Skip to main content
Glama
jbroll

MCP Build Environment Service

by jbroll
OverviewSchemaRelated ServersScoreDiscussions
Python
Hybrid

git

Execute safe git operations like status, log, checkout, pull, and diff within isolated build environments to manage version control without local dependencies.

Instructions

Run git commands in a repository. Limited to safe operations: status, log, checkout, pull, branch, diff, fetch, reset, show. If branch is specified, creates/uses a hidden worktree (.repo@branch) for isolation.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
argsYesGit command and arguments (e.g., 'status', 'checkout main', 'pull origin main')
repoYesRepository name (required)
branchNoGit branch name (optional). If provided, uses isolated worktree.

Implementation Reference

  • src/server.py:502-519 (handler)
    The handler function for the 'git' tool. Extracts repo, branch, and args from input, validates args using validate_git_args, constructs the git command by splitting args and prepending 'git', then executes it in the repository worktree using execute_in_worktree.
    async def handle_git(self, args: Dict[str, Any]) -> List[TextContent]:
    """Handle git command"""
    repo = args.get("repo")
    branch = args.get("branch")
    git_args = args.get("args", "")

    if not git_args:
        raise ValueError("git command requires arguments")

    # Validate arguments
    validate_git_args(git_args)

    # Build command
    cmd = ["git"] + shlex.split(git_args)

    # Execute in appropriate worktree with locking
    result = await self.execute_in_worktree(repo, branch, cmd)
    return [TextContent(type="text", text=result)]
  • src/server.py:348-371 (registration)
    Registers the 'git' tool with the MCP server via the list_tools handler. Includes tool name, description, and input schema specifying required 'repo' and 'args', optional 'branch'.
    Tool(
    name="git",
    description="Run git commands in a repository. "
               "Limited to safe operations: status, log, checkout, pull, branch, diff, fetch, reset, show. "
               "If branch is specified, creates/uses a hidden worktree (.repo@branch) for isolation.",
    inputSchema={
        "type": "object",
        "properties": {
            "args": {
                "type": "string",
                "description": "Git command and arguments (e.g., 'status', 'checkout main', 'pull origin main')"
            },
            "repo": {
                "type": "string",
                "description": "Repository name (required)"
            },
            "branch": {
                "type": "string",
                "description": "Git branch name (optional). If provided, uses isolated worktree."
            }
        },
        "required": ["args", "repo"]
    }
),
  • src/server.py:353-370 (schema)
    JSON schema for the 'git' tool input: object with 'args' (string, required), 'repo' (string, required), 'branch' (string, optional). Defines validation for tool calls.
    inputSchema={
    "type": "object",
    "properties": {
        "args": {
            "type": "string",
            "description": "Git command and arguments (e.g., 'status', 'checkout main', 'pull origin main')"
        },
        "repo": {
            "type": "string",
            "description": "Repository name (required)"
        },
        "branch": {
            "type": "string",
            "description": "Git branch name (optional). If provided, uses isolated worktree."
        }
    },
    "required": ["args", "repo"]
}
  • src/validators.py:71-116 (helper)
    Helper function to validate git arguments. Checks for dangerous patterns, ensures subcommand is in ALLOWED_GIT_COMMANDS, and blocks force operations on checkout/pull.
    def validate_git_args(args: str) -> None:
    """
    Validate git command arguments

    Only allows safe read-only and branch operations:
    - status, log, branch, diff, show (read-only)
    - checkout, pull, fetch (branch operations)

    Args:
        args: Git command arguments

    Raises:
        ValueError: If arguments contain dangerous patterns or disallowed commands
    """
    if not args:
        raise ValueError("Git command requires arguments")

    # Check for dangerous patterns
    if contains_dangerous_pattern(args):
        raise ValueError(f"Git arguments contain dangerous patterns: {args}")

    # Extract the git subcommand (first word)
    parts = args.strip().split()
    if not parts:
        raise ValueError("Empty git command")

    subcommand = parts[0].lower()

    # Check if subcommand is allowed
    if subcommand not in ALLOWED_GIT_COMMANDS:
        raise ValueError(
            f"Git subcommand '{subcommand}' not allowed. "
            f"Allowed commands: {', '.join(sorted(ALLOWED_GIT_COMMANDS))}"
        )

    # Additional checks for specific commands
    if subcommand == "checkout":
        # Block checkout with -f (force) or -b with remote paths
        if "-f" in parts or "--force" in parts:
            raise ValueError("Force checkout not allowed")

    if subcommand == "pull":
        # Block force pull
        if "-f" in parts or "--force" in parts:
            raise ValueError("Force pull not allowed")
  • src/validators.py:13-16 (helper)
    Set of allowed git subcommands used by validate_git_args to restrict operations to safe ones.
    # Allowed git subcommands
ALLOWED_GIT_COMMANDS = {
    "status", "log", "checkout", "pull", "branch", "diff", "fetch", "reset", "show"
}

Tool Definition Quality

A4.2/5.0
Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden and does well by disclosing key behavioral traits: it limits operations to 'safe' commands, explains the isolation mechanism using hidden worktrees when branch is specified, and implies mutation capabilities (checkout, pull, reset). It could be more explicit about authentication or rate limits.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two sentences with zero waste. First sentence states purpose and scope, second explains the branch isolation behavior. Every word earns its place and the information is front-loaded appropriately.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given no annotations and no output schema, the description does well for a 3-parameter tool with mutation capabilities. It explains allowed operations, safety limitations, and isolation behavior. Could be more complete by mentioning error handling or output format, but covers essential context given the complexity.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the baseline is 3. The description adds some value by explaining the branch parameter's effect ('creates/uses a hidden worktree'), but doesn't provide additional semantics for 'args' or 'repo' beyond what the schema already documents.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose with specific verbs ('Run git commands') and resources ('in a repository'), and distinguishes it from siblings by specifying git operations. It goes beyond the name 'git' to explain the scope of allowed commands.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides clear context on when to use this tool by listing allowed operations ('status, log, checkout...') and specifying isolation behavior with branch parameter. However, it doesn't explicitly state when NOT to use it or mention alternatives among siblings.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/jbroll/mcp-build'

If you have feedback or need assistance with the MCP directory API, please join our Discord server