Standalone, read-only MCP server for inspecting a repository safely. It exposes tools for health checks, tree browsing, file summaries, file reads, searches, and repository manifests without allowing writes, shell execution, or path escape outside REPO_ROOT.
- Read-only repository inspection over MCP
- Safe path resolution constrained to
REPO_ROOT - Directory tree, file summary, search, and manifest tools
- Text redaction for common secret patterns
- HTTP and
stdiotransports
Stable local utility. The server is intentionally narrow in scope and designed for inspection only.
Requires Python 3.11 or newer.
git clone <repo-url>
cd <repo-name>
python3 -m pip install -e .[test]Set the repository root explicitly when starting the server:
export REPO_ROOT=/path/to/repository
repo-mcp --host 127.0.0.1 --port 8765 --transport httpYou can also run the module directly:
export REPO_ROOT=/path/to/repository
python3 -m mcp_repo_reader.server --host 127.0.0.1 --port 8765 --transport httpFor local MCP clients, use stdio:
export REPO_ROOT=/path/to/repository
python3 -m mcp_repo_reader.server --transport stdiopytestmcp_repo_reader/- server implementation, path policy, scanner, and redaction helpersscripts/- local runner and smoke test helperstests/- unit and integration testsdocs/- additional usage notes
- Absolute paths are rejected
..traversal is rejected- Symlink escapes outside
REPO_ROOTare rejected - Known secret-like files are blocked
- Common secret tokens are redacted from text output
If you want to connect a private MCP server to supported OpenAI products without exposing it to the public internet, see the official OpenAI guide for Secure MCP Tunnels:
No license file is included yet. Add one before publishing publicly if you want to define reuse terms.