Enhance MCP approval server security and UX

- Remove rejection reason from response (prevent adaptive attacks)
- Add working directory to approval prompt display
- Add inappropriate content detection for GitHub operations
- Auto-reject HIGH/CRITICAL risk when AI recommends rejection
- Fetch and analyze commit diff for git push commands
- Check commits for secrets, credentials, and inappropriate language
- Add MCP server documentation to README.md
- Delete implementation spec (now in README)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>

Author: gfraiteur

README.md

@@ -553,6 +553,63 @@ Common environment variables (see [`EnvironmentVariableNames.cs`](src/PostSharp.
 | `AZURE_DEVOPS_TOKEN` | Azure DevOps integration |
 | `TYPESENSE_API_KEY` | Search indexing |
 
+## MCP Approval Server (Docker Support)
+
+When running Claude Code inside Docker containers, certain operations require host-level access (git push, GitHub CLI, etc.). The MCP Approval Server provides a secure, human-in-the-loop workflow for these operations.
+
+### Architecture
+
+```
+┌─────────────────────────────────────────┐
+│ Docker Container                        │
+│  ┌─────────────┐                        │
+│  │ Claude Code │──▶ MCP Client          │
+│  └─────────────┘    (execute_command)   │
+└──────────────────────┬──────────────────┘
+                       │ HTTP/SSE
+                       ▼
+┌─────────────────────────────────────────┐
+│ Host: MCP Approval Server               │
+│  1. Receive request                     │
+│  2. AI risk analysis (Claude CLI)       │
+│  3. Auto-approve/reject or prompt user  │
+│  4. Execute if approved                 │
+│  5. Return result                       │
+└─────────────────────────────────────────┘
+```
+
+### Features
+
+- **AI Risk Analysis**: Each command is analyzed by Claude CLI for risk assessment
+- **Auto-approve**: LOW risk commands with AI APPROVE recommendation
+- **Auto-reject**: HIGH/CRITICAL risk commands with AI REJECT recommendation
+- **Git Push Analysis**: Automatically fetches and analyzes commit diffs for secrets, credentials, and inappropriate content
+- **Session Tracking**: Maintains command history to detect suspicious patterns
+- **Attack Detection**: Detects unicode homoglyphs, shell injection, path traversal, and other evasion techniques
+
+### Usage
+
+The MCP server starts automatically with `DockerBuild.ps1 -Claude`. To disable:
+
+```powershell
+.\DockerBuild.ps1 -Claude -NoMcp
+```
+
+Inside the container, privileged commands are routed through the MCP server automatically via the `host-approval` MCP configuration.
+
+### Supported Operations
+
+| Operation | Risk Level |
+|-----------|------------|
+| `gh pr view` | LOW |
+| `gh pr create` | LOW |
+| `git push` (feature branch) | LOW |
+| `git push` (main/develop) | MEDIUM |
+| `gh pr merge` | MEDIUM |
+| `git push --force` | HIGH |
+| `dotnet nuget push` | HIGH |
+| Secret exfiltration attempts | CRITICAL |
+
 ## Documentation
 
 Additional design documentation is available in the [doc/](doc/) folder:

src/PostSharp.Engineering.BuildTools/Mcp/Services/RiskAnalyzer.cs

@@ -139,7 +139,7 @@ public async Task<RiskAssessment> AnalyzeAsync(
 
         try
         {
-            using var timeoutCts = new CancellationTokenSource( TimeSpan.FromSeconds( 60 ) );
+            using var timeoutCts = new CancellationTokenSource( TimeSpan.FromSeconds( 120 ) );
             using var linkedCts = CancellationTokenSource.CreateLinkedTokenSource( cancellationToken, timeoutCts.Token );
 
             var startInfo = new ProcessStartInfo

src/PostSharp.Engineering.BuildTools/Resources/DockerBuild.ps1

@@ -495,31 +495,46 @@ foreach (`$dir in `$gitDirectories) {
 if (`$mcpServerUrl) {
     Write-Host "Configuring MCP approval server: `$mcpServerUrl" -ForegroundColor Cyan
 
-    # Read existing settings or create new
-    `$settingsPath = "`$env:USERPROFILE\.claude\settings.json"
-    `$settingsDir = Split-Path `$settingsPath -Parent
-    if (-not (Test-Path `$settingsDir)) {
-        New-Item -ItemType Directory -Path `$settingsDir -Force | Out-Null
-    }
+    # Use claude mcp add command to properly register the server
+    # This ensures the configuration is in the correct format
+    `$sseUrl = "`$mcpServerUrl/sse"
+
+    # Remove existing host-approval server if present (ignore errors)
+    & claude mcp remove host-approval 2>`$null
 
-    if (Test-Path `$settingsPath) {
-        `$settings = Get-Content `$settingsPath -Raw | ConvertFrom-Json -AsHashtable
+    # Add the MCP server using the CLI
+    & claude mcp add host-approval --transport http `$sseUrl
+
+    if (`$LASTEXITCODE -eq 0) {
+        Write-Host "MCP server configured via 'claude mcp add'" -ForegroundColor Green
     } else {
-        `$settings = @{}
-    }
+        Write-Host "Warning: Failed to configure MCP server via CLI, trying settings.json fallback" -ForegroundColor Yellow
 
-    # Add MCP server configuration
-    if (-not `$settings.ContainsKey('mcpServers')) {
-        `$settings['mcpServers'] = @{}
-    }
-    `$settings['mcpServers']['host-approval'] = @{
-        'type' = 'http'
-        'url' = `$mcpServerUrl
-    }
+        # Fallback: write to settings.json directly
+        `$settingsPath = "`$env:USERPROFILE\.claude\settings.json"
+        `$settingsDir = Split-Path `$settingsPath -Parent
+        if (-not (Test-Path `$settingsDir)) {
+            New-Item -ItemType Directory -Path `$settingsDir -Force | Out-Null
+        }
 
-    # Write updated settings
-    `$settings | ConvertTo-Json -Depth 10 | Set-Content `$settingsPath -Encoding UTF8
-    Write-Host "MCP server configured in Claude settings" -ForegroundColor Green
+        if (Test-Path `$settingsPath) {
+            `$settings = Get-Content `$settingsPath -Raw | ConvertFrom-Json -AsHashtable
+        } else {
+            `$settings = @{}
+        }
+
+        # Add MCP server configuration with SSE URL
+        if (-not `$settings.ContainsKey('mcpServers')) {
+            `$settings['mcpServers'] = @{}
+        }
+        `$settings['mcpServers']['host-approval'] = @{
+            'url' = `$sseUrl
+        }
+
+        # Write updated settings
+        `$settings | ConvertTo-Json -Depth 10 | Set-Content `$settingsPath -Encoding UTF8
+        Write-Host "MCP server configured in Claude settings.json" -ForegroundColor Green
+    }
 }
 "@
 $initScriptContent | Set-Content -Path $initScript -Encoding UTF8