explainx.ainewsletter3.4k
developer-tools

ShadowGit

blade47

by blade47

Access ShadowGit repositories securely with read-only git log, diff, blame, and grep to analyze commit history and debug

Provides secure, read-only access to ShadowGit repositories with git operations like log, diff, blame, and grep to analyze fine-grained commit history and trace code evolution for debugging workflows.

github stars

46

GitHubWebsitenpm
0 commentsdiscussion

Both formats append explainx.ai attribution and the canonical URL for this MCP server listing.

Works with ShadowGit's automatic commit captureSession API prevents fragmented auto-commitsRead-only git operations for security

best for

  • / Developers using ShadowGit for automatic commit tracking
  • / AI-assisted code analysis and debugging workflows
  • / Creating organized commits from AI changes

capabilities

  • / Execute read-only git commands (log, diff, blame, grep)
  • / List available ShadowGit repositories
  • / Start/end work sessions to pause auto-commits
  • / Create clean checkpoints and commits
  • / Analyze fine-grained commit history
  • / Trace code evolution for debugging

what it does

Provides AI assistants with secure read-only access to ShadowGit repositories for analyzing detailed commit history and code evolution. Includes session management to help AI create clean, organized commits instead of fragmented auto-commits.

about

ShadowGit is a community-built MCP server published by blade47 that provides AI assistants with tools and capabilities via the Model Context Protocol. Access ShadowGit repositories securely with read-only git log, diff, blame, and grep to analyze commit history and debug It is categorized under developer tools. This server exposes 5 tools that AI clients can invoke during conversations and coding sessions.

how to install

You can install ShadowGit in your AI client of choice. Use the install panel on this page to get one-click setup for Cursor, Claude Desktop, VS Code, and other MCP-compatible clients. This server runs locally on your machine via the stdio transport.

license

MIT

ShadowGit is released under the MIT license. This is a permissive open-source license, meaning you can freely use, modify, and distribute the software.

readme

ShadowGit MCP Server

npm version

A Model Context Protocol (MCP) server that provides AI assistants with secure git access to your ShadowGit repositories, including the ability to create organized commits through the Session API. This enables powerful debugging, code analysis, and clean commit management by giving AI controlled access to your project's git history.

What is ShadowGit?

ShadowGit automatically captures every save as a git commit while also providing a Session API that allows AI assistants to pause auto-commits and create clean, organized commits. The MCP server provides both read access to your detailed development history and the ability to manage AI-assisted changes properly.

Installation

npm install -g shadowgit-mcp-server

Setup with Claude Code

# Add to Claude Code
claude mcp add shadowgit -- shadowgit-mcp-server

# Restart Claude Code to load the server

Setup with Claude Desktop

Add to your Claude Desktop MCP configuration:

macOS/Linux: ~/.config/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "shadowgit": {
      "command": "shadowgit-mcp-server"
    }
  }
}

Requirements

  • Node.js 18+
  • ShadowGit app installed and running with tracked repositories
    • Session API requires ShadowGit version >= 0.3.0
  • Git available in PATH

How It Works

MCP servers are stateless and use stdio transport:

  • The server runs on-demand when AI tools (Claude, Cursor) invoke it
  • Communication happens via stdin/stdout, not HTTP
  • The server starts when needed and exits when done
  • No persistent daemon or background process

Environment Variables

You can configure the server behavior using these optional environment variables:

  • SHADOWGIT_TIMEOUT - Command execution timeout in milliseconds (default: 10000)
  • SHADOWGIT_SESSION_API - Session API URL (default: http://localhost:45289/api)
  • SHADOWGIT_LOG_LEVEL - Log level: debug, info, warn, error (default: info)
  • SHADOWGIT_HINTS - Set to 0 to disable workflow hints in git command outputs (default: enabled)

Example:

export SHADOWGIT_TIMEOUT=30000  # 30 second timeout
export SHADOWGIT_LOG_LEVEL=debug  # Enable debug logging
export SHADOWGIT_HINTS=0  # Disable workflow banners for cleaner output

Available Commands

Session Management

The Session API (requires ShadowGit >= 0.3.0) allows AI assistants to temporarily pause ShadowGit's auto-commit feature and create clean, organized commits instead of having fragmented auto-commits during AI work.

