feat(git): add signed commit tool with GPG support

joaommartins · joaommartins · commit 1d6eeea334fb · 2025-12-10T09:43:37.000+11:00
- Add git_commit_signed tool that supports GPG signing of commits
- Accepts optional key_id parameter to sign with specific GPG key
- Uses git commit -S flag for signing (works with default or specified key)
- Add comprehensive tests for signed commits
- Update GitTools enum and tool registration
diff --git a/src/git/src/mcp_server_git/server.py b/src/git/src/mcp_server_git/server.py
@@ -38,6 +38,14 @@ class GitCommit(BaseModel):
     repo_path: str
     message: str
 
+class GitCommitSigned(BaseModel):
+    repo_path: str
+    message: str
+    key_id: Optional[str] = Field(
+        None,
+        description="Optional GPG key ID to use for signing. If not provided, uses the default configured GPG key."
+    )
+
 class GitAdd(BaseModel):
     repo_path: str
     files: list[str]
@@ -97,6 +105,7 @@ class GitTools(str, Enum):
     DIFF_STAGED = "git_diff_staged"
     DIFF = "git_diff"
     COMMIT = "git_commit"
+    COMMIT_SIGNED = "git_commit_signed"
     ADD = "git_add"
     RESET = "git_reset"
     LOG = "git_log"
@@ -122,6 +131,17 @@ def git_commit(repo: git.Repo, message: str) -> str:
     commit = repo.index.commit(message)
     return f"Changes committed successfully with hash {commit.hexsha}"
 
+def git_commit_signed(repo: git.Repo, message: str, key_id: str | None = None) -> str:
+    # Use the git command directly for signing support
+    if key_id:
+        repo.git.commit("-S" + key_id, "-m", message)
+    else:
+        repo.git.commit("-S", "-m", message)
+    
+    # Get the commit hash of HEAD
+    commit_hash = repo.head.commit.hexsha
+    return f"Changes committed and signed successfully with hash {commit_hash}"
+
 def git_add(repo: git.Repo, files: list[str]) -> str:
     if files == ["."]:
         repo.git.add(".")
@@ -277,6 +297,11 @@ async def list_tools() -> list[Tool]:
                 description="Records changes to the repository",
                 inputSchema=GitCommit.model_json_schema(),
             ),
+            Tool(
+                name=GitTools.COMMIT_SIGNED,
+                description="Records changes to the repository with GPG signature",
+                inputSchema=GitCommitSigned.model_json_schema(),
+            ),
             Tool(
                 name=GitTools.ADD,
                 description="Adds file contents to the staging area",
@@ -388,6 +413,17 @@ async def call_tool(name: str, arguments: dict) -> list[TextContent]:
                     text=result
                 )]
 
+            case GitTools.COMMIT_SIGNED:
+                result = git_commit_signed(
+                    repo, 
+                    arguments["message"],
+                    arguments.get("key_id")
+                )
+                return [TextContent(
+                    type="text",
+                    text=result
+                )]
+
             case GitTools.ADD:
                 result = git_add(repo, arguments["files"])
                 return [TextContent(
diff --git a/src/git/tests/test_server.py b/src/git/tests/test_server.py
@@ -13,7 +13,8 @@
     git_reset,
     git_log,
     git_create_branch,
-    git_show
+    git_show,
+    git_commit_signed,
 )
 import shutil
 
@@ -246,3 +247,42 @@ def test_git_show_initial_commit(test_repository):
     assert "Commit:" in result
     assert "initial commit" in result
     assert "test.txt" in result
+
+def test_git_commit_signed_without_key_id(test_repository):
+    # Create and stage a new file
+    file_path = Path(test_repository.working_dir) / "signed_test.txt"
+    file_path.write_text("testing signed commit")
+    test_repository.index.add(["signed_test.txt"])
+
+    # Note: This test may fail if GPG is not configured on the system
+    # In that case, it should raise a GitCommandError
+    try:
+        result = git_commit_signed(test_repository, "Test signed commit")
+        assert "Changes committed and signed successfully" in result
+        assert "with hash" in result
+
+        # Verify the commit was actually created
+        latest_commit = test_repository.head.commit
+        assert latest_commit.message.strip() == "Test signed commit"
+    except git.GitCommandError as e:
+        # GPG not configured or signing failed - this is expected in CI/test environments
+        pytest.skip(f"GPG signing not available: {str(e)}")
+
+def test_git_commit_signed_with_key_id(test_repository):
+    # Create and stage a new file
+    file_path = Path(test_repository.working_dir) / "signed_test_with_key.txt"
+    file_path.write_text("testing signed commit with key")
+    test_repository.index.add(["signed_test_with_key.txt"])
+
+    # Note: This test may fail if GPG is not configured or key doesn't exist
+    try:
+        result = git_commit_signed(test_repository, "Test signed commit with key", "TESTKEY123")
+        assert "Changes committed and signed successfully" in result
+        assert "with hash" in result
+
+        # Verify the commit was actually created
+        latest_commit = test_repository.head.commit
+        assert latest_commit.message.strip() == "Test signed commit with key"
+    except git.GitCommandError as e:
+        # GPG not configured, key not found, or signing failed - expected in CI/test environments
+        pytest.skip(f"GPG signing with specific key not available: {str(e)}")
