-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsafety.json.example
More file actions
107 lines (96 loc) · 4.08 KB
/
safety.json.example
File metadata and controls
107 lines (96 loc) · 4.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
{
"_comment": "MCP GitHub Server v3.0 - Safety Configuration",
"_documentation": "https://github.com/jotajotape/github-go-server-mcp",
"mode": "moderate",
"_mode_options": ["strict", "moderate", "permissive", "disabled"],
"_mode_description": {
"strict": "Maximum safety - requires confirmation for all MEDIUM+ operations, enables all validations",
"moderate": "Balanced safety - requires confirmation for HIGH+ operations, standard validations (recommended)",
"permissive": "Minimal safety - only confirms CRITICAL operations, lighter validations",
"disabled": "No safety checks - all operations execute immediately (⚠️ NOT RECOMMENDED)"
},
"enable_audit_log": true,
"_audit_description": "Logs all administrative operations to mcp-admin-audit.log with automatic rotation",
"require_confirmation_above": 3,
"_confirmation_levels": {
"1": "LOW - Read-only operations (never require confirmation)",
"2": "MEDIUM - Reversible changes (add collaborator, create webhook)",
"3": "HIGH - Impacts collaboration (remove collaborator, delete webhook)",
"4": "CRITICAL - Irreversible or high security (delete repository, archive)"
},
"_confirmation_description": "Operations at or above this risk level require confirmation tokens",
"enable_auto_backup": false,
"_backup_description": "Automatically create backups before destructive operations (planned for future release)",
"audit_log_path": "./mcp-admin-audit.log",
"_audit_path_description": "Path to audit log file (relative or absolute)",
"audit_log_max_size_mb": 10,
"_audit_max_size_description": "Maximum size of audit log before rotation (in megabytes)",
"audit_log_max_backups": 5,
"_audit_backups_description": "Number of rotated log files to keep",
"_examples": {
"strict_mode": {
"mode": "strict",
"enable_audit_log": true,
"require_confirmation_above": 2,
"enable_auto_backup": true
},
"development_mode": {
"mode": "permissive",
"enable_audit_log": true,
"require_confirmation_above": 4,
"enable_auto_backup": false
},
"production_mode": {
"mode": "moderate",
"enable_audit_log": true,
"require_confirmation_above": 3,
"enable_auto_backup": true
}
},
"_operations_by_risk_level": {
"LOW (1)": [
"github_get_repo_settings",
"github_get_branch_protection",
"github_list_webhooks",
"github_list_collaborators",
"github_check_collaborator",
"github_test_webhook",
"github_list_invitations",
"github_list_repo_teams"
],
"MEDIUM (2)": [
"github_update_repo_settings",
"github_create_webhook",
"github_update_webhook",
"github_add_collaborator",
"github_update_collaborator_permission",
"github_accept_invitation",
"github_cancel_invitation",
"github_add_repo_team"
],
"HIGH (3)": [
"github_update_branch_protection",
"github_delete_webhook",
"github_remove_collaborator"
],
"CRITICAL (4)": [
"github_archive_repository",
"github_delete_repository",
"github_delete_branch_protection"
]
},
"_security_features": {
"parameter_validation": "Validates all operation parameters (owner, repo, username, etc.)",
"path_traversal_prevention": "Blocks attempts to use '..' or '/' in repository/owner names",
"command_injection_protection": "Prevents shell metacharacters in parameters",
"ssrf_prevention": "Validates webhook URLs to prevent localhost/private IP access",
"confirmation_tokens": "Single-use SHA256 tokens with 5-minute expiration for high-risk operations",
"audit_trail": "JSON logs with timestamps, operation details, and rollback commands",
"dry_run_mode": "Preview operations before execution (default for destructive actions)"
},
"_usage": {
"placement": "Copy this file to 'safety.json' in the same directory as github-mcp-server-v3.exe",
"override": "You can override the path using the --safety-config flag",
"defaults": "If no config file exists, the server uses moderate mode with audit logging enabled"
}
}