IMPORTANT: AI assistants MUST follow this four-step workflow when making changes:

  1. start_session({repo, description}) - Start work session BEFORE making changes (pauses auto-commits)
  2. Make your changes - Edit code, fix bugs, add features
  3. checkpoint({repo, title, message?, author?}) - Create a clean commit AFTER completing work
  4. end_session({sessionId, commitHash?}) - End session when done (resumes auto-commits)

This workflow ensures AI-assisted changes result in clean, reviewable commits instead of fragmented auto-saves.

list_repos()

Lists all ShadowGit-tracked repositories.

await shadowgit.list_repos()

git_command({repo, command})

Executes read-only git commands on a specific repository.

// View recent commits
await shadowgit.git_command({
  repo: "my-project",
  command: "log --oneline -10"
})

// Check what changed recently
await shadowgit.git_command({
  repo: "my-project", 
  command: "diff HEAD~5 HEAD --stat"
})

// Find who changed a specific line
await shadowgit.git_command({
  repo: "my-project",
  command: "blame src/auth.ts"
})

start_session({repo, description})

Starts an AI work session using the Session API. This pauses ShadowGit's auto-commit feature, allowing you to make multiple changes that will be grouped into a single clean commit.

const result = await shadowgit.start_session({
  repo: "my-app",
  description: "Fixing authentication bug"
})
// Returns: Session ID (e.g., "mcp-client-1234567890")

checkpoint({repo, title, message?, author?})

Creates a checkpoint commit to save your work.

// After fixing a bug
const result = await shadowgit.checkpoint({
  repo: "my-app",
  title: "Fix null pointer exception in auth",
  message: "Added null check before accessing user object",
  author: "Claude"
})
// Returns formatted commit details including the commit hash

// After adding a feature
await shadowgit.checkpoint({
  repo: "my-app",
  title: "Add dark mode toggle",
  message: "Implemented theme switching using CSS variables and localStorage persistence",
  author: "GPT-4"
})

// Minimal usage (author defaults to "AI Assistant")
await shadowgit.checkpoint({
  repo: "my-app",
  title: "Update dependencies"
})

end_session({sessionId, commitHash?})

Ends the AI work session via the Session API. This resumes ShadowGit's auto-commit functionality for regular development.

await shadowgit.end_session({
  sessionId: "mcp-client-1234567890",
  commitHash: "abc1234"  // Optional: from checkpoint result
})

Parameters:

  • repo (required): Repository name or full path
  • title (required): Short commit title (max 50 characters)
  • message (optional): Detailed description of changes
  • author (optional): Your identifier (e.g., "Claude", "GPT-4", "Gemini") - defaults to "AI Assistant"

Notes:

  • Sessions prevent auto-commits from interfering with AI work
  • Automatically respects .gitignore patterns
  • Creates a timestamped commit with author identification
  • Will report if there are no changes to commit

Security

  • Read-only access: Only safe git commands are allowed
  • No write operations: Commands like commit, push, merge are blocked
  • No destructive operations: Commands like branch, tag, reflog are blocked to prevent deletions
  • Repository validation: Only ShadowGit repositories can be accessed
  • Path traversal protection: Attempts to access files outside repositories are blocked
  • Command injection prevention: Uses execFileSync with array arguments for secure execution
  • Dangerous flag blocking: Blocks --git-dir, --work-tree, --exec, -c, --config, -C and other risky flags
  • Timeout protection: Commands are limited to prevent hanging
  • Enhanced error reporting: Git errors now include stderr/stdout for better debugging

Best Practices for AI Assistants

When using ShadowGit MCP Server, AI assistants should:

  1. Follow the workflow: Always: start_session() → make changes → checkpoint()end_session()
  2. Use descriptive titles: Keep titles under 50 characters but make them meaningful
  3. Always create checkpoints: Call checkpoint() after completing each task
  4. Identify yourself: Use the author parameter to identify which AI created the checkpoint
  5. Document changes: Use the message parameter to explain what was changed and why
  6. End sessions properly: Always call end_session() to resume auto-commits

Complete Example Workflow

// 1. First, check available repositories
const repos = await shadowgit.list_repos()

// 2. Start session BEFORE making changes
const sessionId = await shadowgit.start_session({
  repo: "my-app",
  description: "Refactoring authentication module"
})

// 3. Examine recent history
await shadowgit.git_command({
  repo: "my-app",
  command: "log --oneline -5"
})

// 4. Make your changes to the code...
// ... (edit files, fix bugs, etc.) ...

