Expand description
mkit mcp — a local Model Context Protocol server over stdio.
Exposes a conservative subset of mkit as MCP tools so LLM agents can
read, search, and manipulate local mkit repositories — the mkit
analog of the reference mcp-server-git. Design choices follow that
template where it is right and diverge where mkit is stronger:
- Local + stdio. Newline-delimited JSON-RPC 2.0 on stdin/stdout, processed sequentially. No async runtime: the loop is plain blocking I/O, keeping the default build tokio-free.
- Subprocess execution. Each tool call re-invokes this same
binary (
std::env::current_exe()) with a structured argv — never a shell — capturing stdout/stderr and the sysexits code. The MCP loop owns this process’s stdout for the protocol, so tools must not print here; subprocess isolation guarantees that, and the server version always equals the CLI version. - Conservative surface. Like the git template: no network ops
(push/pull/fetch/clone), no history surgery (merge/rebase/
cherry-pick/revert), no worktree destruction (reset –hard /
clean / rm). The server never passes
-f/--force, so mkit’s own data-loss guards remain the backstop. Unlike the template: first-class signing + attestation tools — the reason mkit exists. - Scoping.
--repository <path>confines everyrepo_pathargument (symlink-resolved) to that root. Without the flag any path the process can reach is allowed (client-trust mode), same as the git template. - Injection defense. Path/ref-like arguments are rejected if
they begin with
-so a value can never be parsed as a flag by the child CLI (which has no--separator onadd).
Functions§
- run
- Entry point for
mkit mcp.