A secure, high-performance MCP host for the git-subtree-report tool.
Bridge the power of local Git analysis to the world of AI agents, safely.
This project is in its early architectural phase.
The git-report-proxy is built on a foundation of security, performance, and strict adherence to a single responsibility.
✨ Secure by Design
✔️ Exposes only one tool: git-subtree-report.
✔️ No arbitrary command execution. All calls are made through a validated, type-safe Rust interface.
✔️ Operates on an explicit, user-managed consent model (authorized repository symlinks).
⚡ High-Performance & Lightweight
✅ Built in Rust for memory safety and bare-metal performance.
✅ Asynchronous, non-blocking architecture using Tokio and the rust-mcp-sdk.
✅ Deploys as a single, static binary with no external runtimes required.
🛡️ Strictly Scoped
✔️ The proxy's sole purpose is to be a secure bridge to the git-subtree-report command.
✔️ It does not read files or watch directories directly. Its knowledge comes exclusively from the script's output.
This project is a Cargo workspace composed of three distinct crates, ensuring a clean separation of concerns.
graph TD
%% An invisible grouping for the Daemon
subgraph G1 ["<strong>gitsr-server</strong>"]
T1["Daemon"]
A("fa:fa-cogs Model Context Protocol Server")
end
%% An invisible grouping for the Executor
subgraph G2 ["<strong>gitsr-kernel</strong>"]
T2["Core Logic"]
C("fa:fa-file-code git-subtree-report.sh")
B{{fa:fa-code-branch Safe Command Execution}}
end
%% An invisible grouping for the Environment Manager
subgraph G3 ["<strong>gitsr-manager</strong>"]
T3["Workspace"]
E("fa:fa-folder-open User Consent Manifest")
D{{fa:fa-shield-alt Userspace Scope Manager}}
end
%% An invisible grouping for the Frontends
subgraph G4 ["<strong>External World</strong>"]
F("fa:fa-cloud AI Host and</br>Model Context Prot
72F6
ocol Client")
end
%% =================================================
%% 2. Link Definitions (Relationships)
%% =================================================
F <-->|"MCP Protocol"| A
A <-->|"Calls"| B
A <-->|"Consults"| D
B <-->|"Executes"| C
D <-->|"Maintains"| E
%% =================================================
%% 3. Styling
%% =================================================
%% Style title nodes to be distinct headers
classDef titleNode fill:#f8f9fa,stroke:#dee2e6,color:black,font-weight:bold,font-size:14px;
class T1,T2,T3,T4 titleNode;
%% Style functional nodes by class
classDef apiNode fill:#0286ba,stroke:#016b94,color:white,stroke-width:2px;
classDef executorNode fill:#2d3748,stroke:#1a202c,color:white,stroke-width:2px;
classDef envNode fill:#2a9d8f,stroke:#1e7b6d,color:white,stroke-width:2px;
classDef externalNode fill:#B4AFBC,stroke:#553C9A,color:white,stroke-width:2px;
class A apiNode;
class F externalNode;
class B executorNode;
class D envNode;
%% Style links by their order of definition (0-indexed)
%% F <--> A
linkStyle 0 stroke:#6B46C1,stroke-width:3px,color:black;
%% A <--> B
linkStyle 1 stroke:#2d3748,stroke-width:2px,stroke-dasharray:5 5;
%% A <--> D
linkStyle 2 stroke:#2a9d8f,stroke-width:2px,stroke-dasharray:5 5;
%% B <--> C
linkStyle 3 stroke:#e53e3e,stroke-width:2px,color:red;
%% D <--> E
linkStyle 4 stroke:#2a9d8f,stroke-width:1px,stroke-dasharray:2 3;
Installation is designed to be a one-time, simple process.
Target Installation (Future Releases):
- Pre-compiled binaries for Linux, macOS, and Windows.
- Standard installers (
.deb,.rpm,.pkg,.msi) that register the proxy as a background daemon/service.
Initial Installation (From Source):
git clone https://github.com/your-org/git-report-proxy.git
cd git-report-proxy
cargo build --release
# Run the daemon directly
./target/release/gitsr-daemonThe proxy acts as an MCP server that an AI Host/Client connects to.
- Run the Daemon: Runs in the background.
- Grant Access: The user grants the daemon permission to access specific repositories via a simple UI or command.
- AI Host Connects: An MCP-compatible client connects to the daemon's WebSocket endpoint (e.g.,
wss://localhost:31337/mcp). - AI Host Calls the Tool: The client sends a
tools/callrequest.
Example tools/call Request:
{
"jsonrpc": "2.0",
"id": "req-1",
"method": "tools/call",
"params": {
"name": "git-subtree-report",
"arguments": {
"repositoryPath": "/Users/user/dev/my-project",
"outputContents": true,
"targetSubtree": "src/components"
}
}
}The daemon will validate the request against the user's consent list, securely execute git-subtree-report, and return the result as a CallToolResult.
We welcome contributions! This project is in its early stages, and there are many opportunities to help shape its future.
This project is licensed under the GNU Affero General Public License v3.0 Full License Text • AGPLv3 Explained
Maintained with ❤️ by Cameron Garnham and AI Open Source Sustainability Sponsor Program Available