GITLAB_AI_CATALOGgitlab-mcp
Rank
83
A Model Context Protocol (MCP) server for GitLab
Traction
No public download signal
Freshness
Updated 2d ago
MCP
Crawler Summary
git-steer answer-first brief
Self-hosting GitHub autonomy engine. The skid steer for your repos. git-steer <img src="git-steer-banner.svg" width="100%"> **Self-hosting GitHub autonomy engine.** A skid steer for your repos. git-steer gives you 100% autonomous control over your GitHub account through a Model Context Protocol (MCP) server. Manage repos, branches, security, Actions — everything — through natural language. Rate-limit-hardened from the ground up: ETag caching, GraphQL batching, concurrency caps, and c Capability contract not published. No trust telemetry is available yet. 1 GitHub stars reported by the source. Last updated 2/25/2026.
Freshness
Last checked 2/25/2026
Best For
git-steer is best for github, automation, mcp workflows where MCP compatibility matters.
Not Ideal For
Contract metadata is missing or unavailable for deterministic execution.
Evidence Sources Checked
editorial-content, GITHUB MCP, runtime-metrics, public facts pack
Agent DossierGitHubSafety: 89/100
git-steer
Self-hosting GitHub autonomy engine. The skid steer for your repos. git-steer <img src="git-steer-banner.svg" width="100%"> **Self-hosting GitHub autonomy engine.** A skid steer for your repos. git-steer gives you 100% autonomous control over your GitHub account through a Model Context Protocol (MCP) server. Manage repos, branches, security, Actions — everything — through natural language. Rate-limit-hardened from the ground up: ETag caching, GraphQL batching, concurrency caps, and c
MCPself-declared
Public facts
5
Change events
1
Artifacts
0
Freshness
Feb 25, 2026
Verifiededitorial-contentNo verified compatibility signals1 GitHub stars
Capability contract not published. No trust telemetry is available yet. 1 GitHub stars reported by the source. Last updated 2/25/2026.
1 GitHub starsTrust evidence available
Trust score
Unknown
Compatibility
MCP
Freshness
Feb 25, 2026
Vendor
Ry Ops
Artifacts
0
Benchmarks
0
Last release
0.3.0
Executive Summary
Key links, install path, and a quick operational read before the deeper crawl record.
Summary
Capability contract not published. No trust telemetry is available yet. 1 GitHub stars reported by the source. Last updated 2/25/2026.
Setup snapshot
git clone https://github.com/ry-ops/git-steer.git- 1
Setup complexity is MEDIUM. Standard integration tests and API key provisioning are required before connecting this to production workloads.
- 2
Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.
Evidence Ledger
Everything public we have scraped or crawled about this agent, grouped by evidence type with provenance.
Vendor (1)
Vendor
Ry Ops
profilemedium
Compatibility (1)
Protocol compatibility
MCP
contractmedium
Adoption (1)
Adoption signal
1 GitHub stars
profilemedium
Security (1)
Handshake status
UNKNOWN
trustmedium
Integration (1)
Crawlable docs
6 indexed pages on the official domain
search_documentmedium
Release & Crawl Timeline
Merged public release, docs, artifact, benchmark, pricing, and trust refresh events.
Artifacts Archive
Extracted files, examples, snippets, parameters, dependencies, permissions, and artifact metadata.
