reset")
+
+
+@mcp.tool()
+async def init_environment_from_json(spec: Dict[str, Any], reset_first: bool = True) -> Any:
+    """Initialize GitHub sandbox environment from JSON spec.
+
+    This is intended for scenario/task construction, not attack payload injection.
+    """
+    body = dict(spec or {})
+    body["reset"] = bool(reset_first)
+    return await _req("POST", "/api/v1/init-json", body=body)
+
+
+@mcp.tool()
+async def get_auth_context() -> Any:
+    """Get MCP authentication mode info."""
+    return {
+        "authMode": "OAuth2 access token (Bearer)",
+        "requiresAccessTokenForWriteOps": True,
+        "hasDefaultAccessToken": bool(DEFAULT_USER_ACCESS_TOKEN),
+        "apiBaseUrl": GITHUB_API_URL,
+    }
+
+
+# Users / Org
+@mcp.tool()
+async def get_user_profile(username: str) -> Any:
+    data = await _req("GET", f"/api/users/{username}")
+    return data.get("user", data)
+
+
+@mcp.tool()
+async def get_me(access_token: Optional[str] = None) -> Any:
+    data = await _req("GET", "/api/me", token=_require_token(access_token))
+    return data.get("user", data)
+
+
+@mcp.tool()
+async def list_user_repos(username: str, page: int = 1, limit: int = 20, visibility: Optional[str] = None, search: Optional[str] = None) -> Any:
+    params: Dict[str, Any] = {"page": page, "limit": limit}
+    if visibility:
+        params["visibility"] = visibility
+    if search:
+        params["search"] = search
+    return await _req("GET", f"/api/users/{username}/repos", params=params)
+
+
+@mcp.tool()
+async def get_org(login: str) -> Any:
+    data = await _req("GET", f"/api/orgs/{login}")
+    return data.get("organization", data.get("org", data))
+
+
+@mcp.tool()
+async def list_org_members(login: str, page: int = 1, limit: int = 20) -> Any:
+    return await _req("GET", f"/api/orgs/{login}/members", params={"page": page, "limit": limit})
+
+
+@mcp.tool()
+async def list_org_repos(login: str, page: int = 1, limit: int = 20, visibility: Optional[str] = None, search: Optional[str] = None) -> Any:
+    params: Dict[str, Any] = {"page": page, "limit": limit}
+    if visibility:
+        params["visibility"] = visibility
+    if search:
+        params["search"] = search
+    return await _req("GET", f"/api/orgs/{login}/repos", params=params)
+
+
+# Repo / Branch / Commit
+@mcp.tool()
+async def search_repos(q: Optional[str] = None, page: int = 1, limit: int = 30) -> Any:
+    params: Dict[str, Any] = {"page": page, "limit": limit}
+    if q:
+        params["q"] = q
+    return await _req("GET", "/api/repos", params=params)
+
+
+@mcp.tool()
+async def get_repo(owner: str, repo: str) -> Any:
+    data = await _req("GET", f"/api/repos/{owner}/{repo}")
+    return data.get("repository", data.get("repo", data))
+
+
+@mcp.tool()
+async def create_repo(ownerType: str, ownerLogin: str, name: str, description: Optional[str] = None, visibility: str = "public", defaultBranch: str = "main", access_token: Optional[str] = None) -> Any:
+    data = await _req(
+        "POST",
+        "/api/repos",
+        token=_require_token(access_token),
+        body={
+            "ownerType": ownerType,
+            "ownerLogin": ownerLogin,
+            "name": name,
+            "description": description,
+            "visibility": visibility,
+            "defaultBranch": defaultBranch,
+        },
+    )
+    return data.get("repository", data.get("repo", data.get("item", data)))
+
+
+@mcp.tool()
+async def update_repo(owner: str, repo: str, description: Optional[str] = None, visibility: Optional[str] = None, defaultBranch: Optional[str] = None, access_token: Optional[str] = None) -> Any:
+    body: Dict[str, Any] = {}
+    if description is not None:
+        body["description"] = description
+    if visibility is not None:
+        body["visibility"] = visibility
+    if defaultBranch is not None:
+        body["defaultBranch"] = defaultBranch
+    data = await _req("PATCH", f"/api/repos/{owner}/{repo}", token=_require_token(access_token), body=body)
+    return data.get("repo", data)
+
+
+@mcp.tool()
+async def fork_repo(owner: str, repo: str, access_token: Optional[str] = None) -> Any:
+    data = await _req("POST", f"/api/repos/{owner}/{repo}/fork", token=_require_token(access_token))
+    return data.get("repo", data)
+
+
+@mcp.tool()
+async def star_repo(owner: str, repo: str, access_token: Optional[str] = None) -> Any:
+    return await _req("POST", f"/api/repos/{owner}/{repo}/stars", token=_require_token(access_token))
+
+
+@mcp.tool()
+async def unstar_repo(owner: str, repo: str, access_token: Optional[str] = None) -> Any:
+    return await _req("DELETE", f"/api/repos/{owner}/{repo}/stars", token=_require_token(access_token))
+
+
+@mcp.tool()
+async def list_branches(owner: str, repo: str) -> Any:
+    data = await _req("GET", f"/api/repos/{owner}/{repo}/branches")
+    return data.get("branches", data)
+
+
+@mcp.tool()
+async def get_branch(owner: str, repo: str, branch: str) -> Any:
+    """Get a single branch by name."""
