From 3269185eb79f071ac740bf348640bd09f5a9c8e0 Mon Sep 17 00:00:00 2001
From: Aonan Guan <aonag@amazonwebservice.solutions>
Date: Mon, 29 Dec 2025 15:33:42 -0800
Subject: [PATCH] git: improve file path validation in add operation

Add validation to ensure file paths are within repository boundaries
before staging. This prevents potential issues with relative paths
and improves overall robustness of the git_add function.
---
 src/git/src/mcp_server_git/server.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/git/src/mcp_server_git/server.py b/src/git/src/mcp_server_git/server.py
index 58d8178d..78af1d56 100644
--- a/src/git/src/mcp_server_git/server.py
+++ b/src/git/src/mcp_server_git/server.py
@@ -132,6 +132,14 @@ def git_add(repo: git.Repo, files: list[str]) -> str:
     if files == ["."]:
         repo.git.add(".")
     else:
+        # Validate paths are within repository before adding
+        for file in files:
+            try:
+                repo.git.check_attr('-a', file)
+            except git.exc.GitCommandError as e:
+                if 'outside repository' in str(e):
+                    raise ValueError(f"Path '{file}' is outside repository")
+                raise
         repo.index.add(files)
     return "Files staged successfully"