// 5. IMPORTANT: Create a checkpoint after completing the task
const commitHash = await shadowgit.checkpoint({
  repo: "my-app",
  title: "Refactor authentication module",
  message: "Simplified login flow and added better error handling",
  author: "Claude"
})

// 6. End the session when done
await shadowgit.end_session({
  sessionId: sessionId,
  commitHash: commitHash  // Optional but recommended
})

Example Use Cases

Debug Recent Changes

// Find what broke in the last hour
await shadowgit.git_command({
  repo: "my-app",
  command: "log --since='1 hour ago' --oneline"
})

Trace Code Evolution

// See how a function evolved
await shadowgit.git_command({
  repo: "my-app", 
  command: "log -L :functionName:src/file.ts"
})

Cross-Repository Analysis

// Compare activity across projects
const repos = await shadowgit.list_repos()
for (const repo of repos) {
  await shadowgit.git_command({
    repo: repo.name,
    command: "log --since='1 day ago' --oneline"
  })
}

Troubleshooting

No repositories found

  • Ensure ShadowGit app is installed and has tracked repositories
  • Check that ~/.shadowgit/repos.json exists

Repository not found

  • Use list_repos() to see exact repository names
  • Ensure the repository has a .shadowgit.git directory

Git commands fail

  • Verify git is installed: git --version
  • Only read-only commands are allowed
  • Use absolute paths or repository names from list_repos()
  • Check error output which now includes stderr details for debugging

Workflow hints are too verbose

  • Set SHADOWGIT_HINTS=0 environment variable to disable workflow banners
  • This provides cleaner output for programmatic use

Session API offline

If you see "Session API is offline. Proceeding without session tracking":

  • The ShadowGit app may not be running
  • Sessions wo

FAQ

What is the ShadowGit MCP server?
ShadowGit is a Model Context Protocol (MCP) server profile on explainx.ai. MCP lets AI hosts (e.g. Claude Desktop, Cursor) call tools and resources through a standard interface; this page summarizes categories, install hints, and community ratings.
How do MCP servers relate to agent skills?
Skills are reusable instruction packages (often SKILL.md); MCP servers expose live capabilities. Teams frequently combine both—skills for workflows, MCP for APIs and data. See explainx.ai/skills and explainx.ai/mcp-servers for parallel directories.
How are reviews shown for ShadowGit?
This profile displays 45 aggregated ratings (sample rows for discoverability plus signed-in user reviews). Average score is about 4.6 out of 5—verify behavior in your own environment before production use.

Use Cases

Extended AI Capabilities

Add new capabilities to Claude beyond text generation

Example

Access external data sources, execute code, interact with tools and services

Transform Claude from chatbot to action-taking agent

Context Enhancement

Provide Claude with access to relevant context and data

Example

Load project documentation, access knowledge bases, query databases

Get more accurate, context-aware responses

Workflow Automation

Automate multi-step workflows combining AI and external tools

Example

Research → Summarize → Create document → Send notification

Complete complex tasks end-to-end without manual steps

Implementation Guide

Prerequisites

  • Claude Desktop 0.7.0+ or Cursor IDE with MCP support
  • Basic understanding of MCP architecture and capabilities
  • Access credentials for integrated services (if required)
  • Willingness to experiment and iterate on configuration

Time Estimate

15-60 minutes depending on server complexity

Installation Steps

  1. 1.Install MCP server: npm install -g [package-name] or via GitHub
  2. 2.Add server configuration to ~/.claude/mcp.json
  3. 3.Provide required credentials and configuration
  4. 4.Restart Claude Desktop to load new server
  5. 5.Test basic functionality with simple prompts
  6. 6.Explore capabilities and experiment with use cases
  7. 7.Document successful patterns for reuse

