Commit graph

5 commits

Author SHA1 Message Date
Evgeny Boger
ca5be5bf71 Remove token refresh logic, use non-expiring tokens
Expiring user tokens with refresh broke when multiple repos were used:
each device flow revoked previous refresh tokens, causing 500 errors
on every refresh attempt. Switched to non-expiring tokens (opt out of
"User-to-server token expiration" in the GitHub App settings) which
coexist across multiple device flows without revoking each other.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 15:00:46 +03:00
Evgeny Boger
3e0b2f297f Improve token refresh log messages for better visibility
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-22 16:50:38 +03:00
Evgeny Boger
a4e45172ff Copy device flow user code to clipboard automatically
Uses pbcopy/xclip/xsel/wl-copy if available. Only shows
"(copied to clipboard)" when a tool was found and succeeded.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-22 02:49:36 +03:00
Evgeny Boger
e0e3e93d77 Retry GitHub 5xx errors and save HTML error pages to disk
Instead of forwarding raw HTML error pages from GitHub to the client
(which dumps unreadable HTML on screen), save them to timestamped files
and retry with exponential backoff (1s, 2s, 4s, up to 4 attempts).
After exhausting retries, return a clean short error message.

Applies to all three GitHub-facing scripts:
- github-mcp-proxy.py (MCP tool calls)
- github-git-proxy.py (git push/pull)
- github_app_token_demo.py (OAuth token generation)

Also fixes connection leaks on exception paths in both proxy files
and adds URLError handling in the token demo for network-level failures.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-22 02:45:03 +03:00
Evgeny Boger
967bc51256 Add GitHub MCP proxy with security hardening
Defense-in-depth repo scope enforcement for the GitHub MCP proxy:
- Default-deny for unknown tools (allowlist of known tools)
- Search query scoping: auto-inject repo:OWNER/REPO, block org:/user: qualifiers
- Block non-repo-scoped tools (search_users, search_orgs, get_teams, etc.)
- Inject owner/repo when tools omit them
- Server-side tool filtering via X-MCP-Toolsets/Tools/Readonly/Lockdown headers
- Sensible default toolsets: repos,issues,pull_requests,git,labels
- Lockdown mode enabled by default
- VM cannot override X-MCP-* headers
- Skip body re-serialization when unmodified

Also adds GitHub App token generation scripts and comprehensive tests
(unit + end-to-end with mock upstream server).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 02:33:46 +03:00