docs: add LLM-operated Gitea workflow runbooks (#17)
Add docs/llm-workflow-runbooks.md — the final roadmap #10 deliverable: operational runbooks for LLM-operated Gitea workflows, built on the shipped canonical profiles + interactive menu + gated review/merge + audit logging. Covers: - Principle: the profile is the role, not the LLM (task-scoped, not assigned). - Canonical config: GITEA_MCP_CONFIG / GITEA_MCP_PROFILE, version, profiles, keychain + env auth references, precedence, legacy env-only fallback. - Interactive menu (python gitea_config.py menu): create author/reviewer profiles, generate Claude/Gemini/Codex launcher snippets, validate auth, check PR reviewer eligibility. - Thin-launcher pattern: LLM configs carry only command/args + the two GITEA_MCP_* vars — never raw tokens/passwords. - Migration away from duplicated GITEA_USER_*/GITEA_PASS_*/GITEA_SITE_* blocks; secrets referenced by keychain id or env var name only. - Per-workflow runbooks (create issue/children, implement+PR, review/request- changes/approve, merge, close-after-merge, stop-on-blocker) with safe prompts. - Fail-closed behavior table (unknown identity/profile, self-author, moved head, unexpected files, detected secrets, production/deploy) and no self-review/merge. Docs-only: no implementation code. Safe placeholder examples only (no real tokens, passwords, usernames, or private config). README links the new runbook. Closes #17. Refs #10. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -182,7 +182,10 @@ Notes:
|
||||
`gitea_get_profile` returns the full non-secret profile metadata so a workflow
|
||||
can inspect which runtime it is talking to before deciding to act.
|
||||
- See [`docs/gitea-execution-profiles.md`](docs/gitea-execution-profiles.md) for
|
||||
the full profile model.
|
||||
the full profile model, and
|
||||
[`docs/llm-workflow-runbooks.md`](docs/llm-workflow-runbooks.md) for the
|
||||
task-scoped, profile-based runbooks (create/review/merge/close, thin
|
||||
launchers, migration, fail-closed rules).
|
||||
- **Audit logging (#18):** mutating actions emit a durable, redacted JSON audit
|
||||
record — timestamp, action, result (`allowed`/`blocked`/`failed`/`succeeded`),
|
||||
profile name + audit label, authenticated username, target repo/issue/PR,
|
||||
|
||||
Reference in New Issue
Block a user