Enhance Git server with repository path security and improved configuration

Author: sparesparrow

src/git/README.md

@@ -6,6 +6,17 @@ A Model Context Protocol server for Git repository interaction and automation. T
 
 Please note that mcp-server-git is currently in early development. The functionality and available tools are subject to change and expansion as we continue to develop and improve the server.
 
+### Repository Path Security
+
+When running the server with the `--repository` flag, all Git operations are restricted to that specific repository path, regardless of any `repo_path` values provided in tool calls. This provides an important security boundary:
+
+- The server will reject any attempts to access paths outside the configured repository
+- All tool operations that accept a `repo_path` parameter will ignore it and use the configured repository instead
+- Path traversal attempts (e.g., using `../`) are blocked
+- If no repository is configured, the server requires explicit repository paths for each operation
+
+This makes it safe to expose the server to untrusted clients while maintaining control over which repositories they can access.
+
 ### Tools
 
 1. `git_status`
@@ -65,7 +76,7 @@ Please note that mcp-server-git is currently in early development. The functiona
    - Inputs:
      - `repo_path` (string): Path to Git repository
      - `branch_name` (string): Name of the new branch
-     - `start_point` (string, optional): Starting point for the new branch
+     - `base_branch` (string, optional): Starting point (branch name or commit hash) for the new branch. Defaults to the current active branch.
    - Returns: Confirmation of branch creation
 10. `git_checkout`
    - Switches branches

src/git/src/mcp_server_git/__init__.py

@@ -1,24 +1,44 @@
+import asyncio
 import click
-from pathlib import Path
 import logging
+from pathlib import Path
 import sys
+import signal
 from .server import serve
 
+def handle_sigint():
+    for task in asyncio.all_tasks():
+        task.cancel()
+
 @click.command()
-@click.option("--repository", "-r", type=Path, help="Git repository path")
-@click.option("-v", "--verbose", count=True)
-def main(repository: Path | None, verbose: bool) -> None:
+@click.option(
+    "--repository",
+    type=click.Path(exists=True, file_okay=False, dir_okay=True, path_type=Path),
+    help="Path to Git repository to operate on",
+)
+@click.option("-v", "--verbose", count=True, default=0)
+def main(repository: Path | None, verbose: int = 0) -> None:
     """MCP Git Server - Git functionality for MCP"""
-    import asyncio
-
     logging_level = logging.WARN
     if verbose == 1:
         logging_level = logging.INFO
-    elif verbose >= 2:
+    elif verbose > 1:
         logging_level = logging.DEBUG
-
-    logging.basicConfig(level=logging_level, stream=sys.stderr)
-    asyncio.run(serve(repository))
+    logging.basicConfig(level=logging_level)
+    
+    loop = asyncio.new_event_loop()
+    asyncio.set_event_loop(loop)
+    
+    # Set up signal handlers
+    loop.add_signal_handler(signal.SIGINT, handle_sigint)
+    loop.add_signal_handler(signal.SIGTERM, handle_sigint)
+    
+    try:
+        loop.run_until_complete(serve(repository))
+    except asyncio.CancelledError:
+        logging.info("Server shutdown initiated")
+    finally:
+        loop.close()
 
 if __name__ == "__main__":
     main()