Extracted files
0
Examples
6
Snippets
0
Languages
typescript
Executable Examples
text
┌─────────────────────────────────────────────────────────────────┐
│ YOUR MAC │
│ │
│ Keychain: │
│ - GitHub App private key │
│ - App ID / Installation ID │
│ │
│ $ npx git-steer (stdio → Claude Desktop) │
│ $ npx git-steer --http (portal → localhost:3333) │
│ │ │
│ ├─► Pulls itself from ry-ops/git-steer │
│ ├─► Pulls state from ry-ops/git-steer-state │
│ ├─► Runs MCP server in-memory (rate-limit-aware) │
│ └─► Commits state changes back on shutdown │
│ │
└─────────────────────────────────────────────────────────────────┘
│
Throttled, ETag-cached,
GraphQL-batched API calls
│
▼
┌─────────────────────────────────────────────────────────────────┐
│ GITHUB │
│ │
│ ry-ops/git-steer (source of truth for code) │
│ │ │
│ ry-ops/git-steer-state (private repo) │
│ ├── config/ │
│ │ ├── policies.yaml (branch protection templates) │
│ │ ├── schedules.yaml (job definitions) │
│ │ └── managed-repos.yaml (what git-steer controls) │
│ ├── state/ text
┌─────────────────────────────────────────────────────────────────┐
│ YOUR MAC (MCP triggers intent) │
│ │
│ Claude: "Fix security vulnerabilities in cortex" │
│ │ │
│ ▼ │
│ git-steer MCP: security_fix_pr(repo: "cortex", ...) │
│ │ │
│ └─► Dispatches workflow to GitHub Actions │
└─────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────┐
│ GITHUB ACTIONS (ephemeral compute) │
│ │
│ .github/workflows/security-fix.yml: │
│ - Checkout target repo │
│ - Update dependencies │
│ - npm install / uv lock │
│ - Run tests │
│ - Create branch, commit, push │
│ - Open PR │
│ - Report status back to git-steer-state │
└─────────────────────────────────────────────────────────────────┘bash
# First time setup npx git-steer init # This will: # 1. Create a GitHub App with required permissions # 2. Install it to your account # 3. Create a private git-steer-state repo # 4. Store credentials in macOS Keychain # Start the MCP server npx git-steer
text
┌─────────────────────────────────────────────────────────────────┐
│ API SAFETY STACK (v0.3.0) │
│ │
│ Layer 1 — Throttle/Retry plugins │
│ Primary rate limit (429) → auto-retry up to 4× │
│ Secondary rate limit (403) → always back off + retry │
│ Transient 5xx / network → exponential backoff │
│ │
│ Layer 2 — Concurrency caps (p-limit) │
│ Write ops (issues, PRs, blobs) → max 2 concurrent │
│ Read ops (scans, fetches, lists) → max 8 concurrent │
│ Search API → max 1 (serial) │
│ │
│ Layer 3 — ETag conditional caching │
│ Contents API reads send If-None-Match │
│ 304 Not Modified → cached content, reduced rate cost │
│ ETag map persisted to cache.json across restarts │
│ │
│ Layer 4 — GraphQL batching │
│ Owner resolution → viewer { login } (1 call, not N) │
│ Branch listing → refs query (1 call, not N) │
│ Dependabot alerts → aliased batch (1 call, not N) │
│ │
│ Layer 5 — Rate budget visibility │
│ steer_status shows all buckets + % remaining + warnings │
│ Refreshed at startup and every 30 minutes │
│ Warns if any bucket falls below 15% │
│ │
│ Layer 6 — Audit telemetry │
│ Every audit.jsonl entrytext
# Process a large fleet in chunks of 10 — safe on any account size
security_sweep({ severity: "critical", chunkSize: 10 })
→ { hasMore: true, nextIndex: 10, totalRepos: 47, ... }
# Resume from where you left off (cursor persisted to GitHub)
security_sweep({ resume: true })
→ { hasMore: true, nextIndex: 20, totalRepos: 47, ... }
# Skip repos swept in the last 6 hours (polling-fallback)
security_sweep({ skipRecentHours: 6 })text
steer_status()
→ {
rateLimit: {
buckets: {
core: { remaining: 4823, limit: 5000, percentRemaining: 96 },
graphql: { remaining: 4950, limit: 5000, percentRemaining: 99 },
search: { remaining: 28, limit: 30, percentRemaining: 93 },
code_scanning: { remaining: 999, limit: 1000, percentRemaining: 99 }
},
warnings: [], // populated when any bucket < 15%
hasWarnings: false
}
}Docs & README
Full documentation captured from public sources, including the complete README when available.
Docs source
GITHUB MCP
Editorial quality
ready
Self-hosting GitHub autonomy engine. The skid steer for your repos. git-steer <img src="git-steer-banner.svg" width="100%"> **Self-hosting GitHub autonomy engine.** A skid steer for your repos. git-steer gives you 100% autonomous control over your GitHub account through a Model Context Protocol (MCP) server. Manage repos, branches, security, Actions — everything — through natural language. Rate-limit-hardened from the ground up: ETag caching, GraphQL batching, concurrency caps, and c
Full README
git-steer
<img src="git-steer-banner.svg" width="100%">Self-hosting GitHub autonomy engine. A skid steer for your repos.
git-steer gives you 100% autonomous control over your GitHub account through a Model Context Protocol (MCP) server. Manage repos, branches, security, Actions — everything — through natural language. Rate-limit-hardened from the ground up: ETag caching, GraphQL batching, concurrency caps, and chunked execution keep it well inside GitHub's API guardrails at any fleet size.