Troubleshooting

  • MCP server not loading: Check config syntax, verify installation
  • Connection errors: Check network, firewall, credentials
  • Feature not working: Read server docs, check required parameters
  • Performance issues: Monitor resource usage, check for network latency
  • Conflicts with other servers: Check port assignments, namespace collisions

Best Practices

✓ Do

  • +Read server documentation thoroughly before setup
  • +Start with simple use cases to validate functionality
  • +Test in non-production environment first
  • +Monitor resource usage and performance
  • +Keep servers updated for bug fixes and new features
  • +Document configuration for team members
  • +Use environment variables for sensitive configuration

✗ Don't

  • Don't grant overly permissive access to MCP servers
  • Don't skip reading security considerations in docs
  • Don't expose sensitive data without proper controls
  • Don't run untrusted MCP servers without code review
  • Don't ignore error messages—investigate root cause

💡 Pro Tips

  • Combine multiple MCP servers for powerful workflows
  • Create custom MCP servers for your specific needs
  • Share successful configurations with team
  • Use MCP inspector for debugging
  • Join MCP community for tips and troubleshooting

Technical Details

Architecture

Model Context Protocol standardizes how AI hosts (Claude, Cursor) communicate with external tools and data sources through server implementations.

Protocols

  • Model Context Protocol (MCP)
  • JSON-RPC 2.0
  • stdio or HTTP transport

Compatibility

  • Claude Desktop
  • Cursor IDE
  • Custom MCP clients

When to Use This

✓ Use When

Use when you need Claude to access external data, execute actions, or integrate with tools. Best for extending AI capabilities beyond conversation.

✗ Avoid When

Avoid when native integrations exist (use official APIs directly), for real-time critical systems, or when security/compliance requires zero external dependencies.

Integration

  • Tool composition: Chain multiple MCP tools in workflows
  • Context augmentation: Provide AI with relevant external data
  • Action delegation: Let AI execute tasks on external systems
  • Bidirectional sync: Keep AI context and external systems in sync

Discussion

Product Hunt–style comments (not star reviews)
  • No comments yet — start the thread.

List & Promote Your MCP Server

Share your MCP server with the developer community

GET_STARTED →
MCP server reviews

Ratings

4.645 reviews
  • Maya Jain· Dec 28, 2024

    We evaluated ShadowGit against two servers with overlapping tools; this profile had the clearer scope statement.

  • Dhruvi Jain· Dec 16, 2024

    ShadowGit is among the better-indexed MCP projects we tried; the explainx.ai summary tracks the official description.

  • Amina Taylor· Dec 12, 2024

    ShadowGit has been reliable for tool-calling workflows; the MCP profile page is a good permalink for internal docs.

  • Aditi Agarwal· Dec 4, 2024

    ShadowGit is a well-scoped MCP server in the explainx.ai directory — install snippets and categories matched our Claude Code setup.

  • Meera Bansal· Dec 4, 2024

    We wired ShadowGit into a staging workspace; the listing’s GitHub and npm pointers saved time versus hunting across READMEs.

  • Rahul Santra· Nov 27, 2024

    We evaluated ShadowGit against two servers with overlapping tools; this profile had the clearer scope statement.

  • Aditi Gupta· Nov 23, 2024

    ShadowGit is among the better-indexed MCP projects we tried; the explainx.ai summary tracks the official description.

  • Kiara Mensah· Nov 23, 2024

    Strong directory entry: ShadowGit surfaces stars and publisher context so we could sanity-check maintenance before adopting.

  • Oshnikdeep· Nov 7, 2024

    ShadowGit is a well-scoped MCP server in the explainx.ai directory — install snippets and categories matched our Claude Code setup.

  • Aditi Kapoor· Nov 7, 2024

    I recommend ShadowGit for teams standardizing on MCP; the explainx.ai page compares cleanly with sibling servers.

showing 1-10 of 45

1 / 5