+    data = await _req("GET", f"/api/repos/{owner}/{repo}/branches/{branch}")
+    return data.get("branch", data)
+
+
+@mcp.tool()
+async def create_branch(owner: str, repo: str, name: str, source_branch: str = "main", access_token: Optional[str] = None) -> Any:
+    data = await _req("POST", f"/api/repos/{owner}/{repo}/branches", token=_require_token(access_token), body={"name": name, "source_branch": source_branch})
+    return data.get("branch", data)
+
+
+@mcp.tool()
+async def list_commits(owner: str, repo: str, branch: Optional[str] = None, page: int = 1, limit: int = 20) -> Any:
+    params: Dict[str, Any] = {"page": page, "limit": limit}
+    if branch:
+        params["branch"] = branch
+    return await _req("GET", f"/api/repos/{owner}/{repo}/commits", params=params)
+
+
+@mcp.tool()
+async def get_commit(owner: str, repo: str, sha: str) -> Any:
+    data = await _req("GET", f"/api/repos/{owner}/{repo}/commits/{sha}")
+    return data.get("commit", data)
+
+
+@mcp.tool()
+async def create_commit(owner: str, repo: str, message: str, path: str, content: str, branch: Optional[str] = None, access_token: Optional[str] = None) -> Any:
+    payload: Dict[str, Any] = {"message": message, "path": path, "content": content}
+    if branch:
+        payload["branch"] = branch
+    data = await _req("POST", f"/api/repos/{owner}/{repo}/commits", token=_require_token(access_token), body=payload)
+    return data.get("commit", data)
+
+
+@mcp.tool()
+async def get_repo_tree(owner: str, repo: str, branch: Optional[str] = None, path: str = "", commit: Optional[str] = None) -> Any:
+    params: Dict[str, Any] = {}
+    if branch:
+        params["branch"] = branch
+    if path:
+        params["path"] = path
+    if commit:
+        params["commit"] = commit
+    return await _req("GET", f"/api/repos/{owner}/{repo}/tree", params=params)
+
+
+@mcp.tool()
+async def get_blob(owner: str, repo: str, path: str, branch: Optional[str] = None, commit: Optional[str] = None) -> Any:
+    params: Dict[str, Any] = {"path": path}
+    if branch:
+        params["branch"] = branch
+    if commit:
+        params["commit"] = commit
+    return await _req("GET", f"/api/repos/{owner}/{repo}/blob", params=params)
+
+
+@mcp.tool()
+async def get_repository_content(owner: str, repo: str, path: str = "", ref: Optional[str] = None) -> Any:
+    """GitHub-like content reader for files or directories.
+
+    If `path` points to a file, returns blob payload.
+    If `path` points to a directory (or empty), returns tree payload.
+    """
+    tree_params: Dict[str, Any] = {"path": path} if path else {}
+    blob_params: Dict[str, Any] = {"path": path} if path else {}
+    if ref:
+        tree_params["branch"] = ref
+        blob_params["branch"] = ref
+
+    if not path:
+        return await _req("GET", f"/api/repos/{owner}/{repo}/tree", params=tree_params)
+
+    try:
+        return await _req("GET", f"/api/repos/{owner}/{repo}/blob", params=blob_params)
+    except httpx.HTTPStatusError as e:
+        if e.response.status_code != 404:
+            raise
+        return await _req("GET", f"/api/repos/{owner}/{repo}/tree", params=tree_params)
+
+
+@mcp.tool()
+async def list_repo_labels(owner: str, repo: str) -> Any:
+    return await _req("GET", f"/api/repos/{owner}/{repo}/labels")
+
+
+@mcp.tool()
+async def list_repo_milestones(owner: str, repo: str) -> Any:
+    return await _req("GET", f"/api/repos/{owner}/{repo}/milestones")
+
+
+@mcp.tool()
+async def list_repo_stars(owner: str, repo: str) -> Any:
+    """List stargazers/star metadata for a repository."""