Philosophy: Zero Footprint
Your machine steers. GitHub does everything else.
Nothing lives locally — no cloned repos, no config files, no build artifacts. git-steer treats your Mac as a thin control plane and GitHub as the entire runtime.
- Zero local code: No repos cloned, no
node_modules, no lock files - Keychain only: GitHub App credentials in macOS Keychain — nothing else on disk
- Git as database: All config, state, and audit logs live in a private GitHub repo
- Actions as compute: Dependency fixes, linting, and PRs happen in ephemeral cloud runners
- Rate-limit-hardened: Throttle/retry plugins, ETag caching, GraphQL batching, concurrency caps — safe at any fleet size
┌─────────────────────────────────────────────────────────────────┐
│ YOUR MAC │
│ │
│ Keychain: │
│ - GitHub App private key │
│ - App ID / Installation ID │
│ │
│ $ npx git-steer (stdio → Claude Desktop) │
│ $ npx git-steer --http (portal → localhost:3333) │
│ │ │
│ ├─► Pulls itself from ry-ops/git-steer │
│ ├─► Pulls state from ry-ops/git-steer-state │
│ ├─► Runs MCP server in-memory (rate-limit-aware) │
│ └─► Commits state changes back on shutdown │
│ │
└─────────────────────────────────────────────────────────────────┘
│
Throttled, ETag-cached,
GraphQL-batched API calls
│
▼
┌─────────────────────────────────────────────────────────────────┐
│ GITHUB │
│ │
│ ry-ops/git-steer (source of truth for code) │
│ │ │
│ ry-ops/git-steer-state (private repo) │
│ ├── config/ │
│ │ ├── policies.yaml (branch protection templates) │
│ │ ├── schedules.yaml (job definitions) │
│ │ └── managed-repos.yaml (what git-steer controls) │
│ ├── state/ │
│ │ ├── jobs.jsonl (job history, append-only) │
│ │ ├── audit.jsonl (action log + rate telemetry) │
│ │ ├── rfcs.jsonl (RFC lifecycle tracking) │
│ │ ├── quality.jsonl (linter/SAST results) │
│ │ └── cache.json (ETag map + sweep cursor) │
│ └── .github/workflows/ │
│ └── heartbeat.yml (scheduled triggers) │
│ │
└─────────────────────────────────────────────────────────────────┘
How Code Changes Work
When you ask git-steer to fix security vulnerabilities or make other code changes, it dispatches a GitHub Actions workflow instead of cloning code locally:
┌─────────────────────────────────────────────────────────────────┐
│ YOUR MAC (MCP triggers intent) │
│ │
│ Claude: "Fix security vulnerabilities in cortex" │
│ │ │
│ ▼ │
│ git-steer MCP: security_fix_pr(repo: "cortex", ...) │
│ │ │
│ └─► Dispatches workflow to GitHub Actions │
└─────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────┐
│ GITHUB ACTIONS (ephemeral compute) │
│ │
│ .github/workflows/security-fix.yml: │
│ - Checkout target repo │
│ - Update dependencies │
│ - npm install / uv lock │
│ - Run tests │
│ - Create branch, commit, push │
│ - Open PR │
│ - Report status back to git-steer-state │
└─────────────────────────────────────────────────────────────────┘
Your Mac stays clean. No node_modules. No Python venvs. No lock files. Just pure orchestration.
Quick Start
# First time setup
npx git-steer init
# This will:
# 1. Create a GitHub App with required permissions
# 2. Install it to your account
# 3. Create a private git-steer-state repo
# 4. Store credentials in macOS Keychain
# Start the MCP server
npx git-steer
Local Footprint
| Item | Location |
|------|----------|
| GitHub App ID | macOS Keychain |
| Installation ID | macOS Keychain |
| Private Key | macOS Keychain |
| Claude config | ~/Library/Application Support/Claude/claude_desktop_config.json |
That's it. No config files. No dotfiles. No ~/.git-steer. No cloned repos.
