by cyanheads
A Git MCP server for AI agents. STDIO & Streamable HTTP.
# Add to your Claude Code skills
git clone https://github.com/cyanheads/git-mcp-serverGuides for using ai agents skills like git-mcp-server.
Last scanned: 5/30/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@opentelemetry/auto-instrumentations-node: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/exporter-logs-otlp-grpc: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/exporter-logs-otlp-http: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/exporter-logs-otlp-proto: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/exporter-metrics-otlp-grpc: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/exporter-metrics-otlp-http: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/exporter-metrics-otlp-proto: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/exporter-trace-otlp-grpc: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/exporter-trace-otlp-http: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/exporter-trace-otlp-proto: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/otlp-exporter-base: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/otlp-grpc-exporter-base: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/otlp-transformer: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/sdk-node: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "protobufjs: protobuf.js: Code injection through bytes field defaults in generated toObject code",
"severity": "high"
}
],
"status": "WARNING",
"scannedAt": "2026-05-30T15:32:29.042Z",
"npmAuditRan": true,
"pipAuditRan": true
}git-mcp-server is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by cyanheads. A Git MCP server for AI agents. STDIO & Streamable HTTP. It has 225 GitHub stars.
git-mcp-server returned warnings in SkillsLLM's automated security scan. It has no critical vulnerabilities, but review the flagged issues in the Security Report section before adding it to your workflow.
Clone the repository with "git clone https://github.com/cyanheads/git-mcp-server" and add it to your Claude Code skills directory (see the Installation section above).
git-mcp-server is primarily written in TypeScript. It is open-source under cyanheads on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh git-mcp-server against similar tools.
No comments yet. Be the first to share your thoughts!
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
28 git operations organized into seven categories:
| Category | Tools | Description |
|---|---|---|
| Repository Management | git_init, git_clone, git_status, git_clean |
Initialize repos, clone from remotes, check status, clean untracked files |
| Staging & Commits | git_add, git_commit, git_diff |
Stage changes, create commits, compare changes |
| History & Inspection | git_log, git_show, git_blame, git_reflog |
View commit history, inspect objects, trace authorship, view ref logs |
| Analysis | git_changelog_analyze |
Gather git context and instructions for LLM-driven changelog analysis |
| Branching & Merging | git_branch, git_checkout, git_merge, git_rebase, git_cherry_pick |
Manage branches, switch contexts, integrate changes, apply specific commits |
| Remote Operations | git_remote, git_fetch, git_pull, git_push |
Configure remotes, fetch updates, synchronize repositories, publish changes |
| Advanced Workflows | git_tag, git_stash, git_reset, git_worktree, git_set_working_dir, git_clear_working_dir, git_wrapup_instructions |
Tag releases (list/create/delete/verify), stash changes, reset state, manage worktrees, set/clear session directory |
| Resource | URI | Description |
|---|---|---|
| Git Working Directory | git://working-directory |
The current session working directory, set via git_set_working_dir. |
| Prompt | Description | Parameters |
|---|---|---|
| Git Wrap-up | Workflow protocol for completing git sessions: review, document, commit, and tag changes. | changelogPath, createTag. |
Works with both Bun and Node.js. Runtime is auto-detected.
| Runtime | Command | Minimum Version |
|---|---|---|
| Node.js | npx @cyanheads/git-mcp-server@latest |
>= 20.0.0 |
| Bun | bunx @cyanheads/git-mcp-server@latest |
>= 1.2.0 |
Add the following to your MCP client config (e.g., cline_mcp_settings.json). Update the environment variables to match your setup — especially the git identity fields.
{
"mcpServers": {
"git-mcp-server": {
"type": "stdio",
"command": "npx",
"args": ["@cyanheads/git-mcp-server@latest"],
"env": {
"MCP_TRANSPORT_TYPE": "stdio",
"MCP_LOG_LEVEL": "info",
"GIT_BASE_DIR": "~/Developer/",
"LOGS_DIR": "~/Developer/logs/git-mcp-server/",
"GIT_USERNAME": "cyanheads",
"GIT_EMAIL": "casey@caseyjhand.com",
"GIT_SIGN_COMMITS": "true"
}
}
}
}
Bun users: replace "command": "npx" with "command": "bunx".
For Streamable HTTP, set MCP_TRANSPORT_TYPE=http and MCP_HTTP_PORT=3015.
Built on mcp-ts-template.
| Feature | Details |
|---|---|
| Declarative tools | Define capabilities in single, self-contained files. The framework handles registration, validation, and execution. |
| Error handling | Unified McpError system for consistent, structured error responses. |
| Authentication | Supports none, jwt, and oauth modes. |
| Pluggable storage | Swap backends (in-memory, filesystem, Supabase, Cloudflare KV/R2) without changing business logic. |
| Observability | Structured logging (Pino) and optional auto-instrumented OpenTelemetry for traces and metrics. |
| Dependency injection | Built with tsyringe for decoupled, testable architecture. |
| Cross-runtime | Auto-detects Bun or Node.js and uses the appropriate process spawning method. |
| Provider architecture | Pluggable git provider system. Current: CLI. Planned: isomorphic-git for edge deployment. |
| Working directory management | Session-specific directory context for multi-repo workflows. |
| Configurable git identity | Override author/committer info via environment variables, with fallback to global git config. |
| Commit signing | GPG/SSH signing (enabled by default) for commits, merges, rebases, cherry-picks, and tags. Silent fallback to unsigned on failure with signed/signingWarning fields in responses. |
| Safety | Destructive operations (git clean, git reset --hard) require explicit confirmation flags. |
GIT_BASE_DIR restricts operations to a specific directory tree for multi-tenant sandboxing.RateLimiter service.All configuration is validated at startup in src/config/index.ts. Key environment variables:
| Variable | Description | Default |
|---|---|---|
MCP_TRANSPORT_TYPE |
Transport: stdio or http. |