fix: redact Gitea web links from MCP PR output
This commit is contained in:
+26
-17
@@ -54,6 +54,13 @@ def _reveal_endpoints() -> bool:
|
||||
return (os.environ.get("GITEA_MCP_REVEAL_ENDPOINTS") or "").strip().lower() \
|
||||
in ("1", "true", "yes")
|
||||
|
||||
|
||||
def _with_optional_url(result: dict, url: str | None) -> dict:
|
||||
"""Attach web links only under the explicit endpoint reveal opt-in."""
|
||||
if _reveal_endpoints() and url:
|
||||
result["url"] = url
|
||||
return result
|
||||
|
||||
mcp = FastMCP("gitea-tools", instructions=(
|
||||
"Gitea issue tracker and PR management for dadeschools and prgs instances. "
|
||||
"Use the gitea_ prefixed tools to create issues, PRs, list issues, etc."
|
||||
@@ -310,7 +317,7 @@ def gitea_create_issue(
|
||||
repo: Override the repository name.
|
||||
|
||||
Returns:
|
||||
dict with 'number' and 'url' of the created issue.
|
||||
dict with 'number' of the created issue ('url' only with the reveal opt-in).
|
||||
"""
|
||||
h, o, r = _resolve(remote, host, org, repo)
|
||||
auth = _auth(h)
|
||||
@@ -325,7 +332,7 @@ def gitea_create_issue(
|
||||
_audit("create_issue", host=h, remote=remote, org=o, repo=r,
|
||||
result=gitea_audit.SUCCEEDED, issue_number=data["number"],
|
||||
request_metadata={"title": title})
|
||||
return {"number": data["number"], "url": data["html_url"]}
|
||||
return _with_optional_url({"number": data["number"]}, data.get("html_url"))
|
||||
|
||||
|
||||
@mcp.tool()
|
||||
@@ -352,7 +359,7 @@ def gitea_create_pr(
|
||||
repo: Override the repository name.
|
||||
|
||||
Returns:
|
||||
dict with 'number' and 'url' of the created PR.
|
||||
dict with 'number' of the created PR ('url' only with the reveal opt-in).
|
||||
"""
|
||||
h, o, r = _resolve(remote, host, org, repo)
|
||||
auth = _auth(h)
|
||||
@@ -369,7 +376,7 @@ def gitea_create_pr(
|
||||
_audit("create_pr", host=h, remote=remote, org=o, repo=r,
|
||||
result=gitea_audit.SUCCEEDED, pr_number=data["number"],
|
||||
target_branch=head, request_metadata=meta)
|
||||
return {"number": data["number"], "url": data["html_url"]}
|
||||
return _with_optional_url({"number": data["number"]}, data.get("html_url"))
|
||||
|
||||
|
||||
@mcp.tool()
|
||||
@@ -390,24 +397,25 @@ def gitea_list_prs(
|
||||
repo: Override the repository name.
|
||||
|
||||
Returns:
|
||||
List of dicts with 'number', 'title', 'state', 'head', 'base', 'url', 'mergeable'.
|
||||
List of dicts with 'number', 'title', 'state', 'head', 'base', and
|
||||
'mergeable' ('url' only with the reveal opt-in).
|
||||
"""
|
||||
h, o, r = _resolve(remote, host, org, repo)
|
||||
auth = _auth(h)
|
||||
url = f"{repo_api_url(h, o, r)}/pulls?state={state}"
|
||||
prs = api_get_all(url, auth)
|
||||
return [
|
||||
{
|
||||
results = []
|
||||
for pr in prs:
|
||||
entry = {
|
||||
"number": pr["number"],
|
||||
"title": pr["title"],
|
||||
"state": pr["state"],
|
||||
"head": pr["head"]["ref"],
|
||||
"base": pr["base"]["ref"],
|
||||
"url": pr["html_url"],
|
||||
"mergeable": pr.get("mergeable"),
|
||||
}
|
||||
for pr in prs
|
||||
]
|
||||
results.append(_with_optional_url(entry, pr.get("html_url")))
|
||||
return results
|
||||
|
||||
|
||||
@mcp.tool()
|
||||
@@ -434,17 +442,17 @@ def gitea_view_pr(
|
||||
auth = _auth(h)
|
||||
url = f"{repo_api_url(h, o, r)}/pulls/{pr_number}"
|
||||
pr = api_request("GET", url, auth)
|
||||
return {
|
||||
result = {
|
||||
"number": pr["number"],
|
||||
"title": pr["title"],
|
||||
"body": pr.get("body", ""),
|
||||
"state": pr["state"],
|
||||
"head": pr["head"]["ref"],
|
||||
"base": pr["base"]["ref"],
|
||||
"url": pr["html_url"],
|
||||
"mergeable": pr.get("mergeable"),
|
||||
"user": pr.get("user", {}).get("login", ""),
|
||||
}
|
||||
return _with_optional_url(result, pr.get("html_url"))
|
||||
|
||||
|
||||
# Actions whose eligibility this tool can evaluate.
|
||||
@@ -921,15 +929,15 @@ def gitea_edit_pr(
|
||||
except Exception:
|
||||
pass
|
||||
|
||||
return {
|
||||
result = {
|
||||
"success": True,
|
||||
"number": data["number"],
|
||||
"title": data["title"],
|
||||
"body": data.get("body", ""),
|
||||
"state": data["state"],
|
||||
"url": data["html_url"],
|
||||
"cleanup_status": cleanup_status,
|
||||
}
|
||||
return _with_optional_url(result, data.get("html_url"))
|
||||
|
||||
|
||||
@mcp.tool()
|
||||
@@ -1424,21 +1432,22 @@ def gitea_view_issue(
|
||||
repo: Override the repository name.
|
||||
|
||||
Returns:
|
||||
dict with 'number', 'title', 'body', 'state', 'labels', 'assignee', 'url'.
|
||||
dict with 'number', 'title', 'body', 'state', 'labels', and 'assignee'
|
||||
('url' only with the reveal opt-in).
|
||||
"""
|
||||
h, o, r = _resolve(remote, host, org, repo)
|
||||
auth = _auth(h)
|
||||
url = f"{repo_api_url(h, o, r)}/issues/{issue_number}"
|
||||
i = api_request("GET", url, auth)
|
||||
return {
|
||||
result = {
|
||||
"number": i["number"],
|
||||
"title": i["title"],
|
||||
"body": i.get("body", ""),
|
||||
"state": i["state"],
|
||||
"labels": [lb["name"] for lb in i.get("labels", [])],
|
||||
"assignee": (i.get("assignee") or {}).get("login", ""),
|
||||
"url": i["html_url"],
|
||||
}
|
||||
return _with_optional_url(result, i.get("html_url"))
|
||||
|
||||
|
||||
def _issue_comment_gate(op: str) -> list[str]:
|
||||
|
||||
Reference in New Issue
Block a user