GitBranchMCP

34 tools. 17 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated:

17 can modify or destroy data
17 read-only
34 tools total

Community server · catalogue entry verified 29/06/2026

How to control GitBranchMCP ↓

What GitBranchMCP exposes to your agents

Read (17) Write / Execute (15) Destructive / Financial (2)
Critical Risk

The most dangerous GitBranchMCP tools

17 of GitBranchMCP's 34 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control GitBranchMCP

PolicyLayer is an MCP gateway — it sits between your AI agents and GitBranchMCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "delete_branch": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "answer_in_current_branch": {
    "limits": [
      {
        "counter": "answer_in_current_branch_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "export_branch_markdown": {
    "limits": [
      {
        "counter": "export_branch_markdown_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register GitBranchMCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON GITBRANCHMCP →

Instant setup, no code required.

All 34 GitBranchMCP tools

READ 17 tools
Read export_branch_markdown 当用户需要归档、交接或查看某个分支的 Markdown 记录时调用。 Read export_demo_markdown 当用户完成 demo 数据生成后,需要一次性导出演示 Markdown 文件时调用。 Read export_main_markdown 当用户需要导出主线决策记录、项目上下文摘要或交接材料时调用。 Read get_branch_context_preview 当用户要求预览当前/指定分支上下文、查看会发送给 API 模型的上下文时调用。 Read get_branch_diff 当用户要求查看某个 GitBranchMCP 分支自 fork 后新增内容、branch diff 时调用。 Read get_branch_log 当用户要求查看 GitBranchMCP 分支对话日志、branch log 或消息链时调用。 Read get_branch_notes 当用户要求查看某个 GitBranchMCP 分支笔记、分支结论或已保存记录时调用。 Read get_context_overview 当用户询问 GitBranchMCP 总览、当前上下文、有哪些分支、最近保存了什么时调用。 Read get_current_branch 当用户询问当前 GitBranchMCP 分支时调用。 Read get_merge_history 读取所有 summary merge 记录。 Read get_model_status 查看可选模型 API 配置状态。 Read get_workflow_prompt 当用户想配置 Claude Code、Cursor、Claude Desktop 项目规则或系统提示词时调用。 Read list_branches list_branches Read list_main_summaries 当用户想查看主线决策、已合并分支或历史摘要时调用。 Read suggest_branch_workflow 当用户不知道下一步如何使用分支工作流,或宿主模型需要给出固定操作建议时调用。 Read summarize_branch_diff 对来源分支 fork 后的 diff 生成结构化摘要。 Read test_model_connection 显式测试当前模型配置。

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about GitBranchMCP

Can an AI agent delete data through the GitBranch MCP server? +

Yes. The GitBranchMCP server exposes 2 destructive tools including delete_branch, reset_demo_data. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through GitBranchMCP? +

The GitBranchMCP server has 15 write tools including answer_in_current_branch, append_message_node, branch_chat. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach GitBranchMCP.

How many tools does the GitBranch MCP server expose? +

34 tools across 4 categories: Destructive, Execute, Read, Write. 17 are read-only. 17 can modify, create, or delete data.

How do I enforce a policy on GitBranchMCP? +

Register the GitBranch MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every GitBranchMCP tool call.

Deterministic rules across all 34 GitBranchMCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

34 GitBranchMCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.