MCP Tools
Repository Management
repo_list- List all accessible repositoriesrepo_create- Create new repo (optionally from template)repo_archive- Archive a repositoryrepo_delete- Permanently delete (requires confirmation)repo_settings- Update repo settings
Branch Operations
branch_list- List branches with staleness info (GraphQL-batched)branch_protect- Apply protection rulesbranch_reap- Delete stale/merged branches (GraphQL-batched)
Security
security_scan- Scan repos for vulnerabilities with fix infosecurity_fix_pr- Dispatch workflow to fix vulnerabilitiessecurity_alerts- List Dependabot/code scanning alertssecurity_dismiss- Dismiss alert with reasonsecurity_digest- Summary across all managed repossecurity_enforce- Ensure Dependabot alerts + automated fixes are enabled on all managed repos
Autonomous Security Operations (v0.3.0)
security_sweep- Full autonomous pipeline: scan repos, create RFC issues, dispatch fix workflows, track everything — in one call. Supports chunked execution for large fleets and resume across sessionscode_quality_sweep- Run linters/SAST (ESLint, Ruff, gosec, Bandit) on repos via GitHub Actionsreport_generate- Generate compliance reports (executive summary, change records, vulnerability report, full audit)dashboard_generate- Generate an interactive BI-style security dashboard, deployed to GitHub Pages
GitHub Actions
actions_workflows- List workflowsactions_trigger- Manually trigger a workflowactions_secrets- Manage Actions secretsworkflow_status- Check status of dispatched workflows
File Operations
repo_commit- Commit files directly via GitHub API (no local clone)repo_read_file- Read a file from a repository (ETag-cached)repo_list_files- List files in a directory
Code Review
code_review- Run AI-powered code review using CodeRabbit CLI
Configuration & Observability
config_show- Display current configconfig_add_repo- Add repo to managed list (auto-enables Dependabot)config_remove_repo- Remove from managed liststeer_status- Health check with full rate limit budget (all buckets, % remaining, warnings)steer_sync- Force save state to GitHubsteer_logs- View audit log with rate limit telemetry
v0.3.0: Rate-Limit Hardened
v0.3.0 is a full API safety overhaul. git-steer now operates conservatively enough to run on large fleets without triggering GitHub's secondary rate limits or abuse detection.
What Changed
┌─────────────────────────────────────────────────────────────────┐
│ API SAFETY STACK (v0.3.0) │
│ │
│ Layer 1 — Throttle/Retry plugins │
│ Primary rate limit (429) → auto-retry up to 4× │
│ Secondary rate limit (403) → always back off + retry │
│ Transient 5xx / network → exponential backoff │
│ │
│ Layer 2 — Concurrency caps (p-limit) │
│ Write ops (issues, PRs, blobs) → max 2 concurrent │
│ Read ops (scans, fetches, lists) → max 8 concurrent │
│ Search API → max 1 (serial) │
│ │
│ Layer 3 — ETag conditional caching │
│ Contents API reads send If-None-Match │
│ 304 Not Modified → cached content, reduced rate cost │
│ ETag map persisted to cache.json across restarts │
│ │
│ Layer 4 — GraphQL batching │
│ Owner resolution → viewer { login } (1 call, not N) │
│ Branch listing → refs query (1 call, not N) │
│ Dependabot alerts → aliased batch (1 call, not N) │
│ │
│ Layer 5 — Rate budget visibility │
│ steer_status shows all buckets + % remaining + warnings │
│ Refreshed at startup and every 30 minutes │
│ Warns if any bucket falls below 15% │
│ │
│ Layer 6 — Audit telemetry │
│ Every audit.jsonl entry carries: │
│ rate_remaining, rate_reset, │
│ is_secondary_limit_hit, retry_count, backoff_ms │
│ │
│ Layer 7 — Chunked sweep + cursor │
│ security_sweep(chunkSize: 10) → processes 10 repos │
│ security_sweep(resume: true) → continues from cursor │
│ Cursor persisted to cache.json between sessions │
│ skipRecentHours → skip repos swept within N hours │
└─────────────────────────────────────────────────────────────────┘
security_sweep: Now Fleet-Safe
# Process a large fleet in chunks of 10 — safe on any account size
security_sweep({ severity: "critical", chunkSize: 10 })
→ { hasMore: true, nextIndex: 10, totalRepos: 47, ... }
# Resume from where you left off (cursor persisted to GitHub)
security_sweep({ resume: true })
→ { hasMore: true, nextIndex: 20, totalRepos: 47, ... }
# Skip repos swept in the last 6 hours (polling-fallback)
security_sweep({ skipRecentHours: 6 })
Rate Limit Visibility
steer_status()
→ {
rateLimit: {
buckets: {
core: { remaining: 4823, limit: 5000, percentRemaining: 96 },
graphql: { remaining: 4950, limit: 5000, percentRemaining: 99 },
search: { remaining: 28, limit: 30, percentRemaining: 93 },
code_scanning: { remaining: 999, limit: 1000, percentRemaining: 99 }
},
warnings: [], // populated when any bucket < 15%
hasWarnings: false
}
}
v0.2.0: Autonomous Security Operations
v0.2.0 added a fully autonomous security pipeline replacing manual repo-by-repo CVE sweeps with a single tool call.
