**feat(git-ops): enhance MCP server with Git provider updates and SSRF protection**

- Added `mcp-git-ops` service to `docker-compose.dev.yml` with health checks and configurations.
- Integrated SSRF protection in repository URL validation for enhanced security.
- Expanded `pyproject.toml` mypy settings and adjusted code to meet stricter type checking.
- Improved workspace management and GitWrapper operations with error handling refinements.
- Updated input validation, branching, and repository operations to align with new error structure.
- Shut down thread pool executor gracefully during server cleanup.

docker-compose.dev.yml

@@ -96,6 +96,38 @@ services:
       - app-network
     restart: unless-stopped
 
+  mcp-git-ops:
+    build:
+      context: ./mcp-servers/git-ops
+      dockerfile: Dockerfile
+    ports:
+      - "8003:8003"
+    env_file:
+      - .env
+    environment:
+      # GIT_OPS_ prefix required by pydantic-settings config
+      - GIT_OPS_HOST=0.0.0.0
+      - GIT_OPS_PORT=8003
+      - GIT_OPS_REDIS_URL=redis://redis:6379/3
+      - GIT_OPS_GITEA_BASE_URL=${GITEA_BASE_URL}
+      - GIT_OPS_GITEA_TOKEN=${GITEA_TOKEN}
+      - GIT_OPS_GITHUB_TOKEN=${GITHUB_TOKEN}
+      - ENVIRONMENT=development
+    volumes:
+      - git_workspaces_dev:/workspaces
+    depends_on:
+      redis:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "python", "-c", "import httpx; httpx.get('http://localhost:8003/health').raise_for_status()"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+    networks:
+      - app-network
+    restart: unless-stopped
+
   backend:
     build:
       context: ./backend
@@ -119,6 +151,7 @@ services:
       # MCP Server URLs
       - LLM_GATEWAY_URL=http://mcp-llm-gateway:8001
       - KNOWLEDGE_BASE_URL=http://mcp-knowledge-base:8002
+      - GIT_OPS_URL=http://mcp-git-ops:8003
     depends_on:
       db:
         condition: service_healthy
@@ -128,6 +161,8 @@ services:
         condition: service_healthy
       mcp-knowledge-base:
         condition: service_healthy
+      mcp-git-ops:
+        condition: service_healthy
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
       interval: 10s
@@ -155,6 +190,7 @@ services:
       # MCP Server URLs (agents need access to MCP)
       - LLM_GATEWAY_URL=http://mcp-llm-gateway:8001
       - KNOWLEDGE_BASE_URL=http://mcp-knowledge-base:8002
+      - GIT_OPS_URL=http://mcp-git-ops:8003
     depends_on:
       db:
         condition: service_healthy
@@ -164,6 +200,8 @@ services:
         condition: service_healthy
       mcp-knowledge-base:
         condition: service_healthy
+      mcp-git-ops:
+        condition: service_healthy
     networks:
       - app-network
     command: ["celery", "-A", "app.celery_app", "worker", "-Q", "agent", "-l", "info", "-c", "4"]
@@ -181,11 +219,14 @@ services:
       - DATABASE_URL=${DATABASE_URL}
       - REDIS_URL=redis://redis:6379/0
       - CELERY_QUEUE=git
+      - GIT_OPS_URL=http://mcp-git-ops:8003
     depends_on:
       db:
         condition: service_healthy
       redis:
         condition: service_healthy
+      mcp-git-ops:
+        condition: service_healthy
     networks:
       - app-network
     command: ["celery", "-A", "app.celery_app", "worker", "-Q", "git", "-l", "info", "-c", "2"]
@@ -260,6 +301,7 @@ services:
 volumes:
   postgres_data_dev:
   redis_data_dev:
+  git_workspaces_dev:
   frontend_dev_modules:
   frontend_dev_next: