A Model Context Protocol (MCP) server for Forgejo and Gitea instances. Provides 103 tools across repos, issues, PRs, orgs, users, and admin APIs. Works with Claude, Cursor, and any MCP-compatible client. Supports stdio and HTTP transports. Built with Claude Code.
  • TypeScript 95.8%
  • JavaScript 3.8%
  • Dockerfile 0.4%
Find a file
Ric Harvey 5fe13dcf97
Bump version to 0.1.4
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 15:49:47 +00:00
src Add edit_repo tool for editing repository settings via PATCH API 2026-02-23 15:49:01 +00:00
.dockerignore Initial commit: Forgejo/Gitea MCP server 2026-02-23 14:24:36 +00:00
.env.example Initial commit: Forgejo/Gitea MCP server 2026-02-23 14:24:36 +00:00
.gitignore Initial commit: Forgejo/Gitea MCP server 2026-02-23 14:24:36 +00:00
CLAUDE.md Add edit_repo tool for editing repository settings via PATCH API 2026-02-23 15:49:01 +00:00
CONTRIBUTING.md Initial commit: Forgejo/Gitea MCP server 2026-02-23 14:24:36 +00:00
docker-compose.yml Update package name to @ric_/forgejo-mcp and add Docker Hub references 2026-02-23 14:42:42 +00:00
Dockerfile Initial commit: Forgejo/Gitea MCP server 2026-02-23 14:24:36 +00:00
LICENSE Initial commit: Forgejo/Gitea MCP server 2026-02-23 14:24:36 +00:00
package-lock.json Bump version to 0.1.4 2026-02-23 15:49:47 +00:00
package.json Bump version to 0.1.4 2026-02-23 15:49:47 +00:00
README.md Add edit_repo tool for editing repository settings via PATCH API 2026-02-23 15:49:01 +00:00
tsconfig.json Initial commit: Forgejo/Gitea MCP server 2026-02-23 14:24:36 +00:00
vitest.config.ts Initial commit: Forgejo/Gitea MCP server 2026-02-23 14:24:36 +00:00

forgejo-mcp

A Model Context Protocol (MCP) server for Forgejo and Gitea instances. Enables AI assistants like Claude, Cursor, and other MCP-compatible tools to interact with your Forgejo/Gitea repositories, issues, pull requests, and more.

Features

  • Comprehensive API coverage (103 tools across 6 categories)
  • Configurable base URL - works with any Forgejo or Gitea instance
  • Both stdio and HTTP transport modes
  • Token-based authentication with optional HTTP Bearer auth
  • Input validation and security hardening (path traversal protection, SSRF prevention, rate limiting)
  • Docker support with security-hardened container

Quick Start

Prerequisites

  • Node.js 18+
  • A Forgejo or Gitea instance
  • API token (generate at {your-instance}/user/settings/applications)

Installation

npm install -g @ric_/forgejo-mcp

Or run directly:

npx @ric_/forgejo-mcp

Configuration

Set environment variables:

export FORGEJO_URL=https://your-forgejo-instance.com
export FORGEJO_TOKEN=your-api-token

Or pass as CLI args:

npx @ric_/forgejo-mcp --url https://your-instance.com --token your-token

Usage

With Claude Code

You can add the MCP server using the CLI:

claude mcp add-json forgejo '{"command":"npx","args":["@ric_/forgejo-mcp"],"env":{"FORGEJO_URL":"https://your-instance.com","FORGEJO_TOKEN":"your-token"}}'

Or manually edit the config file:

  • Project scope (shared with team): .mcp.json in your project root
  • User scope (personal, all projects): ~/.claude.json

Add the following to the mcpServers object:

{
  "mcpServers": {
    "forgejo": {
      "command": "npx",
      "args": ["@ric_/forgejo-mcp"],
      "env": {
        "FORGEJO_URL": "https://your-instance.com",
        "FORGEJO_TOKEN": "your-token"
      }
    }
  }
}

You can verify the server is connected by running /mcp inside Claude Code.

With Claude Desktop

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "forgejo": {
      "command": "npx",
      "args": ["@ric_/forgejo-mcp"],
      "env": {
        "FORGEJO_URL": "https://your-instance.com",
        "FORGEJO_TOKEN": "your-token"
      }
    }
  }
}

HTTP Mode

For remote/shared access:

FORGEJO_URL=https://your-instance.com \
FORGEJO_TOKEN=your-token \
FORGEJO_MCP_API_KEY=your-secret-api-key \
npx @ric_/forgejo-mcp-http --port 3000

Endpoint: http://localhost:3000/mcp

Authentication: Set FORGEJO_MCP_API_KEY to require Bearer token authentication on the HTTP endpoint. Clients must include Authorization: Bearer your-secret-api-key in requests. If not set, the endpoint is unauthenticated (only suitable for localhost or behind a reverse proxy).

