Gigalixir & Turso & GitHub MCP Server
A ultra high-performance, multi-service Model Context Protocol (MCP) server built for deployment to Cloudflare Workers (or run as an ESM module anywhere). It includes pre-integrated support for managing Gigalixir apps, querying or executing transactions on Turso databases, and managing GitHub repositories, branches, actions, files, pull requests, and issues.
๐ฆ The 5 Essential Files to Push to GitHub
To deploy this MCP server to Cloudflare Workers, you only need to push the following 5 files to your GitHub repository:
- ๐
src/worker.jsโ The unified single-file MCP core handler containing security checks, tool registry, pipeline executors, and normalized gateways. - ๐
wrangler.tomlโ Cloudflare Workers configuration file declaring compatibility flags and custom environment variables. - ๐
package.jsonโ Dependency definitions and standard wrangler control scripts (npm run build,npm run deploy). - ๐
README.mdโ This documentation file explaining usage and setup instructions. - ๐
.gitignoreโ Basic configuration to prevent pushing sensitive files,.wrangler/builds, ornode_modules.
๐ Setting Up & Deploying to Cloudflare Workers
1. Configure Secrets & Environment Variables
Make sure to prepare the following credentials (stored as Cloudflare Worker Secrets):
GIGALIXIR_EMAILโ Your registered Gigalixir account email.GIGALIXIR_API_KEYโ Your Gigalixir API Key (retrieved from Gigalixir CLI usinggigalixir api_key:show).TURSO_DB_URLโ The URL of your Turso database (e.g.libsql://yourdb-slug.turso.io).TURSO_AUTH_TOKENโ Your Turso database authorization bearer token.GITHUB_TOKENโ A GitHub Personal Access Token (classicorFine-grained) with access to your repositories and pull requests.
2. Install & Deploy
Clone your GitHub repository and build:
# Install dependencies
npm install
# Log in to Cloudflare
npx wrangler login
# Set environment secrets securely on Cloudflare
npx wrangler secret put GIGALIXIR_EMAIL
npx wrangler secret put GIGALIXIR_API_KEY
npx wrangler secret put TURSO_DB_URL
npx wrangler secret put TURSO_AUTH_TOKEN
npx wrangler secret put GITHUB_TOKEN
# Deploy directly to Cloudflare edge edge network!
npx wrangler deploy
๐ ๏ธ Integrated MCP Tools Breakdown
๐ด Gigalixir Management Tools
list_appsโ Lists all Gigalixir apps in your account.get_appโ Gets details of a specific app.get_configs&set_config&delete_configโ Retrieve, set, or delete environmental configs safely (with resilient backoff to support both singular and plural endpoint variants).get_replicas&scaleโ Read or scale your instance deployment replicas (scaling to 0 shuts down the instance).list_releases&rollbackโ Read release versions or rollback instantly.restartโ Gracefully cycles app processes through standard sequence.get_logsโ High-performance chunk-streaming log reader capped to a hard 3-second limit to guarantee zero MCP gateway timeouts.
๐ต Turso Database Tools
turso_queryโ Execute read-only SQL SELECT queries with secure parameter parsing.turso_executeโ Execute state-changing SQL operations (INSERT, UPDATE, DELETE, CREATE, DROP).turso_list_tablesโ List database master tables instantly.turso_describe_tableโ Query columns, schema metadata, types, constraints, and indexes.turso_transactionโ Run multi-statement database transactions with integrated auto-rollback safety handlers if any query fails.
๐ข GitHub Workspace Tools
github_list_repos&github_get_repoโ Query user repository definitions and specs.github_create_repoโ Create a new GitHub repository.github_list_files&github_get_fileโ Recurse, tree-walk, or read raw contents.github_create_file&github_update_file&github_delete_fileโ Create, update, or delete files securely with auto-resolved folder tree SHAs.github_create_prโ Generate pull requests between head and base branch tracks.
๐ก๏ธ Production-Grade AI DevOps & Safety Controls (New)
The MCP server incorporates advanced guardrails, observability, and orchestration layers to transition from a collection of raw tools to a safe, self-healing AI DevOps Agent system:
โ๏ธ 1. Safety Guardrails & Access Rules
All state-changing operations are monitored by a local guardrail layer. Accidental or destructive acts are blocked unless explicit permission bypass is granted:
- Outage Prevention: Scaling active deployment replicas pool size to
0is blocked by default. - Secret Deletion Protection: Deleting configurations containing database strings, credentials, tokens, URLs, or security secrets is locked.
- Database Guardrails: Destructive SQL commands (e.g.,
DROP TABLE,TRUNCATE) are blocked on custom executes. - Version Control Lock: Accidentally deleting core files from git via
github_delete_fileis locked. - How to Bypass: If you explicitly intend to execute a locked operation, pass the parameter
"bypass_safety": truein the tool call.
๐งช 2. Universal Dry-Run Simulator
Before executing any state-altering operations (scaling, deleting configs, commits, rollbacks, SQL mutations), pass "dry_run": true to preview the actions. The tool will return a detailed simulation explanation and log the trace without changing any remote resources.
๐ 3. Real-Time Observability & Auditing
audit_traces_listโ Retrieve real-time tracking logs of all executed actions, including timestamps, durations, statuses, targets, parameters (with sanitised pay-loads), and errors. Perfect for auditing AI operator behaviors.get_system_safety_policiesโ Standard endpoint to query current safety postures, rule sets, limits, and dry-run instructions.
๐ 4. Core Orchestration Pipelines & Workflows
orchestrate_deploy_pipelineโ Performs complete end-to-end git-to-cloud deployments (verifies packages on GitHub, sets Gigalixir environments, triggers rolling restarts, and parses container health logs).diagnose_and_repair_appโ Scans application runtimes, scales, and retrieves trailing log traces; detects crash loops or replicas drifts, and triggers self-healing cycles (e.g., scale recovery, graceful process recycles).
