**feat(git-ops): enhance MCP server with Git provider updates and SSRF protection**

- Added `mcp-git-ops` service to `docker-compose.dev.yml` with health checks and configurations.
- Integrated SSRF protection in repository URL validation for enhanced security.
- Expanded `pyproject.toml` mypy settings and adjusted code to meet stricter type checking.
- Improved workspace management and GitWrapper operations with error handling refinements.
- Updated input validation, branching, and repository operations to align with new error structure.
- Shut down thread pool executor gracefully during server cleanup.

mcp-servers/git-ops/providers/base.py

@@ -44,9 +44,7 @@ class BaseProvider(ABC):
     # Repository operations
 
     @abstractmethod
-    async def get_repo_info(
-        self, owner: str, repo: str
-    ) -> dict[str, Any]:
+    async def get_repo_info(self, owner: str, repo: str) -> dict[str, Any]:
         """
         Get repository information.
 
@@ -60,9 +58,7 @@ class BaseProvider(ABC):
         ...
 
     @abstractmethod
-    async def get_default_branch(
-        self, owner: str, repo: str
-    ) -> str:
+    async def get_default_branch(self, owner: str, repo: str) -> str:
         """
         Get the default branch for a repository.
 
@@ -112,9 +108,7 @@ class BaseProvider(ABC):
         ...
 
     @abstractmethod
-    async def get_pr(
-        self, owner: str, repo: str, pr_number: int
-    ) -> GetPRResult:
+    async def get_pr(self, owner: str, repo: str, pr_number: int) -> GetPRResult:
         """
         Get a pull request by number.
 
@@ -209,9 +203,7 @@ class BaseProvider(ABC):
         ...
 
     @abstractmethod
-    async def close_pr(
-        self, owner: str, repo: str, pr_number: int
-    ) -> UpdatePRResult:
+    async def close_pr(self, owner: str, repo: str, pr_number: int) -> UpdatePRResult:
         """
         Close a pull request without merging.
 
@@ -228,9 +220,7 @@ class BaseProvider(ABC):
     # Branch operations via API (for operations that need to bypass local git)
 
     @abstractmethod
-    async def delete_remote_branch(
-        self, owner: str, repo: str, branch: str
-    ) -> bool:
+    async def delete_remote_branch(self, owner: str, repo: str, branch: str) -> bool:
         """
         Delete a remote branch via API.
 
@@ -379,9 +369,7 @@ class BaseProvider(ABC):
             return ssh_match.group(1), ssh_match.group(2)
 
         # Handle HTTPS URLs: https://host/owner/repo.git
-        https_match = re.match(
-            r"https?://[^/]+/([^/]+)/([^/]+?)(?:\.git)?$", repo_url
-        )
+        https_match = re.match(r"https?://[^/]+/([^/]+)/([^/]+?)(?:\.git)?$", repo_url)
         if https_match:
             return https_match.group(1), https_match.group(2)