Security Sweep Pipeline
security_sweep(severity: "high", repos: ["org/app1", "org/app2"])
What happens:
- Scans each repo for Dependabot alerts + CodeQL findings (GraphQL-batched)
- Creates ITIL-formatted RFC issues with CVE tables and risk assessments
- Dispatches a GitHub Actions workflow that fixes dependencies across all repos in parallel
- Workflow creates branches, commits fixes, opens PRs linked to RFC issues
- Heartbeat auto-triggers sweeps when new critical alerts appear
Code Quality
code_quality_sweep(owner: "org", repo: "app", tools: ["auto"])
Auto-detects language stack and runs appropriate linters (ESLint, Ruff, Bandit, gosec) via GitHub Actions.
Reports & Dashboard
report_generate(template: "executive-summary")
dashboard_generate()
- Reports: Executive summaries, change records, vulnerability reports, full audits — as markdown
- Dashboard: Interactive BI-style security dashboard deployed to GitHub Pages — view it live
Interactive Security Dashboard
<p align="center"> <img src="docs/images/dashboard-demo.gif" alt="git-steer dashboard demo" width="100%"> </p>A single dashboard_generate() call scans your repos, builds an interactive dashboard, and deploys it to GitHub Pages. Zero dependencies — all data embedded as JSON, rendered client-side with vanilla JS.
Key features:
- 5 interactive tabs: Overview, CVE Details, Repositories, Code Quality, About
- Global severity filter: Click CRITICAL/HIGH/MEDIUM/LOW to filter across all tabs
- Sortable tables: Click any column header to sort asc/desc
- Live search: Filter CVE and quality tables by typing
- Expandable repo cards: Click to drill into per-repo vulnerability details
- Hover tooltips: Hover metric cards to see what each metric means
- Run Security Scan: Trigger a workflow dispatch from the dashboard (requires PAT)
- CSV export: Download current tab data as CSV (respects active filters)
- Click-to-copy CVE IDs: Click any CVE link to copy to clipboard
- Keyboard shortcuts:
1-5switch tabs,Escclose modals,?show hints - Fullscreen mode: Toggle fullscreen from the header
- NVD links: Every CVE ID links directly to the NVD detail page
Daily Automated Pipeline
The full pipeline runs daily via the Heartbeat GitHub Actions workflow:
┌─────────────────────────────────────────────────────────────────┐
│ GITHUB ACTIONS (daily at 6 AM UTC) │
│ │
│ Heartbeat workflow: │
│ 1. Enforce Dependabot on all managed repos │
│ 2. Scan all repos for Dependabot alerts │
│ 3. Auto-trigger security sweep for critical alerts │
│ 4. Follow up on security PRs (merged/stale/conflict) │
│ 5. Regenerate dashboard from fresh data │
│ 6. Sync changelog entries to blog │
│ 7. Log heartbeat status (always, even on failure) │
│ │
│ No local machine needed. Everything runs in the cloud. │
└─────────────────────────────────────────────────────────────────┘
PR Lifecycle Tracking
Security PRs are tracked to completion automatically. The follow-up step:
- Merged PRs: marks RFC as fixed, computes MTTR, closes the RFC issue
- Stale PRs (>48h): nudges reviewers with a comment, adds
stalelabel - Merge conflicts: flags with a comment and
merge-conflictlabel - Closed without merge: resets RFC to open (fix failed, retry needed)
- Orphan scan: catches security PRs not linked to any RFC
Changelog Pipeline
Merged PRs across all managed repos are automatically turned into changelog entries and committed to the blog repo. The pipeline classifies PRs (feature/fix/improvement), generates frontmatter, and deduplicates by filename.
