Skip to content

fix(git): validate repo_path against current roots on every tool call#3631

Open
ctonneslan wants to merge 1 commit intomodelcontextprotocol:mainfrom
ctonneslan:fix/git-validate-against-roots
Open

fix(git): validate repo_path against current roots on every tool call#3631
ctonneslan wants to merge 1 commit intomodelcontextprotocol:mainfrom
ctonneslan:fix/git-validate-against-roots

Conversation

@ctonneslan
Copy link

@ctonneslan ctonneslan commented Mar 18, 2026

Problem

call_tool() validates repo_path only against the CLI --repository argument. When no CLI restriction is set (repository is None), all paths are allowed regardless of the current roots.

If roots change at runtime (client removes a root), a repo that was previously reachable can still be accessed because validate_repo_path returns immediately when allowed_repository is None.

Fix

Validate repo_path against the full list of allowed repos (both roots + CLI) on every tool call by calling list_repos():

allowed_repos = await list_repos()
if allowed_repos:
    resolved_repo = str(repo_path.resolve())
    if not any(
        resolved_repo == r or resolved_repo.startswith(r + "/")
        for r in (str(Path(r).resolve()) for r in allowed_repos)
    ):
        raise ValueError(...)

This ensures:

  • Root changes revoke access immediately
  • No restart needed when roots are updated
  • CLI-only fallback still works when roots aren't available

Fixes #3613

@ctonneslan
fix(git): validate repo_path against current roots on every tool call
e820453 
Previously, call_tool only validated repo_path against the CLI
--repository argument. When roots changed at runtime (e.g. client
removes a root), a repo that was previously reachable could still
be accessed in subsequent tool calls.

Now validates repo_path against the full list of allowed repos
(both roots and CLI) on every tool call, ensuring root changes
revoke access immediately without requiring a restart.

Fixes modelcontextprotocol#3613
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Enforce current roots on every git tool call

1 participant

@ctonneslan