An MCP server that gives AI agents deep git intelligence about any repo — history, blame, hotspots, ownership, and diffs since any ref.

Most git MCP servers turn an agent into a git CLI wrapper — commit, push, merge, rebase. gitpulse-mcp is different: it is read-only and analytical. It applies the "Code as a Crime Scene" / code-forensics school of analysis (churn, ownership, hotspots, bus-factor) and exposes it as clean, structured MCP tools your agent can reason about.

Ask high-level questions and get ranked, ready-to-use answers:

• "What are the riskiest files in this repo?" → risk-scored hotspots
• "Who should review this change?" → blame summary + line-level authorship
• "What's fragile if someone leaves?" → knowledge-silo / bus-factor detection
• "What changed since v1.2.0?" → diff since any ref, grouped by area
• "When was this code introduced?" → commit search with git pickaxe

No install needed — run it straight from npm:

npx gitpulse-mcp

Or install globally:

npm install -g gitpulse-mcp
gitpulse-mcp --help

It's an MCP stdio server: it talks JSON-RPC over stdin/stdout and is meant to be launched by an MCP client (Claude Code, Cursor, etc.), not run by hand. By default it analyzes the current working directory; pass --repo <path> to point it elsewhere. Every tool also accepts a per-call repoPath.

claude mcp add gitpulse -- npx -y gitpulse-mcp

Or add it to your MCP config JSON manually (see below).

Add this to your client's MCP servers config (e.g. claude_desktop_config.json, or Cursor's mcp.json):

{
  "mcpServers": {
    "gitpulse": {
      "command": "npx",
      "args": ["-y", "gitpulse-mcp"]
    }
  }
}

To pin a default repository for the server:

{
  "mcpServers": {
    "gitpulse": {
      "command": "npx",
      "args": ["-y", "gitpulse-mcp", "--repo", "/absolute/path/to/your/repo"]
    }
  }
}

On Windows, an absolute path looks like "C:\\Users\\you\\projects\\repo" (escape the backslashes in JSON), or use forward slashes.

Tip: if a tool call omits repoPath, the server uses --repo (or its current working directory). Most clients launch MCP servers from the open project folder, so it usually "just works".

Every tool returns both a human-readable markdown summary (content[0].text) and machine-parseable structuredContent. All tools are read-only and accept an optional repoPath.

Quick vitals for a repo — ideal first call to orient in an unfamiliar codebase.

Returns: branch, HEAD, total commits, contributor count, active span, latest tags, most-changed files.

Summarize recent commits for a branch/ref, with stats.

Find the riskiest files: ranked by change frequency × file size — the classic code-forensics hotspot signal for where bugs and rework concentrate.

Returns each hotspot's churn (commit count), current line count, distinct authors, last-changed date, and a normalized riskScore (0–100).

Per-file blame rolled up by author — who owns how many current lines, their share %, and last-touched date. Flags knowledge concentration.

Contributor/ownership map + bus-factor detection: flags "knowledge silos" — files where a single author wrote most changes.

Everything that changed between a base ref and HEAD (or another ref): commits, files, +/- stats, grouped by directory. Great for "what's in this release/PR".

Search history by message, author, or code change (git pickaxe). Code mode finds when a string/symbol was introduced or removed.

Line-level blame for a file + range: the commits/authors responsible, with a suggested reviewer.

Once gitpulse is connected, try asking your agent:

• "Use gitpulse to show me the top 10 hotspots in this repo and explain the riskiest one."
• "Which files are bus-factor risks here? Who owns them?"
• "Summarize everything that changed since the v1.0.0 tag."
• "Who last touched lines 40–80 of src/server.ts? Suggest a reviewer."
• "Find the commit that introduced the string LEGACY_FLAG."

Hotspots combine two signals from decades of empirical software research:

1. Churn — how many commits touched the file in the analysis window.
2. Size/complexity — current line count (a fast, language-agnostic complexity proxy).

riskScore = normalize(churn × size) to 0–100 across the analyzed set. Files that are both frequently changed and large are where defects and rework cluster — exactly where an agent (or human) should focus tests and review. This is the core idea behind tools like CodeScene and Code Maat, made available to AI agents over MCP.

Does it modify my repository? No. gitpulse-mcp is strictly read-only — it only runs read commands (log, blame, diff, rev-parse, …). It never writes, commits, or pushes.

Is it safe from command injection? Yes, on two levels. (1) Shell injection: all git invocations use execFile with an explicit argument array — no shell is involved, so arguments are never interpreted by a shell. (2) Git option injection: user-supplied refs are validated (rejected if they start with - or contain control characters), placed after git's --end-of-options / -- sentinels, and a central allowlist in the exec layer refuses any unexpected option-shaped argument. This prevents tricks like passing --output=/--contents= as a "ref" to write or read arbitrary files.

Does it work on Windows? Yes — it's tested on Windows, macOS, and Linux in CI. It shells out to your installed git, so just make sure git is on your PATH.

Do I need to clone a repo first? It analyzes a local git repository (the one you point it at). It does not fetch remote repos for you.

What if the repo is huge? git is fast and each call has timeouts + large buffers. For very large histories, narrow the window with since / path parameters.

Does it require GitHub? No. It works with any local git repository regardless of where it's hosted.

git clone https://github.com/ATOM00blue/gitpulse-mcp.git
cd gitpulse-mcp
npm install
npm run build      # compile TypeScript -> dist/
npm test           # run the vitest suite
npm run smoke      # spawn the server and exercise tools end-to-end
npm run lint       # eslint

See CONTRIBUTING.md for more.

Issues and PRs welcome! See CONTRIBUTING.md.

MIT © 2026 ATOM00blue