fix(reviewer-workflow): address review — in-process mutation authority, no /tmp lock (#199)
Addresses the sysadmin REQUEST_CHANGES on PR #203 (reviewed head10d2644790): 1. Lock redesigned; /tmp file removed entirely. The mutation authority is now an in-process record (_MUTATION_AUTHORITY) plus an environment session lock (GITEA_SESSION_PROFILE_LOCK) exported at server launch: - in-process record cannot be spoofed by other local processes, cannot go stale across sessions, and cannot race concurrent agents; - the env lock is inherited by child CLI processes, so review_pr.py can refuse an ad-hoc GITEA_MCP_PROFILE role escalation without any shared file; a missing env lock (direct operator CLI use) stays allowed; - silent except-pass writes are gone; an unresolvable profile fails closed. 2. Standard reviewer workflow unbroken: verify_mutation_authority seeds itself from the live config-resolved context at the first mutation gate (approved preflight path whoami -> eligibility -> review/merge), and now runs as the final gate after eligibility, reusing the identity that eligibility proved (no extra /user call). 3. Trailing whitespace removed from review_pr.py (git diff --check clean). 4. Module-global verify_mutation_authority no-op bypass removed from tests/test_mcp_server.py; replaced with a tests/conftest.py autouse fixture that only resets per-process state (_MUTATION_AUTHORITY, _IDENTITY_CACHE, session lock env) between tests — the gate itself stays live in every test. 5. Tests rewritten for the new design: seeding on first verify, unresolved profile fails closed, remote/profile/identity mismatches fail closed, session-lock env mismatch rejected, foreign-pid authority reseeded, unauthorized author->reviewer pivot blocked, authorized pivot allowed; CLI: mismatch blocked, match allowed, no-lock allowed. 6. Rebased onto current master (c6fd0fd). Closes #199 Refs #194 Co-Authored-By: Claude Fable 5 <[email protected]>
This commit is contained in:
+21
-18
@@ -60,28 +60,31 @@ def main(argv=None):
|
||||
|
||||
host, org, repo = resolve_remote(args)
|
||||
|
||||
# ── Mutation Authority context wall check (Issue #194) ──
|
||||
LOCK_FILE = "/tmp/gitea_mutation_authority.lock"
|
||||
|
||||
if os.path.exists(LOCK_FILE):
|
||||
# ── Reviewer mutation side-channel wall (#199, refs #194) ──
|
||||
# The launching MCP session exports GITEA_SESSION_PROFILE_LOCK with the
|
||||
# profile it was started with; child processes inherit it. If this CLI
|
||||
# resolves a different profile — e.g. an ad-hoc GITEA_MCP_PROFILE
|
||||
# override escalating an author-bound session to reviewer — refuse
|
||||
# before any API call. No lock in the environment means no session
|
||||
# context (direct operator CLI use), which stays allowed. Unlike a /tmp
|
||||
# lock file, the environment is per-process-tree: other sessions cannot
|
||||
# spoof it and it cannot go stale across sessions.
|
||||
session_lock = (os.environ.get("GITEA_SESSION_PROFILE_LOCK") or "").strip()
|
||||
if session_lock:
|
||||
try:
|
||||
with open(LOCK_FILE, "r", encoding="utf-8") as f:
|
||||
lock_data = json.load(f)
|
||||
|
||||
# Resolve current CLI profile
|
||||
cli_profile = get_profile().get("profile_name")
|
||||
locked_profile = lock_data.get("current_profile")
|
||||
|
||||
if cli_profile != locked_profile:
|
||||
print(
|
||||
f"Mismatched active profile vs mutation profile (CLI override rejected): "
|
||||
f"CLI profile '{cli_profile}' does not match locked active profile '{locked_profile}' (fail closed)",
|
||||
file=sys.stderr
|
||||
)
|
||||
return 3
|
||||
cli_profile = (get_profile().get("profile_name") or "").strip()
|
||||
except Exception as e:
|
||||
print(f"Mutation authority check failed: {e}", file=sys.stderr)
|
||||
return 3
|
||||
if cli_profile != session_lock:
|
||||
print(
|
||||
f"Mismatched active profile vs session profile lock "
|
||||
f"(CLI override rejected): CLI profile '{cli_profile}' does "
|
||||
f"not match locked session profile '{session_lock}' "
|
||||
f"(fail closed)",
|
||||
file=sys.stderr,
|
||||
)
|
||||
return 3
|
||||
|
||||
body = args.body
|
||||
if args.body_file:
|
||||
|
||||
Reference in New Issue
Block a user