Git Steer

83 tools. 40 can modify or destroy data without limits.

8 destructive tools with no built-in limits. Policy required.

Last updated:

40 can modify or destroy data
43 read-only
83 tools total

Community server · catalogue entry verified 30/06/2026

How to control Git Steer ↓

What Git Steer exposes to your agents

Read (43) Write / Execute (32) Destructive / Financial (8)
Critical Risk

The most dangerous Git Steer tools

40 of Git Steer's 83 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Git Steer

PolicyLayer is an MCP gateway — it sits between your AI agents and Git Steer, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "branch_reap": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "actions_secrets": {
    "limits": [
      {
        "counter": "actions_secrets_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "actions_workflows": {
    "limits": [
      {
        "counter": "actions_workflows_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Git Steer — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON GIT STEER →

Instant setup, no code required.

All 83 Git Steer tools

WRITE 26 tools
Write actions_secrets Manage Actions secrets Write branch_protect Apply branch protection rules Write config_add_repo Add a repository to managed repos Write dashboard_generate Generate a static analytics dashboard with SVG charts showing security metrics, MTTR, severity breakdown, and Write fabric_git_commit_files [git-fabric] Commit one or more files to a branch via the GitHub Git Data API. Write fabric_git_create_branch [git-fabric] Create a new branch from an existing branch. Write fabric_git_create_pull_request [git-fabric] Open a pull request. Write fabric_git_merge_pull_request [git-fabric] Merge a pull request. Write git_steer_branch_protect Apply branch protection rules to a repository branch. Write git_steer_pr_create Open a pull request. Write git_steer_pr_merge Merge a pull request. Write git_steer_repo_archive Archive a GitHub repository (read-only, reversible). Write git_steer_repo_commit Commit one or more files to a branch via the GitHub API. Can create a PR from the new branch. Write git_steer_repo_create Create a new GitHub repository. Write git_steer_repo_settings Update repository settings (description, homepage, visibility, etc.). Write oomkill_remediate Auto-bump resource limits for OOMKilled pods by creating a PR to the GitOps repo. Calculates new limits as a m Write pr_dedup_create Create a PR only if no open PR with the same title prefix exists. If a duplicate is found, returns the existin Write repo_commit Commit files directly to a repository via GitHub API (no local clone needed). Supports multiple files in a sin Write repo_create Create a new repository Write repo_settings Update repository settings Write security_dismiss Dismiss a security alert with reason Write security_enforce Ensure Dependabot vulnerability alerts and automated security fixes are enabled on all managed repos (or a spe Write slack_configure Configure Slack webhook URL for notifications. Stores in state repo config. Write slack_notify Send a notification to a Slack channel via webhook. Used for PR events, alerts, and remediation updates. Write steer_sync Force sync state to GitHub Write vex_set Set OpenVEX status on a CVE finding (ADR-004). Persisted to the git-steer-state _vex store. not_affected requi
READ 43 tools
Read actions_workflows List workflows in a repository Read attestation_list List GitHub Artifact Attestations for a repository Read branch_list List branches with staleness information Read cert_check Detect TLS certificates approaching expiration in the cluster. Checks cert-manager Certificate resources and r Read config_show Display current configuration Read fabric_cve_enrich [git-fabric] Fetch enriched vulnerability details for a CVE from NVD. Returns severity, CVSS, NVD status, CWE, Read fabric_cve_queue [git-fabric] List CVE queue entries filtered by status and severity. Read fabric_cve_scan [git-fabric] Scan managed repos for vulnerable dependencies via GitHub Advisory Database. Queues findings to s Read fabric_cve_stats [git-fabric] CVE queue health dashboard: totals by status/severity, oldest pending, top repos. Read fabric_git_compare_commits [git-fabric] Compare two refs to see divergence and changed files. Read fabric_git_get_commit [git-fabric] Get full details for a commit including changed files. Read fabric_git_get_file [git-fabric] Get the content of a file from a repository. Read fabric_git_get_pull_request [git-fabric] Get full details for a pull request. Read fabric_git_list_branches [git-fabric] List branches in a repository. Read fabric_git_list_commits [git-fabric] List recent commits on a branch. Read fabric_git_list_files [git-fabric] List files and directories at a path in a repository. Read fabric_git_list_pull_requests [git-fabric] List pull requests in a repository. Read fabric_git_list_repos [git-fabric] List repositories for an org or the authenticated user. Read git_steer_actions_workflows List GitHub Actions workflows in a repository. Read git_steer_branch_list List branches in a repository with stale detection. Read git_steer_pr_list List pull requests in a repository. Read git_steer_repo_list List GitHub repositories accessible to the token. Optionally filter by org. Read git_steer_repo_list_files List files and directories at a path in a GitHub repository. Read git_steer_repo_read_file Read the content of a file from a GitHub repository. Read git_steer_security_alerts Get Dependabot security alerts for a repository. Read git_steer_security_digest Get security alert summary across multiple repositories. Pass repo list or uses authenticated user repos. Read git_steer_workflow_runs Get recent workflow run status for a repository. Read oomkill_detect Detect pods that have been OOMKilled. Returns pods with OOMKill events, their current resource limits, and res Read ops_metrics Get operational metrics: alert frequency, mean time to remediation, auto-merge success rate, and PR dedup hit Read policy_eval Evaluate managed repos against security policies (Dependabot, secret scanning, branch protection, advanced sec Read pr_dedup_check Check if an open PR with a matching title prefix already exists. Returns the existing PR if found, or null. Us Read repo_list List all repositories git-steer has access to Read repo_list_files List files in a repository directory Read repo_read_file Read a file from a repository Read report_generate Generate compliance and security reports from git-steer state data. Templates: executive-summary, change-recor Read sbom_generate Generate an SPDX Software Bill of Materials (SBOM) for a repository using GitHub\ Read security_alerts List security alerts (Dependabot, code scanning) Read security_digest Generate security summary across all managed repos Read security_scan Scan repositories for security vulnerabilities with detailed fix information Read steer_logs Show recent audit log entries Read steer_status Show git-steer status, rate limits, and health Read vex_history Look up VEX history from the append-only vex.jsonl ledger (who/what/when, before -> after). Filter by repo and Read workflow_status Check status of dispatched workflows

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Git Steer

Can an AI agent delete data through the Git Steer MCP server? +

Yes. The Git Steer server exposes 8 destructive tools including branch_reap, config_remove_repo, fabric_cve_compact. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Git Steer? +

The Git Steer server has 26 write tools including actions_secrets, branch_protect, config_add_repo. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Git Steer.

How many tools does the Git Steer MCP server expose? +

83 tools across 4 categories: Destructive, Execute, Read, Write. 43 are read-only. 40 can modify, create, or delete data.

How do I enforce a policy on Git Steer? +

Register the Git Steer MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Git Steer tool call.

Deterministic rules across all 83 Git Steer tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

83 Git Steer tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.