Running mcp-server-git with uvx gives full disk access/--repository param is ignored

[joshstrange]

Describe the bug
mcp-server-git does not restrict repo paths to the repo specified.

The docs have this code block:

"mcpServers": {
  "git": {
    "command": "uvx",
    "args": ["mcp-server-git", "--repository", "path/to/git/repo"]
  }
}

Which would imply you are limiting the mcp server to that repository but in practice the only thing --repository is used for is this (link]:

if repository is not None:
	try:
		git.Repo(repository)
		logger.info(f"Using repository at {repository}")
	except git.InvalidGitRepositoryError:
		logger.error(f"{repository} is not a valid Git repository")
		return

After that codeblock it doesn't seem to be used. All the commands take a "repo_path" which can be anywhere on your machine. Coupled with "git_init" you can effectively read any file on the computer as long as you have the permissions to init a git repo.

If this is expected behavior then maybe it would be nice to add something to the docs about it.

To Reproduce
Steps to reproduce the behavior:

1. mkdir reproduce-repo
2. cd reproduce-repo
3. git init
4. npx @modelcontextprotocol/inspector uvx mcp-server-git --repository "path/to/your/repo"
5. Open Browser and go to http://localhost:5173
6. Select "STDIO" and click Connect
7. List Tools
8. Run the git_status tool and enter a path different from what you passed in to the --repository flag

Expected behavior
One or more of the following:

• Either a clear message that this tool has full access and should only be use with Docker

or

• Allow for limiting the MCP server's access

Ideally you'd supply a base path (or paths) and it would be able to read/write to any repos in that path to allow for features like #188 (on purpose).

Logs
N/A

Additional context
N/A

[bgintzairspace]

I am not sure if this is related, but when running on a mac in uvx the repository passed in on the command line doesn't propagate through to the repo_path and it seems like it should by default?