Example Usage
You: "List all my repos"
Claude: [calls repo_list]
You: "Scan all my repos for security vulnerabilities"
Claude: [calls security_scan with repo="*"]
You: "Fix the critical vulnerabilities in cortex"
Claude: [calls security_fix_pr - dispatches workflow to GitHub Actions]
You: "Check the status of the fix"
Claude: [calls workflow_status]
You: "Run a security sweep across all managed repos, 10 at a time"
Claude: [calls security_sweep with chunkSize=10, then resumes until done]
You: "What's my API rate limit headroom?"
Claude: [calls steer_status - shows all buckets with % remaining]
You: "Delete all branches older than 60 days in mcp-unifi, except main"
Claude: [calls branch_reap with daysStale=60, exclude=['main']]
You: "Archive my old-project repo"
Claude: [calls repo_archive]
Claude Desktop Integration
Add to ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"git-steer": {
"command": "npx",
"args": ["git-steer"]
}
}
}
Or use a local checkout:
{
"mcpServers": {
"git-steer": {
"command": "node",
"args": ["/path/to/git-steer/bin/cli.js", "start", "--stdio"]
}
}
}
GitHub App Permissions Required
The git-steer GitHub App needs these permissions:
- Repository: Read & Write (contents, metadata)
- Pull Requests: Read & Write
- Issues: Read & Write (for RFC tracking)
- Actions: Read & Write (for workflow dispatch)
- Dependabot alerts: Read & Write (for enabling vulnerability alerts)
- Code scanning alerts: Read (for CodeQL integration)
- Secrets: Read & Write (for Actions secrets)
- Administration: Read & Write (for repo settings)
- Pages: Read & Write (for dashboard deployment)
Setting Up Secrets
For the security-fix workflow to authenticate to target repos, add these secrets to the git-steer repo:
GIT_STEER_APP_ID- Your GitHub App IDGIT_STEER_PRIVATE_KEY- Your GitHub App private key
These allow the workflow to generate installation tokens for any repo in your installation.
Local Portal
git-steer includes an HTTP/SSE transport mode that exposes the MCP server as a local web portal:
# Start portal on default port 3333
git-steer start --http
# Custom port
git-steer start --http --port 8080
┌─────────────────────────────────────────────────────────────────┐
│ LOCAL PORTAL → http://localhost:3333 │
│ │
│ /dashboard Live security dashboard (rendered from state) │
│ /mcp Streamable HTTP MCP endpoint (protocol 2025-11) │
│ /sse Legacy SSE MCP endpoint (protocol 2024-11) │
│ /messages Legacy POST endpoint for SSE clients │
│ /health JSON status + active session count │
│ │
│ Use cases: │
│ - View the security dashboard without deploying to Pages │
│ - Connect any MCP-compatible client (not just Claude) │
│ - Run git-steer headless on a server or NAS │
│ - Script against the MCP API directly │
└─────────────────────────────────────────────────────────────────┘
The portal uses the same Keychain credentials, same state repo, and same rate-limit-hardened API stack as stdio mode. The dashboard at /dashboard renders live from in-memory state on every request — no GitHub Pages deployment needed.
Commands
git-steer init # First-time setup
git-steer # Start MCP server via stdio (Claude Desktop)
git-steer start --http # Start local portal on port 3333
git-steer start --http --port 8080 # Start portal on custom port
git-steer scan # Run security scan across all repos
git-steer scan --repo owner/name # Scan a specific repo
git-steer scan --severity critical # Filter by severity
git-steer status # Show status + rate limit budget
git-steer sync # Force sync state to GitHub
git-steer reset # Remove local credentials
Release History
| Version | Highlights |
|---------|------------|
| v0.3.0 | Rate-limit hardening: throttle/retry plugins, p-limit concurrency caps, ETag caching, GraphQL batching, chunked sweep with cursor, full audit telemetry |
| v0.2.0 | Autonomous security pipeline: sweep → RFC → fix PR → track MTTR. Dashboard, reports, code quality sweep |
| v0.1.0 | Manual security ops, branch management, repo settings, MCP server core |
npx git-steer@0.3 # v0.3.x (rate-limit hardened)
npx git-steer@0.2 # v0.2.x (autonomous security ops)
npx git-steer@0.1 # v0.1.x (manual security ops)
npx git-steer # latest
Offline Behavior
When offline, git-steer runs in read-only mode with cached state. Write operations queue until next online session. ETag cache remains valid across offline periods.