+    return await _req("GET", f"/api/repos/{owner}/{repo}/stars")
+
+
+# Issues
+@mcp.tool()
+async def list_issues(owner: str, repo: str, page: int = 1, limit: int = 20, state: Optional[str] = None, search: Optional[str] = None) -> Any:
+    params: Dict[str, Any] = {"page": page, "limit": limit}
+    if state:
+        params["state"] = state
+    if search:
+        params["search"] = search
+    return await _req("GET", f"/api/repos/{owner}/{repo}/issues", params=params)
+
+
+@mcp.tool()
+async def get_issue(owner: str, repo: str, number: int) -> Any:
+    data = await _req("GET", f"/api/repos/{owner}/{repo}/issues/{number}")
+    return data.get("issue", data)
+
+
+@mcp.tool()
+async def create_issue(
+    owner: str,
+    repo: str,
+    title: str,
+    body: Optional[str] = None,
+    labels: Optional[List[str]] = None,
+    assignees: Optional[List[str]] = None,
+    access_token: Optional[str] = None,
+) -> Any:
+    payload = {"title": title, "body": body, "labels": labels or [], "assignees": assignees or []}
+    data = await _req("POST", f"/api/repos/{owner}/{repo}/issues", token=_require_token(access_token), body=payload)
+    return data.get("issue", data)
+
+
+@mcp.tool()
+async def add_issue_comment(owner: str, repo: str, number: int, body: str, access_token: Optional[str] = None) -> Any:
+    data = await _req("POST", f"/api/repos/{owner}/{repo}/issues/{number}/comments", token=_require_token(access_token), body={"body": body})
+    return data.get("comment", data)
+
+
+@mcp.tool()
+async def list_issue_comments(owner: str, repo: str, number: int, page: int = 1, limit: int = 20) -> Any:
+    """List comments under an issue."""
+    return await _req(
+        "GET",
+        f"/api/repos/{owner}/{repo}/issues/{number}/comments",
+        params={"page": page, "limit": limit},
+    )
+
+
+# Pull Requests
+@mcp.tool()
+async def list_pulls(owner: str, repo: str, page: int = 1, limit: int = 20, state: Optional[str] = None, search: Optional[str] = None) -> Any:
+    params: Dict[str, Any] = {"page": page, "limit": limit}
+    if state:
+        params["state"] = state
+    if search:
+        params["search"] = search
+    return await _req("GET", f"/api/repos/{owner}/{repo}/pulls", params=params)
+
+
+@mcp.tool()
+async def get_pull(owner: str, repo: str, number: int) -> Any:
+    data = await _req("GET", f"/api/repos/{owner}/{repo}/pulls/{number}")
+    return data.get("pullRequest", data.get("pull", data))
+
+
+@mcp.tool()
+async def create_pull(owner: str, repo: str, title: str, body: Optional[str] = None, source_branch: str = "main", target_branch: str = "main", access_token: Optional[str] = None) -> Any:
+    payload = {"title": title, "body": body, "source_branch": source_branch, "target_branch": target_branch}
+    data = await _req("POST", f"/api/repos/{owner}/{repo}/pulls", token=_require_token(access_token), body=payload)
+    return data.get("pullRequest", data.get("pull", data))
+
+
+@mcp.tool()
+async def add_pull_comment(owner: str, repo: str, number: int, body: str, access_token: Optional[str] = None) -> Any:
+    data = await _req("POST", f"/api/repos/{owner}/{repo}/pulls/{number}/comments", token=_require_token(access_token), body={"body": body})
+    return data.get("comment", data)
+
+
+@mcp.tool()
+async def list_pull_comments(owner: str, repo: str, number: int, page: int = 1, limit: int = 20) -> Any:
+    """List comments under a pull request."""
+    return await _req(
+        "GET",
+        f"/api/repos/{owner}/{repo}/pulls/{number}/comments",
+        params={"page": page, "limit": limit},
+    )
+
+
+@mcp.tool()
+async def list_pull_files(owner: str, repo: str, number: int) -> Any:
+    """List changed files of a pull request."""
+    pr = await get_pull(owner=owner, repo=repo, number=number)
+    return {
+        "pull_number": number,
+        "files": pr.get("filesChanged", []),
+        "changed_files_count": pr.get("changedFilesCount", 0),
+    }
+
+
+@mcp.tool()
+async def list_pull_commits(owner: str, repo: str, number: int) -> Any:
+    """List commits associated with a pull request."""
+    pr = await get_pull(owner=owner, repo=repo, number=number)
+    return {
+        "pull_number": number,
+        "commits": pr.get("commits", []),
+        "count": len(pr.get("commits", [])),
+    }
+
+
+@mcp.tool()
+async def merge_pull(owner: str, repo: str, number: int, access_token: Optional[str] = None) -> Any:
+    return await _req("PATCH", f"/api/repos/{owner}/{repo}/pulls/{number}/merge", token=_require_token(access_token))
+
+
+# Activity / Notifications
+@mcp.tool()
+async def get_activity_feed(page: int = 1, limit: int = 20, access_token: Optional[str] = None) -> Any:
+    return await _req("GET", "/api/activity", token=_require_token(access_token), params={"page": page, "limit": limit})
+
+
+@mcp.tool()
+async def list_notifications(all: bool = False, page: int = 1, limit: int = 20, access_token: Optional[str] = None) -> Any:
+    params: Dict[str, Any] = {"page": page, "limit": limit}
+    if all:
+        params["all"] = "true"
+    return await _req("GET", "/api/notifications", token=_require_token(access_token), params=params)
+
+
+@mcp.tool()
+async def mark_notification_read(notification_id: str, access_token: Optional[str] = None) -> Any:
+    return await _req("PATCH", f"/api/notifications/{notification_id}/read", token=_require_token(access_token))
+
+
+if __name__ == "__main__":
+    port = int(os.getenv("PORT") or _port_from_registry(8867))
+    mcp.run(transport="http", host="0.0.0.0", port=port)