Feat-mcp#2
Open
Huleinpylo wants to merge 22 commits into
Open
Conversation
- Add project structure for Model Context Protocol integration - Include comprehensive documentation and setup guides - Prepare foundation for OSINT intelligence gathering via MCP - Support for AI assistants like Claude, Cursor, and VS Code agents This commit establishes the foundation for GitOSINT-MCP addon that will enable: * Public repository intelligence gathering without authentication * Email discovery from Git commits and metadata * User profile analysis across Git platforms * Social network mapping between developers * Integration with AI agents through standardized MCP protocol
- Implement GitOSINTMCPServer with MCP protocol integration - Add comprehensive configuration management for addon - Support for 5 core MCP tools: analyze_repository, discover_user_info, find_emails, map_social_network, scan_security_issues - Include rate limiting, security controls, and platform-specific settings - Add CLI foundation for MCP server management This commit establishes the core MCP addon functionality: * Full MCP server implementation with async operation * Configurable security and rate limiting for safe OSINT * Support for multiple Git platforms (GitHub, GitLab, Bitbucket) * Modular analyzer architecture for extensibility * CLI interface for standalone operations and server management
- Add comprehensive RepositoryAnalyzer for MCP addon OSINT capabilities - Support multi-platform analysis (GitHub, GitLab, Bitbucket) - Include structured data extraction: repo info, contributors, languages - Implement async operations with rate limiting and security controls - Provide detailed vs basic analysis modes for different MCP use cases Core MCP addon features implemented: * Repository metadata extraction with contributor analysis * Programming language distribution statistics * Platform-agnostic URL parsing and API integration * Structured output optimized for AI assistant consumption * Error handling and logging for robust MCP server operation
…email discovery - Implement UserIntelligence module for comprehensive user profiling via MCP - Add EmailDiscovery engine with multiple OSINT techniques for MCP addon - Support cross-platform intelligence gathering (GitHub, GitLab, Bitbucket) - Include confidence scoring and validation for discovered information - Provide structured data outputs optimized for AI assistant consumption Key MCP addon intelligence capabilities: * User profile extraction with activity statistics and repository analysis * Email discovery from Git commits, documentation, and public profiles * Privacy-respecting approach using only publicly available data * Confidence scoring and validation for intelligence quality assessment * Async operations with proper error handling for robust MCP integration
…MCP addon - Implement SecurityScanner with comprehensive threat detection for MCP integration - Add secret detection patterns for AWS keys, GitHub tokens, API keys, and private keys - Include Docker and CI/CD security configuration analysis - Support vulnerability scanning of dependency files (package.json, requirements.txt) - Complete SocialMapper with basic network analysis framework for MCP addon Core MCP addon security capabilities: * Multi-pattern secret detection with confidence scoring * Suspicious file identification and malware pattern recognition * Security configuration analysis for Docker and CI/CD workflows * Risk level calculation and automated security recommendations * Privacy-respecting scanning of publicly available repository data * Structured output optimized for AI assistant security analysis
- Implement pytest-based test suite with fixtures and mocks for MCP addon - Add unit tests for configuration management and repository analyzer - Include test fixtures for GitHub API responses and sample data - Support integration testing with Docker Compose and mock services - Provide comprehensive test categories: unit, integration, security, performance Key MCP addon testing capabilities: * Complete test configuration with async support and MCP-specific fixtures * Mock GitHub API responses for consistent testing without rate limits * Configuration validation tests ensuring robust MCP addon setup * Repository analyzer tests covering URL parsing and data extraction * Docker-based testing environment for isolated and reproducible tests * Test categorization with pytest markers for selective test execution
- Add comprehensive Quick Start Guide for immediate MCP addon usage - Include step-by-step setup instructions for all major AI assistants - Provide troubleshooting section with common issues and solutions - Create AUTHORS.md recognizing contributors and project attribution - Complete documentation ecosystem for GitOSINT-MCP addon Final MCP addon documentation includes: * Quick start guide with 5-minute setup for Claude Desktop, VS Code, Cursor * Example conversations showing real OSINT intelligence gathering scenarios * Comprehensive testing instructions and troubleshooting solutions * Community contribution guidelines and recognition framework * Complete project attribution acknowledging open source dependencies
GitOSINT-MCP CI/CD Pipeline
- Added Docker Compose setup (`docker-compose.yml`) - Added installation script (`install.sh`) - Updated dependencies in `requirements.txt` - Enhanced CLI functionality in `src/gitosint_mcp/cli.py` - Introduced configuration management in `src/gitosint_mcp/config.py` - Improved server logic in `src/gitosint_mcp/server.py` - Added basic unit test (`tests/unit/basic.py`) - Updated configuration tests (`tests/unit/test_config.py`)
…orrectly fix: Update tests to validate MCP configuration
…n permissions Potential fix for code scanning alert no. 8: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
|
|
||
| jobs: | ||
| test: | ||
| name: Run Tests |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions
| file_findings = self._detect_secrets_in_content(content, file_path) | ||
| findings.extend(file_findings) | ||
| except Exception as e: | ||
| logger.debug(f"MCP: Could not scan {file_path} for secrets: {str(e)}") |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information
| owner, repo = path_parts[0], path_parts[1] | ||
|
|
||
| # Determine platform and API endpoint | ||
| if 'github.com' in parsed_url.netloc: |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization
| # Determine platform and API endpoint | ||
| if 'github.com' in parsed_url.netloc: | ||
| return await self._analyze_github_repo(owner, repo) | ||
| elif 'gitlab.com' in parsed_url.netloc: |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization
| def assert_valid_github_url(url): | ||
| """Assert that a string is a valid GitHub URL""" | ||
| assert_valid_url(url) | ||
| assert "github.com" in url |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization
| def assert_valid_gitlab_url(url): | ||
| """Assert that a string is a valid GitLab URL""" | ||
| assert_valid_url(url) | ||
| assert "gitlab.com" in url |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fix: Update tests to validate MCP configuration