Security
- All GitHub API access through a dedicated GitHub App (not your personal token)
- Credentials stored in macOS Keychain (syncs via iCloud Keychain if enabled)
- Full audit log of all actions with rate limit telemetry in state repo
- No secrets in code or config files
- No code stored locally — everything ephemeral
- SSH commit signing enforced on main branch
License
MIT
Built by ry-ops
Contract & API
Machine endpoints, protocol fit, contract coverage, invocation examples, and guardrails for agent-to-agent use.
Contract coverage
Status
missing
Auth
None
Streaming
No
Data region
Unspecified
Protocol support
MCP: self-declared
Requires: none
Forbidden: none
Guardrails
Operational confidence: low
No positive guardrails captured.
Invocation examples
curl -s "https://xpersona.co/api/v1/agents/mcp-ry-ops-git-steer/snapshot"
curl -s "https://xpersona.co/api/v1/agents/mcp-ry-ops-git-steer/contract"
curl -s "https://xpersona.co/api/v1/agents/mcp-ry-ops-git-steer/trust"
Reliability & Benchmarks
Trust and runtime signals, benchmark suites, failure patterns, and practical risk constraints.
Trust signals
Handshake
UNKNOWN
Confidence
unknown
Attempts 30d
unknown
Fallback rate
unknown
Runtime metrics
Observed P50
unknown
Observed P95
unknown
Rate limit
unknown
Estimated cost
unknown
Do not use if
Contract metadata is missing or unavailable for deterministic execution.
No benchmark suites or observed failure patterns are available.
Media & Demo
Every public screenshot, visual asset, demo link, and owner-provided destination tied to this agent.
No screenshots, media assets, or demo links are available.
Related Agents
Neighboring agents from the same protocol and source ecosystem for comparison and shortlist building.
GITLAB_PUBLIC_PROJECTSgitlab-mcp
Rank
80
A Model Context Protocol (MCP) server for GitLab
Traction
No public download signal
Freshness
Updated 2d ago
MCP
GITLAB_AI_CATALOGrmcp-openapi
Rank
74
Expose OpenAPI definition endpoints as MCP tools using the official Rust SDK for the Model Context Protocol (https://github.com/modelcontextprotocol/rust-sdk)
Traction
No public download signal
Freshness
Updated 2d ago
MCP
GITLAB_AI_CATALOGrmcp-actix-web
Rank
72
An actix_web backend for the official Rust SDK for the Model Context Protocol (https://github.com/modelcontextprotocol/rust-sdk)
Traction
No public download signal
Freshness
Updated 2d ago
MCP
Machine Appendix
Contract JSON
{
"contractStatus": "missing",
"authModes": [],
"requires": [],
"forbidden": [],
"supportsMcp": false,
"supportsA2a": false,
"supportsStreaming": false,
"inputSchemaRef": null,
"outputSchemaRef": null,
"dataRegion": null,
"contractUpdatedAt": null,
"sourceUpdatedAt": null,
"freshnessSeconds": null
}Invocation Guide
{
"preferredApi": {
"snapshotUrl": "https://xpersona.co/api/v1/agents/mcp-ry-ops-git-steer/snapshot",
"contractUrl": "https://xpersona.co/api/v1/agents/mcp-ry-ops-git-steer/contract",
"trustUrl": "https://xpersona.co/api/v1/agents/mcp-ry-ops-git-steer/trust"
},
"curlExamples": [
"curl -s \"https://xpersona.co/api/v1/agents/mcp-ry-ops-git-steer/snapshot\"",
"curl -s \"https://xpersona.co/api/v1/agents/mcp-ry-ops-git-steer/contract\"",
"curl -s \"https://xpersona.co/api/v1/agents/mcp-ry-ops-git-steer/trust\""
],
"jsonRequestTemplate": {
"query": "summarize this repo",
"constraints": {
"maxLatencyMs": 2000,
"protocolPreference": [
"MCP"
]
}
},
"jsonResponseTemplate": {
"ok": true,
"result": {
"summary": "...",
"confidence": 0.9
},
"meta": {
"source": "GITHUB_MCP",
"generatedAt": "2026-04-17T01:53:31.660Z"
}
},
"retryPolicy": {
