fix(mcp): address adversarial review — pin protocol version, bound git calls, add live dirty signal#628
Merged
NagyVikt merged 2 commits intoJun 5, 2026
Conversation
added 2 commits
June 5, 2026 12:49
…rver Agents running in parallel couldn't see who was on which branch/PR or who had claimed a file, so they collided (and edited the primary checkout, which auto-stashed). gitguardex already knows all of this; this exposes it to agents. - src/mcp/server.js: dependency-free stdio JSON-RPC MCP server (no SDK; gx stays at 2 deps). Tools: list_agents, repo_state, who_owns, my_context. - src/mcp/collect.js: read-only collector over git worktrees + per-worktree lock files + pr.findOpenPrForBranch + cockpit projects-finder. who_owns aggregates locks across ALL worktrees (they're per-worktree on disk); surfaces a warning when a lane edits the primary checkout. - src/cli/commands/mcp.js: gx mcp serve | list-agents | who-owns | register. - Wired into src/cli/main.js dispatch. - Tests: mcp-collect (lanes, cross-worktree who_owns, dedupe, primary warning) + mcp-server (JSON-RPC protocol). 12/12 pass; no-new-failures vs base. Read-only; never mutates a repo. Registration is opt-in (gx mcp register).
…t calls, add live dirty signal Review verdict SHIP_WITH_FIXES. Applied: - HIGH #5: initialize pins server PROTOCOL_VERSION instead of echoing the client's requested version (correct MCP version negotiation). - HIGH #10: bound every git() call with a 7s timeout + maxBuffer, and make list_agents PR fetch opt-in (default off) so a hung gh can't exceed the MCP client timeout. repo_state/my_context keep PRs on (narrow scope). - Value gap #16: add per-lane 'dirty' (git status --porcelain) — the files an agent is editing RIGHT NOW, independent of commit-time locks. Filters .omx/.omc runtime churn. Caught+fixed a porcelain parse bug (git() .trim() ate the first line's leading status column). - Cheap: parse errors -> JSON-RPC -32700 (id null); stderr warn on corrupt lock. Tests: 15/15 (added protocol-pin, parse-error, and live-dirty cases).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated by gx branch finish (PR flow).