Rate Limiting: Enabled by default at 100 requests/minute per IP. Configure via:

  • RATE_LIMIT_MAX - max requests per window (default: 100)
  • RATE_LIMIT_WINDOW_MS - window size in milliseconds (default: 60000)

Docker

Pull from Docker Hub:

docker run -p 3000:3000 \
  -e FORGEJO_URL=https://your-instance.com \
  -e FORGEJO_TOKEN=your-token \
  -e FORGEJO_MCP_API_KEY=your-secret-key \
  richarvey/forgejo-mcp

Or use docker-compose:

cp .env.example .env
# Edit .env with your values, then:
docker compose up -d

Or build from source:

docker build -t forgejo-mcp .
docker run -p 3000:3000 \
  -e FORGEJO_URL=https://your-instance.com \
  -e FORGEJO_TOKEN=your-token \
  -e FORGEJO_MCP_API_KEY=your-secret-key \
  forgejo-mcp

The Docker image:

  • Uses multi-stage build for minimal image size
  • Runs as non-root user
  • Read-only filesystem
  • No new privileges security option

Available Tools

Repository Management (24 tools)

Tool Description
search_repos Search repositories
get_repo Get repository details
create_repo Create a new repository
create_org_repo Create repo in an organization
delete_repo Delete a repository
fork_repo Fork a repository
list_branches List branches
get_branch Get branch details
create_branch Create a branch
delete_branch Delete a branch
list_repo_commits List commits
get_file_contents Get file contents
create_file Create a file
update_file Update a file
delete_file Delete a file
list_releases List releases
create_release Create a release
list_tags List tags
list_repo_topics List topics
update_repo_topics Update topics
list_forks List forks
list_collaborators List collaborators
add_collaborator Add a collaborator
transfer_repo Transfer repository

Issue Management (20 tools)

Tool Description
list_issues List repository issues
get_issue Get issue details
create_issue Create an issue
edit_issue Edit an issue
list_issue_comments List issue comments
create_issue_comment Add a comment
edit_issue_comment Edit a comment
delete_issue_comment Delete a comment
list_labels List repository labels
get_label Get label details
create_label Create a label
edit_label Edit a label
delete_label Delete a label
add_issue_labels Add labels to issue
remove_issue_label Remove label from issue
list_milestones List milestones
get_milestone Get milestone details
create_milestone Create a milestone
edit_milestone Edit a milestone
delete_milestone Delete a milestone

Pull Request Management (12 tools)

Tool Description
list_pull_requests List pull requests
get_pull_request Get PR details
create_pull_request Create a pull request
edit_pull_request Edit a pull request
merge_pull_request Merge a pull request
list_pr_commits List PR commits
list_pr_files List changed files
get_pr_diff Get PR diff
list_pr_reviews List PR reviews
create_pr_review Create a review
request_pr_review Request reviewers
update_pr_branch Update PR branch

Organization Management (14 tools)

Tool Description
list_orgs List organizations
get_org Get org details
create_org Create organization
edit_org Edit organization
delete_org Delete organization
list_org_repos List org repositories
list_org_members List org members
list_org_teams List org teams
get_team Get team details
create_team Create a team
add_team_member Add team member
remove_team_member Remove team member
list_org_labels List org labels
list_org_hooks List org webhooks

User Management (13 tools)

Tool Description
get_authenticated_user Get current user
get_user Get user profile
list_user_repos List user repositories
list_user_orgs List user organizations
search_users Search users
list_followers List followers
list_following List following
list_user_starred List starred repos
list_my_starred List my starred repos
star_repo Star a repository
unstar_repo Unstar a repository
list_my_notifications List notifications
mark_notifications_read Mark all as read

Admin & System (19 tools)

Tool Description
admin_list_users List all users (admin)
admin_create_user Create user (admin)
admin_delete_user Delete user (admin)
admin_edit_user Edit user (admin)
admin_list_cron_jobs List cron jobs
admin_run_cron_job Run cron task
admin_list_hooks List system webhooks
get_server_version Get server version
render_markdown Render markdown
render_markup Render markup
list_gitignore_templates List gitignore templates
get_gitignore_template Get gitignore template
list_license_templates List license templates
get_license_template Get license template
list_label_templates List label templates
get_label_template Get label template
get_nodeinfo Get instance info
list_action_runners_jobs List action jobs
get_runner_registration_token Get runner token

Security

Environment Variables

Variable Required Description
FORGEJO_URL Yes Base URL of your Forgejo/Gitea instance
FORGEJO_TOKEN Yes API token (generate at {your-instance}/user/settings/applications)
FORGEJO_MCP_API_KEY No Bearer token for HTTP endpoint authentication
RATE_LIMIT_MAX No Max requests per rate limit window (default: 100)
RATE_LIMIT_WINDOW_MS No Rate limit window in ms (default: 60000)
PORT No HTTP server port (default: 3000)

Security Features

  • Input validation - All parameters validated with Zod schemas (path traversal prevention, regex-validated usernames, bounded pagination, enum enforcement)
  • SSRF protection - Base URL validated against cloud metadata endpoints and private IP ranges
  • HTTP authentication - Optional Bearer token auth for the HTTP transport
  • Rate limiting - Per-IP rate limiting on HTTP endpoints
  • Token safety - API tokens never leaked in error messages; URLs sanitized in errors
  • Security headers - X-Content-Type-Options: nosniff, X-Frame-Options: DENY
  • Non-root Docker - Container runs as unprivileged user with read-only filesystem

Best Practices

  • Always use HTTPS for your Forgejo instance URL
  • Use short-lived API tokens with minimal required permissions
  • Set FORGEJO_MCP_API_KEY when running HTTP mode on a network
  • Admin tools require an admin-level Forgejo token - use a non-admin token if you don't need them

Development

git clone https://code.squarecows.com/SquareCows/forgejo-mcp.git
cd forgejo-mcp
npm install
npm run dev          # stdio mode
npm run dev:http     # HTTP mode
npm test             # run tests
npm run build        # compile TypeScript

Compatible Instances

This MCP server works with:

Contributing

Contributions welcome! Please see CONTRIBUTING.md for guidelines.

License

MIT - see LICENSE