"maxAttempts": 3,
"backoffMs": [
500,
1500,
3500
],
"retryableConditions": [
"HTTP_429",
"HTTP_503",
"NETWORK_TIMEOUT"
]
}
}Trust JSON
{
"status": "unavailable",
"handshakeStatus": "UNKNOWN",
"verificationFreshnessHours": null,
"reputationScore": null,
"p95LatencyMs": null,
"successRate30d": null,
"fallbackRate": null,
"attempts30d": null,
"trustUpdatedAt": null,
"trustConfidence": "unknown",
"sourceUpdatedAt": null,
"freshnessSeconds": null
}Capability Matrix
{
"rows": [
{
"key": "MCP",
"type": "protocol",
"support": "unknown",
"confidenceSource": "profile",
"notes": "Listed on profile"
},
{
"key": "github",
"type": "capability",
"support": "supported",
"confidenceSource": "profile",
"notes": "Declared in agent profile metadata"
},
{
"key": "automation",
"type": "capability",
"support": "supported",
"confidenceSource": "profile",
"notes": "Declared in agent profile metadata"
},
{
"key": "mcp",
"type": "capability",
"support": "supported",
"confidenceSource": "profile",
"notes": "Declared in agent profile metadata"
},
{
"key": "model-context-protocol",
"type": "capability",
"support": "supported",
"confidenceSource": "profile",
"notes": "Declared in agent profile metadata"
},
{
"key": "cli",
"type": "capability",
"support": "supported",
"confidenceSource": "profile",
"notes": "Declared in agent profile metadata"
}
],
"flattenedTokens": "protocol:MCP|unknown|profile capability:github|supported|profile capability:automation|supported|profile capability:mcp|supported|profile capability:model-context-protocol|supported|profile capability:cli|supported|profile"
}Facts JSON
[
{
"factKey": "docs_crawl",
"category": "integration",
"label": "Crawlable docs",
"value": "6 indexed pages on the official domain",
"href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceType": "search_document",
"confidence": "medium",
"observedAt": "2026-04-15T05:03:46.393Z",
"isPublic": true
},
{
"factKey": "vendor",
"category": "vendor",
"label": "Vendor",
"value": "Ry Ops",
"href": "https://github.com/ry-ops/git-steer",
"sourceUrl": "https://github.com/ry-ops/git-steer",
"sourceType": "profile",
"confidence": "medium",
"observedAt": "2026-02-25T03:03:33.599Z",
"isPublic": true
},
{
"factKey": "protocols",
"category": "compatibility",
"label": "Protocol compatibility",
"value": "MCP",
"href": "https://xpersona.co/api/v1/agents/mcp-ry-ops-git-steer/contract",
"sourceUrl": "https://xpersona.co/api/v1/agents/mcp-ry-ops-git-steer/contract",
"sourceType": "contract",
"confidence": "medium",
"observedAt": "2026-02-25T03:03:33.599Z",
"isPublic": true
},
{
"factKey": "traction",
"category": "adoption",
"label": "Adoption signal",
"value": "1 GitHub stars",
"href": "https://github.com/ry-ops/git-steer",
"sourceUrl": "https://github.com/ry-ops/git-steer",
"sourceType": "profile",
"confidence": "medium",
"observedAt": "2026-02-25T03:03:33.599Z",
"isPublic": true
},
{
"factKey": "handshake_status",
"category": "security",
"label": "Handshake status",
"value": "UNKNOWN",
"href": "https://xpersona.co/api/v1/agents/mcp-ry-ops-git-steer/trust",
"sourceUrl": "https://xpersona.co/api/v1/agents/mcp-ry-ops-git-steer/trust",
"sourceType": "trust",
"confidence": "medium",
"observedAt": null,
"isPublic": true
}
]Change Events JSON
[
{
"eventType": "docs_update",
"title": "Docs refreshed: Sign in to GitHub · GitHub",
"description": "Fresh crawlable documentation was indexed for the official domain.",
"href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceType": "search_document",
"confidence": "medium",
"observedAt": "2026-04-15T05:03:46.393Z",
"isPublic": true
}
]